SlideShare a Scribd company logo

20141116_Roots of Trust IIC_Nist Version

Download as PPTX, PDF
Michael Mossbarger
Michael Mossbarger
1 of 20
Roots of Trust in CPS/IIoT
Why are we all here? Social Capital (value of economic, social networks) Metcalfe’s Law (value of telecom, internet) StructuralValue is N2 Relational *assumes each node is of equal benefit Cognitive *assumes each potential connection actually connects Internet (connectivity) CPS/IIoT (trust, cooperation) Semantic Web (context)
Trustees: Transaction Support Trustor B Problem of Trust: Party A and B have too little reliability in a transaction and a high level of risk. Solution: Party C acts according to a trust agreement that spells out the rules both want followed Trustee C (Root of Trust) Trustor A Low Trust Identity lifecycle (authentication, reset, etc.)
Trust Transacting on the Road Trustor B Trustee C (Root of Trust) Trustor A Low Trust Identity lifecycle and transaction support (rules, records, etc.)
Industrial AgeTrustee C (Root of Trust) Trustor A Low Trust Way Back Industrial Age Size & Strength: Banks, Insurance, Nation States, etc. Currency Event Compensation Identity
Information AgeTrustee C (Root of Trust) Trustor A Low Trust Way Back Industrial Age Cryptosystems: PKI, Symmetric, PGP Currency Event Compensation Identity SSL/HTTPS ConsumerEnterprise Information Age
A Different Kind of Strength Strength of a cipher can be measured in terms of information entropy which has a unit of measure of bits. Bob Laptop 2112 2128 280
Still Not Connected
Case Study: SDN IETF ACTN Control of networks will reside with the admin of a particular network. If abstracted networks are to be formed from various trust domains, then sharing of this control must be coordinated somehow between these controllers to enable holistic control of all network resources.
Statistics and Permutations f(s) Permutations
The Trustee, Trustee? Trustor B Quality Focused Trustee C (Root of Trust) Trustor A Cost Focused Low Trust ?
Case Study: Zigbee Pro/SE
76,000,000 JP Morgan Target 110,000,000 Home Depot 56,000,000 Who can we trust?
Trustees: A New Model Characteristics (Oxford): Reliability, Strength, Ability, Truthfulness New Trustee: Computerized (Bitcoin, ENT) Reliability: Distribution, up-time Strength: Quantifiable, easily upgraded Ability: Efficient, easier implementation Truthfulness: Unbiased Easily Measured Classic Trustee: Institutional (PKI) Reliability: Age, resources, geography Strength: Processes, physical security Ability: Widely accepted, cost, training Truthfulness: Reputation, motivations Not Easily Measured
Case Study: Bitcoin and Currency Vendor Trustee User-owned Trustee Problem: Fear of currency manipulation Solution: No manipulation possible vs. $4.8B in BTC in circulation (coindesk.com)
Bitcoin: Fatally Flawed TRANSACTIONS 155,000/day UNIQUE ADDRESSES 147,000 TRANSACTION TIME 15 min PROCESSING 1.1 Exahashes/sec STORAGE 16 GB EXISTENTIAL RISK >50% power BRITTLE Loss permanent PRIVACY Public only ANARCHIC No private control EXPENSIVE Requires currency
Trust in the Zeitgeist • 76 million accounts breached in 2014 • Breach was discovered by luck • $1.1 billion set aside for legal costs Case Study: Chase doubles cyber security spend to $250M/yr (wsj.com) Case Study: GM hires first ever cyber security chief (fortune.com) • GM announces autonomous vehicles by 2017 • "We have to look at [car technology] on a critical systems level. We see [security] as a competitive advantage.“ (M. Reuss, VP Global Prod Dev) • 69% of US executive are worried that cyber threats will impact growth and 59% are more worried this year than last. (PwC 17th annual global CEO survey) • 17.8% more publicly traded firms listed cyber security as a major business risk in SEC filings in 2014 following a 46.5% increase in 2013. (wsj.com)
Business Justification Target (2013) Average cost: $78/customer $214/credit card Aite Group, 2014, Ponemon Institute, 2013 General Motors (imagining 2016) Average cost: $1.41 million/fatality $78,900/injury $8,900/propery damage National Safety Counsel (nsc.org), 2014 Liability • Paying cloud hosting costs to sell dishwasher data, forever, is not viable • Sensors are getting cheaper and more widely available… raw data value is dropping • Data as a product for non-IT companies is not sustainable without value added activities like analytics or aggregation • Storage and processing power as commodities • Ultra-low margin services (computing costs are born by the customer) IBM VP, Paul Brody Costs & New Business Models New Markets • Process companies (eg. Walmart) threatened by lack of privacy & security • Traditional infrastructure has inherent distrust of digital IT systems (eg. Energy) Parker Hannifin Chief IoT Strategist, Scott Darnell
History Lessons • Ebay refusing to use service puts “final nail” in the Passport coffin” (zdnet.com) • “…never happened, primarily because of fears that Microsoft would end up controlling the Internet, in addition to our desktops.” (pcmag.com) Proprietary: Microsoft Passport (2000) • “…no uniform user experience… confuses the majority of people…” (webmonkey.com) • “…complex solution to a problem most consumers don’t really have....” (Microsoft blogger) Wrong Market: OpenID (2005)
1.844.VERINYM | inquire@ent.net | www.ent.net Q & A

