Hardware Security for Trustworthy C2X Applications Marko Wolf
|
|
- Gilbert Weaver
- 7 years ago
- Views:
Transcription
1 Hardware Security for Trustworthy C2X Applications Marko Wolf C2C-CC/CAMP Harmonization Workshop, Wolfsburg, Germany,
2 Outline 1. Three General Reasons for Automotive Hardware Security Modules (HSM) 2. Three Particular Reasons for Automotive Hardware Security Modules for Car-2-X Communications (C2X) 3. Status Quo for Availability of Automotive Hardware Security Modules 4. Trust Assurance and Evaluation Schemes for C2X Vehicle Stations using Hardware Security 5. Conclusions and Challenges Not public! Only for internal use. 2
3 1. Three General Reasons for Automotive HSMs
4 R #1: Software Security Vulnerabilities The future of digital systems is complexity, and complexity is the worst enemy of security. (Bruce Schneier) Because, complex software systems have more lines of code and therefore more security bugs have more interactions and therefore more security bugs are harder to test and therefore are more likely to have untested portions are harder to design securely, implement securely, configure securely and use securely Not public! Only for internal use. 4
5 R #1: Software Security Vulnerabilities Some real-world numbers ~ LOC software in modern premium cars 1) ~0.5 bugs per 1000 LOC for stable safety-related software 2) ~ potential software bugs per car ~1% of all software bugs are security vulnerabilities 3) ~500 potential software security vulnerabilities per car Hardware security can help to protect central security assets (e.g., identities, signing keys, encryption keys) against any software security vulnerabilities via physical shielding, which cannot be circumvented by any software (vulnerability). 1) Robert N. Charette: This Car Runs on Code. IEEE Spectrum, ) Linda Laird & Carol Brennan: "Software Measurement and Estimation: A Practical Approach.", Wiley & Sons, ) Cf. for instance for Mozilla JavaScript Engine (JSE), 2012 Not public! Only for internal use. 5
6 R#2: Hardware Vulnerabilities Hostile Automotive Security Environment Is a Specific POI! Physical (non-invasive, semi-invasive, invasive) attacks Disabling, manipulating of any (physical) inputs, outputs and processing Asset manipulations or read-outs via debug interfaces, fault attacks, sidechannels, micro probing, cutting etc. Offline attacks Attacker has virtually unlimited time Attacker has virtually unlimited trials Attacker and attack are hard to detect Insider attacks Attacker can be also legitimate owner with extended (physical) access rights Attacker can prevent emergency protection measures or security updates Attacker seldom fears non-technical protection measures (e.g., legal penalties) Hardware security can help to deter, detect, or hinder special powerful POI attackers. Not public! Only for internal use. 6
7 R#3: Performance Requirements & Cost Efficiency Security mechanisms are often computationally intense (e.g., millions of 1024 bit integer operations for one RSA operation), however, upgrading general purpose hardware is expensive, energy-consuming Physical protection is needed (cf. R#2), but physical protection of complete component is too expensive Hardware security can accelerate cryptographic mechanisms by applying HW accelerators Hardware reduces security costs by Adding some highly optimized special circuitry instead of costly overall upgrade of general purpose hardware Avoiding costly hardware-protection of complete ECU Not public! Only for internal use. 7
8 Automotive Hardware Security Automotive Hardware Security (Module) helps to: Shield security assets against SW vulnerabilities Deter, detect, and hinder (HW) POI vulnerabilities Accelerate computationally intense security Reduce security costs for performance requirements and physical protection Not public! Only for internal use. 8
9 2. Three Particular Reasons for Automotive HSMs for C2X
10 Three Particular Reasons for Automotive HSMs for C2X: C2X System Overview Additional C2X hardware connected to on-board networks for (sensor) data acquisition and for (actuator) data provision Additional C2X software for communication and applications Wireless (wide-range) external interfaces even with Internet access Not public! Only for internal use. 10
11 Three Particular Reasons for Automotive HSMs for C2X C2X #1: Strong computing performance & efficiency requirements for ECC-based C2X cryptography as required by IEEE and C2C-CC for efficient authenticity/integrity/conf. enforcement (e.g., secure boot) of C2X software, which is rather large for enabling efficient certificate management (e.g., 12 physically protected / enforced parallel certs/day vs. 300 logically protected certs/day to prevent Sybil attacks using multiple valid pseudonyms in parallel) Not public! Only for internal use. 11
12 Three Particular Reasons for Automotive HSMs for C2X C2X #2: Strong safety & dependability requirements Use cases may have strong safety implications while relying on lots of complex software (cf. R#1) and introducing long-range wireless interfaces in parallel relying on correctness and authenticity of incoming C2X messages Lack of misbehavior detection, misbehavior reporting, and misbehavior counteraction esp. in early deployment stages C2X definitely will be attacked while there is no period of grace! Even single easy to accomplish successful attacks could kill C2X immediately and long-lasting particularly in a safety-sensible world like automotive Not public! Only for internal use. 12
