Hardening Credential Provisioning in the Supply Chain: A Multi-Layer PKI Architecture for Embedded Devices
Presenters
Abstract
Weak provisioning practices can compromise even the most hardened device platforms. This session presents a comprehensive supply-chain PKI provisioning architecture designed to remain secure even if individual network nodes or encryption layers are breached.
Drawing on two decades of hands-on deployment experience, we share practical strategies for secure device provisioning through the use of hardware security modules (HSMs), cryptographic tokens, layered encryption, and software safeguards.
We also highlight anti-cloning mechanisms that ensure device credentials cannot be duplicated or misused at any point in the manufacturing process—enabling resilient, end-to-end protection in dynamic and distributed ecosystems