SlideShare a Scribd company logo

Track 5 session 2 - st dev con 2016 - security iot best practices

ST_World
ST_World

ST Developers Conference 2016 - IoT Security Good Practices

Devices & Hardware
1 of 40
Download to read offline
October 4, 2016 Santa Clara Convention Center Mission City Ballroom IoT Security Good Practices Joe Pilozzi
In the News 2
Invasive Product Attacks With the case opened / removed • Test / debug port access • Inter device bus and IO probing • Reset, clock attacks • Power analysis • Temperature / electrical attacks Non Invasive Attacks Misuse of network protocols • Exploit communication protocol errors • Flaws in software design / implementation Invasive Silicon Attacks Device de-packaged • Circuit analysis and probing • Fault injection Solutions 3 Box Internet The Cloud BOX Add a Secure Element • Much Better Tamper Resistant • Trusted Crypto Services • Secure Storage • Independently Certified A Better Solution Use an MCU’s security features • Unique Device IDs • Memory Protection • Firewall • Tamper Detection • Crypto Hardware • AES, T-RNG • Debug Port Protection Solution SOLUTIONS
It’s All About Risk Management 4 • Understand the value of the Assets you are going to protect, taking into account all stake holders • Understand your Threats and Vulnerabilities • Develop a security strategy to reduce Risk, using right level of security for the value of the Assets being protected • Make use of the integrity and cryptographic tools available Fortified Solutions
Fortifying an IoT Device
Example Of A Simple IoT Device 6 Sensor MCU Communications Device STM32 Communication Device Sensor MCU Secure Element STSAFE Secure Element
An IoT Device’s Security Needs 7 Prevent device misuse Prevent device or server counterfeiting Resistance against hacking, cloning Authentication • Device to device • Device to server Service and network access corruption Prevent device misuse Integrity and Availability • Secure Boot • Secure firmware upgrade • Trusted processing Data privacy Prevent data collection or corruption Confidentiality • Data / identity protection • Secure communications • Secure storage Upgradability Secure Communications • Secure firmware upgrade Prevent device misuse Need Solution
Product Integrity and Cryptography • Cryptographic methods are used to: • Protect the Confidentially and Integrity of data / information • Ensure a chain of trust through Authentication • Product integrity, availability and resistance against attacks • Uses cryptography and stateful processes to ensure correct operation • Uses hardware to enforce rules and countermeasures • Uses tamper proof methods to mitigate attacks 8
Cryptography
Cryptography The art of hiding things • Cryptographic ciphers have been used for centuries to protect information between communicating parties • Cryptographic processes are mathematical algorithms that provide:- • Encryption to keep information Confidential during communications • Authentication to validate information, identities and trust individual items • Underpins a platforms Integrity processes, like Secure Boot 10
Secret Key Cryptography (Symmetric) Cryptography One Key or Two ? 11 Data File Data FileData File Clear Text Clear Text Cipher Text Encryption Decryption Sender ReceiverCommunications Channel Public Key Cryptography (Asymmetric) Data File Data FileData File Clear Text Clear Text Cipher Text Encryption Decryption Private Public
Cryptography Characteristics • Symmetric – or single (or secret) key • Use fewer compute resources and are faster • Used to protect data - during communications or while at rest • Issue with sharing and managing keys • Algorithms like AES and TDES • Asymmetric – (a key pair - public key + private key) • Provides easier key sharing and management using a Public Key Infrastructure (PKI) • Algorithms are more complex, hence compute intensive, thus lower performance • Used for authentication, key exchange, digital signatures and certificates • Algorithms like RSA and ECC (Elliptic Curve Cryptography) 12
Cryptography Size Matters • NIST recommended key sizes 13 Symmetric RSA ECC 56 512 112 80 1024 160 112 2048 224 128 3072 256 192 7680 384 256 15360 521 • Bigger is better - stronger • ECC uses a smaller key for the same strength as RSA Strength STRONG
Cryptography Size Matters • Just a thought … … that’s one small key in a huge hay-stack ! 14 Estimated number of 1050 atoms 166 bit Symmetric Key ≈ With ~10^50 combinations
Cryptography Hash Algorithms • Cryptographic Hash • An easy to compute, one-way cryptographic function that generates a result which for all intents and purposes is unique for any given message or file :- • Unalterable (practically impossible to modify the original file or message without causing the result to be altered) • The resultant hash value is always the same length irrespective of the size of the message or file • Used in many processes like authentication, secure boot, secure firmware down-loads • NIST (Secure Hashing Algorithm) SHA-1, SHA-2, SHA-3 15 Cryptographic Hash Function Data FileCode File Clear Text Hash Value One Way Function Hash function has no key, and the clear text can not be recovered from the hash value
Cryptography Signatures • Digital Signatures • Used to check the authenticity of information, code, files, messages, and Public Keys in the case of Digital Certificates 16 Sign / Encrypt Code Signing Code File Clear Text Hash Hash Value Private Using RSA Verify / Decrypt Code Authentication Public Hash Value Code File Clear Text Hash Calculated Hash Value Compare If the Hash values are equal the code is authentic Using RSA
Random Number Generator (RNG) • Random Number Generators are typically used :- • To generate a challenge during authentication process, a seed for keys, digital signatures 17 http://www.random.org/bitmapsPHP rand() on Windows http://boallen.com/random-numbers.html http://en.wikipedia.org/wiki/Random_number_generator_attack • A source of entropy (randomness) for the crypto math • Statistical properties of the RNG’s output is used to evaluate level of randomness • A non random or predictable output is a source weakness
Random Number Generator (RNG) • A Pseudo Random Generator uses a software algorithm to generate numbers • A True Random Generator makes use of the unpredictable physical properties of silicon to generate its numbers • Use RNG’s complying with NIST FIPS 140-2 Annex C 18 • Always make use of a True Random Generator
Cryptography 19 • Not all crypto libraries are the same … • Is it from a reputable source ? or is it freeware ? open source ? • Does it come with any warranties or certifications ? • Do you know its history, is it maintained? • Does it have a track record of fixing security issues ? • Silicon vendor libraries specifically make use of hardware accelerators or are designed to execute in a secure partition or environment Libraries • Take care where you obtain cryptographic libraries from • Use libraries that come from reputable sources • Use libraries that make use of hardware accelerators or are partitioned to execute in a secure manner
Cryptographic Accelerators • Cryptographic accelerators are specific hardware engines that off-load cryptographic functions from the CPU • Providing higher data through-put performance, and lower power • Greater integrity – more resilient against system and board level software attacks • Often supporting secure key ladders, secure key stores or caches • The cryptographic functions are intrinsically bound to the device • Functions typically performed • AES, TDES, SHA, RSA, ECC, SHA-1, SHA-2, SHA-3 20 • Use hardware Cryptographic Accelerators when available
Integrity and Availability Resilience to Attacks
Root of Trust • An anchor point for cryptographic services bound with a device • It may be embedded in the Microcontroller or a Secure Element • Performs stateful, trusted, cryptographic processes • Is the first process to start after reset • Often ROM (locked Flash) based as integrity is important • May use hardened logic design that is tamper resistant • Performs code authentication; acts as the First Stage in a Secure Boot process 22
Secure Boot • To ensure a products integrity code should be authenticated before it is run • Secure boot uses cryptographic functions to confirm the authenticity of a code image before allowing it to execute • A multi-stage secure boot process, is one where each stage authenticates the next, hence a chain of trust 23 First Stage Code Cert. Reset Chain of Trust Second stage Loader Code Cert. Authenticates Trusted Third Stage RTOS Code Cert. Authenticates Application Authenticates
Secure Boot • The Secure Boot process • Performed after a reset, using a Public key stored in the device • It is a stateful process for predictable behavior • Its code should be stored in ROM or locked Flash • A Root-of-Trust may be used to performed this process 24 State based process Reset Trusted Verify / Decrypt Code Authentication Public Hash Value File Code Image Hash Calculated Hash Value Compare OK NOK Reload Run Code • Code images may also be encrypted • Protect your private signing key!
Protect Assets and Keys 25 • Sensitive data should be encrypted when not being used • Sensitive applications data, confidentiality, privacy, customer financial and health info. • Trusted root keys (symmetric keys or asymmetric Private keys) • Access to this data must be carefully controlled and restricted to authorized persons and processes • Lock down Public keys and certificates • They don’t need to be encrypted only immovable - locked to the platform • Only allow replacement through a cryptographic process Secure Storage – Data at Rest • The key to success is to protect your keys • Don’t allow unauthorized access to keys
Secure Communications 26 • The IoT ecosystem relies on confidential and trusted communications • Use a cryptographic authentication process to establish trust All devices should be uniquely identified and able to verify the identity and authenticity of other communicating devices • Public Key Infrastructure (PKI) standards • RSA, ECC • Use end-to-end encryption • Ciphers: AES, TDES Data in Motion • Make use of established secure communication protocol standards • Secure Socket Layer/Transport Layer Security (SSL/TLS), • Datagram TLS (DTLS)
Application Data 27 • Handle confidential and sensitive data securely when being used • Segmented processing • Uses memory protection or firewall mechanisms to segment memory and code execution into secure and non secure zones • Requires a clear understanding of software and hardware to develop a partitioned solution • Dual mode CPU’s – Trusted processing • Provide context switching between “trusted” and “untrusted” processing • Simplifies the partitioning and development of secure processes • Secure Processing using a Secure Processor, like ST’s STSAFE • Provides the highest level tamper resistance for protecting cryptographic services and keys Data In Use
Layers of Security Services 28 • Security services should be handled independently in silo’ed processes System Layers Application / Cloud • Access control and right management • Feature and product management Data / Transport Layer • TLS/DTLS, HTTPS etc Link Layer / Physical Layer • Network physical layer security • e.g. WiFi – WPA2, 802.11i Device Security Services • Secure Boot
Debug Ports • Debug ports, like JTAG, represent any easy access route for hackers • Remove test headers, debug access points from the board • Remove from code any debug processes as these could be exploited • This includes potential boot-loader paths (UART, SPI, I2C, USB, etc.) • Restricted access to production keys • Only use test or dummy keys while the product is in debug mode 29 • If the device has a lockable debug port – don’t forget to lock it!
Life Cycle
Product Life Cycle 31 Definition Design Development Prototype / Test Decommissioning Product Launch Maintenance • Define the product and identify the Assets you plan to protect • Design the product based on the correct level of security • Develop methods and processes to protect those Assets over the entire life-cycle • Develop secure processes to handle firmware throughout the products life-cycle • Product security should be factored in from day-one
Do Verify Your Implementation • Today’s largest threats are through software based attacks • Used defensive coding practices and tools to detect possible vulnerabilities • Review carefully the trustworthiness of code coming from external sources • Check that all the latest security patches are being used • Analyze code to remove debug and native firmware loading interface capabilities • Use code integrity checking techniques like Secure Boot, Secure Firmware Update • Rigorously test and support interoperability workshops • You may also use Security Assessment Services • Provide independent security assessment of products and ecosystems • Support standards compliance evaluation and certification 32
Security Partnerships • Use trusted partners throughout your value chain – protect your products, services and brand • Use partners equally committed to security and integrity • Select partner provided schemes, processes and solutions that allow you to securely provision and update your products firmware in untrusted environments 33
Conclusions / Recommendations
Trusted IoT Platforms Do Matter ! 35 Who’s Watching your loved ones ! Source Engadget
Recommendations 36 • Internet of Things presents a wealth of opportunities and growth for business. It also represents increased opportunity for theft, mischief and damage or even loss of life • Reduce risk by designing and managing products fortified against attacks • Hackers will go after the weakest links in a system not necessarily directly to their target • Understand the value of assets for all the stake holders in your solution • Perform a Threat analysis to better understand your Risks • Remember Confidentially, Availability and Integrity are key • Using these good design practices to develop and maintain secure products • Design a products resilient against attacks through out its whole life-cycle • Products robust can achieved through use of security features and tools • Work with trusted and experienced partners throughput your value chain Work with ST, your experienced partner
Demos
ST Solutions for Security in IoT 38 Smart City Solution for IoT Node
39
Thank You

