(May 10th 2019) Data Driven Innovation 2019. Dipartimento di ingegneria, Università degli Studi Roma Tre.

2. Simone Cafagna
Wireless & IoT Application Engineer
May 2019
Arrow IoT Security
From Sensor to Sunset™

3. 3
Arrow Today Founded
1935
Headquarters
Centennial, CO
2018 Sales
$30B
Ticker Symbol
ARW (NYSE)
Locations
460 in 85 countries
Employees
18,800
Fortune 500
Ranked 118
Customers
150,000

4. 4
At a Glance – From Components to Cloud

5. 5
IoT – Internet of Things

6. 6
Where is the ‘S’ in IOT?

7. 7
Cyber Attacks are Growing on IoT

8. 8
Internet of Hacks
The hackers managed to find and steal high-roller database of gamblers and "then
pulled it back across the network, out the thermostat, and up to the cloud."
North America Casino fell
victim to hackers thanks to a
smart thermometer, Business
Insider reported.

9. 9
Internet of Hacks
CloudPets emails and
passwords of parents, as well
as the message recordings
themselves, were left
exposed online to hackers.
SHODAN

10. 10
Source: Security from Inception - SecureThingz

11. 11
Arrow - IoT
From Sensor to Sunset™ represents Arrow’s comprehensive portfolio of
technology from sensors, end-to-end security, wireless connectivity, gateways to
cloud platforms, data ingestion, aggregation and visualization, analytics, and
security

12. 12
Secure
Hardware
Layered Approach to Security
Design
Security
Data
Security

13. 13
Benefits of Arrow IoT Security From Sensor to Sunset™
• Trust your devices and your data
• Protect your from counterfeits
• Protect your company IP
• Use Best Security Practices

14. 14
General IoT System
Unique and Secure Root of Trust
Device Management
GatewayDevice/Thing
Cloud
Data storage
Data Analytics
Data Visualization

15. 15
Hardware Security – Secure Elements
MCU serial Secure Element
(HSM)

16. 16
Hardware Security – Secure MCU
MCU
+
HSM

17. 17
Device to Gateway Security
Provisioning & Authentication
Enabled and authorised
to join a network
Trusted Platform Module
Industry standard secure
cryptographic keys
Data Encryption
Encode your data
to be transmitted
Tamper Detect
Detect if voltages are
changing
or probes are applied
Secure Data storage
Protect critical data
and software
ARROW
CONNECT
Over-the-Air (OTA) Updates
Ability to remotely download
new software to a device
Secure
Communication
When transmitting data
you are secure

18. 18
Gateway Security
Arrow Connect
Gateway
Arrow Connect
Arrow Connect
Device Management
Device/Thing
Cloud
Data storage
Data Analytics
Data Visualization

19. 19
Firewalls
Approved access to designated
areas of the network
Device Fingerprinting
MAC address, operating system
& app create a fingerprint
Golden Clone
Original system configuration
“how the system should be”
Data Correlation
From logged data checking
patterns and abnormalities
Data Logging
Logging historical data
and system
performance
System Optimisation &
Machine Learning
Detecting attacks and unusual
events. Teach the system
Network Monitoring
Constantly checking the comms
language and business logic
Gateway to Data Centre Security

20. 20
Conclusion - Preventing Cyberattacks
› Secure enough for the Use Case
Secure Element –
The “safe”
for your platform
Secure Element - Use Cases
– Authentication
– Secured Communications
– Secured Storage
– Secured Software Update…
› Security is layered
› Security is a process (Threat Modeling)
› Arrow provides end-to-end IoT Security – From Sensor to Sunset™

21. Thank You

23. 23
Backup Deck

24. 24
Today’s Greatest IoT Security Concerns
Source: 451 Research
Physically Unsecure Endpoints
Poor Authentication of IoT Endpoints
Unsecure Application Security
Vulnerability within IoT Systems
Unsecured Network Between
IoT Endpoints and Central Networks
Product Tampering
Denial of Service (DOS) attacks
Product Cloning

25. 25
Security Features for IoT Applications
Access Controls
Secure Firmware Updates
Encryption for communications and data
Hardware security tamper resistant
Secure Boot
Public Key Crypto (PKI)
Encrypted storage

26. 26
OPTIGA™ Family
OPTIGA™
Trust B
OPTIGA™
TPM
OPTIGA™
Trust E
OPTIGA™
Trust X
Functionality Authentication TCG standardAuthentication
Security Level CC EAL 4+CC EAL 6+Basic CC EAL 6+* *
Type of Host System Embedded Linux
Windows /
Linux
MCU without OS / proprietary OS / RTOS
Interface SWI I2C
I2C, SPI,
LPC
I2C
IEC 62443 (up to Level 4)
✔ ✔ ✔✔
Connected
device security
Cryptography
Private key stored in secure HW
ECC131 ECC256 ECC384
ECC256
RSA2K
NVM (Data) 6kByte3kByte64Byte 10kByte
Temperature Range -40 to +105°C -40 to +105°C -40 to +85°C-45 to +85°C
* Additional Platform features

27. 27
OPTIGA™ Use Cases

28. 28
Costs are Growing Also
› Maersk (NotPetya)
– $200M - $300M USD Earnings Hit
› German Steel Mill
– “Massive Damage” to blast furnace
› Dyn (Mirai)
– 8% drop in business

29. 29
E2E Security - Summary
• IoT security needs to be baked in from the start of design
• Arrow provides end-to-end IoT Security – From Sensor to Sunset™
• If you can’t trust your device, you can’t trust your data
29

30. 30
Arrow IoT Strategy
From Sensor to Sunset™

31. 31
Arrow IoT Security Strategy
ARROW CONFIDENTIAL
Arrow’s Secure Provisioning Services are an integral part of
Arrow’s IoT Security Strategy and consist out of:
1) Provide Hardware Based Security Devices
2) Offer Secure Provisioning Services
3) Integrating External Certificate Authority Services
4) Secure Onboarding Services
5) Secure Connection to Arrow Cloud Services
1 – 3 are operational at Arrow’s EMEA Programming facility in
Venlo, the Netherlands.
4 - 5 are in development.
These Services can and will be rolled out to Arrow’s
Programming facilities in NA and APAC.

32. 32
Arrow High Level Process
ARROW
Configuration File
Secure Transfer
VENLO
Programming of First Article
samples
Customer Testing of First
Article samples

33. 33
Supplier Security Products

34. 34
…and so on