SlideShare a Scribd company logo

Java Solutions for Securing Edge-to-Enterprise

Eric Vétillard
Eric Vétillard

A presentation from JavaOne 2013 about the use of various Java dialects, in particular Java Card, to secure IoT and M2M deployments in an enterprise deployment.

Technology
1 of 31
Download to read offline
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 131 Java Solutions for Securing Edge-to-Enterprise Eric Vétillard Sr. Principal Product Manager, Java Card Oracle
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 132 Program Agenda  Embedded security requirements  Example: Smart Meter use cases  Building trust with Secure Elements  Java Card in embedded devices  Edge-to-enterprise security
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 133 Device Device Device Device DeviceDevice Standard Architecture GatewayBackend Device Device Device Storage Java EE Java Embedded Suite Java ME Embedded (optional)
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 134  There are many of them  They are the heart of business  They are you  You may have limited control The devices are new What’s New? Device Device Device Device DeviceDevice Device Device Device Backend Cloud Server
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 135  Attacking the device – Tampering with the device – Fake device  Attacking the device link – Stealing information – Modifying information New system entry point What New Risks are Introduced? DeviceDeviceDevice Backend Cloud Server 
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 136 Security is About Resistance to Attacks  Attacks are intended to abuse the system for the benefit of the attacker  Think about attackers, not only about users – Possibly a user trying to abuse the system – Possibly a terrorist trying to destroy the whole ecosystem  Think about vulnerabilities, not bugs – Vulnerabilities often start from features – Bad specification is harder to fix than bad implementation
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 137 Main Security Requirements  Safety: Do what you are supposed to do  Privacy: Restrict access to user data  Regulation: Abide to national/vertical rules  Access control: Restrict access to authorized persons  Accountability: Guarantee some traceability of other properties High-level requirements Even under attack
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 138 Main Security Functions Data protection Confidentiality Encryption Integrity Signature Authentication Authorization Authentication Password Biometry - Token Authorization Access rights Logging & Auditing Security log Remember actions Auditor access Log interpretation Provisioning Code Update System upgrade App upgrade Bug fixing Software protection Code Integrity Code signature Code verification Runtime integrity
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 139 Smart metering: High-level View Why move to smart meters?  Better data collection  Less manpower  Accurate information  Enable Smart Grid and Big Data  Better grid control  Feedback to users (optional)
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1310 Smart metering: High-level View Why move to smart meters?  Better data collection  Less manpower  Acurate information  Enable Smart Grid and Big Data  Better grid control  Feedback to users What consequences?  Less human control  Fraud detection is difficult  More data flowing  Injection of wrong data  Private consumer data leaks (optional)
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1311 Smart metering: Environment and Details (optional) Main characteristics  Owned/controlled by utility company  Lifetime > 10 years  No human intervention  Tamper-resistant meter  Limited price sensitivity  Raw data is privacy-sensitive
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1312 Smart metering: Environment and Details (optional) Main characteristics  Owned/controlled by utility company  Lifetime > 10 years  No human intervention  Tamper-resistant meter  Limited price sensitivity  Raw data is privacy-sensitive Threat analysis  On the device  Tampering with data collection  Tampering with collected data  Between the device and the backend  Insert fake device  Modify transferred data  Steal transferred data
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1313 Smart Metering: Security Update  Data collection Before Tamper-evidence After Tamper-resistance  Data storage New issue Data integrity Data confidentiality  Fake device New issue Authentication  Fake server New issue Authentication  Man-in-the middle New issue Secure channel
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1314  Tamper-proofing the device  Securing the protocol  Using a good software stack  Adding a secure element – Tamper-resistant hardware – Small, isolated, certifiable Many Levels of Security Smart Meter: Designing Security In
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1315 3 Ways to Build Trust from Secure Elements  Secure element as secure store – Storing and handling important secrets – Example: the satellite TV card  Secure element as backend proxy – Representing the service provider in the device – Example: the SIM card  Secure element as device root of trust – Build trust in the device from a Secure Element – Example: the Trusted Platform Module (TPM)
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1316  Satellite TV good for hackers – Content is broadcast  Content is encrypted – Using a single key – This key needs protection Satellite TV Secure Element as Secure Store 