Recommended

Track 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotTrack 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iot
ST_World
 
Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A Survey
Adeel Ahmed
 
Track 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for webTrack 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for web
ST_World
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Positive Hack Days
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Charalampos Doukas
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
Julien Vermillard
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen Miller
AVEVA
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
Digital Bond
 

Recommended

Track 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotTrack 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iot
ST_World
 
Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A Survey
Adeel Ahmed
 
Track 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for webTrack 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for web
ST_World
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Positive Hack Days
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Charalampos Doukas
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
Julien Vermillard
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen Miller
AVEVA
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
Digital Bond
 
IoT/M2M Security
IoT/M2M SecurityIoT/M2M Security
IoT/M2M Security
Yu-Hsin Hung
 
Iot Security
Iot SecurityIot Security
Iot Security
MAITREYA MISRA
 
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблюNFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
Positive Hack Days
 
DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0
Shah Sheikh
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
Creekside Marketing Group, LLC
 
RSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityRSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS Security
Chris Sistrunk
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
Leonardo De Moura Rocha Lima
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
Digital Bond
 
Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)
Digital Bond
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
Chris Sistrunk
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
Mark Benson
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
Frank Siepmann
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
OWASP Delhi
 
DEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSDEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICS
Chris Sistrunk
 
Genian NAC Datasheet
Genian NAC Datasheet Genian NAC Datasheet
Genian NAC Datasheet
GENIANS, INC.
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay Kumar
OWASP Delhi
 
