PKI’s Role in Device Authentication
The rapidly evolving technology landscape is changing how many and what kinds of devices connect to a network—making it paramount to not only authenticate devices but also simplify that authentication process for end-users. Today, bring your own device (BYOD) policies and Internet of Things (IoT) devices make for exponentially more access points to your network—and make a strong device authentication protocol a critical part of your network security strategy.
What is PKI?
PKI is an acronym for public key infrastructure, which is the technology behind digital certificates. One of the purposes a digital certificate fulfills is similar to the purposes of a driver’s license or a passport—it is a piece of identification that proves identity and provides certain allowances. Learn more about PKI solutions from Entrust.
The Role of PKI in Device Authentication
PKI, or public key infrastructure, is a critical part of device authentication. Weak device authentication can leave a connected device – and the systems it has access to – open to exploitation by malicious actors seeking to access the wealth of valuable information held on the device or on its network. PKI solutions from Entrust balance user experience and security to provide a streamlined device authentication experience.
Why Does Device Authentication Matter?
Devices connecting to your systems and network can create vulnerabilities in your IT infrastructure that hackers and other bad actors can exploit. Protect these access points with a strong device authentication protocol.
As doing business digitally is now the norm, PKI is more in demand than ever. It’s a scalable means of managing and securing communications, especially if an organization chooses a hosted PKI solution. Hosted PKI requires significantly less on-premises hardware and software, no dedicated secure facilities, and no in-house IT expertise—which simplifies PKI implementations. Entrust Managed PKI Services provides experts who manage a variety of services according to an organization’s best practices and specific business needs.
Types of Device Authentication
Device authentication can take many forms depending on end-user needs and security requirements. Some types include:
- PKI authentication verifies user identity using public and private encryption keys and digital certificates. PKI and digital certificates also are used for the device itself, either by verifying the device at the manufacturing level, or in the case of BYOD, verifying the device ownership and access permissions.
- Two-factor authentication (2FA) requires users to input exactly two factors of verification to be granted access to the network. This type of device authentication is a subset of MFA.
- Multi-factor authentication (MFA) requires users to input a combination of verification credentials for device authentication.
- Biometric authentication requires a fingerprint scan, facial scan, or similar biometric data to gain access to a network. This type of device authentication is difficult to spoof but also expensive to implement.
- Password authentication requires a user to enter their password to gain access to the network. This is stronger than email authentication, but passwords are susceptible to theft and phishing attempts.
- Email authentication triggers a user to click a link from an email if logging in from a device or browser for the first time. This is a less-secure type of device authentication.
PKI Use Cases
The primary use case for PKI is device certificates because they are used daily. Growing BYOD practices have made identity authentication more complicated, creating a larger attack surface and higher risk. These personal devices that house corporate credentials and data require much more strict security management.
A Mobile Device Management (MDM) solution and PKI are typically enlisted to ensure communications to authenticate a user and validate a device. Entrust’s MDM solution integrates with VMware (formerly Airwatch, BlackBerry, UEM, MobileIron, IBM, MaaS360, JAMF, SOTI MobiControl, Microsoft InTune, and WorkspaceOne). Our solution provides powerful digital certificates for identity-based access and security measures. It offers flexible infrastructure that simplifies certificate management with one easy-to-use platform that can integrate with the most-used MDM vendors. Our solution also accommodates enterprise mobility and BYOD, making it easy to manage digital identities on mobile devices via a simple device enrollment process and seamless MDM integrations. Certificate policies can be fully customized.
The proliferation of the Internet of Things (IoT) also drives the use of PKI. Connecting to another smart device requires strong security and credentials to ensure a high trust environment as more devices are connected to corporate servers. Since the landscape for IoT and connected devices isn’t yet fully mature, device certificates for IoT are in their infancy. But PKI will certainly play a key role going forward.
According to Gartner’s Top Strategic Predictions of 2020 and Beyond, 30% of IT organizations will extend BYOD policies with bring your own enhancement (BYOE) to address augmented humans in the workforce. The study noted examples already taking place in the automotive and mining industries where workers use wearables to enhance safety. Likewise, the travel and healthcare industries increase productivity by using wearables.
Device Authentication and IoT Security
Several organizations have developed security guidelines for the IoT. These include:
- The IoT Security Foundation’s “Best Practice Guidelines”
- The Open Web Application Security Project’s (OWASP) “Security Guidance”
- Groupe Spéciale Mobile Association’s (GSMA) “GSMA IoT Security Guidelines & Assessment”
- The U.S. Department of Commerce National Institute of Standards and Technology’s (NIST) Special Publication 800-160 (the “Guidance”) on implementing security in Internet-of-Things (“IoT”) devices
- The Cloud Security Alliance’s (CSA) “Future Proofing the Connected World: 13 Step to Developing Secure IoT Products”
Device Authentication vs. Device Authorization
Device authentication is separate from authorization—but both are important in securing IoT devices. While device authentication verifies device identity, device authorization determines what secured resources a device has access to within the network. Both device authentication and device authorization are critical to an effective IoT strategy. Learn more about device authentication vs. device authorization.