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1317  Tamper resistance is key – Device is “in the wild” – Secrets have value  Not just a store – Secure elements have a CPU – Core secrets never get out Satellite TV Cards Secure Element as Secure Store 
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1318  Access only for subscribers – Bidirectional communication – Authentication required  System can be hacked – Duplicating phone identity Mobile telephony Secure Element as Backend Proxy 
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1319  End-to-end security – SIM interacts with backend – Security is in the SIM – Device is just a dumb pipe  Limits trust requirements – Untrusted device is OK – BYOD is ultimate use case Mobile telephony SIM Secure Element as Backend Proxy 
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1320  Device can be compromised – End user changing software – External network attack  Very dangerous on devices – Consequences unknown – Hard to fix directly on device – Remote access can be disabled by attacker Protecting Device Integrity Secure Element as Device Root of Trust Device 
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1321  Provides good guarantees – Tamper evidence – Hardware integration  Building from these properties – TPM verifies the kernel – Kernel starts, verifies OS, … – Remote attestation possible Using a TPM as root of trust Secure Element as Device Root of Trust Kernel Apps OS
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1322 3 Ways to Build Trust from Secure Elements  Secure element as secure store – Storing and handling important secrets – Example: the satellite TV card  Secure element as backend proxy – Representing the service provider in the device – Example: the SIM card  Secure element as device root of trust – Build trust in the device from a Secure Element – Example: the Trusted Platform Module (TPM) Recap and value
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1323 3 Ways to Build Trust from Secure Elements  Secure element as secure store – Storing and handling important secrets – Example: the satellite TV card  Secure element as backend proxy – Representing the service provider in the device – Example: the SIM card  Secure element as device root of trust – Build trust in the device from a Secure Element – Example: the Trusted Platform Module (TPM) Recap and value Value for service provider For unconnected models Focus on local security Value for service provider For connected models End-to-end security Value for device provider For all application models Improves device security
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1324  Mostly a backend proxy – Authentication, secure channel – Managing data for the provider  Also a secure store – If there is a local interface  Could be a root of trust – Protecting device integrity Many Levels of Security Smart Meter: What Secure Element Model?
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1325 Embedded Systems with Security Subsystems A few examples available today Smart cards Mobile phones SIM POS terminals EMV payment Media players DRM Trusted Execution Environment (TEE) Mobile devices DRM Device integrity Secure Elements Wireless Modules SIM / Authentication NFC Phones Mobile payment Smart meters Regulation, prepaid TPM ATM System integrity Media players DRM
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1326 Java Card and Java in the Embedded Space  Java Card is used to program secure elements – Subset of Java, complemented with specific APIs – Multi-tenant architecture with firewalled applications – Dynamic application management – Now available on embeddable secure microcontrollers  Java APIs exist to communicate with secure elements on devices – JSR-177 provides access to secure elements – JSR-257 for using a contactless interface Many links available
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1327 Edge-to-Enterprise Security  First, identify the security requirements – What security features are/will be required on edge devices? – What kind of attacks need to be considered? – What kind of assurance level is/will be required?  Then, separate the security functions – Think of it as a separate Security Subsystem Including security in the process
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1328 Edge-to-Enterprise Security  Embedded in the main code – Providing a minimal assurance level – Already much, much better than if not identified  Using a dedicated secure element – Improved traceability and highest assurance levels – Improved asset protection and tamper resistance  More options will become available – From Trusted Computing to Trusted Execution Environments – The Java Card team follows closely these initiatives On-device implementation options
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1329 Don’t Forget Security Engineering!  Compliance issues – PCI compliance can be lost, and this is very bad publicity – HIPAA compliance will not be easier  Many embedded devices will need to be integrated  Attacks happen, and devices will be targeted – Attacks moving from desktop to mobile – Hackers are realizing that many devices are poorly secured Breaches are costly
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1330 Any questions? Eric Vétillard eric.vetillard@oracle.com
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1331