BOSNOG NAC stack 2018
BOSNOG NAC stack 2018BOSNOG NAC stack 2018
BOSNOG NAC stack 2018
GENIANS, INC.
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015
Eurotech
 
BSidesAugusta 2015 - How to get into ICS security
BSidesAugusta 2015 - How to get into ICS securityBSidesAugusta 2015 - How to get into ICS security
BSidesAugusta 2015 - How to get into ICS security
Chris Sistrunk
 
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
ST_World
 
BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsBKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T Systems
Linaro
 

More Related Content

What's hot

NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблюNFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
Positive Hack Days
 
DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0
Shah Sheikh
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
Creekside Marketing Group, LLC
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
Chris Sistrunk
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
Mark Benson
 
DEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSDEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICS
Chris Sistrunk
 

What's hot (20)

IoT/M2M Security
IoT/M2M SecurityIoT/M2M Security
IoT/M2M Security
 
Iot Security
Iot SecurityIot Security
Iot Security
 
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблюNFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
 
DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0DTS Solution - Software Defined Security v1.0
DTS Solution - Software Defined Security v1.0
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
RSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityRSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS Security
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
 
Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
DEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSDEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICS
 
Genian NAC Datasheet
Genian NAC Datasheet Genian NAC Datasheet
Genian NAC Datasheet
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay Kumar
 
BOSNOG NAC stack 2018
BOSNOG NAC stack 2018BOSNOG NAC stack 2018
BOSNOG NAC stack 2018
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015
 
BSidesAugusta 2015 - How to get into ICS security
BSidesAugusta 2015 - How to get into ICS securityBSidesAugusta 2015 - How to get into ICS security
BSidesAugusta 2015 - How to get into ICS security
 

Viewers also liked

Construction of sfiCAN: a star-based fault-injection infrastructure for the C...
Construction of sfiCAN: a star-based fault-injection infrastructure for the C...Construction of sfiCAN: a star-based fault-injection infrastructure for the C...
Construction of sfiCAN: a star-based fault-injection infrastructure for the C...
balDYxan
 
Side Channel Analysis: Practice and a Bit of Theory
Side Channel Analysis: Practice and a Bit of TheorySide Channel Analysis: Practice and a Bit of Theory
Side Channel Analysis: Practice and a Bit of Theory
Positive Hack Days
 
Resilience as a new Enforcement Model for IT Security based on Usage Control
Resilience as a new Enforcement Model for IT Security based on Usage ControlResilience as a new Enforcement Model for IT Security based on Usage Control
Resilience as a new Enforcement Model for IT Security based on Usage Control
Sven Wohlgemuth
 
A Modern View of Smart Cards Security
A Modern View of Smart Cards SecurityA Modern View of Smart Cards Security
A Modern View of Smart Cards Security
Ilia Levin
 
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve PrivacyTagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Sven Wohlgemuth
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT Zephyr
Shovan Sargunam
 

Viewers also liked (20)

Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
 
BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsBKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T Systems
 
Hta t17
Hta t17Hta t17
Hta t17
 
nabdullin_brcrdu_dark
nabdullin_brcrdu_darknabdullin_brcrdu_dark
nabdullin_brcrdu_dark
 
Construction of sfiCAN: a star-based fault-injection infrastructure for the C...
Construction of sfiCAN: a star-based fault-injection infrastructure for the C...Construction of sfiCAN: a star-based fault-injection infrastructure for the C...
Construction of sfiCAN: a star-based fault-injection infrastructure for the C...
 
Side Channel Analysis: Practice and a Bit of Theory
Side Channel Analysis: Practice and a Bit of TheorySide Channel Analysis: Practice and a Bit of Theory
Side Channel Analysis: Practice and a Bit of Theory
 
Resilience as a new Enforcement Model for IT Security based on Usage Control
Resilience as a new Enforcement Model for IT Security based on Usage ControlResilience as a new Enforcement Model for IT Security based on Usage Control
Resilience as a new Enforcement Model for IT Security based on Usage Control
 
IDC: Peplink Adds Resilience to IoT Networks
IDC: Peplink Adds Resilience to IoT NetworksIDC: Peplink Adds Resilience to IoT Networks
IDC: Peplink Adds Resilience to IoT Networks
 
A Modern View of Smart Cards Security
A Modern View of Smart Cards SecurityA Modern View of Smart Cards Security
A Modern View of Smart Cards Security
 
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve PrivacyTagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
 
Iot
IotIot
Iot
 
Smart Enabling Technologies for Automated Driving
Smart Enabling Technologies for Automated DrivingSmart Enabling Technologies for Automated Driving
Smart Enabling Technologies for Automated Driving
 
Internet of Things(IOT)
Internet of Things(IOT)Internet of Things(IOT)
Internet of Things(IOT)
 
Comparison between-ipv6-and-6 lowpan
Comparison between-ipv6-and-6 lowpanComparison between-ipv6-and-6 lowpan
Comparison between-ipv6-and-6 lowpan
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT Zephyr
 
6LoWPAN: An open IoT Networking Protocol
6LoWPAN: An open IoT Networking Protocol6LoWPAN: An open IoT Networking Protocol
6LoWPAN: An open IoT Networking Protocol
 
Resilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security modelsResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models
 
Track 3 session 4 - st dev con 2016 - sensortile
Track 3 session 4 - st dev con 2016 - sensortileTrack 3 session 4 - st dev con 2016 - sensortile
Track 3 session 4 - st dev con 2016 - sensortile
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
LAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devicesLAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devices
 

Similar to Track 5 session 2 - st dev con 2016 - security iot best practices

Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i Data
Precisely
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
David Lindner
 
"Mobile security: iOS", Yaroslav Vorontsov, DataArt
"Mobile security: iOS", Yaroslav Vorontsov, DataArt"Mobile security: iOS", Yaroslav Vorontsov, DataArt
"Mobile security: iOS", Yaroslav Vorontsov, DataArt
DataArt
 

Similar to Track 5 session 2 - st dev con 2016 - security iot best practices (20)

Web-of-Things and Services Security
Web-of-Things and Services SecurityWeb-of-Things and Services Security
Web-of-Things and Services Security
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i Data
 
20-security.ppt
20-security.ppt20-security.ppt
20-security.ppt
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)
 
Encryption in the enterprise
Encryption in the enterpriseEncryption in the enterprise
Encryption in the enterprise
 
Slidecast - Workshop
Slidecast - WorkshopSlidecast - Workshop
Slidecast - Workshop
 
Security chapter6
Security chapter6Security chapter6
Security chapter6
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident Preparation
 
Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013
 
Praetorian secure encryption_services_overview
Praetorian secure encryption_services_overviewPraetorian secure encryption_services_overview
Praetorian secure encryption_services_overview
 