Recommended

Private Credit Solutions - December 2016
Private Credit Solutions - December 2016Private Credit Solutions - December 2016
Private Credit Solutions - December 2016Jean Langan-Viotto
 
Negotiation Strategies: Using Game Theory and Decision Tree Analysis to Deter...
Negotiation Strategies: Using Game Theory and Decision Tree Analysis to Deter...Negotiation Strategies: Using Game Theory and Decision Tree Analysis to Deter...
Negotiation Strategies: Using Game Theory and Decision Tree Analysis to Deter...brucelb
 
Tokenomics
TokenomicsTokenomics
TokenomicsDr. Stylianos Kampakis
 
Indjic Fintech Module 7
Indjic Fintech Module 7Indjic Fintech Module 7
Indjic Fintech Module 7Drago Indjic
 
Richardson Oliver - Counter Assertion Value Model - 20150611LI
Richardson Oliver - Counter Assertion Value Model - 20150611LIRichardson Oliver - Counter Assertion Value Model - 20150611LI
Richardson Oliver - Counter Assertion Value Model - 20150611LIKent Richardson
 
4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon BradyStarttech Ventures
 
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Erik Janssens -...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Erik Janssens -...Fintech Belgium - MeetUp on The Right Tech for your FinTech - Erik Janssens -...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Erik Janssens -...FinTech Belgium
 
Tokenomics Overview
Tokenomics OverviewTokenomics Overview
Tokenomics OverviewReyan Lamrani
 

Recommended

Private Credit Solutions - December 2016
Private Credit Solutions - December 2016Private Credit Solutions - December 2016
Private Credit Solutions - December 2016Jean Langan-Viotto
 
Negotiation Strategies: Using Game Theory and Decision Tree Analysis to Deter...
Negotiation Strategies: Using Game Theory and Decision Tree Analysis to Deter...Negotiation Strategies: Using Game Theory and Decision Tree Analysis to Deter...
Negotiation Strategies: Using Game Theory and Decision Tree Analysis to Deter...brucelb
 
Tokenomics
TokenomicsTokenomics
TokenomicsDr. Stylianos Kampakis
 
Indjic Fintech Module 7
Indjic Fintech Module 7Indjic Fintech Module 7
Indjic Fintech Module 7Drago Indjic
 
Richardson Oliver - Counter Assertion Value Model - 20150611LI
Richardson Oliver - Counter Assertion Value Model - 20150611LIRichardson Oliver - Counter Assertion Value Model - 20150611LI
Richardson Oliver - Counter Assertion Value Model - 20150611LIKent Richardson
 
4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon Brady4th Digital Finance Forum, Simon Brady
4th Digital Finance Forum, Simon BradyStarttech Ventures
 
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Erik Janssens -...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Erik Janssens -...Fintech Belgium - MeetUp on The Right Tech for your FinTech - Erik Janssens -...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Erik Janssens -...FinTech Belgium
 
Tokenomics Overview
Tokenomics OverviewTokenomics Overview
Tokenomics OverviewReyan Lamrani
 