13 Three Particular Reasons for Automotive HSMs for C2X C2X #3: Strong legal & (re-)liability requirements for security & privacy Compare recent development in smart meter security as example (first implementations lacked on security &privacy CC certification becomes mandatory) Cf. legal privacy requirements, for instance, European directives 2010/40/EU (ITS framework), 95/46/EC (personal data processing), or 2001/58/EC (public electronic communication networks) Cf. legal liability requirements, for instance, European directives 2007/46/EC (vehicle approval framework), 2001/95/EC (product safety), or 85/374/EEC (consumer protection) And of course for legal safety requirements (cf. C2X#2) Not public! Only for internal use. 13
14 3. Status Quo for Availability of Automotive HSMs
15 Status Quo of Automotive HSMs: HIS Secure Hardware Extension (SHE) SHE Objective: Cost-efficient automotive-capable IC security extension for minimum of ECU security. Industry project finished in 2009 with official OEMcontrolled specification (i.e., HIS consortium) for semiconductor manufacturers Results Isolated AES-128 hardware engine and hardware protected cryptographic keys with access control (e.g., secure boot) Commercially available from Infineon, FreeScale, NEC etc. Outlook: Mandatory security extension for several German automotive OEMs Not public! Only for internal use. 15
16 Status Quo of Automotive HSMs: EVITA Hardware Security Modules Objective: Automotive-capable HSM for in-vehicle and V2X communication security and ECU software security EC funded research project (BMW, Bosch, Continental, ESCRYPT, Fujitsu, Infineon) finished in 2011 Results Outlook Open specification for three HSM classes light, medium, full Corresponding software security framework EMVY Vehicle-integrated FPGA prototypes incl. simtd vehicles EVITA Medium modules available soon EVITA Full prototype available Not public! Only for internal use. 16
17 4. Trust Assurance and Evaluation Schemes for C2X Vehicle Stations
18 How I can trust a C2X message? How can I trust* ) an incoming C2X message, in particular, for actively changing my driving behavior? Because it is difficult to sent you a faulty message. Why it is difficult to sent me a faulty message? Because C2X communication is well-protected against encroachments yielding to faulty messages by well-proven intl. accepted = trustworthy set of mechanisms / standards Because the C2X sending stations are well-protected, so that it is difficult to compromise them to send faulty messages. Are they? How? And how can I be sure? A trusted party has evaluated the sending endpoint acc. a well-proven intl. accepted = trusted security standard and issued a certificate you can verify about its opinion how difficult it is to compromise this sender. * ) Classical IT security definition: One (trustor) relies on another (trustee) to act as expected. Not public! Only for internal use. 18
19 Trustworthiness of C2X (sending) stations Why? How? For being able to put trust into others C2X messages. Trusted security evaluation and securely verifiable certification according to an accepted = trustworthy evaluation standard. Same (minimum) trust evaluation criteria for all? Could be (difficult), but better use different trust assurance evaluation criteria = different assurance trust levels for different C2X applications depending on their individual minimum trust requirements. How could such trust assurance levels (TAL) look like? Not public! Only for internal use. 19
20 Trust Assurance Levels (TAL) for C2X stations Trust Ass. Level (TAL) Minimum Target of Evaluation (TOE) Minimum Evaluation Assurance Level (EAL) (Hardware) Security Functionality Prevented Attacker acc. to CC Security Implications C2X Use Case Examples 0 None None None None Not reliable against security attacks in general Some limited,e.g. using trusted C2I infrastructures 1 + C2X box software EAL 3 Only software security mechanisms Minimum Level Basic Not reliable against simple hardware attacks (e.g., offline flash manipulation) Non-safety, but most privacy relevant use cases 2 + C2X box (sec.) hardware EAL 4 + dedicated hardware security (i.e., secure memory & processing) + tamper evidence Enhanced Basic Not reliable against more sophisticated hardware attacks (e.g., side-channel attacks) C2C-CC day one use cases (e.g., passive warnings and helpers) 3 + tamper-protected (sec.) hardware EAL 4+ (AVA_VAN.4 vulnerability resistance) + basic tamper resistance Moderate C2X box secure as stand alone device, but without trustworthy invehicle inputs Safety relevant relying not only on V2X inputs 4 + relevant in-vehicle sensors and ECUs EAL 4+ (AVA_VAN.5 vulnerability resistance) + moderate high tamper resistance Moderate High C2X box is trustworthy also regarding all relevant in-vehicle inputs All Not public! Only for internal use. 20
21 Evaluation & Certification of Trust Levels Remember: A trusted party has evaluated the sending endpoint acc. a well-proven intl. accepted = trusted security standard and issued a certificate you can verify about its opinion how difficult it is to compromise this sender. Possibilities for trusted evaluation parties Public security evaluation institution such as BSI, NIST etc. OEM-accredited evaluation labs Self-certification, of course with some inherent trust limitations Possibilities for trusted security evaluation standards Generic NIST FIPS (2001) and draft (2013?) Generic ISO Common Criteria Version 3.1 (ISO 15408, 2007) Custom scheme such as successful EMVCo approach from payment card industry by international OEM consortium Not public! Only for internal use. 21
