A new security standard for Internet of Things (IoT) devices has been developed by the FIDO Alliance. The open industry association said the move will help address the security, cost and complexity challenges involved in deploying IoT devices at scale, thereby unlocking the potential of IoT technology for industrial use.
Named the FIDO Device Onboard (FDO) protocol, the standard uses asymmetric public key cryptography to allow the industrial IoT industry to onboard any device to a device management system quickly and securely. The automated process will remove the requirement for long and technical installations, while its “untrusted installer” approach means installers won’t require any sensitive infrastructure/access control information to add a device to a network.
The initiative was developed by FIDO’s IoT Technical Working Group, led by employees of Intel and Qualcomm with input from Google, Microsoft, AWS and ARM.
The new protocol, which is open and free to implement, has been established amid a continued surge in IoT devices, with FIDO highlighting recent predictions from the IDC that the IoT market will maintain a double digit growth rate. However, there remain major concerns about the security of these devices, which is holding back their potential for businesses.
FIDO is a cross-industry coalition which was launched in 2013 with the aim of boosting online security with open standards for simpler, stronger authentication that moves beyond passwords. Members include tech giants Amazon, Apple, Google and Microsoft. The new standard represents FIDO’s first move into the area of IoT.
Andrew Shikiar, executive director and CMO of the FIDO Alliance, commented: “The FIDO Device Onboard standard released today builds on the Alliance’s ongoing efforts to help close the security gaps that currently exist on the web, by expanding this work into IoT applications.
“Businesses recognize the huge potential of the IoT and the enormous benefits it can bring to manufacturing, retail, healthcare, transportation, logistics and more. The paradigm needs to shift immediately so we can move IoT technologies ahead with safer, stronger and more secure means of authentication for these important uses in industrial and commercial environments.”