search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Column: System security


What is strong authentication and why do network-connected devices depend on it?


By Hector Tejero, Solutions Architect, Arrow Electronics A


uthentication is critical for business applications. By verifying the identity of users, devices and systems, applications ensure that


only authorised entities are granted access to sensitive information and resources – reducing the chance of data breach. In the IoT context, several authentication


methods, such as token- or certificate- based authentication, are worth exploring. Authentication material used by IoT devices is typically protected in a hardware Root of Trust (RoT), managed by a Trusted Execution Environment. RoT is a component or set of components that provide a secure foundation for a system’s security mechanisms, essential for establishing trust in that system and ensuring its secure operation. RoT provides a set of cryptographic/


trusted services and operations, implemented as building blocks of a trusted device. It is critical in ensuring that unauthorised device boot code and soſtware components are not used to authenticate themselves as genuine devices to the network, attack it, or steal and compromise confidential data.


Certificate-based authentication Certificate-based authentication uses digital certificates to verify the identity of a user or device. A digital certificate is a digital file containing information about the user or device and a public key that can be used for encryption and decryption. It is commonly used in secure web applications, virtual private networks and other systems that require strong authentication, and in the


12 June 2023 www.electronicsworld.com


IoT to secure device communications. To implement certificate-based


authentication, a user or device must obtain a digital certificate from a trusted authority. Te certificate is typically installed on the user’s device or stored on a smart card or other secure hardware. When the user or device connects to the server, it presents the certificate as proof of its identity. Te server verifies the certificate by checking its digital signature against a trusted certificate authority that issued the certificate and, if valid, the server grants access. Tis is a more secure method than


traditional password-based authentication because it is more difficult to steal or guess a private key than a password. Additionally, digital certificates are typically issued for a specific period; they can also be revoked if the certificate is compromised or the user or device is no longer authorised to access the system. Certificate-based authentication is built


into many IoT protocols, including the widely-used SSL/TLS protocol.


Token-based authentication Authentication tokens, meanwhile, are used in cloud applications to authenticate and authorise IoT devices. When a device attempts to establish a connection to a cloud service, the server generates a token and sends it back to the client to respond to a connection request. Te token is typically a string of characters unique to the IoT device and the current session. Te device stores the token, usually in


locally-protected storage, and sends it back to the server with subsequent requests. Te server then verifies the token to determine


if the user is authenticated and authorised to access the requested resource. Authentication tokens can be


implemented using various protocols, including OAuth 2.0 and JSON web tokens. Te specific implementation will depend on the application requirements and the security needs of the system. Message Queuing Telemetry Transport


(MQTT) is one of the most prevalent machine-to-machine network protocols for data telemetry. MQTT does not have built- in support for token-based authentication, but it does provide a mechanism for implementing custom authentication methods. It supports authentication using username and password fields in the CONNECT packet. Tese fields can pass authentication information from the client to the server. However, the username and password are transmitted in plain text by default, which can be a security risk. Tere are advantages to using


authentication tokens. Tey are stateless, meaning the server does not need to maintain any session state on the server side. Like with certificates, tokens can be revoked or expired, providing additional security and control over access to the application.


In the digital realm Many organisations are moving to service-led business models in the digital economy and, as part of it, it is clear that strong authentication methods and robust security will continue to play a crucial role in supporting the delivery and consumption of secure services – now and in the future.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44