産業・社会向けソリューションをさせるIoTと機械学習シンポジウム Rubicon Labs, Inc. Vice President Mr. Rod Schultz

1. Secure IoT Identity and Data Protection

2. Rubicon Labs Inc.のご紹介
rubiconlabs.io
アメリカシリコンバレー(サンフランシスコ）のサイバーセキュリティの
ソリューションを提供するスタートアップ起業
ＩOＴのセキュリティーの強化のためのソリューションを提供
－ 2020年には200億個以上のデバイスがＩＯＴで接続。
ガ－トナー社の予測：6.4 B IoT devices worldwide in 2016,(20.8 B, 2020).
－ 製品からサービスへ価値モデルのシフト
－ スケーラビリティへの対応が必要（既存の公開鍵でのセキュリティー対応は困難）
Rubicon Labsからよりユニークなセキュリティー技術、高速、ローコストのソリューションの提供
－ 対称暗号（ symmetric cryptography : AES)
－ Zero-Knowledge Keys (シンプル、高速）
－ Cloud Identity service (iDaaS)モデルの提供
－ ローパワーのＩＯＴデバイスへも対応可能
ー エコシステムの構築 Rubicon IoT ecosystem：Cloud, Gateway, System & Devices,
MCU
強力な組織、人的資源でサポート
－ 暗号技術の技術集団 ( Dr. Whitfield Diffie as technical advisor)
－ アメリカＩＴ起業でのマネージメント経験者 （Apple ,Broadcom, etc)
－ 有力ＶＣ、パートナーからのファンド
Third Point Ventures, Pelion Venture Partners, Akamai Technologies, Inc.
Takashi.murayama@rubiconlabs.iowww.rubiconlabs.io

3. Who is Rubicon?
• A venture backed cybersecurity startup based in
San Francisco, CA
• Institutional investment
• ThirdPoint Ventures
• Pelion Ventures
• Strategic investment from Akamai
• Focused on cryptographic key management for
IoT

4. What is Rubicon’s
technology?
• A cloud platform that provides identity to low
powered and resource constrained IoT devices
• These devices are the building blocks for IoT, do
not support HTTPS, and are unable to do
traditional PKI key exchanges (RSA and ECC
algorithms) based upon power, memory, and
speed constraints
• Once established, Rubicon identities are
leveraged to define business models for IoT,
secure/encrypt data, and drive the transition of
revenue from Capex to Opex revenue generation

5. Presentation Overview
• What drives the value of IoT?
• The building blocks of IoT
• Types of cryptographic keys to protect IoT
• An introduction to Rubicon IoT security
• Rubicon’s competitive advantage
• A Rubicon key exchange (session key
establishment)
• How Rubicon integrates into IoT products
• Questions

6. Where is the value in IoT?
How can it impact so many
industries?
An incredible transition is
happening

7. Agriculture Construction
Smart Cities Energy
Medical Automotive

8. Data is the new Oil
Data is replacing oil as the
most sought after
resource on the planet

9. The Predicted Explosion of Data
Mostly unstructured data

10. –Hal Varian, Chief Economist at Google
“Between the dawn of civilization and
2003, we only created 5 exabytes of
data;
now we creat that amount every two
days.
By 2020, that figure is predicted to sit at
53 zettabytes (53 trillion gigabytes) every
two days”

11. Similar to oil, data is
worthless without
proper processing

12. PackageRefineExtract
Oil Processing
IoT Data Processing
Predictive Maintenance
Automation
Real Time Analytics
Cognitive IoT
Fraud Detection
Remote Health Monitoring

13. Protection is critical
How do you protect
something so
valuable?

14. Estimate for United States Middle East Oil Security Co
*United States cost of military force projection in the Persian Gulf, 1976–2007 Roger J. Stern
$7.3 Trillion over previous three decades*

15. In the digital world we
protect with
cryptography
Cryptography comes
with challenges and
costs

16. Challenges
• Speed of algorithms
• Power / energy consumption of algorithms
• Memory usage of algorithms
• Key distribution
• Key protection on the device and in the
cloud

17. Cryptography
protection must be
adapted to match the
IoT targets

18. The building blocks of IoT
are low powered and
resource constrained
MCUs

19. The low powered MCU is
the equivalent of the oil
well
Pump Microcontroller
(MCU)

20. ARM Cortex-M series

21. 4
3
4
4 4
4
2
1
2 2 2
. Billion
1. Billion
2. Billion
3. Billion
4. Billion
5. Billion
Q1 2015 Q2 2015 Q3 2015 Q4 2015 Q1 2016 Q2 2
Total ARM Processors Cortex-M Processors
ARM Quarterly Processor
Shipments

22. We must build a
protection platform for
our target devices

23. 1. What type of cryptographic key
Symmetric Keys vs. Asymmetric keys
2. Zero Knowledge Key
- Devices can use it.
- Devices cannot know its value.
3. Identity that comes from uniqueness
to be provable
- Proved at scale at IOT
Protection Platform

24. Symmetric Keys
• Keys are simple to generate
• Two parties must share a
secret to communicate
• Challenges with key
provisioning
• Incredibly fast algorithms
• Power efficient algorithms
rubiconlabs.io

25. Asymmetric Keys
• Keys are expensive to generate
(mathematical cost)
• Public key is shared
• Private key is kept secret
• Used to solve the key
provisioning problem
• Very slow and large algorithms
rubiconlabs.io

26. VS
rubiconlabs.io
+

27. The web was built on
top of asymmetric
cryptography
Asymmetric crypto is good
for server to PC
authentication
(one-way authentication)
rubiconlabs.io

