Machine to Machine (M2M) Certificates Versus Traditional Certificates

Conceptually there is no difference between traditional certificates and M2M certificates. Both types of certificates are intended to authenticate via a trusted third party the identity of communicating entities.

Traditional certificates were designed in an era when desktops and laptops were the predominant source of computing power and digital communications. Bandwidth issues were virtually non-existent. Smart cards and smart phones were on the distant horizon. In other words, traditional certificates were never designed for use in very constrained environments where computing, bandwidth, power and storage are issues of great importance.

TrustPoint’s M2M certificates, on the other hand, have been specifically designed to address constrained environments. Our M2M certificates are based on Elliptic Curve Cryptography (ECC). ECC provides the most security per bit of any known public-key scheme. Our M2M certificates provide all of the functionality of traditional certificates but with a considerably smaller footprint.

The discovery of ECC in 1985 and subsequent protocol developments paved the way for M2M certificates.

It is important to realize that M2M certificates, which are ideally suited for constrained environments, will work effectively and efficiently in any environment and provide much higher security levels than traditional certificates can. Due to legacy issues, traditional certificates will be part of the laptop/desktop environment for some time to come, but M2M certificates will be all-pervasive in the M2M environment where traditional certificates just won’t work.

The Need for M2M Certificates

Increasingly we require various types of machines to communicate with each other without being initiated by a human applying keystrokes. There are many examples where such technology is required. In what follows are a number of examples illustrating the requirement.

  • Smart Energy

Smart energy technology in the home is a means for appliances, thermostats, lights and any other device which controls the use of energy to communicate with the various utilities supplying the home. Connectivity to the utilities will be via the internet.

Security is a must since one does not want a hacker to have the ability to gain control of these devices.

  • Near Field Communications (NFC)

This is a relatively new emerging technology with huge potential in many application areas. Some of these areas are anti-cloning, payments, access control to facilities and easy access to websites you might want to visit. Most of these applications will make use of smart phones.

Authentication is crucial to making NFC successful. Authentication comes from M2M certificates. The NFC Security working group is defining the cryptographic components to secure these applications. This group is recommending ECC and M2M certificates to provide strong authentication.

  • Vehicle to Vehicle (V2V)

In IEEE there is a standard being developed, (and very close to completion), which addresses the need to have vehicles communicate with each other over short distances in order to provide better road safety and other information that might be relevant to both the vehicle and the occupants of the vehicle.

For example, suppose two vehicles are converging at an intersection and approaching at a right angle to the other. The vehicles will communicate and one may say that the car is not going to stop at the red light and that the other vehicle should take evasive action.

Authenticating the vehicles is extremely important. One does not want a disruptive person to have the ability to convince a car to take evasive action when none is required.

The security-working group for vehicle to vehicle is IEEE1609.2, and it is recommending ECC as the underlying cryptographic technology and also the use of M2M certificates to provide the necessary authentication.

M2M Security

TrustPoint is bringing to the market a solution specifically designed to provide users and devices connected to M2M end points the ability to securely verify the authenticity of the sending device.

M2M devices are typically small, low cost, inexpensive, and able to operate unattended by humans for extended periods of time.

In many cases, it is likely that M2M devices will be deployed in very large quantities (e.g., tens of thousands), and many of them will also be mobile, making it challenging for operators or subscribers to send personnel to manage or service them.

Lastly the overall risk for M2M is more profound, especially when you consider that M2M can involve vehicle-to-vehicle, utility and healthcare connections. M2M doesn’t just present a more widespread threat with which to deal, it also presents one that is greater in terms of both severity and repercussions for networks and their users alike.

It is for these reasons it is imperative that M2M devices are deployed with secure features such as certificates. Users and points connected to M2M end points can verify the authenticity of the sending point by verifying its certificate with confidence.

Since M2M devices are typically small, low cost and inexpensive it is imperative to be able to deploy not only highly secure certificates but to do so utilizing the smallest footprint possible.

Elliptic Curve Cryptography (ECC) based certificates are ideally suited to meet such needs.