Comment on page
Disadvantages of Certificates
Why certificate-based authentication solutions are not suited for IoT applications.
Today most IoT applications use a certificate-based authentication solution, however, these solutions have several drawbacks and carry significant security risks.
Certificate management is a cumbersome process in all life-cycle stages of any IoT device. As certificates need to be created, signed, and installed on each device individually, and since they also expire at some point in the future the whole process eventually needs to be repeated. This whole process gets significantly more complex as the number of devices grows. Furthermore, due to the complexity of the process, important questions often remain unanswered. Questions such as:
- How certificates are updated once they expire?
- How certificates are replaced in case the certificate or CA is compromised?
- How to ensure a secure end-of-life process for decommissioned devices?
As a consequence of the above-mentioned open questions, most IoT applications choose to use long-living certificates, with lifetimes up to 5 years or even longer, to avoid the process of renewing certificates on devices that are deployed in the field. As a result, significantly increasing the security risk and with no backup plan in case of a compromise of the device certificate or even worse the entire CA. This, in an ever-changing digital environment where the discovery of the next security vulnerability is not a question of "if" but "when".
The sole purpose of certificates is to authenticate. As a result, certificate-based solutions do not provide any means of authorization. To overcome this shortcoming, certificate-based solutions often introduce customized means of authorization that enable only a single use case that is not standardized and is inherently insecure.