Securing IoT devices
Securing IoT devicesSecuring IoT devices
Securing IoT devicesCharef Hamdi
 
Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)Gerardo Pardo-Castellote
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityGlobalSign
 
Is your distributed system secure?
Is your distributed system secure?Is your distributed system secure?
Is your distributed system secure?Lacey Trebaol
 
IoTcloud-cybersecurity-securityofthings
IoTcloud-cybersecurity-securityofthingsIoTcloud-cybersecurity-securityofthings
IoTcloud-cybersecurity-securityofthingsEd Pimentel
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesCharalampos Doukas
 
A History of IIoT Cyber-Attacks
A History of IIoT Cyber-Attacks A History of IIoT Cyber-Attacks
A History of IIoT Cyber-Attacks GlobalSign
 
PEM1: Device Authentication in IIOT ( Predix Transform 2016)
PEM1: Device Authentication in IIOT ( Predix Transform 2016)PEM1: Device Authentication in IIOT ( Predix Transform 2016)
PEM1: Device Authentication in IIOT ( Predix Transform 2016)Predix
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing GlobalSign
 
Keynote Session : Internet Of Things (IOT) Security Taskforce
Keynote Session : Internet Of Things (IOT) Security TaskforceKeynote Session : Internet Of Things (IOT) Security Taskforce
Keynote Session : Internet Of Things (IOT) Security TaskforcePriyanka Aash
 
Key Technologies for IoT
Key Technologies for IoTKey Technologies for IoT
Key Technologies for IoTBjörn Ekelund
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsLiwei Ren任力偉
 
Nginx
NginxNginx
NginxCharef Hamdi
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
100 Questions To Ask About Your DIGITAL BUSINESS
100 Questions To Ask About Your DIGITAL BUSINESS100 Questions To Ask About Your DIGITAL BUSINESS
100 Questions To Ask About Your DIGITAL BUSINESSCognizant
 
Introduction to IOT & Smart City
Introduction to IOT & Smart CityIntroduction to IOT & Smart City
Introduction to IOT & Smart CityDr. Mazlan Abbas
 
The State of the Cloud Report 2017
The State of the Cloud Report 2017 The State of the Cloud Report 2017
The State of the Cloud Report 2017 Anna Khan
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with DataSeth Familian
 
Globalization and VPEC-T
Globalization and VPEC-TGlobalization and VPEC-T
Globalization and VPEC-TRichard Veryard
 
Trust in the age of blockchain
Trust in the age of blockchainTrust in the age of blockchain
Trust in the age of blockchainMicheleNati
 

More Related Content

Viewers also liked

Securing IoT devices
Securing IoT devicesSecuring IoT devices
Securing IoT devicesCharef Hamdi
 
Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)Gerardo Pardo-Castellote
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityGlobalSign
 
Is your distributed system secure?
Is your distributed system secure?Is your distributed system secure?
Is your distributed system secure?Lacey Trebaol
 
IoTcloud-cybersecurity-securityofthings
IoTcloud-cybersecurity-securityofthingsIoTcloud-cybersecurity-securityofthings
IoTcloud-cybersecurity-securityofthingsEd Pimentel
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesCharalampos Doukas
 
A History of IIoT Cyber-Attacks
A History of IIoT Cyber-Attacks A History of IIoT Cyber-Attacks
A History of IIoT Cyber-Attacks GlobalSign
 
PEM1: Device Authentication in IIOT ( Predix Transform 2016)
PEM1: Device Authentication in IIOT ( Predix Transform 2016)PEM1: Device Authentication in IIOT ( Predix Transform 2016)
PEM1: Device Authentication in IIOT ( Predix Transform 2016)Predix
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing GlobalSign
 
Keynote Session : Internet Of Things (IOT) Security Taskforce
Keynote Session : Internet Of Things (IOT) Security TaskforceKeynote Session : Internet Of Things (IOT) Security Taskforce
Keynote Session : Internet Of Things (IOT) Security TaskforcePriyanka Aash
 
Key Technologies for IoT
Key Technologies for IoTKey Technologies for IoT
Key Technologies for IoTBjörn Ekelund
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsLiwei Ren任力偉
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
100 Questions To Ask About Your DIGITAL BUSINESS
100 Questions To Ask About Your DIGITAL BUSINESS100 Questions To Ask About Your DIGITAL BUSINESS
100 Questions To Ask About Your DIGITAL BUSINESSCognizant
 