28. IoT is forcing us to
rethink how to do
cryptography for
MCUs
rubiconlabs.io

29. Rubicon is a symmetric
key based identity and
security platform for
IoT

30. Zero-knowledge Key
by Rubicon
rubiconlabs.io

31. A key the device can
use
But never knows the
actual value of
rubiconlabs.io

32. “Identity” proved at
scale at IOT
By Rubicon
rubiconlabs.io

34. How do you prove it
at scale?
rubiconlabs.io

35. Rubicon provides an
authentication
service
rubiconlabs.io

36. Cloud Mirroring

37. Mirroring
rubiconlabs.io
(Distributed Device Services )

38. Device 2Device 1
Secure
Communication
rubiconlabs.io

39. Security Challenges
rubiconlabs.io

41. How do we do it?
rubiconlabs.io

42. Zero-knowledge Key:
CPU never knows the
value
rubiconlabs.io

43. Static KeySet at
manufacturing
(or some
other trust
point)
rubiconlabs.io
Dynamic Key
Set by
Rubicon cloud
service

44. Secure
Execution
Environment
rubiconlabs.io

45. Two doorways into secure environment:
1.Through the keyed one way hash
2.Through the AES interface (encrypt/decrypt)
Keyed one way
hashing
Symmetric
encryption
rubiconlabs.io

46. Identity
Differentiation

47. VS
rubiconlabs.io
+

48. What’s interesting is
that simpler is
stronger

49. NIST Recommended Key
Sizes

50. vs
Asymmetric Cryptography
RSA ECC
NIST key size 128 bits 3072 bits 256 bits
Signing Fastest 4176 x slower 125 x slower
Validation Fastest 53 x slower 437 x slower
rubiconlabs.io

51. vs
Asymmetric Cryptography Power Usage

52. When generating billions of
keys, key generation time
matters

53. Rubicon vs Asymmetric Flash
Comparison
Rubicon
Protocol
TLS Protocol
SHA256SHA256
HMACHMAC
AESAES
* draft-ietf-lwig-tls-minimal **Rubicon easily scales to ARM Cortex M0+ and M3
**

54. Key Exchange

55. Random number
is generated by
device and hashed
(using blue
devices ZKK) to
generate a
session key
Same random
number is sent to
the cloud and the
exact same
operation is
performed to
generate the
same session key
Random number is generated
by cloud and hashed (using
orange devices ZKK) to
generate a key encryption key
The cloud encrypts
the gold key with
the blue key
(creating gold key in
blue box below)
Second random number and encrypted
gold key in blue box are sent to the
orange device
Random is hashed by orange device (using
ZKK), resulting in the blue key being
derived
Blue key is used to decrypt the gold key
(resulting in gold key being derived at both
devices)

56. Differentiation with identity from
symmetric cryptography
• Symmetric keys are simpler to provision and revoke
• Easier to protect while being used
(most common attack point)
• Stronger (bit for bit)
• Faster
• Lower power usage
• Lower cost / key to generate and manage
• Requires less memory
(scales for resource constrained IoT)
rubiconlabs.io

57. Rubicon Integration

58. Rubicon Integration

59. TLS
Rubicon Secured Tunnel
Customer IoT
Cloud
Rubicon Cloud
Device Identity
and Rights
Management
Rubicon
Topology

60. What do you get?
• Software security agent for target
(vendor specific MCU + RTOS + toolchain)
• Security abstraction layer API to utilize
Rubicon ZKK in the device and cloud
• Cloud portal for key management
(revoke keys, black list keys…)
• Cloud interface to the Rubicon cloud to decrypt
data and pass it back to the IoT cloud

61. IoT opportunities are
real
IoT threats are real

62. No Device Identity = No
Control

63. Rubicon is designed to
protect IoT data and
enforce business
models

64. Excited to learn more
about your IoT use
cases
Ready for proof of
concept projects

65. Rubicon Labs
Secure Identity for
Everything
Questions

66. Reserve Slides

67. Rubicon Labs Inc.のご紹介
rubiconlabs.io
アメリカシリコンバレー(サンフランシスコ）のサイバーセキュリティの
ソリューションを提供するスタートアップ起業
ＩOＴのセキュリティーの強化のためのソリューションを提供
－ 2020年には200億個以上のデバイスがＩＯＴで接続。
ガ－トナー社の予測：6.4 B IoT devices worldwide in 2016,(20.8 B, 2020).
－ 製品からサービスへ価値モデルのシフト
－ スケーラビリティへの対応が必要（既存の公開鍵でのセキュリティー対応は困難）
Rubicon Labsからよりユニークなセキュリティー技術、高速、ローコストのソリューションの提供
－ 対称暗号（ symmetric cryptography : AES)
－ Zero-Knowledge Keys (シンプル、高速）
－ Cloud Identity service (iDaaS)モデルの提供
－ ローパワーのＩＯＴデバイスへも対応可能
ー エコシステムの構築 Rubicon IoT ecosystem：Cloud, Gateway, System & Devices, MCU
強力な組織、人的資源でサポート
－ 暗号技術の技術集団 ( Dr. Whitfield Diffie as technical advisor)
－ アメリカＩＴ起業でのマネージメント経験者 （Apple ,Broadcom, etc)
－ 有力ＶＣ、パートナーからのファンド
Third Point Ventures, Pelion Venture Partners, Akamai Technologies, Inc.
Takashi.murayama@rubiconlabs.iowww.rubiconlabs.io

68. team
Rod, VP Product
Gary
VP Engineering
Richard
CEO
Wil
Co-Founder, CSO
Whit Diffie
Inventor, Public
Key Cryptography
(Advisor)
Stephen Ludin
Chief Architect,
Akamai
(Advisor)
Dave
Co-Founder,
COO
rubiconlabs.io