Praetorian_Secure_EncryptionServices_Overview
Praetorian_Secure_EncryptionServices_OverviewPraetorian_Secure_EncryptionServices_Overview
Praetorian_Secure_EncryptionServices_Overview
 
Praetorian secure encryption_services_overview
Praetorian secure encryption_services_overviewPraetorian secure encryption_services_overview
Praetorian secure encryption_services_overview
 
Preatorian Secure partners with Cipher loc - New Encryption Technology
Preatorian Secure partners with Cipher loc - New Encryption Technology Preatorian Secure partners with Cipher loc - New Encryption Technology
Preatorian Secure partners with Cipher loc - New Encryption Technology
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificates
 
"Mobile security: iOS", Yaroslav Vorontsov, DataArt
"Mobile security: iOS", Yaroslav Vorontsov, DataArt"Mobile security: iOS", Yaroslav Vorontsov, DataArt
"Mobile security: iOS", Yaroslav Vorontsov, DataArt
 
Data Security for Project Managers
Data Security for Project ManagersData Security for Project Managers
Data Security for Project Managers
 
Encryption techniques
Encryption techniquesEncryption techniques
Encryption techniques
 

More from ST_World

More from ST_World (20)

Track 5 session 5 - st dev con 2016 - stm32 hands on seminar - cloud connec...
Track 5 session 5 - st dev con 2016 - stm32 hands on seminar - cloud connec...Track 5 session 5 - st dev con 2016 - stm32 hands on seminar - cloud connec...
Track 5 session 5 - st dev con 2016 - stm32 hands on seminar - cloud connec...
 
Track 4 session 3 - st dev con 2016 - pedestrian dead reckoning
Track 4 session 3 - st dev con 2016 - pedestrian dead reckoningTrack 4 session 3 - st dev con 2016 - pedestrian dead reckoning
Track 4 session 3 - st dev con 2016 - pedestrian dead reckoning
 
Track 4 session 2 - st dev con 2016 - valencell - integrated ohr, biometric...
Track 4 session 2 - st dev con 2016 - valencell - integrated ohr, biometric...Track 4 session 2 - st dev con 2016 - valencell - integrated ohr, biometric...
Track 4 session 2 - st dev con 2016 - valencell - integrated ohr, biometric...
 
Track 4 session 1 - st dev con 2016 - body area network and sensor synchron...
Track 4 session 1 - st dev con 2016 - body area network and sensor synchron...Track 4 session 1 - st dev con 2016 - body area network and sensor synchron...
Track 4 session 1 - st dev con 2016 - body area network and sensor synchron...
 
Track 4 session 8 - st dev con 2016 - time of flight
Track 4 session 8 - st dev con 2016 - time of flightTrack 4 session 8 - st dev con 2016 - time of flight
Track 4 session 8 - st dev con 2016 - time of flight
 
Track 4 session 6 - st dev con 2016 - samsung artik
Track 4 session 6 - st dev con 2016 - samsung artikTrack 4 session 6 - st dev con 2016 - samsung artik
Track 4 session 6 - st dev con 2016 - samsung artik
 
Track 4 session 5 - st dev con 2016 - simplifying the setup and use of iot ...
Track 4 session 5 - st dev con 2016 - simplifying the setup and use of iot ...Track 4 session 5 - st dev con 2016 - simplifying the setup and use of iot ...
Track 4 session 5 - st dev con 2016 - simplifying the setup and use of iot ...
 
Track 4 session 4 - st dev con 2016 - sigfox - iot 2 the evolution of conne...
Track 4 session 4 - st dev con 2016 - sigfox - iot 2 the evolution of conne...Track 4 session 4 - st dev con 2016 - sigfox - iot 2 the evolution of conne...
Track 4 session 4 - st dev con 2016 - sigfox - iot 2 the evolution of conne...
 
Track 3 session 3 - st dev con 2016 - flex - modern product developmert for...
Track 3 session 3 - st dev con 2016 - flex - modern product developmert for...Track 3 session 3 - st dev con 2016 - flex - modern product developmert for...
Track 3 session 3 - st dev con 2016 - flex - modern product developmert for...
 
Track 3 session 2 - st dev con 2016 - arrow - identifying business challeng...
Track 3 session 2 - st dev con 2016 - arrow - identifying business challeng...Track 3 session 2 - st dev con 2016 - arrow - identifying business challeng...
Track 3 session 2 - st dev con 2016 - arrow - identifying business challeng...
 
Track 3 session 1 - st dev con 2016 -ieee- iot standards adn open source
Track 3 session 1 - st dev con 2016 -ieee- iot standards adn open sourceTrack 3 session 1 - st dev con 2016 -ieee- iot standards adn open source
Track 3 session 1 - st dev con 2016 -ieee- iot standards adn open source
 
Track 3 session 8 - st dev con 2016 - music and voice over ble
Track 3 session 8 - st dev con 2016 - music and voice over bleTrack 3 session 8 - st dev con 2016 - music and voice over ble
Track 3 session 8 - st dev con 2016 - music and voice over ble
 
Track 3 session 7 - st dev con 2016 - silicon photonics
Track 3 session 7 - st dev con 2016 - silicon photonicsTrack 3 session 7 - st dev con 2016 - silicon photonics
Track 3 session 7 - st dev con 2016 - silicon photonics
 
Track 3 session 6 - st dev con 2016 - qualcomm - wi-fi connectivity for iot
Track 3 session 6 - st dev con 2016 - qualcomm - wi-fi connectivity for iotTrack 3 session 6 - st dev con 2016 - qualcomm - wi-fi connectivity for iot
Track 3 session 6 - st dev con 2016 - qualcomm - wi-fi connectivity for iot
 
Track 3 session 5 - st dev con 2016 - microsoft - from sensors to business ...
Track 3 session 5 - st dev con 2016 - microsoft - from sensors to business ...Track 3 session 5 - st dev con 2016 - microsoft - from sensors to business ...
Track 3 session 5 - st dev con 2016 - microsoft - from sensors to business ...
 
