It seems my recent article on why the IoT may be DoA (dead on arrival) may have shaken something loose at large telecommunications firm Verizon. Today they announced that they are rolling out digital certificate services for the Internet of Things (IoT), so now we can all implement secure Machine-to-Machine (M2M) communication with nary a care in the world.
Not so fast. Yes, putting digital certificates on a wider range of devices is a step in the right direction. But first, there’s no new technology here; the announcement is more about pricing than anything else. Secondly, many M2M devices can’t support digital certificates, as I explain in my article.
Even so, any device with storage, a processor, and a power supply should have no problem storing and using certificates, which covers a large swath of the IoT to be sure. So can we at least say that said swath is secure?
Not really. When a device is communicating with a server, then yes, a digital certificate on the device may help to secure that device’s interactions with the server. But M2M suggests interactions between devices on a peer-to-peer basis with no server involved. Such interactions have complications that traditional identity management scenarios don’t cover.
Verizon’s Managed Certificate Services are a good starting point, but there’s much more work to be done. And we still need to figure out how to secure RFID tags and all other sensors that don’t have the internal capacity to deal with certificates.