Using connected sensors in factory equipment and city infrastructure involves risks. Once devices are connected to the internet or other devices in the vicinity, hackers and other security threats have another way of breaking inside them. One way to secure these devices is using what's known as attestation.
Attestation is the process of verifying that devices are authorized to share information with other devices, and it is increasingly implemented in hardware. Microchip recently became the latest company to add the technology to its Internet of Things security platform, using Intel's Enhanced Privacy ID or EPID protocol.
The EPID protocol is built directly into analog and mixed signal-processors, as opposed to being implemented on the software level of the system. This provides users with an anonymous fixed identity, not unlike a fingerprint, that protects personal information from unauthorized access at endpoints and gateways.
According to an article written by Lorie Wigle, Intel’s general manager of Internet of Things Security, EPID allows users to be verified as part of an authorized group rather than by a private security key. EPID employs a digital signature scheme that connects a single group security key with multiple private keys.
Ernie Brickell, the chief security architect at Intel, explained in 2011 that each unique private key can be used to generate an untraceable signature, which can be verify against the group security key. Membership can be determined without revealing the identity of the user, adding another layer of privacy.
In his keynote speech at the Design Automation Conference last year, Brickell said that hardware security is vital to security Internet of Things devices. He stressed that it cuts vulnerabilities out of connected devices, while software updates—and the lines of code introduced by them—could increase the attack surface for potential threats.
EPID, which has shipped in Intel products since 2011, is compatible with International Organization for Standardization and Trusted Computing Group standards for privacy and identity. Microchip’s IoT Security Platform with the protocol debuted at the 2015 Intel Developer Forum in San Francisco. Microchip also plans to support EPID in its development tools and software libraries.