FIDO Alliance looks to simplify IoT device onboarding with new standard
FIDO Device Onboard (FDO) protocol focused on maintaining security as IoT devices are connected
Founded in 2012, the FIDO (Fast IDentity Online) Alliance began with a focus on developing “authentication standards to help reduce the world’s over-reliance on passwords.” As the group has grown in membership, published numerous standards, and seen its approach memorialized in product certification programs, it has also expanded its remit to cover a whole new class of connected devices in need of a consistent approach to security—the internet of things.
IDC sees global IoT investments hitting a compound annual growth rate of 11.3% during a 2020 to 2024 forecast window; the group saw spending in 202q0 growth by a little more than 8% to $742 billion which was lower than previously projected due to the COVID-19 pandemic, but it’ll rebound this year, the group said. Similarly, a key part of the 5G value proposition is its ability to support a massive number of connected devices; for enterprise users, digital transformation initiatives will broadly rely on sensor data and analysis contributing to process improvement.
Alliance Executive Director and CMO Andrew Shikiar said the group’s new FIDO Denvice Onboard (FDO) protocol will “help close the security gaps that currently exist on the web, by expanding this work into IoT applications. Businesses recognize the huge potential of the IoT and the enormous benefits it can bring to manufacturing, retail, healthcare, transportation, logistics and more. The paradigm needs to shift immediately so we can move IoT technologies ahead with safer, stronger and more secure means of authentication for these important uses in industrial and commercial environments.”
Here’s how FDO works: An IoT device maker installs the FDO software client along with a Root of Trust key, an ownership voucher and other FDO credentials; the user that buys the device sends the ownership voucher to the preferred cloud platform and a rendezvous server receives the ownership voucher; when the device is powered on and connected, it identifies itself to the rendezvous server which matches it to the cloud platform; the device then contacts the cloud platform and provides its Root of Trust key and the cloud platform provides the ownership voucher creating a secure, encrypted tunnel between the two; then necessary credentials or software agents can be downloaded through the tunnel.
That process and other details are spelled out in this whitepaper. According to Computer Weekly, the new standard was developed by Amazon, Arm, Google, Intel, Microsoft and Qualcomm.
BT’s Mohammad Zoualfaghari, research manager and IoT architect, called FDO a “revolutionary standard…which can address a critical need for the IoT, edge compute and 5G industries and help them to scale up securely and fully automated, from the manufacturer to the consumer, from the device to edge, and from edge to the cloud.”
Microsoft Azure Vice President of IoT Sam George called device onboarding “a critical piece of the IoT device lifecycle” and FDO “simplifies device set-up by abstracting the underlying complexities of the hardware, which will accelerate the adoption of IoT in industry.”