Track 2 session 4 - st dev con 2016 - opensoftwarex
Track 2 session 4 - st dev con 2016 - opensoftwarexTrack 2 session 4 - st dev con 2016 - opensoftwarex
Track 2 session 4 - st dev con 2016 - opensoftwarex
 
Track 2 session 3 - st dev con 2016 - simplifying cloud connectivity
Track 2 session 3 - st dev con 2016 - simplifying cloud connectivityTrack 2 session 3 - st dev con 2016 - simplifying cloud connectivity
Track 2 session 3 - st dev con 2016 - simplifying cloud connectivity
 
Track 2 session 2 - st dev con 2016 - stm32 open development environment
Track 2 session 2 - st dev con 2016 - stm32 open development environmentTrack 2 session 2 - st dev con 2016 - stm32 open development environment
Track 2 session 2 - st dev con 2016 - stm32 open development environment
 
Track 2 session 1 - st dev con 2016 - avnet - making things real
Track 2 session 1 - st dev con 2016 - avnet - making things realTrack 2 session 1 - st dev con 2016 - avnet - making things real
Track 2 session 1 - st dev con 2016 - avnet - making things real
 
Track 2 session 8 - st dev con 2016 - lora(senet)
Track 2 session 8 - st dev con 2016 - lora(senet)Track 2 session 8 - st dev con 2016 - lora(senet)
Track 2 session 8 - st dev con 2016 - lora(senet)
 

Recently uploaded

Jual Obat Aborsi Samarinda ( No.1 ) 088980685493 Obat Penggugur Kandungan Cy...
Jual Obat Aborsi Samarinda ( No.1 ) 088980685493 Obat Penggugur Kandungan Cy...Jual Obat Aborsi Samarinda ( No.1 ) 088980685493 Obat Penggugur Kandungan Cy...
Jual Obat Aborsi Samarinda ( No.1 ) 088980685493 Obat Penggugur Kandungan Cy...
Obat Aborsi 088980685493 Jual Obat Aborsi
 
一比一原版(CSUEB毕业证书)东湾分校毕业证原件一模一样
一比一原版(CSUEB毕业证书)东湾分校毕业证原件一模一样一比一原版(CSUEB毕业证书)东湾分校毕业证原件一模一样
一比一原版(CSUEB毕业证书)东湾分校毕业证原件一模一样
ayoqf
 
Top profile Call Girls In Udgir [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Udgir [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Udgir [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Udgir [ 7014168258 ] Call Me For Genuine Models We ...
gajnagarg
 
Abortion Pill for sale in Riyadh ((+918761049707) Get Cytotec in Dammam
Abortion Pill for sale in Riyadh ((+918761049707) Get Cytotec in DammamAbortion Pill for sale in Riyadh ((+918761049707) Get Cytotec in Dammam
Abortion Pill for sale in Riyadh ((+918761049707) Get Cytotec in Dammam
ahmedjiabur940
 
Call Girls in Bhubaneswar (Odisha) call me [🔝 9777949614 🔝] escort service 24X7
Call Girls in Bhubaneswar (Odisha) call me [🔝 9777949614 🔝] escort service 24X7Call Girls in Bhubaneswar (Odisha) call me [🔝 9777949614 🔝] escort service 24X7
Call Girls in Bhubaneswar (Odisha) call me [🔝 9777949614 🔝] escort service 24X7
jabtakhaidam7
 
一比一原版(RMIT毕业证书)墨尔本皇家理工大学毕业证成绩单学位证靠谱定制
一比一原版(RMIT毕业证书)墨尔本皇家理工大学毕业证成绩单学位证靠谱定制一比一原版(RMIT毕业证书)墨尔本皇家理工大学毕业证成绩单学位证靠谱定制
一比一原版(RMIT毕业证书)墨尔本皇家理工大学毕业证成绩单学位证靠谱定制
ougvy
 
Top profile Call Girls In Ratlam [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Ratlam [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Ratlam [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Ratlam [ 7014168258 ] Call Me For Genuine Models We...
nirzagarg
 
Top profile Call Girls In Palghar [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In Palghar [ 7014168258 ] Call Me For Genuine Models W...Top profile Call Girls In Palghar [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In Palghar [ 7014168258 ] Call Me For Genuine Models W...
gajnagarg
 
Kadi - HiFi Call Girl Service Ahmedabad Phone No 8005736733 Elite Escort Serv...
Kadi - HiFi Call Girl Service Ahmedabad Phone No 8005736733 Elite Escort Serv...Kadi - HiFi Call Girl Service Ahmedabad Phone No 8005736733 Elite Escort Serv...
Kadi - HiFi Call Girl Service Ahmedabad Phone No 8005736733 Elite Escort Serv...
gragchanchal546
 
Bhubaneswar🌹Vip Call Girls Odisha❤Heer 9777949614 💟 Full Trusted CALL GIRLS I...
Bhubaneswar🌹Vip Call Girls Odisha❤Heer 9777949614 💟 Full Trusted CALL GIRLS I...Bhubaneswar🌹Vip Call Girls Odisha❤Heer 9777949614 💟 Full Trusted CALL GIRLS I...
Bhubaneswar🌹Vip Call Girls Odisha❤Heer 9777949614 💟 Full Trusted CALL GIRLS I...
jabtakhaidam7
 
Vashi Affordable Call Girls ,07506202331,Vasai Virar Charming Call Girl
Vashi Affordable Call Girls ,07506202331,Vasai Virar Charming Call GirlVashi Affordable Call Girls ,07506202331,Vasai Virar Charming Call Girl
Vashi Affordable Call Girls ,07506202331,Vasai Virar Charming Call Girl
Priya Reddy
 
怎样办理维多利亚大学毕业证(UVic毕业证书)成绩单留信认证
怎样办理维多利亚大学毕业证(UVic毕业证书)成绩单留信认证怎样办理维多利亚大学毕业证(UVic毕业证书)成绩单留信认证
怎样办理维多利亚大学毕业证(UVic毕业证书)成绩单留信认证
tufbav
 
Dubai Call Girls O525547819 Call Girls In Dubai<.> Full Dirty Services
Dubai Call Girls O525547819 Call Girls In Dubai<.> Full Dirty ServicesDubai Call Girls O525547819 Call Girls In Dubai<.> Full Dirty Services
Dubai Call Girls O525547819 Call Girls In Dubai<.> Full Dirty Services
kajalvid75
 
Low Cost Patna Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top Class Call Gi...
Low Cost Patna Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top Class Call Gi...Low Cost Patna Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top Class Call Gi...
Low Cost Patna Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top Class Call Gi...
vershagrag
 
一比一定(购)国立南方理工学院毕业证(Southern毕业证)成绩单学位证
一比一定(购)国立南方理工学院毕业证(Southern毕业证)成绩单学位证一比一定(购)国立南方理工学院毕业证(Southern毕业证)成绩单学位证
一比一定(购)国立南方理工学院毕业证(Southern毕业证)成绩单学位证
wpkuukw
 
In Riyadh Saudi Arabia |+966572737505 | Buy Cytotec| Get Abortion pills
In Riyadh Saudi Arabia |+966572737505 | Buy Cytotec| Get Abortion pillsIn Riyadh Saudi Arabia |+966572737505 | Buy Cytotec| Get Abortion pills
In Riyadh Saudi Arabia |+966572737505 | Buy Cytotec| Get Abortion pills
Abortion pills in Riyadh +966572737505 get cytotec
 
