What is kusabi
kusabi™ is “IoT security infrastructure services” which provides consistent security measures at all stages from the design of IoT to development, mass production and operation.
The variety of familiar IoT devices such as network cameras that watch the safety of consumers, and smart meters, are becoming very difficult to apply conventional PC type security measures, because they often have restrictions on processor and memory performance.
Furthermore, security measure for IoT devices are an urgent issue by IoT device market that is rapidly expanded.
In particular, it has a pile of issues to be improved when many IoT devices are connected to a network.
kusabi™ is IoT security infrastructure service developed by IBC using the software technology to solve the security problem of IoT devices.
The concept of kusabi™ is to provide CIA(Confidentiality, Integrity, Availability) which is the three elements of information security optimum for IoT devices.
In other words, we apply blockchain technology that combines integrity and availability to the electronic certification service, and realize a mechanism with confidentiality on the software layer for each IoT device.
Kusabi trust realized “Three unnecessary”
No Certificate Authority Registration
Device provisioningNo Dedicated Chips
No Certificate Authority Registration
kusabi™ provides a service that effectively utilizes a public-key.
By using the blockchain technology, a public-key authentication by a third party is not required, and both simplicity of private authentication and securing of credit equivalent to a certificate authority are compatible. By using the kusabi™ electronic certification system (patent pending) API, it is possible to realize DevOps that incorporates security.
No Dedicated Chips
As a recent trend, there is a mechanism to set keys individually for each IoT device. This is a method of secured trust installing a dedicated chip with pre-registered CA (Certification Authority).
A dedicated chip + CA (Certification Authority) is one of the security measures using existing infrastructure, but the problem is high cost.
kusabi™ realizes device security that does not rely on a dedicated chip by using kusabi™ device provisioning system (patent pending) API.
We are proceeding with PoC(Proof of Concept) on anti-malware using electronic certification system API and device provisioning system API.
01. Current status of security
Current IoT security measures are applying existing PC security measures. However, in the business use case of IoT, it is often not convenient for conventional security measures.
It is impossible to control potential risks such as simple human errors, easy password setting and malicious loading (back door, etc.).
Also, the diversity of IoT devices is a major issue. The mechanism of distributing vaccine software was effective as anti-malware, because the standard OS of the PC is on the infrastructure.
However, in diversified IoT, countermeasures are difficult because vaccines themselves are difficult to divert.
In addition, it is also a problem that many IoT devices are installed in many places.
Control of enormous devices itself is a risk factor, and operating costs are also increasing. There is also the possibility that a device that has leaked out of control will destroy social infrastructures.
02. Improvement and new problem by a dedicated chip + CA (Certification Authority) model
The new security model by a dedicated chip and CA (Certification Authority) model attracts attention, as deepening IoT security measure. It is an effective measure as security. However, cooperation between physical device and CA (Certification Authority) is greatly affects manufacturing costs and operation costs.
Also, the dependence of dedicated chips on vendors will be increased, it will also be a heavy drag to product development in IoT devices.
Furthermore, traffic failures will be occurred by concentrating inquiries from a large number of devices to a CA (Certification Authority).
The dedicated chip + CA (Certification Authority) model will have a new problem mentioned above.
03. Business solution by kusabi model
The kusabi™ model realizes IoT security only by software with the electronic certification system by the blockchain technology and the original device provisioning technology.
It can be resolved vendor dependent, reduce costs and flexibility device evolution. Because, security measures can be taken without relying on a specific device vendor.
Moreover, it can correspond to various kinds of devices and a new technology can be easily incorporated because of software security.
The kusabi™ model is a software-oriented IoT security infrastructure service that can be applied to various IoT business use cases.
Comparison summary of kusabi model and hardware + CA model
We organized the players and responsible areas necessary for each of the kusabi™ model and hardware + CA (certificate authority) model and listed below.
|The Kusabi Model||The Dedicated Chip Model|
|Player||Chip vendor||【unnecessary】Utilized the electronic certification system of kusabi||【necessary】Write the key to the hardware module of the dedicated chip at the production step.|
|CA(Certification Authority)||【unnecessary】Utilized the electronic certification system of kusabi||【necessary】Issuing and managing the electronic certificates on each device at the shipping step using the key of the above hardware module.|
|IoT device vendor||【necessary】Install the startup / initialization program using API of the kusabi device provisioning system||【necessary】Install the startup / initialization program using PKI Library of CA.|
|Integrator||【necessary】Provide an edge server using API of the kusabi device provisioning system||【option】Presence as an orchestrator of chip vendors, CA and security vendors.|
（IBC is positioned here.）
|【necessary】Kusabi is OS independent.||【necessary】An anti-virus software vendor that IoT device runs on general OS such as Linux.|
|Cost||License fee of kusabi||License fee is accrued for each player of chip vendors, CA and security vendors|
|Versatility||A system customized for each user can be provided by an integrator.||It is locked in to the system (service) provided by each player of chip vendors, CA and security vendors.|