On July 12, 2021, LoginID deployed the first FIDO Device Onboarding (FDO) Rendezvous Server. This service is intended for early developers to experiment with the recently released FDO Proposed Standard from the FIDO Alliance. FIDO Device Onboarding is a core component in LoginID’s mission to secure Internet experiences and protect privacy.
What is FDO, and why is it important?
It is projected that there will be more than 30 billion IoT devices in 2025. These Internet connected devices will provide a broad range of new experiences but weak security could make each a potential source of attacks. The Mirai Botnet, Stuxnet, Ukraine power grid and recent infrastructure attacks are small targeted examples compared to potential future attacks. Rogue actors or well funded state actors could easily launch much broader scale less focused attacks on critical infrastructure using IoT devices with weak security. The impact would be catastrophic. These devices should have been secured long ago and now FDO provides a standard approach to begin.
FIDO Device Onboarding (FDO) is a new generation secure IoT protocol, designed to solve two key components of IoT security: supply chain security and passwords. The FDO was developed by the FIDO Alliance based on the same guiding principles: convenience, security and privacy used for FIDO Authentication. See the FIDO Alliance whitepaper for more background or the FDO proposed standard.
Today, to set up an IoT device, the owner needs to either enter credentials in the factory, even if the device is weeks or months away from being on the shelves, or make users go through a tedious, insecure enrollment process. In these scenarios it is extremely hard to maintain security of the supply chain, as malicious devices may pretend to be real, genuine IoT devices. Additionally, issues with user experience leads to weak passwords, unchanged default passwords, and password reuse by both manufacturers and end users.
LoginID is seeking partners to build a secure IoT ecosystem around FDO. Please contact us to discuss how we can work together firstname.lastname@example.org.
As a starting point we are hosting FDO services for developers to experiment. We have more announcements in the next several months, so check back frequently.
How it works
The FIDO Alliance have published the FDO prospoed standard.
How to get started
The Example FDO Client SDK on GitHub can be used as a starting point for testing.
To access the FDO services add these rendezvous services to your device configuration:
Currently only demorv.loginid.io is available while we are testing our solution, but in future rv.loginid.io and fdo.cloud will point to a stable production server. We advise all participating manufacturers to include all of the RV endpoints to keep long term device compatibility.
Use the FDO APIs to submit a voucher or connect your onboarding service to our RV.
Please see the current version of the FDO specification for technical details including voucher encoding.
If you have questions, comments or suggestions please contact us email@example.com.