Recommended

Jrsys secure mobile solutions 2014
Jrsys secure mobile solutions 2014 Jrsys secure mobile solutions 2014
Jrsys secure mobile solutions 2014
James Wu
 
Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoT
Paul Madsen
 
Connected Silicon Security Challenges and Framework - Tyfone - Siva Narendra
Connected Silicon Security Challenges and Framework - Tyfone - Siva NarendraConnected Silicon Security Challenges and Framework - Tyfone - Siva Narendra
Connected Silicon Security Challenges and Framework - Tyfone - Siva Narendra
Tyfone, Inc.
 
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Ping Identity
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity Chalktalk
Craig Wu
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketOKsystem
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA
Ping Identity
 
Dancing pigs are real. Aigars Jaundālders. DPA Konference 2014.
Dancing pigs are real. Aigars Jaundālders. DPA Konference 2014. Dancing pigs are real. Aigars Jaundālders. DPA Konference 2014.
Dancing pigs are real. Aigars Jaundālders. DPA Konference 2014. ebuc
 

Recommended

Jrsys secure mobile solutions 2014
Jrsys secure mobile solutions 2014 Jrsys secure mobile solutions 2014
Jrsys secure mobile solutions 2014
James Wu
 
Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoT
Paul Madsen
 
Connected Silicon Security Challenges and Framework - Tyfone - Siva Narendra
Connected Silicon Security Challenges and Framework - Tyfone - Siva NarendraConnected Silicon Security Challenges and Framework - Tyfone - Siva Narendra
Connected Silicon Security Challenges and Framework - Tyfone - Siva Narendra
Tyfone, Inc.
 
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Ping Identity
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity Chalktalk
Craig Wu
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketOKsystem
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA
Ping Identity
 
Dancing pigs are real. Aigars Jaundālders. DPA Konference 2014.
Dancing pigs are real. Aigars Jaundālders. DPA Konference 2014. Dancing pigs are real. Aigars Jaundālders. DPA Konference 2014.
Dancing pigs are real. Aigars Jaundālders. DPA Konference 2014. ebuc
 
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA
 
SYPHERSAFE
SYPHERSAFESYPHERSAFE
SYPHERSAFE
Mustafa Kuğu
 
The Industrial Immune System
The Industrial Immune SystemThe Industrial Immune System
The Industrial Immune System
Justin Hayward
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of Things
Ping Identity
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
ForgeRock
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoT
FIDO Alliance
 
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint TechnologyQualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
FIDO Alliance
 
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...OKsystem
 
Secur Digital Presentation 22jul10 Frm Show
Secur Digital Presentation 22jul10 Frm ShowSecur Digital Presentation 22jul10 Frm Show
Secur Digital Presentation 22jul10 Frm Showfmitchell
 
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPasswords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Priyanka Aash
 
IoT Security Challenges
IoT Security ChallengesIoT Security Challenges
IoT Security Challenges
Forest Interactive
 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case Study
FIDO Alliance
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
Ulf Mattsson
 
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingProtect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Ivanti
 
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile World
LINE Corporation
 
Maloney slides
Maloney slidesMaloney slides
Maloney slidesOnkar Sule
 
Drawing the Line Correctly: Enough Security, Everywhere
Drawing the Line Correctly: Enough Security, EverywhereDrawing the Line Correctly: Enough Security, Everywhere
Drawing the Line Correctly: Enough Security, Everywhere
LINE Corporation
 
“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication
LINE Corporation
 
FIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming WebinarFIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming Webinar
FIDO Alliance
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
Symantec
 
First Steps with Java Card
First Steps with Java CardFirst Steps with Java Card
First Steps with Java Card
Eric Vétillard
 
Safend General Presentation 2010
Safend General Presentation 2010Safend General Presentation 2010
Safend General Presentation 2010
Joseph Mark Heinzen
 

