Internet of Things (IoT) devices are typically single-purpose, smart objects that are connected to each other, to other components on a local network, or to a cloud via a network to provide functional capabilities. As with any device, to connect to a network securely, an IoT device needs appropriate credentials. A typical commercially available, mass-produced IoT device cannot be pre-provisioned with local network credentials by the manufacturer at manufacturing time. Instead, these local network credentials have to be provisioned to the device at deployment. We refer to the steps that are performed to provision a device with its local network credentials as network-layer onboarding (or simply onboarding).
The wide variety of IoT devices differ regarding power, memory, computation, and other resource characteristics. Another key difference among these devices is in how they are onboarded. Ideally, the onboarding process should be trusted, efficient, and flexible enough to meet the needs of various use cases. Because IoT devices typically lack screens and keyboards, trying to provision their credentials can be cumbersome. For consumers, trusted onboarding should be easy; for enterprises, it should enable large numbers of devices to be quickly provisioned with unique credentials. Security attributes of the onboarding process assure that the network is not put at risk as new IoT devices are added to it.
This paper proposes a taxonomy for IoT device onboarding that can be used to clearly express the capabilities of any particular onboarding solution. By providing a common language that describes and clarifies various onboarding characteristics, this taxonomy assists with discussion, characterization, and development of onboarding solutions that can be adopted broadly. To provide context for the proposed onboarding taxonomy and to try to ensure its comprehensiveness, this paper also describes a generic onboarding process, defines onboarding functional roles, discusses onboarding-related aspects of IoT lifecycle management, presents onboarding use cases, and proposes recommended security capabilities for onboarding.