Baghajatin $ Russian Call Girls Kolkata ₹7.5k Pick Up & Drop With Cash Paymen...
Baghajatin $ Russian Call Girls Kolkata ₹7.5k Pick Up & Drop With Cash Paymen...Baghajatin $ Russian Call Girls Kolkata ₹7.5k Pick Up & Drop With Cash Paymen...
Baghajatin $ Russian Call Girls Kolkata ₹7.5k Pick Up & Drop With Cash Paymen...
HyderabadDolls
 
Lucknow Call Girls U.P 👉👉 0000000000 Top Class Call Girl Service Available
Lucknow Call Girls U.P 👉👉 0000000000 Top Class Call Girl Service AvailableLucknow Call Girls U.P 👉👉 0000000000 Top Class Call Girl Service Available
Lucknow Call Girls U.P 👉👉 0000000000 Top Class Call Girl Service Available
jabtakhaidam7
 

Recently uploaded (20)

Jual Obat Aborsi Samarinda ( No.1 ) 088980685493 Obat Penggugur Kandungan Cy...
Jual Obat Aborsi Samarinda ( No.1 ) 088980685493 Obat Penggugur Kandungan Cy...Jual Obat Aborsi Samarinda ( No.1 ) 088980685493 Obat Penggugur Kandungan Cy...
Jual Obat Aborsi Samarinda ( No.1 ) 088980685493 Obat Penggugur Kandungan Cy...
 
一比一原版(CSUEB毕业证书)东湾分校毕业证原件一模一样
一比一原版(CSUEB毕业证书)东湾分校毕业证原件一模一样一比一原版(CSUEB毕业证书)东湾分校毕业证原件一模一样
一比一原版(CSUEB毕业证书)东湾分校毕业证原件一模一样
 
Top profile Call Girls In Udgir [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Udgir [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Udgir [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Udgir [ 7014168258 ] Call Me For Genuine Models We ...
 
Abortion Pill for sale in Riyadh ((+918761049707) Get Cytotec in Dammam
Abortion Pill for sale in Riyadh ((+918761049707) Get Cytotec in DammamAbortion Pill for sale in Riyadh ((+918761049707) Get Cytotec in Dammam
Abortion Pill for sale in Riyadh ((+918761049707) Get Cytotec in Dammam
 
Call Girls in Bhubaneswar (Odisha) call me [🔝 9777949614 🔝] escort service 24X7
Call Girls in Bhubaneswar (Odisha) call me [🔝 9777949614 🔝] escort service 24X7Call Girls in Bhubaneswar (Odisha) call me [🔝 9777949614 🔝] escort service 24X7
Call Girls in Bhubaneswar (Odisha) call me [🔝 9777949614 🔝] escort service 24X7
 
Guwahati Escorts Service Girl ^ 9332606886, WhatsApp Anytime Guwahati
Guwahati Escorts Service Girl ^ 9332606886, WhatsApp Anytime GuwahatiGuwahati Escorts Service Girl ^ 9332606886, WhatsApp Anytime Guwahati
Guwahati Escorts Service Girl ^ 9332606886, WhatsApp Anytime Guwahati
 
一比一原版(RMIT毕业证书)墨尔本皇家理工大学毕业证成绩单学位证靠谱定制
一比一原版(RMIT毕业证书)墨尔本皇家理工大学毕业证成绩单学位证靠谱定制一比一原版(RMIT毕业证书)墨尔本皇家理工大学毕业证成绩单学位证靠谱定制
一比一原版(RMIT毕业证书)墨尔本皇家理工大学毕业证成绩单学位证靠谱定制
 
Top profile Call Girls In Ratlam [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Ratlam [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Ratlam [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Ratlam [ 7014168258 ] Call Me For Genuine Models We...
 
Top profile Call Girls In Palghar [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In Palghar [ 7014168258 ] Call Me For Genuine Models W...Top profile Call Girls In Palghar [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In Palghar [ 7014168258 ] Call Me For Genuine Models W...
 
Shimoga Escorts Service Girl ^ 9332606886, WhatsApp Anytime Shimoga
Shimoga Escorts Service Girl ^ 9332606886, WhatsApp Anytime ShimogaShimoga Escorts Service Girl ^ 9332606886, WhatsApp Anytime Shimoga
Shimoga Escorts Service Girl ^ 9332606886, WhatsApp Anytime Shimoga
 
Kadi - HiFi Call Girl Service Ahmedabad Phone No 8005736733 Elite Escort Serv...
Kadi - HiFi Call Girl Service Ahmedabad Phone No 8005736733 Elite Escort Serv...Kadi - HiFi Call Girl Service Ahmedabad Phone No 8005736733 Elite Escort Serv...
Kadi - HiFi Call Girl Service Ahmedabad Phone No 8005736733 Elite Escort Serv...
 
Bhubaneswar🌹Vip Call Girls Odisha❤Heer 9777949614 💟 Full Trusted CALL GIRLS I...
Bhubaneswar🌹Vip Call Girls Odisha❤Heer 9777949614 💟 Full Trusted CALL GIRLS I...Bhubaneswar🌹Vip Call Girls Odisha❤Heer 9777949614 💟 Full Trusted CALL GIRLS I...
Bhubaneswar🌹Vip Call Girls Odisha❤Heer 9777949614 💟 Full Trusted CALL GIRLS I...
 
Vashi Affordable Call Girls ,07506202331,Vasai Virar Charming Call Girl
Vashi Affordable Call Girls ,07506202331,Vasai Virar Charming Call GirlVashi Affordable Call Girls ,07506202331,Vasai Virar Charming Call Girl
Vashi Affordable Call Girls ,07506202331,Vasai Virar Charming Call Girl
 
怎样办理维多利亚大学毕业证(UVic毕业证书)成绩单留信认证
怎样办理维多利亚大学毕业证(UVic毕业证书)成绩单留信认证怎样办理维多利亚大学毕业证(UVic毕业证书)成绩单留信认证
怎样办理维多利亚大学毕业证(UVic毕业证书)成绩单留信认证
 
Dubai Call Girls O525547819 Call Girls In Dubai<.> Full Dirty Services
Dubai Call Girls O525547819 Call Girls In Dubai<.> Full Dirty ServicesDubai Call Girls O525547819 Call Girls In Dubai<.> Full Dirty Services
Dubai Call Girls O525547819 Call Girls In Dubai<.> Full Dirty Services
 
Low Cost Patna Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top Class Call Gi...
Low Cost Patna Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top Class Call Gi...Low Cost Patna Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top Class Call Gi...
Low Cost Patna Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top Class Call Gi...
 
