Machine-to-Machine (M2M) Certificates Versus Traditional Certificates
Conceptually there is little difference between traditional certificates and new M2M certificates; both are intended to authenticate identities via a trusted third party. However in practice their characteristics lead to dramatically different bandwidth usage, computing performance, and storage requirements.
Traditional certificates were designed in an era when desktops and laptops were the predominant source of computing power and digital communications. Smart cards and smartphones were on the distant horizon, and connected devices were rare. In other words, traditional certificates were not designed for use in constrained environments where computing, bandwidth, power and storage are issues of great importance.
TrustPoint's M2M certificates have been specifically designed to perform well in constrained environments. Our M2M certificates are based on Elliptic Curve Cryptography (ECC). ECC provides the most security per bit of any known public-key scheme. Our M2M certificates provide all of the functionality of traditional certificates but with a considerably smaller footprint.
The discovery of ECC in 1985 and subsequent protocol developments paved the way for M2M certificates.
It is important to realize that M2M certificates, which are ideally suited for constrained environments, will work effectively and efficiently in any environment and provide much higher security levels than traditional certificates can. Due to legacy issues, traditional certificates will be part of the laptop/desktop environment for some time to come, but M2M certificates will be all-pervasive in the M2M environment where traditional certificates just won't work.
The Need for M2M Certificates
Increasingly we require various types of machines to communicate with each other without being initiated by a human applying keystrokes. There are many examples where such technology is required. In what follows are a number of examples illustrating the requirement.
- Smart Energy
Smart energy technology in the home is a means for appliances, thermostats, lights and any other device which controls the use of energy to communicate with the various utilities supplying the home. Connectivity to the utilities will be via the internet.
Security is a must since one does not want a hacker to have the ability to gain control of these devices.
- Near Field Communications (NFC)
This is a relatively new emerging technology with huge potential in many application areas. Some of these areas are anti-cloning, payments, access control to facilities and easy access to websites you might want to visit. Most of these applications will make use of smartphones.
Authentication is crucial to making NFC successful. Authentication comes from M2M certificates. The NFC Security working group is defining the cryptographic components to secure these applications. This group is recommending ECC and M2M certificates to provide strong authentication.
- Vehicle-to-Vehicle (V2V)
In IEEE there is a standard being developed, (and very close to completion), which addresses the need to have vehicles communicate with each other over short distances in order to provide better road safety and other information that might be relevant to both the vehicle and the occupants of the vehicle.
For example, suppose two vehicles are converging at an intersection and approaching at a right angle to the other. The vehicles will communicate and one may say that the car is not going to stop at the red light and that the other vehicle should take evasive action.
Authenticating the vehicles is extremely important. One does not want a disruptive person to have the ability to convince a car to take evasive action when none is required.
The security-working group for vehicle to vehicle is IEEE 1609.2, and it is recommending ECC as the underlying cryptographic technology and also the use of M2M certificates to provide the necessary authentication.