Introduction to IOT & Smart City
Introduction to IOT & Smart CityIntroduction to IOT & Smart City
Introduction to IOT & Smart CityDr. Mazlan Abbas
 
The State of the Cloud Report 2017
The State of the Cloud Report 2017 The State of the Cloud Report 2017
The State of the Cloud Report 2017 Anna Khan
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with DataSeth Familian
 

Viewers also liked (20)

Securing IoT devices
Securing IoT devicesSecuring IoT devices
Securing IoT devices
 
Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
 
Is your distributed system secure?
Is your distributed system secure?Is your distributed system secure?
Is your distributed system secure?
 
IoTcloud-cybersecurity-securityofthings
IoTcloud-cybersecurity-securityofthingsIoTcloud-cybersecurity-securityofthings
IoTcloud-cybersecurity-securityofthings
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health Devices
 
A History of IIoT Cyber-Attacks
A History of IIoT Cyber-Attacks A History of IIoT Cyber-Attacks
A History of IIoT Cyber-Attacks
 
PEM1: Device Authentication in IIOT ( Predix Transform 2016)
PEM1: Device Authentication in IIOT ( Predix Transform 2016)PEM1: Device Authentication in IIOT ( Predix Transform 2016)
PEM1: Device Authentication in IIOT ( Predix Transform 2016)
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing
 
Keynote Session : Internet Of Things (IOT) Security Taskforce
Keynote Session : Internet Of Things (IOT) Security TaskforceKeynote Session : Internet Of Things (IOT) Security Taskforce
Keynote Session : Internet Of Things (IOT) Security Taskforce
 
Key Technologies for IoT
Key Technologies for IoTKey Technologies for IoT
Key Technologies for IoT
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
 
Nginx
NginxNginx
Nginx
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
100 Questions To Ask About Your DIGITAL BUSINESS
100 Questions To Ask About Your DIGITAL BUSINESS100 Questions To Ask About Your DIGITAL BUSINESS
100 Questions To Ask About Your DIGITAL BUSINESS
 
Introduction to IOT & Smart City
Introduction to IOT & Smart CityIntroduction to IOT & Smart City
Introduction to IOT & Smart City
 
The State of the Cloud Report 2017
The State of the Cloud Report 2017 The State of the Cloud Report 2017
The State of the Cloud Report 2017
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with Data
 

Similar to 20141116_Roots of Trust IIC_Nist Version

Globalization and VPEC-T
Globalization and VPEC-TGlobalization and VPEC-T
Globalization and VPEC-TRichard Veryard
 
Trust in the age of blockchain
Trust in the age of blockchainTrust in the age of blockchain
Trust in the age of blockchainMicheleNati
 
How Web Vendors Create Trust
How Web Vendors Create TrustHow Web Vendors Create Trust
How Web Vendors Create Trustyuan_w1988
 
Cards and Payments Asia - Apr. 2016
Cards and Payments Asia - Apr. 2016Cards and Payments Asia - Apr. 2016
Cards and Payments Asia - Apr. 2016Wing Yuen Loon
 
Relying on Data for Strategic Decision-Making--Financial Services Experience
Relying on Data for Strategic Decision-Making--Financial Services ExperienceRelying on Data for Strategic Decision-Making--Financial Services Experience
Relying on Data for Strategic Decision-Making--Financial Services ExperienceCloudera, Inc.
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonnORagh
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
I Call Presentation
I Call PresentationI Call Presentation
I Call Presentationdnewcomer
 
I Call Presentation
I Call PresentationI Call Presentation
I Call Presentationdnewcomer
 
Payment Gateway by iPay88
Payment Gateway by iPay88Payment Gateway by iPay88
Payment Gateway by iPay88sitecmy
 
Privacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationPrivacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationUlf Mattsson
 
Innovation Around Data and AI for Fraud Detection
Innovation Around Data and AI for Fraud DetectionInnovation Around Data and AI for Fraud Detection
Innovation Around Data and AI for Fraud DetectionDataStax
 
Presentation final.pptx (1)
Presentation final.pptx (1)Presentation final.pptx (1)
Presentation final.pptx (1)Muneesh Batra
 
