Securing IoT Networks: NCCoE and CableLabs Collaborate to Develop Trusted Onboarding Solution

Securing IoT Networks: NCCoE and CableLabs Collaborate to Develop Trusted Onboarding Solution

Kyle Haefner
Principal Security Architect

May 9, 2023

Billions of Internet of Things (IoT) devices have been added to the internet over the past several years. During that time, millions of insecure IoT devices have contributed to massive Distributed Denial of Services (DDoS) attacks, exposing end users’ private data. To address the problem of insecure IoT devices, CableLabs participates in and contributes to several industry standards development organizations with the goal of building security into the very foundation of new devices and IoT protocols. This work culminates in the release of Matter 1.0, a secure interoperable IoT specification that major industry players are rapidly adopting.

Secure IoT Onboarding

The next critical challenge in enhancing IoT security is to extend interoperability between devices and the networks that connect them. Smart-home networks must be able to facilitate the addition of new devices, validate devices that are connected, help ensure that those devices are fully patched and updated, and safely isolate them if they’re vulnerable.

The next generation of smart-home networking begins with connecting the devices securely the first time. It’s no longer sufficient or secure to ask that consumers share their Wi-Fi password with every device on their smart home network. The network must be smart enough to give each device its own credentials to connect to the network. Crucially, the process for adding (also called onboarding) a device to the smart home network must be simple, seamless and secure.

Industry and Government Collaboration

To address this challenge, CableLabs has joined the National Cybersecurity Center of Excellence (NCCoE) Trusted Device Network-Layer and Lifecycle Management. CableLabs and 10 other companies have been collaborating to develop a reliable network-layer onboarding solution for all IoT devices. This solution leverages established non-proprietary standards and protocols, offering secure onboarding while providing device identification, authentication and authorization. This project covers the following objectives:

  • Provide the device with unique network credentials that can be updated securely and automatically, allowing the network to authenticate the device and eliminating the need for a shared password across all IoT devices.
  • Employ a secure network-layer protocol to facilitate the secure and automatic provisioning of devices with both network and application-layer credentials for connecting with other devices and the cloud.
  • Demonstrate successful interoperability between devices built and configured by participating industry collaborators.

Streamlining the User Experience

CableLabs’ contributions to the Trusted Device Network-Layer and Lifecycle Management project harness the simplicity of Wi-Fi Easy Connect from the Wi-Fi Alliance, the secure interoperability of IoTivity from Open Connectivity Foundation and the powerful technology behind CableLabs’ Micronets to create a secure and streamlined process that allows users to onboard, provision and secure devices on their smart-home networks in a single intuitive step.

CableLabs’ involvement in the Trusted Device Network-Layer and Lifecycle Management project underscores its commitment to advancing IoT security and developing best practices for secure and effortless device onboarding. By collaborating with other industry leaders, CableLabs aims to promote the adoption of secure IoT technologies and ensure that consumers have access to reliable and user-friendly solutions for managing their connected devices.

A draft of this work can be found at NIST Special Publication (SP) 1800.