Conference Security by Design - Gemalto - Security in IoT
•Download as PPTX, PDF•
0 likes•306 views
For those who didn't come to our conference "Security by Design : An IoT must have", or those who want to see it again, here is the presentation made by Gemalto.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Conference Security by Design - Gemalto - Security in IoT
Similar to Conference Security by Design - Gemalto - Security in IoT (20)
More from Witekio
More from Witekio (17)
Recently uploaded
Recently uploaded (20)
Conference Security by Design - Gemalto - Security in IoT
- 1. How to bring Trust to IoT devices ? Guillaume Djourabtchi, Marketing Director IoT Services November, 2018
- 3. We enable trust in two interlocking ways… …by developing secure, innovative software WE AUTHENTICATE PEOPLE AND DEVICES WE PROTECT DATA ACROSS NETWORKS AND THE CLOUD GemaltoCinterion Module Services - Secure Package3
- 4. Our secure software & encryption help secure digital exchanges for billions of individuals and things 3,000 R&D ENGINEERS 88NEW PATENTS FILED IN 2017 €3bn 2017 REVENUE +2bn END USERS BENEFIT FROM OUR SOLUTIONS GemaltoCinterion Module Services - Secure Package4
- 6. Can you guess what this image represents ? A Le Bourget Airport? B Gemalto Headquarters in Paris? C Secret US military base?
- 7. Cinterion Module Services - Secure Package How many devices were needed to take down the most resilient DNS server ? Amazon’s North American product sales operations as a result of the infamous 2016 Dyn cyberattack, the ~211 minutes of service disruption resulted in a loss of $32 million
- 8. $40 100 million Cars 4 Secret Keys
- 9. Device and data trustworthiness are the cornerstone of the IoT Source: Gartner 2015 Why are things getting more and more connected ? $ Make financial decisions Ensure system availability Strong trust in the endpoints and the data they generate is the cornerstone of IoT GemaltoCinterion Module Services - Secure Package6
- 10. Security : It is all about 4 KEY principles Principle #1 Trust the source sending the data with a root of trust Create unique identities through unforgeable cryptographic material injected at the manufacturing (never passwords) Principle #3 Make sure only the authorized servers can read the data Encrypt and sign the data In all data exchanges to ensure privacy and integrity Principle #2 Ensure that the exchange of data is only among trusted entities Make use of Mutual authentication devices and back-end through PKI Principle #4 Enable security updatability to cope with evolving threats Keep firmware and software updated and trust the source of the new code GemaltoCinterion Module Services - Secure Package8
- 11. Cinterion Module Services - Secure Package11 Backend Device Cellular security TLS security Applicative signature There is not only 1 security but several
- 12. The ecosystem is mandating service providers and OEM to apply security schemes ► Regulators (UK) Keys update every 1 to 5 years End-to-end data encryption & access management Firmware updates ► Ecosystem IoT clouds providers mandate the use of certificates and thus PKI in devices connected to their platforms Source: Gartner, Forecast IoT Security Worldwide 2018 GemaltoCinterion Module Services - Secure Package9
- 13. Implementing device security adds operational complexity Across-the-board complexity is often the main barrier to good security practices! Leveraging public IoT clouds requires to master PKI technology and to adapt production processes Manufacturing constraints Connected objects have low computing power, face energy constrains, and use restricted data channels Device Resource Constraints Manage secure update through signed and validate software packages is mandatory to face evolving threats Outdated software GemaltoCinterion Module Services - Secure Package10
- 14. Gemalto offer
- 15. The Cinterion module as an enabler of trust for your next IoT project Trusted Identities Pre-issued diversified X.509 certificates in the module secure domain Data Protection Secure networking stack and trusted software updates IoT Clouds Secure IoT Applications GemaltoCinterion Module Services - Secure Package14
- 16. The Cinterion module as an enabler of trust for your next IoT project GemaltoCinterion Module Services - Secure Package15 Identity generation Identity Provisioning Lifecycle management1 2 3 Saves deploying secure production facilities and management of PKI Gives assurance there is no over- production (anti-counterfeiting) allowing to externalize the manufacturing with peace-of-mind Secure enrollment of devices into any IoT hub (Azure, AWS, Oracle and the like) automated through the service portal with same effort for small to large fleet Feature to request on demand data encryption with Gemalto DPODTM On-demand over-the-air key update • Revocation : invalidates the device identities if a security breach is suspected • Renew: to renew certificate • Update: To change cloud provider or to give access to new 3rd party
- 17. THANK YOU !
