3. Provision IoT devices and systems with unique identities and credentials - Securing Internet of Things (IoT) with AWS

3. Provision IoT devices and systems with unique identities and credentials

Provision IoT devices and systems with unique identities and credentials. Apply authentication and access control mechanisms at each system interface.

Strong identity controls are key to operational excellence. However, IoT implementation considerations around physical control of devices range widely. Therefore, not only is it important to ensure devices receive unique identities and credentials, but also that those credentials are appropriately protected on the device, and monitoring and automated remediation plans are put in place when there’s deviation from expected standards.

  • Assign unique identities to IoT devices such as X.509 certificates to each device. Monitor that the identity does not change on devices or that certificates are not reused.

  • Create mechanisms to facilitate the generation, distribution, rotation, and revocation of credentials.

  • When appropriate, use hardware-protected modules such as TPMs for storing credentials and performing authentication operations.

  • Avoid hardcoding credentials or storing secrets that are not unique to the device on IoT devices.

Supporting AWS resources

AWS provides the following assets, services, and capabilities to help you identify, sort, and secure your IoT assets: