IoT 中心设备预配服务安全性概念IoT Hub Device Provisioning Service security concepts

IoT 中心设备预配服务是一项 IoT 中心帮助程序服务,该服务用于将零接触设备预配到指定 IoT 中心。IoT Hub Device Provisioning Service is a helper service for IoT Hub that you use to configure zero-touch device provisioning to a specified IoT hub. 使用设备预配服务,可以通过安全且可缩放的方式自动预配数百万台设备。With the Device Provisioning Service, you can auto-provision millions of devices in a secure and scalable manner. 本文概述了设备预配中涉及的安全性概念 。This article gives an overview of the security concepts involved in device provisioning. 本文涉及设备部署准备工作中提及的所有角色。This article is relevant to all personas involved in getting a device ready for deployment.

证明机制Attestation mechanism

证明机制是用于确认设备标识的方法。The attestation mechanism is the method used for confirming a device's identity. 证明机制也与注册列表相关,注册列表告知预配服务对给定设备使用哪种认证方法。The attestation mechanism is also relevant to the enrollment list, which tells the provisioning service which method of attestation to use with a given device.

备注

IoT 中心将该服务中类似的概念称为“身份验证方案”。IoT Hub uses "authentication scheme" for a similar concept in that service.

设备预配服务支持以下证明形式:Device Provisioning Service supports the following forms of attestation:

  • 基于标准 X.509 证书身份验证流的 X.509 证书 。X.509 certificates based on the standard X.509 certificate authentication flow.
  • 基于 nonce 质询的受信任平台模块 (TPM),使用密钥的 TPM 标准显示已签名的共享访问签名 (SAS) 令牌 。Trusted Platform Module (TPM) based on a nonce challenge, using the TPM standard for keys to present a signed Shared Access Signature (SAS) token. 此证明形式不需要设备上的物理 TPM,但是服务要求按照 TPM 规范使用认可密钥来证明。This form of attestation does not require a physical TPM on the device, but the service expects to attest using the endorsement key per the TPM spec.
  • 基于共享访问签名 (SAS) 安全令牌的对“称密钥”,包括哈希签名和嵌入的过期。Symmetric Key based on shared access signature (SAS) Security tokens, which include a hashed signature and an embedded expiration. 有关详细信息,请参阅对称密钥证明For more information, see Symmetric key attestation.

硬件安全模块Hardware security module

硬件安全模块(或称 HSM)用于安全的、基于硬件的设备机密存储,是最安全的机密存储形式。The hardware security module, or HSM, is used for secure, hardware-based storage of device secrets, and is the most secure form of secret storage. X.509 证书和 SAS 令牌都可以存储在 HSM 中。Both X.509 certificates and SAS tokens can be stored in the HSM. HSM 可以与预配支持的证明机制一起使用。HSMs can be used with both attestation mechanisms the provisioning supports.

提示

我们强烈建议将 HSM 用于设备,以便安全地存储设备上的机密。We strongly recommend using an HSM with devices to securely store secrets on your devices.

设备机密也可以存储在软件(内存)中,但它是比 HSM 更不安全的存储形式。Device secrets may also be stored in software (memory), but it is a less secure form of storage than an HSM.

受信任的平台模块Trusted Platform Module

TPM 可引用适用于安全存储用于对平台进行身份验证的密钥的标准,或者可引用用于与实现标准的模块交互的 I/O 接口。TPM can refer to a standard for securely storing keys used to authenticate the platform, or it can refer to the I/O interface used to interact with the modules implementing the standard. TPM 可以作为离散硬件、集成硬件、基于固件或基于软件的方式存在。TPMs can exist as discrete hardware, integrated hardware, firmware-based, or software-based. 详细了解 TPM 和 TPM 证明Learn more about TPMs and TPM attestation. 设备预配服务仅支持 TPM 2.0。Device Provisioning Service only supports TPM 2.0.

TPM 证明基于 nonce 质询,该质询使用认可和存储根密钥来提供已签名的共享访问签名 (SAS) 令牌。TPM attestation is based on a nonce challenge, which uses the endorsement and storage root keys to present a signed Shared Access Signature (SAS) token.

认可密钥Endorsement key

认可密钥是 TPM 内部包含的非对称密钥,该密钥在制造时在内部生成或注入并且对于每个 TPM 是唯一的。The endorsement key is an asymmetric key contained inside the TPM, which was internally generated or injected at manufacturing time and is unique for every TPM. 不能更改或删除认可密钥。The endorsement key cannot be changed or removed. 认可密钥的私有部分绝不会在 TPM 之外发布,而其公共部分则用于识别 TPM 的真伪。The private portion of the endorsement key is never released outside of the TPM, while the public portion of the endorsement key is used to recognize a genuine TPM. 详细了解认可密钥Learn more about the endorsement key.

存储根密钥Storage root key

存储根密钥存储在 TPM 中,用于保护应用程序创建的 TPM 密钥,这样在没有 TPM 的情况下便无法使用这些密钥。The storage root key is stored in the TPM and is used to protect TPM keys created by applications, so that these keys cannot be used without the TPM. 拥有 TPM 的所有权时,会生成存储根密钥;清除 TPM 以便新用户可以获得所有权时,会生成新的存储根密钥。The storage root key is generated when you take ownership of the TPM; when you clear the TPM so a new user can take ownership, a new storage root key is generated. 详细了解存储根密钥Learn more about the storage root key.

X.509 证书X.509 certificates

将 X.509 证书用作一种证明机制是扩大生产规模和简化设备设置的极佳途径。Using X.509 certificates as an attestation mechanism is an excellent way to scale production and simplify device provisioning. X.509 证书通常是信任证书链中一系列证书中的一个,证书链中的每个证书均通过下一个更高级别证书的私钥进行签名,位于链顶端的证书是自签名的根证书。X.509 certificates are typically arranged in a certificate chain of trust in which each certificate in the chain is signed by the private key of the next higher certificate, and so on, terminating in a self-signed root certificate. 此安排会建立一个委托的信任链,该信任链始于受信任根证书颁发机构 (CA) 生成的根证书,期间是每个中间 CA,终结于设备上安装的最终实体“叶”证书。This arrangement establishes a delegated chain of trust from the root certificate generated by a trusted root certificate authority (CA) down through each intermediate CA to the end-entity "leaf" certificate installed on a device. 有关详细信息,请参阅使用 X.509 CA 证书进行设备身份验证To learn more, see Device Authentication using X.509 CA Certificates.

证书链通常代表与设备关联一些逻辑或物理层次结构。Often the certificate chain represents some logical or physical hierarchy associated with devices. 例如,制造商可以:For example, a manufacturer may:

  • 颁发自签名根 CA 证书issue a self-signed root CA certificate
  • 使用根证书为每个工厂生成唯一的中间 CA 证书use the root certificate to generate a unique intermediate CA certificate for each factory
  • 使用每个工厂的证书为工厂中的每条生产线生成唯一的中间 CA 证书use each factory's certificate to generate a unique intermediate CA certificate for each production line in the plant
  • 并最终使用生产线证书为在生产线上制造的每台设备生成唯一的设备(最终实体)证书。and finally use the production line certificate, to generate a unique device (end-entity) certificate for each device manufactured on the line.

若要了解详细信息,请参阅概念性理解 IoT 行业中的 X.509 CA 证书To learn more, see Conceptual understanding of X.509 CA certificates in the IoT industry.

根证书Root certificate

根证书是表示证书颁发机构 (CA) 的自签名的 X.509 证书。A root certificate is a self-signed X.509 certificate representing a certificate authority (CA). 它是证书链的终点或信任定位点。It is the terminus, or trust anchor, of the certificate chain. 根证书可由组织自行颁发或从根证书颁发机构购买。Root certificates can be self-issued by an organization or purchased from a root certificate authority. 若要了解详细信息,请参阅获取 X.509 CA 证书To learn more, see Get X.509 CA certificates. 根证书也可称为根 CA 证书。The root certificate can also be referred to as a root CA certificate.

中间证书Intermediate certificate

中间证书是已由根证书(或其链中具有根证书的另一个中间证书)签名的 X.509 证书。An intermediate certificate is an X.509 certificate, which has been signed by the root certificate (or by another intermediate certificate with the root certificate in its chain). 链中的最后一个中间证书用于对分支证书进行签名。The last intermediate certificate in a chain is used to sign the leaf certificate. 中间证书也可称为中间 CA 证书。An intermediate certificate can also be referred to as an intermediate CA certificate.

最终实体“叶”证书End-entity "leaf" certificate

分支证书或最终实体证书标识证书持有者。The leaf certificate, or end-entity certificate, identifies the certificate holder. 它具有其证书链中的根证书以及零个或多个中间证书。It has the root certificate in its certificate chain as well as zero or more intermediate certificates. 分支证书不用于对任何其他证书进行签名。The leaf certificate is not used to sign any other certificates. 它向设置服务唯一标识设备,有时称为设备证书。It uniquely identifies the device to the provisioning service and is sometimes referred to as the device certificate. 在身份验证期间,设备使用与此证书关联的私钥响应来自服务的所有权证明质询。During authentication, the device uses the private key associated with this certificate to respond to a proof of possession challenge from the service.

单个注册条目配合使用的页证书有一个要求:必须将“所有者名称” 设置为“单个注册”条目的注册 ID。Leaf certificates used with an Individual enrollment entry have a requirement that the Subject Name must be set to the registration ID of the Individual Enrollment entry. 注册组条目配合使用的页证书应该将“所有者名称” 设置为所需的设备 ID,该 ID 将显示在注册组中经身份验证的设备的“注册记录”中。 Leaf certificates used with an Enrollment group entry should have the Subject Name set to the desired device ID which will be shown in the Registration Records for the authenticated device in the enrollment group.

有关详细信息,请参阅对使用 X.509 CA 证书签名的设备进行身份验证To learn more, see Authenticating devices signed with X.509 CA certificates.

使用 X.509 证书控制设备对设置服务的访问权限Controlling device access to the provisioning service with X.509 certificates

设置服务公开两种类型的注册条目,可用于控制使用 X.509 证明机制的设备的访问权限:The provisioning service exposes two types of enrollment entry that you can use to control access for devices that use the X.509 attestation mechanism:

  • 单个注册条目使用与特定设备关联的设备证书进行配置。Individual enrollment entries are configured with the device certificate associated with a specific device. 这些条目控制特定设备的注册。These entries control enrollments for specific devices.
  • 注册组条目与特定的中间或根 CA 证书关联。Enrollment group entries are associated with a specific intermediate or root CA certificate. 这些条目控制其证书链中具有中间或根证书的所有设备的注册。These entries control enrollments for all devices that have that intermediate or root certificate in their certificate chain.

当设备连接到设置服务时,服务会优先应用更具体的注册条目,接着才应用不那么具体的注册条目。When a device connects to the provisioning service, the service prioritizes more specific enrollment entries over less specific enrollment entries. 也就是说,如果存在单个设备注册,设置服务会应用该条目。That is, if an individual enrollment for the device exists, the provisioning service applies that entry. 如果没有单个设备注册,而存在设备证书链中第一个中间证书的一个注册组,服务会应用该条目,并以此类推遍历到根证书。If there is no individual enrollment for the device and an enrollment group for the first intermediate certificate in the device's certificate chain exists, the service applies that entry, and so on, up the chain to the root. 服务会应用找到的第一个适用的条目:The service applies the first applicable entry that it finds, such that:

  • 如果找到的第一个注册条目已启用,服务会对设备进行设置。If the first enrollment entry found is enabled, the service provisions the device.
  • 如果找到的第一个注册条目为禁用状态,服务不会对设备进行设置。If the first enrollment entry found is disabled, the service does not provision the device.
  • 如果没有为设备证书链中的任何证书找到注册条目,服务不会对设备进行设置。If no enrollment entry is found for any of the certificates in the device's certificate chain, the service does not provision the device.

通过此机制和证书链的层次结构,在控制单个设备及一组设备的访问权限时可实现极大的控制上的灵活性。This mechanism and the hierarchical structure of certificate chains provides powerful flexibility in how you can control access for individual devices as well as for groups of devices. 例如,假设有五台设备具有以下证书链:For example, imagine five devices with the following certificate chains:

  • 设备 1:根证书 -> 证书 A -> 设备 1 证书Device 1: root certificate -> certificate A -> device 1 certificate
  • 设备 2:根证书 -> 证书 A -> 设备 2 证书Device 2: root certificate -> certificate A -> device 2 certificate
  • 设备 3:根证书 -> 证书 A -> 设备 3 证书Device 3: root certificate -> certificate A -> device 3 certificate
  • 设备 4:根证书 -> 证书 B -> 设备 4 证书Device 4: root certificate -> certificate B -> device 4 certificate
  • 设备 5:根证书 -> 证书 B -> 设备 5 证书Device 5: root certificate -> certificate B -> device 5 certificate

最开始,可为根证书创建单个启用的组注册条目,让五台设备均获得访问权限。Initially, you can create a single enabled group enrollment entry for the root certificate to enable access for all five devices. 如果之后证书 B 出现安全风险,可以为证书 B 创建一个禁用的注册组条目,以防止设备 4 和设备 5 进行注册 。If certificate B later becomes compromised, you can create a disabled enrollment group entry for certificate B to prevent Device 4 and Device 5 from enrolling. 如果之后设备 3 出现安全风险,可为其证书创建一个禁用的单个注册条目。If still later Device 3 becomes compromised, you can create a disabled individual enrollment entry for its certificate. 这会撤消设备 3 的访问权限,但仍允许设备 1 和设备 2 进行注册 。This revokes access for Device 3, but still allows Device 1 and Device 2 to enroll.