Redesigning PKI to Solve Revocation, Expiration, and Rotation Problems

Explore the challenges and solutions in Public Key Infrastructure (PKI) for IoT devices in this 49-minute Black Hat conference talk. Delve into the hard-learned lessons from a former Director of Security at major tech companies, covering issues like expired keys, accidental private key exposure, and large-scale key replacements. Gain insights into the pitfalls of PKI, especially in IoT environments where consumers or site managers bear the burden of updates and fixes. Discover a redesigned approach to PKI that addresses revocation, expiration, and rotation problems. Learn about key concepts including identity, encryption, and threat models specific to IoT devices. Examine various scenarios such as fleet management, device workflows, server and application processes, breach recovery, and real-time provisioning. Get introduced to open-source solutions and see a demonstration of innovative PKI alternatives. Enhance your understanding of cybersecurity challenges in IoT and explore cutting-edge solutions to improve device security and management.