Secure and Scalable Provisioning for Embedded Systems: A Comparative Study of Techniques, Trust Models, and Future Trends

Abstract

Provisioning is a foundational step in embedded system deployment, enabling secure, authenticated, and efficient onboarding of devices into trusted networks. This paper surveys prevalent provisioning techniques tailored to embedded environments, categorizing them by mechanism—manual, QR-code-based, out-of-band, and zero-touch. It examines associated cryptographic algorithms, including ECDH, PSK, and certificate-based schemes, and introduces a scalable trust-chaining model for delegated provisioning. A comparative analysis is presented based on security, scalability, user effort, and hardware dependency. The paper concludes with key challenges and future directions such as post-quantum resilience, blockchain-based trust revocation, and standardized onboarding frameworks like FDO and IETF SUIT.