The security of Internet of Things devices has always been one of the top priorities of the Open Connectivity Foundation. As more devices come online every day, the amount of cybersecurity risks continues to climb – from privacy issues to theft of personal data.
That’s why OCF is constantly working to improve the security features of devices. These are included before the device even goes online, giving consumers the peace of mind that they’ve purchased a secure product. The OCF 2.0 Specification includes new security features and capabilities that allow what is known as procedural trust.
At its core, OCF security protocol is configured through access control lists, which specify the levels of access that are given to a client with certain credentials. For instance, different levels of access can be provided to different devices by a server. Much of this is based on standard industry practices that have been repurposed by OCF for the IoT world.
Procedural trust allows users to give devices certain credentials through a process called onboarding and provisioning. This provides an extra layer of security in networks where many devices are added to the system at once.
Users should also consider the following questions when onboarding and provisioning new devices:
- Do you trust this device to connect to the network?
- Do you trust the device to be honest about what it says it is?
- Are you going to allow this device to connect to the internet? Or are you going to require it goes through a control or proxy device?
- Are you going to allow this device to connect to a cloud service provider?
The OCF Specification also defines a public key infrastructure, or PKI. This uses a chain of trust to verify the identity of devices, allowing many devices to be quickly and easily verified at once.
For most consumer smart home applications (such as an Amazon Echo device), users typically know the device they purchased is what it claims to be and trust it to connect to their home network. However, in commercial scenarios where hundreds of devices need to be connected at once – such as connecting the lighting in a smart office – procedural trust provides the extra security businesses require.
For smart home use cases, the OCF Specification includes an additional layer of security during the onboarding process, providing users the peace of mind that the device is certified.
With the new security features, OCF is solving problems that may arise in a more broadly-deployed IoT ecosystem. One of the biggest advantages of the OCF Specification is that security is built into devices, rather than added later, ensuring devices are safe and secure right out of the box.