Unlocking IoT Security

Welcome to the latest edition of the Device Security Digest, your go-to source for the most up-to-date insights and updates in the IoT security landscape. In this edition, we explore exciting new features in our Device Trust Manager and TrustCore SDK products, examine the latest industry developments like the CSA Matter v1.3 revocation mandates and the newly approved PQC algorithms by NIST, and offer expert analysis from our team on staying ahead in the ever-evolving field of IoT security. Plus, find out how you can connect with us at the upcoming IoT Tech Expo in Amsterdam this October!?

Industry News Highlights

CSA Matter v1.3 Mandates Device Revocation Support?

The Connectivity Standards Alliance (CSA) has introduced Matter v1.3, bringing significant changes to IoT device security. One of the key updates in this version is the mandatory requirement for device revocation support via Certificate Revocation Lists (CRLs). This change aims to enhance the security posture of Matter-compliant devices by ensuring that compromised or outdated certificates can be effectively invalidated, reducing the risk of unauthorized access or vulnerabilities. This move reflects the CSA’s commitment to strengthening device integrity and trust within the growing IoT ecosystem. Read more here.?

NIST Approves PQC Algorithms?

The National Institute of Standards and Technology (NIST) has officially approved a suite of Post-Quantum Cryptography (PQC) algorithms, marking a pivotal moment in the evolution of digital security. These algorithms are designed to protect data against the future threats posed by quantum computing, which is expected to render current encryption methods obsolete. DigiCert has already integrated preliminary support for these PQC algorithms across our DigiCertONE products and plans to roll out full support within DigiCertONE, TrustCore SDK, Device Trust Manager and TrustEdge in the coming months. This proactive approach ensures that our customers remain at the forefront of security innovation. Read more here.??

?

UK PSTI Act Comes into Force: New Compliance Landscape for IoT Devices?

The UK Product Security and Telecommunications Infrastructure (PSTI) Act officially came into force on April 29, 2024, setting new standards for the security of smart devices. This regulation mandates robust security measures for all consumer IoT devices, including unique passwords, automatic software updates, and the obligation to publish security updates for a defined period. The PSTI Act aligns closely with the ETSI EN 303 645 standard but introduces additional requirements aimed at protecting consumers and their data from the increasing risks posed by insecure devices. For manufacturers, this act represents a significant shift in compliance expectations, requiring a proactive approach to meet these stringent security standards and maintain market access in the UK. Read more here.?

Expert Opinion (OpEd)

The Future of IoT Security

By Kevin Hilscher , Director of Product Management for IoT/Device, DigiCert

As we continue to witness the rapid evolution of IoT technology, the importance of robust security measures has never been more critical. At DigiCert, we believe that the future of IoT security lies in proactive device management, regulatory compliance and standards, and the integration of advanced cryptographic standards, such as Post-Quantum Cryptography (PQC). Our mission is to stay ahead of emerging threats and ensure that our customers’ devices are not just secure today but prepared for the challenges of tomorrow.?

The IoT landscape is expanding, with billions of devices being connected globally. This growth brings unprecedented opportunities but also significant risks. Security must be a priority from the design phase through to deployment and beyond. With solutions like Device Trust Manager, utilizing the powerful TrustEdge client, or TrustCore SDK, we are committed to providing our customers with the tools they need to safeguard their devices and data, ensuring trust in every connection.?

Looking ahead, our focus remains on innovation and collaboration. By working closely with industry leaders, regulatory bodies, and our customers, we aim to set new standards for IoT security that will protect and empower the next generation of connected devices.?

Event Announcement

Join Us at IoT Tech Expo Amsterdam

We are excited to announce that DigiCert will be attending the IoT Tech Expo in Amsterdam on October 1-2, 2024. This event is a fantastic opportunity to connect with industry experts, explore the latest in IoT technology, and discuss your device security needs with our team. In addition to an engaging speaking session from DigiCert Engineering VP Dr. Avesta Hojjati where he discusses major development in IoT product security and the urgency associated with PQC, we will have a private meeting space available and are looking forward to engaging with current and potential customers about Digital Trust, Device Trust Manager, and TrustCore SDK. If you’re attending, we encourage you to set up a meeting with us to explore how our solutions can support your IoT strategy.

We will also be hosting a happy hour, IoT Connect & Unwind at IoT Tech Expo in our meeting room on October 1 from 3:30pm-6:00pm CET. Come enjoy complimentary snack and beverages—including wine and beer—and see how Device Trust can secure your IoT devices. ?

Product Updates

TrustCore SDK: Enhanced Security and Integration?

DigiCert TrustCore SDK remains at the forefront of embedded IoT security, offering a comprehensive framework for developers. The latest updates, as detailed in the TrustCore SDK Release Notes, bring significant enhancements such as support for OpenSSL 3.0.12 and DTLS 1.3.?

We have big plans for TrustCore SDK including:?

• NanoMQTT: We are excited to announce our upcoming NanoMQTT client, with support for MQTT 3.1.1 and MQTT 5.0. This lightweight MQTT client is perfect for connecting your devices with MQTT brokers such as HiveMQ, AWS IoT Core and Azure Event Grid MQTT. It supports certificate-based authentication (of course!) and TLS 1.2/1.3 (using our NanoSSL module).?

• NanoCert: We are excited to announce our upcoming NanoCert module, which includes a SCEP client (RFC 8894) and an EST client (RFC 7030), allowing you to automate certificate issuance and renewal from your IoT devices.
• Post-Quantum Cryptography (PQC) Support: Prepare your devices for future security challenges with support for the newly approved Dilithium algorithm (FIPS-204 / ML-DSA), providing advanced protection against quantum-era threats.?

Looking ahead, DigiCert TrustCore SDK will continue to evolve, with upcoming features designed to meet the growing demands of IoT security and compliance. Come visit our new TrustCore SDK docs site at https://dev.digicert.com/en/trustcore-sdk.html.

?

Device Trust Manager: Expanding Capabilities for Comprehensive IoT Security??

Device Trust Manager continues to evolve, integrating new features designed to provide comprehensive security and management across IoT devices. With the increasing complexity of connected devices and regulatory compliance (e.g. UK PSTI, EU CRA), Device Trust Manager is becoming an essential product for organizations aiming to maintain robust security while managing device lifecycles at scale.?

We are excited to announce that Device Trust Manager will soon incorporate full certificate lifecycle management (CLM) capabilities previously exclusive to IoT Trust Manager, further enhancing its functionality. CLM will enhance the existing Device Trust Manager feature set which already includes secure deployment and management of software updates across large fleets of devices, ensuring that your devices remain up-to-date and secure. ?

TrustEdge: Simplified Device Management?

As part of the Device Trust Manager suite, the IoT device agent, known as TrustEdge, has been designed to streamline the management of IoT devices by automating key security processes. With TrustEdge, users can efficiently manage device certificatese renewals, and software updates (delivered through Device Trust Manager), ensuring that devices remain compliant with the latest industry standards. We’re also pleased to announce that TrustEdge is now available for free download, providing an easy-to-use CLI with powerful features- learn more here.??

With the TrustEdge, you can quickly create keypairs, CSRs, and submit a CSR to a CA with one, simple to use CLI.??

This newsletter is a publication by DigiCert, designed to keep you informed about the latest in device trust and security. We value your feedback and would love to hear your thoughts on this edition. If you have any topics you’d like us to cover in future editions, please let us know!?