More Related Content

What's hot

Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA
 
SYPHERSAFE
SYPHERSAFESYPHERSAFE
SYPHERSAFE
Mustafa Kuğu
 
The Industrial Immune System
The Industrial Immune SystemThe Industrial Immune System
The Industrial Immune System
Justin Hayward
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of Things
Ping Identity
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
ForgeRock
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoT
FIDO Alliance
 
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint TechnologyQualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
FIDO Alliance
 
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...OKsystem
 
Secur Digital Presentation 22jul10 Frm Show
Secur Digital Presentation 22jul10 Frm ShowSecur Digital Presentation 22jul10 Frm Show
Secur Digital Presentation 22jul10 Frm Showfmitchell
 
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPasswords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Priyanka Aash
 
IoT Security Challenges
IoT Security ChallengesIoT Security Challenges
IoT Security Challenges
Forest Interactive
 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case Study
FIDO Alliance
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
Ulf Mattsson
 
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingProtect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Ivanti
 
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile World
LINE Corporation
 
Maloney slides
Maloney slidesMaloney slides
Maloney slidesOnkar Sule
 
Drawing the Line Correctly: Enough Security, Everywhere
Drawing the Line Correctly: Enough Security, EverywhereDrawing the Line Correctly: Enough Security, Everywhere
Drawing the Line Correctly: Enough Security, Everywhere
LINE Corporation
 
“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication
LINE Corporation
 
FIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming WebinarFIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming Webinar
FIDO Alliance
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
Symantec
 

What's hot (20)

Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
 
SYPHERSAFE
SYPHERSAFESYPHERSAFE
SYPHERSAFE
 
The Industrial Immune System
The Industrial Immune SystemThe Industrial Immune System
The Industrial Immune System
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of Things
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoT
 
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint TechnologyQualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
 
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
 
Secur Digital Presentation 22jul10 Frm Show
Secur Digital Presentation 22jul10 Frm ShowSecur Digital Presentation 22jul10 Frm Show
Secur Digital Presentation 22jul10 Frm Show
 
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPasswords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
 
IoT Security Challenges
IoT Security ChallengesIoT Security Challenges
IoT Security Challenges
 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case Study
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
 
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingProtect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
 
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile World
 
Maloney slides
Maloney slidesMaloney slides
Maloney slides
 
Drawing the Line Correctly: Enough Security, Everywhere
Drawing the Line Correctly: Enough Security, EverywhereDrawing the Line Correctly: Enough Security, Everywhere
Drawing the Line Correctly: Enough Security, Everywhere
 
“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication
 
FIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming WebinarFIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming Webinar
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
 

Similar to Java Solutions for Securing Edge-to-Enterprise

First Steps with Java Card
First Steps with Java CardFirst Steps with Java Card
First Steps with Java Card
Eric Vétillard
 
Safend General Presentation 2010
Safend General Presentation 2010Safend General Presentation 2010
Safend General Presentation 2010
Joseph Mark Heinzen
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of Things
Eric Vétillard
 
CSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxCSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptx
Mohammad512578
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
EMC
 
Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?
EMC
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013Matthew Rosenquist
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...
Community Protection Forum
 
Security hardening and drown attack prevention for mobile backend developers
Security hardening and drown attack prevention for mobile backend developersSecurity hardening and drown attack prevention for mobile backend developers
Security hardening and drown attack prevention for mobile backend developers
Jiri Danihelka
 
Oracle-Security_Executive-Presentation
Oracle-Security_Executive-PresentationOracle-Security_Executive-Presentation
Oracle-Security_Executive-Presentationstefanjung
 
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Matthew Rosenquist
 
Securing Java in the Server Room
Securing Java in the Server RoomSecuring Java in the Server Room
Securing Java in the Server Room
Tim Ellison
 
JavaOne2013: Securing Java in the Server Room - Tim Ellison
JavaOne2013: Securing Java in the Server Room - Tim EllisonJavaOne2013: Securing Java in the Server Room - Tim Ellison
JavaOne2013: Securing Java in the Server Room - Tim Ellison
Chris Bailey
 