一比一定(购)国立南方理工学院毕业证(Southern毕业证)成绩单学位证
一比一定(购)国立南方理工学院毕业证(Southern毕业证)成绩单学位证一比一定(购)国立南方理工学院毕业证(Southern毕业证)成绩单学位证
一比一定(购)国立南方理工学院毕业证(Southern毕业证)成绩单学位证
 
In Riyadh Saudi Arabia |+966572737505 | Buy Cytotec| Get Abortion pills
In Riyadh Saudi Arabia |+966572737505 | Buy Cytotec| Get Abortion pillsIn Riyadh Saudi Arabia |+966572737505 | Buy Cytotec| Get Abortion pills
In Riyadh Saudi Arabia |+966572737505 | Buy Cytotec| Get Abortion pills
 
Baghajatin $ Russian Call Girls Kolkata ₹7.5k Pick Up & Drop With Cash Paymen...
Baghajatin $ Russian Call Girls Kolkata ₹7.5k Pick Up & Drop With Cash Paymen...Baghajatin $ Russian Call Girls Kolkata ₹7.5k Pick Up & Drop With Cash Paymen...
Baghajatin $ Russian Call Girls Kolkata ₹7.5k Pick Up & Drop With Cash Paymen...
 
Lucknow Call Girls U.P 👉👉 0000000000 Top Class Call Girl Service Available
Lucknow Call Girls U.P 👉👉 0000000000 Top Class Call Girl Service AvailableLucknow Call Girls U.P 👉👉 0000000000 Top Class Call Girl Service Available
Lucknow Call Girls U.P 👉👉 0000000000 Top Class Call Girl Service Available
 

