Project overview

One of our clients, a French national telecom operator, wanted to improve the security of communications between connected products and its multimedia service platforms as part of the development of the next-generation IoT.

Project context and goals

​Connected products, existing devices which have already been deployed, communicate with different IT servers to deliver multimedia services to clients. Sensitive data such as clients’ personal information is transmitted over the network so the aim was to guarantee the confidentiality, integrity and provenance of this data by encrypting communications.

Deployed solution – Missions completed

To secure data flows, we recommended implementing the most secure version of a highly reliable standard communication protocol: mutual HTTPS (e.g. HTTP + mutual TLS). This requires both connected products to have additional security resources, namely digital certificates. Certificates act as an ID card, securing data flows between the connected products.

A dedicated ecosystem (a Public Key Infrastructure or PKI) is normally required to deliver digital certificates. Given the challenges in terms of timescale and volume of certificates to be generated, we recommended deploying the PrivacyIDEA solution. This can generate certificates on the fly and when requested by products once these have been authenticated with a time-based one-time password (TOTP, Time-based One-Time Password) and shared secret. PrivacyIDEA serves as a lightweight PKI allowing certificate auto-enrollment for and by devices with TOTP pre-authentication.

Benefits

The solution met the initial requirement of securing data flows to and from connected devices. Based on new integration and virtualization technologies such as Docker and Kubernetes, it is now being rolled out to all our client’s products. This significant improvement in security will benefit our client’s company and their customers.