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Kenneth de Brucq
 
iPhone and iPad Security
iPhone and iPad SecurityiPhone and iPad Security
iPhone and iPad Security
Simon Guest
 
Java Card, 15 years later
Java Card, 15 years laterJava Card, 15 years later
Java Card, 15 years later
Eric Vétillard
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
IBM Security
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planet
Vincent Kwon
 
The Future Mobile Security
The Future Mobile Security The Future Mobile Security
The Future Mobile Security
Qualcomm Developer Network
 

Similar to Java Solutions for Securing Edge-to-Enterprise (20)

First Steps with Java Card
First Steps with Java CardFirst Steps with Java Card
First Steps with Java Card
 
Safend General Presentation 2010
Safend General Presentation 2010Safend General Presentation 2010
Safend General Presentation 2010
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of Things
 
CSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxCSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptx
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
 
Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...
 
Security hardening and drown attack prevention for mobile backend developers
Security hardening and drown attack prevention for mobile backend developersSecurity hardening and drown attack prevention for mobile backend developers
Security hardening and drown attack prevention for mobile backend developers
 
Oracle-Security_Executive-Presentation
Oracle-Security_Executive-PresentationOracle-Security_Executive-Presentation
Oracle-Security_Executive-Presentation
 
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
 
Securing Java in the Server Room
Securing Java in the Server RoomSecuring Java in the Server Room
Securing Java in the Server Room
 
JavaOne2013: Securing Java in the Server Room - Tim Ellison
JavaOne2013: Securing Java in the Server Room - Tim EllisonJavaOne2013: Securing Java in the Server Room - Tim Ellison
JavaOne2013: Securing Java in the Server Room - Tim Ellison
 
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
 
iPhone and iPad Security
iPhone and iPad SecurityiPhone and iPad Security
iPhone and iPad Security
 
Java Card, 15 years later
Java Card, 15 years laterJava Card, 15 years later
Java Card, 15 years later
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planet
 
The Future Mobile Security
The Future Mobile Security The Future Mobile Security
The Future Mobile Security
 

More from Eric Vétillard

New Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web ServersNew Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web Servers
Eric Vétillard
 
Step-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected Platform
Eric Vétillard
 
Java Card Technology: The Foundations of NFC
Java Card Technology: The Foundations of NFCJava Card Technology: The Foundations of NFC
Java Card Technology: The Foundations of NFC
Eric Vétillard
 
Java Card Platform Security and Performance
Java Card Platform Security and PerformanceJava Card Platform Security and Performance
Java Card Platform Security and Performance
Eric Vétillard
 
Java Card in Banking and NFC
Java Card in Banking and NFCJava Card in Banking and NFC
Java Card in Banking and NFC
Eric Vétillard
 
Eric java card-basics-140314
Eric java card-basics-140314Eric java card-basics-140314
Eric java card-basics-140314
Eric Vétillard
 

More from Eric Vétillard (6)

New Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web ServersNew Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web Servers
 
Step-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected Platform
 
Java Card Technology: The Foundations of NFC
Java Card Technology: The Foundations of NFCJava Card Technology: The Foundations of NFC
Java Card Technology: The Foundations of NFC
 
Java Card Platform Security and Performance
Java Card Platform Security and PerformanceJava Card Platform Security and Performance
Java Card Platform Security and Performance
 
Java Card in Banking and NFC
Java Card in Banking and NFCJava Card in Banking and NFC
Java Card in Banking and NFC
 
Eric java card-basics-140314
Eric java card-basics-140314Eric java card-basics-140314
Eric java card-basics-140314
 

Recently uploaded

Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 

Recently uploaded (20)

Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 

Java Solutions for Securing Edge-to-Enterprise

  • 1. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 131 Java Solutions for Securing Edge-to-Enterprise Eric Vétillard Sr. Principal Product Manager, Java Card Oracle
  • 2. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 132 Program Agenda  Embedded security requirements  Example: Smart Meter use cases  Building trust with Secure Elements  Java Card in embedded devices  Edge-to-enterprise security
  • 3. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 133 Device Device Device Device DeviceDevice Standard Architecture GatewayBackend Device Device Device Storage Java EE Java Embedded Suite Java ME Embedded (optional)
  • 4. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 134  There are many of them  They are the heart of business  They are you  You may have limited control The devices are new What’s New? Device Device Device Device DeviceDevice Device Device Device Backend Cloud Server
  • 5. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 135  Attacking the device – Tampering with the device – Fake device  Attacking the device link – Stealing information – Modifying information New system entry point What New Risks are Introduced? DeviceDeviceDevice Backend Cloud Server 
  • 6. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 136 Security is About Resistance to Attacks  Attacks are intended to abuse the system for the benefit of the attacker  Think about attackers, not only about users – Possibly a user trying to abuse the system – Possibly a terrorist trying to destroy the whole ecosystem  Think about vulnerabilities, not bugs – Vulnerabilities often start from features – Bad specification is harder to fix than bad implementation
  • 7. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 137 Main Security Requirements  Safety: Do what you are supposed to do  Privacy: Restrict access to user data  Regulation: Abide to national/vertical rules  Access control: Restrict access to authorized persons  Accountability: Guarantee some traceability of other properties High-level requirements Even under attack
  • 8. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 138 Main Security Functions Data protection Confidentiality Encryption Integrity Signature Authentication Authorization Authentication Password Biometry - Token Authorization Access rights Logging & Auditing Security log Remember actions Auditor access Log interpretation Provisioning Code Update System upgrade App upgrade Bug fixing Software protection Code Integrity Code signature Code verification Runtime integrity
  • 9. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 139 Smart metering: High-level View Why move to smart meters?  Better data collection  Less manpower  Accurate information  Enable Smart Grid and Big Data  Better grid control  Feedback to users (optional)
  • 10. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1310 Smart metering: High-level View Why move to smart meters?  Better data collection  Less manpower  Acurate information  Enable Smart Grid and Big Data  Better grid control  Feedback to users What consequences?  Less human control  Fraud detection is difficult  More data flowing  Injection of wrong data  Private consumer data leaks (optional)
  • 11. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1311 Smart metering: Environment and Details (optional) Main characteristics  Owned/controlled by utility company  Lifetime > 10 years  No human intervention  Tamper-resistant meter  Limited price sensitivity  Raw data is privacy-sensitive
  • 12. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1312 Smart metering: Environment and Details (optional) Main characteristics  Owned/controlled by utility company  Lifetime > 10 years  No human intervention  Tamper-resistant meter  Limited price sensitivity  Raw data is privacy-sensitive Threat analysis  On the device  Tampering with data collection  Tampering with collected data  Between the device and the backend  Insert fake device  Modify transferred data  Steal transferred data
  • 13. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1313 Smart Metering: Security Update  Data collection Before Tamper-evidence After Tamper-resistance  Data storage New issue Data integrity Data confidentiality  Fake device New issue Authentication  Fake server New issue Authentication  Man-in-the middle New issue Secure channel
  • 14. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1314  Tamper-proofing the device  Securing the protocol  Using a good software stack  Adding a secure element – Tamper-resistant hardware – Small, isolated, certifiable Many Levels of Security Smart Meter: Designing Security In
  • 15. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1315 3 Ways to Build Trust from Secure Elements  Secure element as secure store – Storing and handling important secrets – Example: the satellite TV card  Secure element as backend proxy – Representing the service provider in the device – Example: the SIM card  Secure element as device root of trust – Build trust in the device from a Secure Element – Example: the Trusted Platform Module (TPM)
  • 16. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1316  Satellite TV good for hackers – Content is broadcast  Content is encrypted – Using a single key – This key needs protection Satellite TV Secure Element as Secure Store 
