Introducing Scurid Edge Agent

We are extremely excited about our upcoming closed beta release and the opportunity to work closely with interested early adopters for direct feedback. Scurid is focused on developing and delivering an easy to use digital identity, application of which we have tried to cover in some of our previous blogs and will continue to do so in upcoming ones for Internet of Things (IoT) / Industrial Internet of Things (IIoT) devices and software.

What is Scurid Edge Agent?

It’s an agent written purely in Golang, designed to run as a service on small microprocessor-based devices such as RaspberryPi. It exposes identity-related features via simple APIs, alleviating the need for top-down, that is centralized delivery of identities for the devices.

Overview

The idea behind the Scurid stack is simple — save time, effort, and the resources for the developers to get started with distributed digital identity, a verifiable credential, ready to go in few seconds at distributed scale. Letting developers & organizations focus on business logic to help speed up their mission towards digitization without compromising on strong identity, its security and data trust worthiness. And while doing so still maintain control over the identity and the data related to it.

It’s designed to be either pre-installed by the hardware manufacturers, or the organization installs the agent during onboarding of their IoT/IIoT devices along with their own IoT software to interact with the Scurid edge agent in real-time locally on the device. This means a developer can generate verifiable credentials without any external dependencies. Which is a great boost for a secure practice of regularly rotating a device’s identity, as they often should be as a good security practice, in the field at distributed scale.

Device identities generated by the Scurid Edge Agent has the following properties :

• User's or customer's device own & control the identity - always

• On the Hardware (also referred as Child identities) :

  • Generated identity is globally unique and bound to the hardware backed by private key
  • A unique encrypted wallet Same hardware can present multiple identities (for ZeroTrust principles for businesses like HaaS )
  • No developer/admin involved to manually copy/past secret data - reduced human induced security leaks
  • Scurid Agent on the device is configured to talk to only YOUR Scurid Server
  • Once the hardware is onboarded with YOUR Scurid Server, each device receives an additional Issuer signature
  • TLS Communication between Scurid Edge Agent <> Scurid Server (no admin/developer effort needed)

• Attack vectors addressed today:

  • Compromised Credentials
  • Weak Credentials
  • Insider threats
  • Phishing
  • Missing or poor encryption

• Always evolving identity and security

Core features of Scurid Edge Agent

1. Unlimited identity generation on the device (without any external dependency)
2. Fully managed encrypted wallet system holding private keys for the identities on the IoT device
3. Simple gRPC APIs to help developers interact with the Scurid Edge Agent in several programming languages
4. Devices can sign each data packet with their own identity for a unique "fingerprint"
5. Supports multiple OS and hardware platforms

Value

The capability to generate verifiable credentials at distributed scale brings a lot of core and added value for the businesses dealing with IoT devices, its data for data analytics, etc. to list a few :

1. Freedom from managing usernames/passwords, static API keys
2. Elevating device identity security with a limited budget
3. Reduction in effort, cost & time in maintaining centralized Public key infrastructure for your distributed devices
4. Relationship-based identities — generate identities needed for certain tasks/interaction with a 3rd party system and then revoke them to prevent overuse or identity leak
5. With the high degree of data integrity, consumers of IoT data from the devices can now easily track and verify data coming from specific devices
6. Aid organizations to move towards safer adoption of autonomous systems
7. Providing building blocks for Hardware as a Service, with digital identities that be generated on the fly for interaction with different internal and external systems
8. A strong move towards data governance — with data ownership & self-sovereign identity
9. Simplify auditing, prevent intentional/unintentional data manipulation
10. Trustworthy & verifiable data for data analytics