Executive Summary
This white paper outlines best practices for IoT device identity and lifecycle management across smart city and industrial IoT deployments. From manufacturing to retirement, securing the identity of every device ensures trust, resilience, and compliance. This framework leverages secure provisioning, cryptographic agility, zero-trust onboarding, and secure retirement policies.
Lifecycle Phases
Manufacturing (T0)
- Inject hardware root of trust (HRoT).
- Generate asymmetric keypairs inside secure elements.
- Record immutable identity in a manufacturing ledger.
Provisioning (T1)
- Use authenticated onboarding protocols (e.g., DPP, FDO, SPAKE2+).
- Bind device to owner via X.509 or COSE credential issuance.
- Assign initial policy (network access, telemetry scopes).
Operational (T2–Tn)
- Regular session key rotations.
- Certificate renewal/short-lived credential issuance.
- Remote attestation for runtime integrity.
- Policy enforcement via cloud or edge PDP.
Retirement (Tx)
- Revoke credentials in cloud CA.
- Secure wipe of all secrets.
- Update asset register and compliance logs.
Best Practices
- Per-device certificates signed by trusted CA.
- No shared secrets; all keys derived or unique.
- Automated certificate renewal (ACME-like flows).
- Hardware secure storage mandatory for identity keys.
- Audit trails linked to each lifecycle phase.
Conclusion
A robust identity and lifecycle management strategy ensures long-term IoT resilience. Cities and enterprises can prevent rogue devices, simplify credential rotations, and comply with NIST/ETSI/IEC standards while scaling to thousands of devices.