  • 17. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1317  Tamper resistance is key – Device is “in the wild” – Secrets have value  Not just a store – Secure elements have a CPU – Core secrets never get out Satellite TV Cards Secure Element as Secure Store 
  • 18. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1318  Access only for subscribers – Bidirectional communication – Authentication required  System can be hacked – Duplicating phone identity Mobile telephony Secure Element as Backend Proxy 
  • 19. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1319  End-to-end security – SIM interacts with backend – Security is in the SIM – Device is just a dumb pipe  Limits trust requirements – Untrusted device is OK – BYOD is ultimate use case Mobile telephony SIM Secure Element as Backend Proxy 
  • 20. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1320  Device can be compromised – End user changing software – External network attack  Very dangerous on devices – Consequences unknown – Hard to fix directly on device – Remote access can be disabled by attacker Protecting Device Integrity Secure Element as Device Root of Trust Device 
  • 21. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1321  Provides good guarantees – Tamper evidence – Hardware integration  Building from these properties – TPM verifies the kernel – Kernel starts, verifies OS, … – Remote attestation possible Using a TPM as root of trust Secure Element as Device Root of Trust Kernel Apps OS
  • 22. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1322 3 Ways to Build Trust from Secure Elements  Secure element as secure store – Storing and handling important secrets – Example: the satellite TV card  Secure element as backend proxy – Representing the service provider in the device – Example: the SIM card  Secure element as device root of trust – Build trust in the device from a Secure Element – Example: the Trusted Platform Module (TPM) Recap and value
  • 23. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1323 3 Ways to Build Trust from Secure Elements  Secure element as secure store – Storing and handling important secrets – Example: the satellite TV card  Secure element as backend proxy – Representing the service provider in the device – Example: the SIM card  Secure element as device root of trust – Build trust in the device from a Secure Element – Example: the Trusted Platform Module (TPM) Recap and value Value for service provider For unconnected models Focus on local security Value for service provider For connected models End-to-end security Value for device provider For all application models Improves device security
  • 24. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1324  Mostly a backend proxy – Authentication, secure channel – Managing data for the provider  Also a secure store – If there is a local interface  Could be a root of trust – Protecting device integrity Many Levels of Security Smart Meter: What Secure Element Model?
  • 25. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1325 Embedded Systems with Security Subsystems A few examples available today Smart cards Mobile phones SIM POS terminals EMV payment Media players DRM Trusted Execution Environment (TEE) Mobile devices DRM Device integrity Secure Elements Wireless Modules SIM / Authentication NFC Phones Mobile payment Smart meters Regulation, prepaid TPM ATM System integrity Media players DRM
  • 26. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1326 Java Card and Java in the Embedded Space  Java Card is used to program secure elements – Subset of Java, complemented with specific APIs – Multi-tenant architecture with firewalled applications – Dynamic application management – Now available on embeddable secure microcontrollers  Java APIs exist to communicate with secure elements on devices – JSR-177 provides access to secure elements – JSR-257 for using a contactless interface Many links available
  • 27. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1327 Edge-to-Enterprise Security  First, identify the security requirements – What security features are/will be required on edge devices? – What kind of attacks need to be considered? – What kind of assurance level is/will be required?  Then, separate the security functions – Think of it as a separate Security Subsystem Including security in the process
  • 28. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1328 Edge-to-Enterprise Security  Embedded in the main code – Providing a minimal assurance level – Already much, much better than if not identified  Using a dedicated secure element – Improved traceability and highest assurance levels – Improved asset protection and tamper resistance  More options will become available – From Trusted Computing to Trusted Execution Environments – The Java Card team follows closely these initiatives On-device implementation options
  • 29. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1329 Don’t Forget Security Engineering!  Compliance issues – PCI compliance can be lost, and this is very bad publicity – HIPAA compliance will not be easier  Many embedded devices will need to be integrated  Attacks happen, and devices will be targeted – Attacks moving from desktop to mobile – Hackers are realizing that many devices are poorly secured Breaches are costly
  • 30. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1330 Any questions? Eric Vétillard eric.vetillard@oracle.com
  • 31. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1331