FIDO Alliance Establishes New Standard for IoT Devices

The FIDO Alliance, which is self-defined as “an open industry association with a focused mission: authentication standards to help reduce the world’s over-reliance on passwords,” has announced its new onboarding standard to secure Internet of Things (IoT). 

The FIDO Device Onboard (FDO) protocol is an open IoT standard that “enables onboard to cloud and on-premise management platforms,” according to the press release. The FIDO Alliance sets out to tackle some of the issues around security, cost, and complexity of IoT device deployment. 

Worldwide Collaboration  

Part of the initiative has included the bringing together of over 250 influential and innovative companies and government agencies around the globe, setting out to address cyber security in order to create a more secure online environment. 

According to IDC, the IoT market is expected to reach over $1 trillion in 2022, but the majority of businesses are still concerned about data breaches. A recent survey of 107 IoT leaders found that 85% still have security concerns as a major barrier to IoT adoption. 

The FIDO Alliance’s FDO specification has reached Proposed Standard status, meaning it is open and free to implement. The collaboration specifically targeted IoT security in onboarding to combat global data breaches. The specification is initially being aimed at industrial and commercial applications. 

Andrew Shikiar is executive director and CMO of the FIDO Alliance. 

“The FIDO Device Onboard standard released today builds on the Alliance’s ongoing efforts to help close the security gaps that currently exist on the web, by expanding this work into IoT applications,” said Shikiar. “Businesses recognize the huge potential of the IoT and the enormous benefits it can bring to manufacturing, retail, healthcare, transportation, logistics and more. The paradigm needs to shift immediately so we can move IoT technologies ahead with safer, stronger and more secure means of authentication for these important uses in industrial and commercial environments.”

FDO Device Onboard Standard

FDO, an automated onboarding protocol for IoT devices, provides a fast and secure way to onboard devices to any device management system by relying on asymmetric public key cryptography. 

There are a few major aspects of the FIDO Device Onboard standard: 

• Simple: The FDO process is highly automated and does not require anyone to have a high-level of experience, meaning businesses save money by not having to pay for technical installation.
  
• Flexible: The FDO process is also flexible, enabling businesses to decide which cloud platforms to use to onboard devices.

• Secure: FDO relies on an “untrusted installer” approach, meaning the installer does not require access to sensitive infrastructure.

Christine Boles is Vice President of Internet of Things Group and General Manager of Industrial Solutions at Intel. 

“This is a major milestone that aims to solve one of today’s critical challenges with deploying IoT systems. The new FDO standard will help reduce cost, save time and improve security, all helping the IoT industry to expand rapidly,” said Boles. “Implementation of the FDO standard will enable businesses to truly take advantage of the full IoT opportunity by replacing the current manual onboarding process with an automated, highly secure industry solution.”

The new initiative is part of FIDO Alliance’s overall goal of reducing reliance on passwords by providing simpler and stronger authentication, which prevents scalable attacks. 

The FIDO Alliance and collaborative partner IoT Technical Working Group will host a webinar on March 7 to review the FIDO Device Onboard standard. The specification can be viewed and downloaded by developers here.