Device Identity and Trust Establishment in Mass-Manufactured IoT Systems
DOI:
https://doi.org/10.63282/3050-9416.IJAIBDCMS-V7I1P122Keywords:
Device Identity, Iot Security, Mass-Manufactured Iot Systems, Hardware Root Of Trust, Manufacturing-Time Provisioning, Supply Chain Security, Zero-Trust Architecture, Device Attestation, Certificate-Based Authentication, Mutual TLS (Mtls), Credential Revocation, Lifecycle Security Management, Secure Boot, Embedded Systems Security, Long-Term Operational TrustAbstract
Security in mass-manufactured IoT systems depends on device identity established during manufacturing and preserved across operational lifecycles spanning 10-20 years. Current deployments use identity models that fail under physical access, supply-chain compromise, or credential abuse. This paper analyzes device identity as an architectural primitive, examines failures in automotive infotainment, HVAC, and water-heating deployments, and presents a hardware-rooted, lifecycle-aware architecture that emphasizes establishing manufacturing-time trust, explicit revocation, and zero-trust operation.
References
1. NIST, "Digital Identity Guidelines," NIST Special Publication 800-63, Rev. 4, 2023.
2. NIST, "Zero Trust Architecture," NIST Special Publication 800-207, 2020.
3. NIST, "IoT Device Cybersecurity Capability Core Baseline," NISTIR 8259A, 2021.
4. ISO/IEC, "Trusted Platform Module (TPM) Library Specification," ISO/IEC 11889, 2015.
5. IEEE, "Secure Device Identity," IEEE Std 802.1AR-2018.
6. ISO/SAE, "Road Vehicles — Cybersecurity Engineering," ISO/SAE 21434, 2021.
7. Connectivity Standards Alliance, "Matter Core Specification," Version 1.2, 2023.
8. Connectivity Standards Alliance, "Device Attestation Architecture," 2023.
9. D. Cooper et al., "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile," IETF RFC 5280, 2008.
10. M. Pritikin et al., "Enrollment over Secure Transport," IETF RFC 8554, 2019.
11. M. Richardson et al., "Bootstrapping Remote Secure Key Infrastructures," IETF RFC 8995, 2021.
12. ETSI, "Cyber Security for Consumer Internet of Things," ETSI TS 103 645, 2020.
13. ENISA, "Baseline Security Recommendations for IoT," European Union Agency for Cybersecurity, 2020.
14. ARM Ltd., "Platform Security Architecture (PSA) Certified Framework," 2022.
15. J. Großschädl et al., "Hardware Security for the Internet of Things," IEEE Design & Test, vol. 34, no. 1, pp. 5–15, Feb. 2017.
16. M. Ammar et al., "Internet of Things: A Survey on the Security of IoT Frameworks," Journal of Information Security and Applications, vol. 38, pp. 8–27, 2018.
17. S. Sicari et al., "Security, Privacy and Trust in Internet of Things: The Road Ahead," Computer Networks, vol. 76, pp. 146–164, 2015.
