Resource-constrained and brownfield considerations

Low-end industrial microcontrollers and IoT sensors have low memory and other resource constraints. To determine a suitable cryptographic framework for managing device identity, we must consider the memory and compute capacities of the endpoint. Asymmetric cryptography algorithms usually consume significant compute capacity, memory size, and power resources, whereas certain symmetric cryptography-based techniques are able to offer the benefits of mutual authentication with a much lower compute and power cost.

Unlike IT systems, industrial devices and equipment are designed to last for decades. As such, IIoT deployments are primarily brownfield, where identity and access controls must factor in both new and legacy systems. Even in the case of newly manufactured IoT devices, considering their extended lifespan, it is difficult to future-proof security; since security controls considered robust today may not suffice a decade from now.