More Related Content Similar to Enabling embedded security for the Internet of Things (20) Enabling embedded security for the Internet of Things1. 3
| © 2014 Wind River. All Rights Reserved.
ENABLING EMBEDDED SECURITY FOR THE INTERNET OF THINGS
Michel Chabroux, Senior Product Manager, Wind River
Marco Blume, Product Manager, WIBU Systems 2. 4
| © 2014 Wind River. All Rights Reserved.
Agenda
VxWorks Overview
A Story…
Who needs security and why?
Security Profile for VxWorks Overview
Key Benefits
Key Features
Enhancement Options
Sample Applications
CodeMeterSecurity 3. 5
| © 2014 Wind River. All Rights Reserved.
World’s most widely used commercial RTOS
Unrivaled technology partner ecosystem
Best-in-class foundation for creating differentiated, IoT-ready intelligent devices
VxWorks
The RTOS for the Internet of Things
Unrivaled Performance
Modular, Scalable Design
Safety and Security
Virtualization 4. 6
| © 2014 Wind River. All Rights Reserved.
WHAT DO AIR CONDITIONERS HAVE TO DO WITH IDENTITY THEFT?
A Story… 5. 7 | © 2014 Wind River. All Rights Reserved.
A well known retailer has experienced a
security breach resulting in identity theft
for millions of consumers.
The breach actually began when the
retailer’s HVAC maintenance vendor was
broken into.
Network passwords the vendor used to
monitor the retailer’s HVAC systems
were stolen.
These same passwords gave hackers
network access to the retailers Point-of-
Sale machines.
With this access, hackers installed
malicious software that captured Credit
Card data the time of transactions.
Taking place over the holiday season,
the attack captured the identity data from
millions of unsuspecting shoppers.
Everything connected must be secure!
6. 9
| © 2014 Wind River. All Rights Reserved.
From Islands to Networked Constructions
New Attack Vectors for Cyber Physical Systems
A Cyber Physical System(CPS) is a system of collaborating computational elements controlling physical entities*
* Wikipedia 7. 10
| © 2014 Wind River. All Rights Reserved.
Security Threats
Operator
Manipulation
–Sabotage
–Human mistakes
–Intelligence services / Displeased employees
Intellectual property
–Recipes
–Configuration data
Production data
–Machine log
–Produced amounts
Manufacturer
Cloning of a machine
Imitation of a machine
–Extraction of intellectual property (reverse engineering)
Manipulation (warranty)
–Not authorized updates
–Manipulation of counters
–Manipulation of flight records
Not authorized access to source code 8. 11
| © 2014 Wind River. All Rights Reserved.
Copy protection
IP protection
Integrity
Authenticity
Security Objectives 9. 12
| © 2014 Wind River. All Rights Reserved.
A collection of software-based security features to effectively safeguard devices and data
Compatible with VxWorks 7 Core Platform and all industry- specific profiles for VxWorks 7
Can be reinforced with a hardware-based solution from Wibu- Systems for high security applications and flexible licensing
Security Profile for VxWorks
Comprehensive Security for Your IoT-Ready Devices 10. 13
| © 2014 Wind River. All Rights Reserved.
Solid foundation for security- sensitive applications
Flexible, configurable, readily expandable security suite
Upgradeable, future-proof solution
Protection for your intellectual property
Security Profile for VxWorks
Key Benefits 11. 14
| © 2014 Wind River. All Rights Reserved.
Security Profile for VxWorks
Key Features
Protect from tampering with code and unauthorized access.
Safeguard data even when the device is powered down.
Secure network communications and prevent attacks.
Prevent execution of non-authentic code.
Boot-up
Operation
Data Transmission
Rest/ Shutdown
Secure Boot
Digital signature verification
Decryption*
Secure Run-Time Loader
Digital signature verification
Decryption*
Advanced User Management
Prevention of unauthorized access
Help for creating and enforcing user- based policies
Network Security
OpenSSL
SSH
Cryptography Libraries
IPsec and IKE
Encrypted Containers
TrueCrypt-compatible AES-encrypted file containers
Ability for data in containers to remain encrypted even when the device is idle or powered off
Passkey protection using customizable functions
* Can be enabled or disabled 12. 15
| © 2014 Wind River. All Rights Reserved.
Security Profile for VxWorks
Key Features –Secure Loader
UEFI
VxWorks Image
TrustedbyUEFI
Signer‘s certificate
SignedbyWind River Workbenchuser
Signer‘s certificate in Bootloader
Applications
(LKMs/DKMs, RTPs)
SignedbyWind River Workbenchuser
Signer‘s certificate in VxWorksimage
Proprietary Wind River EFI loader 13. 16
| © 2014 Wind River. All Rights Reserved.