Presentation final.pptx (1)
Presentation final.pptx (1)Presentation final.pptx (1)
Presentation final.pptx (1)Muneesh Batra
 
The secure blockchain-based exchange for personal data - Initial Coin Offerin...
The secure blockchain-based exchange for personal data - Initial Coin Offerin...The secure blockchain-based exchange for personal data - Initial Coin Offerin...
The secure blockchain-based exchange for personal data - Initial Coin Offerin...PikcioChain
 
Towards a Trustmark for IoT (April 2018)
Towards a Trustmark for IoT (April 2018)Towards a Trustmark for IoT (April 2018)
Towards a Trustmark for IoT (April 2018)Peter Bihr
 
Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05BookStoreLib
 
Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05BookStoreLib
 

Similar to 20141116_Roots of Trust IIC_Nist Version (20)

Globalization and VPEC-T
Globalization and VPEC-TGlobalization and VPEC-T
Globalization and VPEC-T
 
Trust in the age of blockchain
Trust in the age of blockchainTrust in the age of blockchain
Trust in the age of blockchain
 
How Web Vendors Create Trust
How Web Vendors Create TrustHow Web Vendors Create Trust
How Web Vendors Create Trust
 
Cards and Payments Asia - Apr. 2016
Cards and Payments Asia - Apr. 2016Cards and Payments Asia - Apr. 2016
Cards and Payments Asia - Apr. 2016
 
Relying on Data for Strategic Decision-Making--Financial Services Experience
Relying on Data for Strategic Decision-Making--Financial Services ExperienceRelying on Data for Strategic Decision-Making--Financial Services Experience
Relying on Data for Strategic Decision-Making--Financial Services Experience
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E Commerce
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
I Call Presentation
I Call PresentationI Call Presentation
I Call Presentation
 
I Call Presentation
I Call PresentationI Call Presentation
I Call Presentation
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Payment Gateway by iPay88
Payment Gateway by iPay88Payment Gateway by iPay88
Payment Gateway by iPay88
 
Privacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationPrivacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computation
 
Innovation Around Data and AI for Fraud Detection
Innovation Around Data and AI for Fraud DetectionInnovation Around Data and AI for Fraud Detection
Innovation Around Data and AI for Fraud Detection
 
Asc overview 7 8-13
Asc overview 7 8-13Asc overview 7 8-13
Asc overview 7 8-13
 
Presentation final.pptx (1)
Presentation final.pptx (1)Presentation final.pptx (1)
Presentation final.pptx (1)
 
Presentation final.pptx (1)
Presentation final.pptx (1)Presentation final.pptx (1)
Presentation final.pptx (1)
 
The secure blockchain-based exchange for personal data - Initial Coin Offerin...
The secure blockchain-based exchange for personal data - Initial Coin Offerin...The secure blockchain-based exchange for personal data - Initial Coin Offerin...
The secure blockchain-based exchange for personal data - Initial Coin Offerin...
 
Towards a Trustmark for IoT (April 2018)
Towards a Trustmark for IoT (April 2018)Towards a Trustmark for IoT (April 2018)
Towards a Trustmark for IoT (April 2018)
 
Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05
 
Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05
 

20141116_Roots of Trust IIC_Nist Version

  • 1. Roots of Trust in CPS/IIoT
  • 2. Why are we all here? Social Capital (value of economic, social networks) Metcalfe’s Law (value of telecom, internet) StructuralValue is N2 Relational *assumes each node is of equal benefit Cognitive *assumes each potential connection actually connects Internet (connectivity) CPS/IIoT (trust, cooperation) Semantic Web (context)
  • 3. Trustees: Transaction Support Trustor B Problem of Trust: Party A and B have too little reliability in a transaction and a high level of risk. Solution: Party C acts according to a trust agreement that spells out the rules both want followed Trustee C (Root of Trust) Trustor A Low Trust Identity lifecycle (authentication, reset, etc.)
  • 4. Trust Transacting on the Road Trustor B Trustee C (Root of Trust) Trustor A Low Trust Identity lifecycle and transaction support (rules, records, etc.)
  • 5. Industrial AgeTrustee C (Root of Trust) Trustor A Low Trust Way Back Industrial Age Size & Strength: Banks, Insurance, Nation States, etc. Currency Event Compensation Identity
  • 6. Information AgeTrustee C (Root of Trust) Trustor A Low Trust Way Back Industrial Age Cryptosystems: PKI, Symmetric, PGP Currency Event Compensation Identity SSL/HTTPS ConsumerEnterprise Information Age
  • 7. A Different Kind of Strength Strength of a cipher can be measured in terms of information entropy which has a unit of measure of bits. Bob Laptop 2112 2128 280
  • 9. Case Study: SDN IETF ACTN Control of networks will reside with the admin of a particular network. If abstracted networks are to be formed from various trust domains, then sharing of this control must be coordinated somehow between these controllers to enable holistic control of all network resources.
  • 11. The Trustee, Trustee? Trustor B Quality Focused Trustee C (Root of Trust) Trustor A Cost Focused Low Trust ?
  • 14. Trustees: A New Model Characteristics (Oxford): Reliability, Strength, Ability, Truthfulness New Trustee: Computerized (Bitcoin, ENT) Reliability: Distribution, up-time Strength: Quantifiable, easily upgraded Ability: Efficient, easier implementation Truthfulness: Unbiased Easily Measured Classic Trustee: Institutional (PKI) Reliability: Age, resources, geography Strength: Processes, physical security Ability: Widely accepted, cost, training Truthfulness: Reputation, motivations Not Easily Measured
  • 15. Case Study: Bitcoin and Currency Vendor Trustee User-owned Trustee Problem: Fear of currency manipulation Solution: No manipulation possible vs. $4.8B in BTC in circulation (coindesk.com)
  • 16. Bitcoin: Fatally Flawed TRANSACTIONS 155,000/day UNIQUE ADDRESSES 147,000 TRANSACTION TIME 15 min PROCESSING 1.1 Exahashes/sec STORAGE 16 GB EXISTENTIAL RISK >50% power BRITTLE Loss permanent PRIVACY Public only ANARCHIC No private control EXPENSIVE Requires currency
  • 17. Trust in the Zeitgeist • 76 million accounts breached in 2014 • Breach was discovered by luck • $1.1 billion set aside for legal costs Case Study: Chase doubles cyber security spend to $250M/yr (wsj.com) Case Study: GM hires first ever cyber security chief (fortune.com) • GM announces autonomous vehicles by 2017 • "We have to look at [car technology] on a critical systems level. We see [security] as a competitive advantage.“ (M. Reuss, VP Global Prod Dev) • 69% of US executive are worried that cyber threats will impact growth and 59% are more worried this year than last. (PwC 17th annual global CEO survey) • 17.8% more publicly traded firms listed cyber security as a major business risk in SEC filings in 2014 following a 46.5% increase in 2013. (wsj.com)
  • 18. Business Justification Target (2013) Average cost: $78/customer $214/credit card Aite Group, 2014, Ponemon Institute, 2013 General Motors (imagining 2016) Average cost: $1.41 million/fatality $78,900/injury $8,900/propery damage National Safety Counsel (nsc.org), 2014 Liability • Paying cloud hosting costs to sell dishwasher data, forever, is not viable • Sensors are getting cheaper and more widely available… raw data value is dropping • Data as a product for non-IT companies is not sustainable without value added activities like analytics or aggregation • Storage and processing power as commodities • Ultra-low margin services (computing costs are born by the customer) IBM VP, Paul Brody Costs & New Business Models New Markets • Process companies (eg. Walmart) threatened by lack of privacy & security • Traditional infrastructure has inherent distrust of digital IT systems (eg. Energy) Parker Hannifin Chief IoT Strategist, Scott Darnell
  • 19. History Lessons • Ebay refusing to use service puts “final nail” in the Passport coffin” (zdnet.com) • “…never happened, primarily because of fears that Microsoft would end up controlling the Internet, in addition to our desktops.” (pcmag.com) Proprietary: Microsoft Passport (2000) • “…no uniform user experience… confuses the majority of people…” (webmonkey.com) • “…complex solution to a problem most consumers don’t really have....” (Microsoft blogger) Wrong Market: OpenID (2005)
  • 20. 1.844.VERINYM | inquire@ent.net | www.ent.net Q & A