Editor's Notes
- Device Secure Device Access Sensitive Data Security Communication Encryption Protect Software Integrity Cloud Big Data Encryption Server Protection Cloud Application Security
- performed with a software defined radio connected to a laptop, or in a cheaper and stealthier package, an Arduino board with an attached radio receiver To refute the ability of car companies to keep up with hackers, Three European computer scientists say they have known about the flaws to VW keys since 2012, and warned automakers. VW only uses 4 certs for 100 million keys over the past 20 years!! Wired Article: A New Wireless Hack Can Unlock 100 Million Volkswagens – must read article: https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/ The Hack: It’s not a Matter of if, but When: http://www.datacenterknowledge.com/archives/2017/07/18/making-security-priority-connected-cars/ The list of impacted cars includes luxury vehicles from Volkswagen's Porsche, Audi, Bentley, and Lamborghini brands. Researchers broke the transponder's 96-bit cryptographic system, by listening in twice to the radio communication between the key and the transponder. This reduced the pool of potential secret key matches, and opened up the 'brute force' option, which involved running through 196,607 options of secret keys until they found the one that could start the car. Then in 2013, Volkswagen sued the universities - and the researchers personally - to block them from publishing their discovery to fellow academics, according to court documents, but now a legal settlement has allowed the documents to go public. The researchers say the flaw lies in the widely-used Megamos Crypto transponder, which is responsible for the encryption between the car and remote. The flaw is similar to the Rolljam, which can built for $30 (£20), and let amateur hackers open dozens of cars and even get into garages. The hacker behind the project says it will open cars from Chrysler, Daewoo, Fiat, GM, Honda, Toyota, Volvo, Volkswagen Group, Clifford, Shurlok, and Jaguar. Read more: http://www.dailymail.co.uk/sciencetech/article-3201564/Hackers-reveal-flaw-100-cars-kept-secret-Volkwagen-TWO-YEARS-Bug-used-unlock-Kia-Lamborghini.html#ixzz4ppcnbuHc
- PKI has emerged as the digital identification, authentication and encryption standard. PKI certificates provide a strong framework for identifying and authenticating individual devices, and are regarded by many experts as the first step to securing the entire IoT ecosystem. As businesses attempt to secure the IoT, PKI is re-emerging as a cost-effective and proven technology that delivers a secure and high-performance solution.
- AWS IoT mandates the use of certificates in devices connected to the cloud. But it doesn’t automatically, and securely, provision these certificates at scale, and manage them for the lifetime of the devices. It is challenging to rotate these certificates deployed in remote devices.
- Where does it all start from ? Need to securely connect objects that have a low computing power Want to leverage shared IoT infrastructure (IoT Clouds from MS, Amazon, IBM, Oracle) Want to build my own Private IoT Cloud but don‘t have previous experience with PKI-infrastructure Public IoT hubs mandate a high level of trust on the endpoints and the use of a secure communications channel Diversification and efficient provisioning of identities becomes a mandatory step in your production environment Secure storage of those identities in the device and in the cloud becomes a key aspect of your system design
- Securely connecting millions of devices with no effort Leveraging the embedded IP and TLS stack of the Cinterion Modules reduces computing requirements of your host processor Built-in and diversified X.509 client certificates in the module‘s secure domain offloads your production site from cumbersome key generation and provisioning tasks Automated provisioning into public IoT hubs makes device onboarding a snap (we support the Azure IoT Hub and AWS IoT Hub) API‘s for automated provisioning into private IoT deployments simplify your logistics Leveraging the TKM as-a-service for generation and storage of credentials reduces your TCO On-demand key rotation secures your devices over lifecycle, to respond if a security breach is suspected FOTA and software lifecycle management help in keepin