Take an IoT device such as a generic smart city parking meter. The internet-connected smart meter is similar to a domain name in several respects:<\/p>\n
- \n
- Both have owners and delegations.<\/li>\n
- Each can be transferred to a different owner.<\/li>\n
- Their delegation can change (e.g., pointing to a different cloud service provider is similar to pointing to a different IP address).<\/li>\n<\/ul>\n
As a domain registry, CIRA creates a public DNS zone file for .CA and we publish WHOIS information about each domain. As an IoT registry, we would track a given IoT device\u2019s eSIMID, public keys, cloud service provider, and mobile network operator (and their status), and then create a public DNS record of certificate fingerprints that can be used to authenticate individual IoT devices and their cloud service provider credentials based on the unique IoT device eSIMID \u2014 all while leveraging the internet based root of trust embedded in the DNS and DNSSEC.<\/p>\n
As a result, the CIRA IoT Registry allows the world\u2019s generic IoT devices to seamlessly and securely work between any manufacturer, owner, service provider and network operator.<\/p>\n
<\/strong><\/p>\n
![\"\"](\"https:\/\/stg.cira.ca\/uploads\/2019\/10\/iot-registry-explanation-graphics_191017-01_0.png\" "\\"\\"")
<\/p>\n<\/strong><\/p>\n
What\u2019s the problem?<\/strong><\/h2>\n
With the widespread deployment of 5G networks on the horizon, there will soon be an explosion of internet-connected devices in households and businesses around the world. Everything from doorbells to fridges to thermostats will ship with a SIM card and a high-quality internet connection. As more and more devices become internet-connected, the cybersecurity risks around them will grow. With this in mind, CIRA is working on an innovative framework to mitigate the risks these devices pose to users as well as the public internet.<\/p>\n
<\/p>\n
How does the Secure IoT Registry work?<\/strong><\/h2>\n
CIRA Lab\u2019s IoT Registry will establish trust between the mobile network operators , cloud service providers, IoT device manufacturers, and end-users. The IoT Registry\u2019s core function is to enable any IoT device to connect to any cloud service providers. In short, the IoT registry lets you connect anything to everything securely.<\/p>\n
![\"\"](\"https:\/\/stg.cira.ca\/uploads\/2019\/10\/cira-iot-registry_web-graphic_191017-011.png\" "\\"\\"")
<\/p>\nThe IoT Registry is similar to a domain registry. In the same way that a domain name\u2019s (www.cira.ca) ownership can be transferred, an IoT device ownership can be transferred, from user A to user B. Similarly, in the same way the domain delegation can be changed, pointing to from user A\u2019s website to user B\u2019s website, an IoT device can connect from one cloud service provider to another. To facilitate these changes, CIRA has developed a solution to deliver IoT credentials directly on the eSIM card securely. We are leveraging the public DNS and it\u2019s DNSSEC based cryptographically enabled chain of trust feature as a new root of trust simplifying the verification of certificates.<\/p>\n
<\/p>\n
You can check out our full demo here<\/a>.<\/strong><\/h2>\n
![\"\"](\"https:\/\/stg.cira.ca\/uploads\/2019\/10\/cira-IoT-registry-slide_0.PNG\" "\\"\\"")
<\/p>\n<\/h2>\n
What are the benefits of an IoT Registry?<\/strong><\/h2>\n
- \n
- Interoperability. <\/strong>Enabling generic IoT Devices to connect to generic Cloud Services using standard APIs. <\/strong>With an IoT Registry, any IoT device can be switched to any cloud provider easily and securely.<\/li>\n
- Streamlined operations.<\/strong> The Registry keeps track of cloud provider certificates and individual IoT device keys so that cloud providers and device manufacturers don\u2019t have to.<\/li>\n
- Proven security. <\/strong>Certificates are managed using cryptographically-enabled, road-worn DNSSEC enabled DNS infrastructure.<\/li>\n
- No \u201cman in the middle\u201d attacks.<\/strong> Our IoT Registry makes it impossible for attackers to create fake credentials. The credentials (public key pair) are created in a Hardware Security Module (HSM) and encrypted with the public key of the IoT device, keys are then destroyed, and the fingerprint of the IoT device keys can be validated in the public DNS using DNSSEC CERT records. The keys and configuration information are sent to the mobile network operator which, in turn, writes the IoT profile onto the eSIM IoT Security Applet, at which point the IoT device can decrypt the IoT profile. This ensures secure and trusted communication between the IoT registry and the device.<\/li>\n<\/ul>\n
