Reference architecture for secure cloud based remote automation Zero-knowledge initial enrolment of resource-constrained IoT with symbiotic security

In the first of a series of articles, we introduce the term "Symbiotic Security" to denote an ideal architecture where all essential components (e.g. hardware, software or networks) contribute to raising the architectural security bar. The growing importance of cloud computing for secure and resilient automation and its intended independence from hardware to accommodate all platforms have led us to observe a disconnect between well-known cloud service providers and manufacturers of embedded devices or IoT the unsolved problem of initial enrolment. After elaborating on the root cause of this gulf we present a non-invasive extension and implementation of a cloud IoT reference architecture for an automated, mutually authenticated and encrypted roll-out of IoT nodes. To also enable automated key management without human intervention, the system refrains from using any static secrets usually employed by the hardware vendors - a longstanding point of criticism. Despite our practical choice of a target platform, the idea itself is uniform across such environments given their inherent similarities.