Track 5 session 2 - st dev con 2016 - security iot best practices

  • 1. October 4, 2016 Santa Clara Convention Center Mission City Ballroom IoT Security Good Practices Joe Pilozzi
  • 3. Invasive Product Attacks With the case opened / removed • Test / debug port access • Inter device bus and IO probing • Reset, clock attacks • Power analysis • Temperature / electrical attacks Non Invasive Attacks Misuse of network protocols • Exploit communication protocol errors • Flaws in software design / implementation Invasive Silicon Attacks Device de-packaged • Circuit analysis and probing • Fault injection Solutions 3 Box Internet The Cloud BOX Add a Secure Element • Much Better Tamper Resistant • Trusted Crypto Services • Secure Storage • Independently Certified A Better Solution Use an MCU’s security features • Unique Device IDs • Memory Protection • Firewall • Tamper Detection • Crypto Hardware • AES, T-RNG • Debug Port Protection Solution SOLUTIONS
  • 4. It’s All About Risk Management 4 • Understand the value of the Assets you are going to protect, taking into account all stake holders • Understand your Threats and Vulnerabilities • Develop a security strategy to reduce Risk, using right level of security for the value of the Assets being protected • Make use of the integrity and cryptographic tools available Fortified Solutions
  • 6. Example Of A Simple IoT Device 6 Sensor MCU Communications Device STM32 Communication Device Sensor MCU Secure Element STSAFE Secure Element
  • 7. An IoT Device’s Security Needs 7 Prevent device misuse Prevent device or server counterfeiting Resistance against hacking, cloning Authentication • Device to device • Device to server Service and network access corruption Prevent device misuse Integrity and Availability • Secure Boot • Secure firmware upgrade • Trusted processing Data privacy Prevent data collection or corruption Confidentiality • Data / identity protection • Secure communications • Secure storage Upgradability Secure Communications • Secure firmware upgrade Prevent device misuse Need Solution
  • 8. Product Integrity and Cryptography • Cryptographic methods are used to: • Protect the Confidentially and Integrity of data / information • Ensure a chain of trust through Authentication • Product integrity, availability and resistance against attacks • Uses cryptography and stateful processes to ensure correct operation • Uses hardware to enforce rules and countermeasures • Uses tamper proof methods to mitigate attacks 8
  • 10. Cryptography The art of hiding things • Cryptographic ciphers have been used for centuries to protect information between communicating parties • Cryptographic processes are mathematical algorithms that provide:- • Encryption to keep information Confidential during communications • Authentication to validate information, identities and trust individual items • Underpins a platforms Integrity processes, like Secure Boot 10
  • 11. Secret Key Cryptography (Symmetric) Cryptography One Key or Two ? 11 Data File Data FileData File Clear Text Clear Text Cipher Text Encryption Decryption Sender ReceiverCommunications Channel Public Key Cryptography (Asymmetric) Data File Data FileData File Clear Text Clear Text Cipher Text Encryption Decryption Private Public
  • 12. Cryptography Characteristics • Symmetric – or single (or secret) key • Use fewer compute resources and are faster • Used to protect data - during communications or while at rest • Issue with sharing and managing keys • Algorithms like AES and TDES • Asymmetric – (a key pair - public key + private key) • Provides easier key sharing and management using a Public Key Infrastructure (PKI) • Algorithms are more complex, hence compute intensive, thus lower performance • Used for authentication, key exchange, digital signatures and certificates • Algorithms like RSA and ECC (Elliptic Curve Cryptography) 12
  • 13. Cryptography Size Matters • NIST recommended key sizes 13 Symmetric RSA ECC 56 512 112 80 1024 160 112 2048 224 128 3072 256 192 7680 384 256 15360 521 • Bigger is better - stronger • ECC uses a smaller key for the same strength as RSA Strength STRONG
  • 14. Cryptography Size Matters • Just a thought … … that’s one small key in a huge hay-stack ! 14 Estimated number of 1050 atoms 166 bit Symmetric Key ≈ With ~10^50 combinations
  • 15. Cryptography Hash Algorithms • Cryptographic Hash • An easy to compute, one-way cryptographic function that generates a result which for all intents and purposes is unique for any given message or file :- • Unalterable (practically impossible to modify the original file or message without causing the result to be altered) • The resultant hash value is always the same length irrespective of the size of the message or file • Used in many processes like authentication, secure boot, secure firmware down-loads • NIST (Secure Hashing Algorithm) SHA-1, SHA-2, SHA-3 15 Cryptographic Hash Function Data FileCode File Clear Text Hash Value One Way Function Hash function has no key, and the clear text can not be recovered from the hash value
  • 16. Cryptography Signatures • Digital Signatures • Used to check the authenticity of information, code, files, messages, and Public Keys in the case of Digital Certificates 16 Sign / Encrypt Code Signing Code File Clear Text Hash Hash Value Private Using RSA Verify / Decrypt Code Authentication Public Hash Value Code File Clear Text Hash Calculated Hash Value Compare If the Hash values are equal the code is authentic Using RSA
  • 17. Random Number Generator (RNG) • Random Number Generators are typically used :- • To generate a challenge during authentication process, a seed for keys, digital signatures 17 http://www.random.org/bitmapsPHP rand() on Windows http://boallen.com/random-numbers.html http://en.wikipedia.org/wiki/Random_number_generator_attack • A source of entropy (randomness) for the crypto math • Statistical properties of the RNG’s output is used to evaluate level of randomness • A non random or predictable output is a source weakness
  • 18. Random Number Generator (RNG) • A Pseudo Random Generator uses a software algorithm to generate numbers • A True Random Generator makes use of the unpredictable physical properties of silicon to generate its numbers • Use RNG’s complying with NIST FIPS 140-2 Annex C 18 • Always make use of a True Random Generator
  • 19. Cryptography 19 • Not all crypto libraries are the same … • Is it from a reputable source ? or is it freeware ? open source ? • Does it come with any warranties or certifications ? • Do you know its history, is it maintained? • Does it have a track record of fixing security issues ? • Silicon vendor libraries specifically make use of hardware accelerators or are designed to execute in a secure partition or environment Libraries • Take care where you obtain cryptographic libraries from • Use libraries that come from reputable sources • Use libraries that make use of hardware accelerators or are partitioned to execute in a secure manner
  • 20. Cryptographic Accelerators • Cryptographic accelerators are specific hardware engines that off-load cryptographic functions from the CPU • Providing higher data through-put performance, and lower power • Greater integrity – more resilient against system and board level software attacks • Often supporting secure key ladders, secure key stores or caches • The cryptographic functions are intrinsically bound to the device • Functions typically performed • AES, TDES, SHA, RSA, ECC, SHA-1, SHA-2, SHA-3 20 • Use hardware Cryptographic Accelerators when available
  • 22. Root of Trust • An anchor point for cryptographic services bound with a device • It may be embedded in the Microcontroller or a Secure Element • Performs stateful, trusted, cryptographic processes • Is the first process to start after reset • Often ROM (locked Flash) based as integrity is important • May use hardened logic design that is tamper resistant • Performs code authentication; acts as the First Stage in a Secure Boot process 22
  • 23. Secure Boot • To ensure a products integrity code should be authenticated before it is run • Secure boot uses cryptographic functions to confirm the authenticity of a code image before allowing it to execute • A multi-stage secure boot process, is one where each stage authenticates the next, hence a chain of trust 23 First Stage Code Cert. Reset Chain of Trust Second stage Loader Code Cert. Authenticates Trusted Third Stage RTOS Code Cert. Authenticates Application Authenticates
  • 24. Secure Boot • The Secure Boot process • Performed after a reset, using a Public key stored in the device • It is a stateful process for predictable behavior • Its code should be stored in ROM or locked Flash • A Root-of-Trust may be used to performed this process 24 State based process Reset Trusted Verify / Decrypt Code Authentication Public Hash Value File Code Image Hash Calculated Hash Value Compare OK NOK Reload Run Code • Code images may also be encrypted • Protect your private signing key!
  • 25. Protect Assets and Keys 25 • Sensitive data should be encrypted when not being used • Sensitive applications data, confidentiality, privacy, customer financial and health info. • Trusted root keys (symmetric keys or asymmetric Private keys) • Access to this data must be carefully controlled and restricted to authorized persons and processes • Lock down Public keys and certificates • They don’t need to be encrypted only immovable - locked to the platform • Only allow replacement through a cryptographic process Secure Storage – Data at Rest • The key to success is to protect your keys • Don’t allow unauthorized access to keys
  • 26. Secure Communications 26 • The IoT ecosystem relies on confidential and trusted communications • Use a cryptographic authentication process to establish trust All devices should be uniquely identified and able to verify the identity and authenticity of other communicating devices • Public Key Infrastructure (PKI) standards • RSA, ECC • Use end-to-end encryption • Ciphers: AES, TDES Data in Motion • Make use of established secure communication protocol standards • Secure Socket Layer/Transport Layer Security (SSL/TLS), • Datagram TLS (DTLS)
  • 27. Application Data 27 • Handle confidential and sensitive data securely when being used • Segmented processing • Uses memory protection or firewall mechanisms to segment memory and code execution into secure and non secure zones • Requires a clear understanding of software and hardware to develop a partitioned solution • Dual mode CPU’s – Trusted processing • Provide context switching between “trusted” and “untrusted” processing • Simplifies the partitioning and development of secure processes • Secure Processing using a Secure Processor, like ST’s STSAFE • Provides the highest level tamper resistance for protecting cryptographic services and keys Data In Use
  • 28. Layers of Security Services 28 • Security services should be handled independently in silo’ed processes System Layers Application / Cloud • Access control and right management • Feature and product management Data / Transport Layer • TLS/DTLS, HTTPS etc Link Layer / Physical Layer • Network physical layer security • e.g. WiFi – WPA2, 802.11i Device Security Services • Secure Boot
  • 29. Debug Ports • Debug ports, like JTAG, represent any easy access route for hackers • Remove test headers, debug access points from the board • Remove from code any debug processes as these could be exploited • This includes potential boot-loader paths (UART, SPI, I2C, USB, etc.) • Restricted access to production keys • Only use test or dummy keys while the product is in debug mode 29 • If the device has a lockable debug port – don’t forget to lock it!
  • 31. Product Life Cycle 31 Definition Design Development Prototype / Test Decommissioning Product Launch Maintenance • Define the product and identify the Assets you plan to protect • Design the product based on the correct level of security • Develop methods and processes to protect those Assets over the entire life-cycle • Develop secure processes to handle firmware throughout the products life-cycle • Product security should be factored in from day-one
  • 32. Do Verify Your Implementation • Today’s largest threats are through software based attacks • Used defensive coding practices and tools to detect possible vulnerabilities • Review carefully the trustworthiness of code coming from external sources • Check that all the latest security patches are being used • Analyze code to remove debug and native firmware loading interface capabilities • Use code integrity checking techniques like Secure Boot, Secure Firmware Update • Rigorously test and support interoperability workshops • You may also use Security Assessment Services • Provide independent security assessment of products and ecosystems • Support standards compliance evaluation and certification 32
  • 33. Security Partnerships • Use trusted partners throughout your value chain – protect your products, services and brand • Use partners equally committed to security and integrity • Select partner provided schemes, processes and solutions that allow you to securely provision and update your products firmware in untrusted environments 33
  • 35. Trusted IoT Platforms Do Matter ! 35 Who’s Watching your loved ones ! Source Engadget
  • 36. Recommendations 36 • Internet of Things presents a wealth of opportunities and growth for business. It also represents increased opportunity for theft, mischief and damage or even loss of life • Reduce risk by designing and managing products fortified against attacks • Hackers will go after the weakest links in a system not necessarily directly to their target • Understand the value of assets for all the stake holders in your solution • Perform a Threat analysis to better understand your Risks • Remember Confidentially, Availability and Integrity are key • Using these good design practices to develop and maintain secure products • Design a products resilient against attacks through out its whole life-cycle • Products robust can achieved through use of security features and tools • Work with trusted and experienced partners throughput your value chain Work with ST, your experienced partner
  • 37. Demos
  • 38. ST Solutions for Security in IoT 38 Smart City Solution for IoT Node
  • 39. 39