<\/p>\n
<\/strong>Why is CIRA working on this?<\/strong><\/h2>\n
\n
<\/p>\n
\u201cThe incoming tsunami of IoT devices will fundamentally change the way we need to approach cybersecurity. Innovative technologies will require innovation in security, especially when so many IoT devices lack adequate security themselves. CIRA’s Secure IoT Registry demonstrates how a national registry can be used to establish trust and configure IoT devices of all types.”<\/p>\n
-Brian O\u2019Higgins, Security Expert<\/p>\n
\u201cThe CIRA IoT Registry allows the world\u2019s generic IoT devices to seamlessly and securely work between any manufacturer, owner, service provider and network operator.\u201d<\/p>\n
-Don Slaunwhite, CIRA IoT Registry Product Manager<\/p>\n<\/blockquote>\n
CIRA is a purpose-driven not-for-profit working hard to make the internet safe, stable and secure through our DNS infrastructure and cybersecurity products. As we look ahead to the next evolution of the internet \u2013 an internet where cloud computing, big data, and IoT devices are ubiquitous \u2013 we see a huge opportunity to leverage our 20 years of world-class registry operations and help solve the problem of securely provisioning IoT devices. Once it\u2019s up and running, we are confident that our Secure IoT Registry will help make the global internet more secure.<\/p>\n
<\/p>\n
Learn more:<\/strong><\/h2>\n
- \n
- CIRA: IoT Registry DEMO<\/a>.<\/li>\n
- CIRA: We just joined a brand new IoT accelerator to help solve a massive, industry-wide security problem<\/a>.<\/li>\n
- Ottawa Business Journal: Ottawa-based CIRA lands spot in first cohort of L-Spark\u2019s new secure IoT accelerator<\/a>.<\/li>\n
- <\/span>CIRA: An update from CIRA on IoT security<\/a><\/span><\/li>\n
- ISOC: DNSSEC Primer<\/a><\/li>\n<\/ul>\n
<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
CIRA recently joined L-SPARK Global\u2019s Secure IoT Accelerator program to help solve a massive, industry-wide problem: securing internet of things (IoT) devices. Over the coming year, CIRA Labs will be working with a cross-disciplinary team of experts, technologists and advisors to develop a cutting edge Secure IoT Registry \u2013 an innovative framework to securely provision […]<\/p>\n","protected":false},"author":11,"featured_media":1730,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"ngg_post_thumbnail":0,"slim_seo":{"title":"Secure IoT Registry - CIRA","description":"CIRA recently joined L-SPARK Global\u2019s Secure IoT Accelerator program to help solve a massive, industry-wide problem: securing internet of things (IoT) devices."}},"category":[664],"class_list":["post-41695","page","type-page","status-publish","has-post-thumbnail","hentry","cira_category-cybersecurity"],"acf":[],"publishpress_future_action":{"enabled":false,"date":"2026-06-10 21:01:21","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"translation_priority","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/stg.cira.ca\/en\/wp-json\/wp\/v2\/pages\/41695","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/stg.cira.ca\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/stg.cira.ca\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/stg.cira.ca\/en\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/stg.cira.ca\/en\/wp-json\/wp\/v2\/comments?post=41695"}],"version-history":[{"count":0,"href":"https:\/\/stg.cira.ca\/en\/wp-json\/wp\/v2\/pages\/41695\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/stg.cira.ca\/en\/wp-json\/wp\/v2\/media\/1730"}],"wp:attachment":[{"href":"https:\/\/stg.cira.ca\/en\/wp-json\/wp\/v2\/media?parent=41695"}],"wp:term":[{"taxonomy":"cira_category","embeddable":true,"href":"https:\/\/stg.cira.ca\/en\/wp-json\/cira\/v1\/category?post=41695"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- CIRA: We just joined a brand new IoT accelerator to help solve a massive, industry-wide security problem<\/a>.<\/li>\n
- Streamlined operations.<\/strong> The Registry keeps track of cloud provider certificates and individual IoT device keys so that cloud providers and device manufacturers don\u2019t have to.<\/li>\n
- Interoperability. <\/strong>Enabling generic IoT Devices to connect to generic Cloud Services using standard APIs. <\/strong>With an IoT Registry, any IoT device can be switched to any cloud provider easily and securely.<\/li>\n