The NervesHub team decided to implement client-side SSL for device authentication, which is the same strategy adopted by many IoT services like Amazon IoT and Azure IoT. Because of this, NervesHub can fit in with your current public key infrastructure for device to cloud communication.
Many developers are familiar with the public/private key encryption mechanism central to SSL, but this is traditionally implemented in order to allow a client (user) to verify that a server (website) is who it claims to be.
Client-side SSL is used as a replacement for systems such as username/password login to allow the server to verify the identity of the client. This method of authentication is more secure than typical authentication strategies, which store secrets on a server. With client-side SSL, the server only stores public keys, and the only way to impersonate a client is to gain possession of its private key. When machines (Nerves devices) are clients, private keys can be stored on the device via a one-time provisioning step, which provides a seamless experience for the firmware developers. In addition, it means that any potential attacker must individually compromise each actual device he/she wants to impersonate.
To take firmware security one step further, NervesHub requires that all firmware being pushed is signed with a private encryption key that belongs to the developer’s NervesHub organization. Both NervesHub and Nerves devices verify firmware signatures to protect against malicious or accidental upgrades to unauthorized firmware. Companies even can implement firmware-signing rooms where the private signing keys are not accessible on any network. Similar to NervesHub’s client-side SSL implementation, the public key information is the only information shared with the server.
When Justin joined the Nerves team, he wanted the project to be extensible — and NervesHub is no exception. Every application will have its own backend and its own specific needs that can’t be handled by NervesHub. That’s why the team provides an API that allows you to leverage NervesHub for firmware management from within your current infrastructure. NervesHub is fully open-source and uses all Elixir technologies, including Phoenix.
“Because NervesHub is extensible, you can communicate with NervesHub to update your firmware and generate certificates and identities no matter what your backend is written in,” Justin says.
In addition, there are plans to allow users to leverage NervesHub’s client-side SSL system for device verification via the API. This will allow any backend to verify the identity of a device by simply querying NervesHub with the certificate provided by the device upon connection.
Frank, Justin, and the rest of the Nerves team have benefited greatly from open source software, which led them to make NervesHub an open source project. Not only can users sign up for an account on the hosted NervesHub application, but they can also clone or fork the open source repository and host NervesHub on their own infrastructure. This is a critical feature for users that need to keep their firmware delivery services on private servers.
The Future of Nerves
With the launch of NervesHub behind them, Frank and Justin have a laundry list of improvements they want to make. And they’re not getting too far ahead of themselves.
“I like to listen to the community and see what they’re excited about,” Frank says. “That will probably drive the next big thing for Nerves.”