1:1 security

Total IoT security through dedicated access control means that each device to be protected gets their own dedicated XoT hardware.  This is central to the solution as in the case of malfunction, or the extreme unlikelihood of a breach, all other devices remains unaffected.

All XoT hardware is built around the same concept of dedicated security for each device, even when delivered in a rack format

The 1:1 security solution that XoT delivers, sets it aside from most other security offerings on the market as they are one-to-many in their design and implementation and hence pose a high security risk.

Access control/lock and key

Strict access control is achieved by designing the solution so that the XoT hardware, regardless of form factor, will act as a dedicated permanent lock that can only be opened with the appropriate key from the end-user.

The customer has flexibility in choosing what type of key they want to use as the XoT technology™ allows for a multitude of translations into full security on the XoT hardware end.

It is strongly recommended to use a PKI based certificate for end-users to ensure that they and only they can access the resources behind an XoT hardware.

Undeniable identities

All security is based on identities, both for man and machine, knowing who or what is trying to use a resource in the network

True IoT security requires the identity to be undeniable so that there can be no question about who the user actually is. This in turn means that two-factor authentication is needed for the solution to reach the security level it has the potential to deliver.

XoT technology™ allows the customer to use almost any type of identification of end-users, although those based on certificates and two-factor authentication are recommended.

Zero trust

Zero trust is a way to design and build security solutions based on that you should never assume, always verify. In the case of XoT it means that there are no other way of accessing a protected device than securely showing an accepted identity.

Zero trust means that security needs to extend beyond the obvious and that no one, employees, consultants, co-operation partners or others, can be trusted.

The customer has full freedom in how to secure each end-user but the recommended minimum level is based on a physical token and a secure certificate, making it a secure a two-factor authentication.

PKI and certificates

PKI, Public Key Infrastructure, is a standardised technology that has been in use for many years and that is now getting high traction through 5G networks and IoT sensor among many things.

PKI when correctly implemented is the most secure way to identify both users and equipment and is based on two certificates, a public one and a private one. The public key (certificate) is distributed widely and used by others to encrypt all communication to a specific recipient. The private key is the only one that can decrypt the data and thereby needs to be stored extremely securely.

On the XoT hardware this is done on a dedicated secure module and for the end user some sort of token or smart-card is needed. Management and revocation of certificates is done in a dedicated certificates server, integrated into the XMS for ease of use and true life-cycle management.

Agnostic solution

The XoT solution is based on an agnostic approach to type of device, choice of connectivity and ways to identify end-users, thus making it extremely flexible and easy to implement and manage while still maintaining high security.

With more than 2 billion connected professional devices in use, the only one way to achieve true security is to focus on the access and communication to and from each device. As long as the device uses a standardised communication port (fixed or wireless) and IP it can be fully secured and there is no need to reconfigure or interact directly with each device.

The XoT client software allows end-users to reach any XoT hardware and thereby the protected device behind it, regardless of type of network. The XoT client SW gives the customer the flexibility to use any type of identity for the end user but still utilising PKI and full encryption on all communication to and from that XoT device.

User security evolution path

1

Passwords and LDAP Directory

Low level security for users, high level for devices

Requires: LDAP directory, SQL database, CA

2

Certificates on laptops

Increased security for users  but still open to man-in-the-middle attacks

Requires: LDAP directory, SQL database, CA

3

Certificates on token to access XoT devices

High security for man and machine with simple implementation

Requires: LDAP directory, SQL database, CA, Group policy Mngmt

4

Certificates on token for all purposes

Expanding use of certificates to all systems and data sources

Requires: LDAP directory, SQL database, CA, Group policy Mngmt, New CA

5

Smart cards for users

Highest level of user authentication

Requires: LDAP directory, SQL database, CA, Group policy Mngmt, New CA, LOA3 processes