Security Profile for VxWorks
Key Features –Digital Signature
Wibu CaTool
Based on elliptic curve cryptography (ECC)
Lead generates the root key and certificate
Lead signs certificates for other developers
–Signs requests from other developers
–Creates signer’s keys and signs certificates
Lead sends signed certificates to individual developers 14. 17
| © 2014 Wind River. All Rights Reserved.
Security Profile for VxWorks
Key Features –Encryption
AES encryption
Configured from VxWorks Source Build 15. 18
| © 2014 Wind River. All Rights Reserved.
Security Profile for VxWorks
Key Features –Advanced User Management
User database
–No default user
–Dynamic definition of users
–Customizable encryption keys
If enabled, all access to target will require a login 16. 19
| © 2014 Wind River. All Rights Reserved.
Security Profile for VxWorks
Key Features –Encrypted Containers
Protect data at rest
–Files are encrypted at all times using AES encryption
TrueCrypt-compatible containers
Can be created on any host platform
Can be configured to mount automatically
Passphrase encryption can be customized 17. 20
| © 2014 Wind River. All Rights Reserved.
Security Profile for VxWorks
Enhancement for Security-Critical Applications
Software-based security delivered by Security Profile can be reinforced with CodeMeter®hardware-based security by Wibu-Systems.
CodeMeter Security adds flexible licensing and hardware binding
CodeMeterLicense Central
VxWorks 7 Core Platform
Security Profile for VxWorks
Wibu-Systems Basic Security
IP Protection
Integrity Protection
Wibu-Systems CodeMeter
Hardware Protection
License Management 18. 21
| © 2014 Wind River. All Rights Reserved.
Prevention of operation disruptions, public security risks, and industrial espionage
–Hacking, tampering, and unauthorized access to power grid and plant control systems
–Piracy, illegal cloning, and code reverse- engineering
Protection via:
–Encryption
–Digital signatures
–Advanced user management
–Secure remote access
–Hardware-based security
Security Profile for VxWorks
Use Case –Industrial Systems and Energy 19. 22
| © 2014 Wind River. All Rights Reserved.
Protection of sensitive data in transit and at rest
–Safeguarding patient data (HIPAA)
Encryption and user management
–Protection of manufacturer-proprietary information stored onboard
Encrypted containers
Protection from tampering with medical device software
–Digital signatures
Prevention of piracy and reverse- engineering
–Encryption and hardware-based security
Security Profile for VxWorks
Use Case –Medical Devices 20. 23
| © 2014 Wind River. All Rights Reserved.
Hardware-based key store
License management
New business models
Business process integration of license and rights deployment using CodeMeterLicense Central
Upgrading to CodeMeterSecurity
Additional Opportunities 21. 24
| © 2014 Wind River. All Rights Reserved.
Wibu-Systems CodeMeter Dongle Overview
ASIC
μSD
SD Card
CF Card
USB Dongle
Smart card based hardware security
Industry compliant hardware
Optional SLC flash memory
Communication as HID device for USB possible
Many Form Factors –One Technology 22. 25
| © 2014 Wind River. All Rights Reserved.
Wibu-Systems CmActLicense
Software based license
Same features as CodeMeter dongles
Bound to target system fingerprint 23. 26
| © 2014 Wind River. All Rights Reserved.
Wibu-Systems CodeMeter License Central
CodeMeter License Central
–Design of license models
–Creation, delivery and management of licenses
Benefits
–Cost and time reduction thanks to integration and automation into business processes
–Additional revenue streams through flexible licensing models
–New customers and new markets
Support for CmDonglesand CmActLicenses 24. 27
| © 2014 Wind River. All Rights Reserved.
Process Integration
Wibu-Systems CodeMeterLicense Central
Integration in ERP, CRM, e-shop and customers’ portals
Manufacturer
User
Cloud
Ticket /
Fingerprint
4
Ticket:
ABCDE-FGHIJ-KLMNO-PQRST-UVWXY
3
Update file(License)
5
Ticket
2
SKU
1 25. 28
| © 2014 Wind River. All Rights Reserved.
Where to Buy
VxWorksSecurity Profile is distributed by Wind River
License Central, CmDonglesand CmActLicensesare distributed by Wibu-Systems 26. 29
| © 2014 Wind River. All Rights Reserved.
More Information
Toll-free: 800-545-WIND (800-545-9463)
Toll-free (EMEA): +00-800-4988-4988
www.vxworks.com
Wibu-Systems
Germany:+49-721-93172-0
USA:+1-425-775-6900
China:+86-21-5566-1790
www.wibu.com 27. 30
| © 2014 Wind River. All Rights Reserved.