22 Security Evaluation Standards Benchmark NIST FIPS 140-X Well-proven approach with 4 predefined levels, but not truly a security standard, rather correct use of cryptography and security functionality Not truly international standard, but very US-driven (i.e., needs regional or customer individual re-certifications) Difficult and slow to adapt (cf. >10 years for FIPS 140-3) ISO Common Criteria 3.1 State-of-the-art, well-proven, internationally accepted standard Necessary infrastructure (e.g., labs, certification bodies) already available Costly, timely, but with limited durability (2 years) only Rather generic, while difficult and slow to adapt Not public! Only for internal use. 22
23 Security Evaluation Standards Benchmark CC adapted custom OEM C2X evaluation scheme Reuse CC approach with more efficient and more specific C2X adaptions Can be easily extended, adapted etc. since it would be under full control of OEM consortium Not yet existing anything, i.e., no standards, no labs, no consortium or overall accepted agreement Costly and timely establishment & maintenance of corresponding infrastructure Even though the initialization costs and time are considerable, in the long run, the custom CC adapted approach will be the most efficient & flexible approach. Not public! Only for internal use. 23
24 5. Conclusions & Challenges
25 Conclusions Hardware security is essential for automotive security Hardware security is essential especially for C2X Four pre-defined trust assurance levels (TAL) for origin of incoming C2X messages based on a well-proven intl. accepted = trusted security evaluation standard Not public! Only for internal use. 25
26 Challenges Fully C2X-capable hardware security modules not yet commercially available C2X (hardware) security (evaluation) standards have to be created, widely accepted, and reliably implemented (e.g., strongly connected w/ PKI solution) Security cannot be measured absolutely nor it s static, but a moving target. So the best result that can be expected from a security evaluation is: from today s perspective no exploitable vulnerabilities were found Not public! Only for internal use. 26
27 Thank you for your attention! Dr.-Ing. Marko Wolf Senior Security Engineer Not public! Only for internal use. 27
Hardware Security Modules for Protecting Embedded Systems
Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &
More informationVehicular Security Hardware The Security for Vehicular Security Mechanisms
escrypt GmbH Embedded Security Systemhaus für eingebettete Sicherheit Vehicular Security Hardware The Security for Vehicular Security Mechanisms Marko Wolf, escrypt GmbH Embedded Security Embedded Security
More informationVehicular On-board Security: EVITA Project
C2C-CC Security Workshop 5 November 2009 VW, MobileLifeCampus Wolfsburg Hervé Seudié Corporate Sector Research and Advance Engineering Robert Bosch GmbH Outline 1. Project Scope and Objectives 2. Security
More informationEVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications
EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications 7 th escar Embedded Security in Cars Conference November 24 25, 2009, Düsseldorf Dr.-Ing. Olaf Henniger, Fraunhofer SIT Darmstadt Hervé
More informationCycurHSM An Automotive-qualified Software Stack for Hardware Security Modules
CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded
More informationThe relevance of cyber-security to functional safety of connected and automated vehicles
The relevance of cyber-security to functional safety of connected and automated vehicles André Weimerskirch University of Michigan Transportation Research Institute (UMTRI) February 12, 2014 Introduction
More informationNEXT GENERATION OF AUTOMOTIVE SECURITY: SECURE HARDWARE AND SECURE OPEN PLATFORMS
NEXT GENERATION OF AUTOMOTIVE SECURITY: SECURE HARDWARE AND SECURE OPEN PLATFORMS André Groll, Jan Holle University of Siegen, Institute for Data Communications Systems {andre.groll,jan.holle}@uni-siegen.de
More informationSafety and security related features in AUTOSAR
Safety and security related features in Dr. Stefan Bunzel Spokesperson (Continental) Co-Authors: S. Fürst, Dr. J. Wagenhuber (BMW), Dr. F. Stappert (Continental) Automotive - Safety & Security 2010 22
More informationSecurity in Vehicle Networks
Security in Vehicle Networks Armin Happel, Christof Ebert Stuttgart, 17. March 2015 V1.1 2015-04-28 Introduction Vector Consulting Services supports clients worldwide in improving their product development
More informationSHE Secure Hardware Extension
SHE Secure Hardware Extension Data Security for Automotive Embedded Systems Workshop on Cryptography and Embedded Security Embedded World @ Nuremberg, February 2012 Content Data Security - What does it
More informationSecure Key Management A Key Feature for Modern Vehicle Electronics
13AE-0069 Secure Key Management A Key Feature for Modern Vehicle Electronics Christian Schleiffer, Marko Wolf, André Weimerskirch, and Lars Wolleschensky ESCRYPT Copyright 2012 SAE International ABSTRACT
More informationSecure Hardware PV018 Masaryk University Faculty of Informatics
Secure Hardware PV018 Masaryk University Faculty of Informatics Jan Krhovják Vašek Matyáš Roadmap Introduction The need of secure HW Basic terminology Architecture Cryptographic coprocessors/accelerators
More informationAutomotive Software Development Challenges Virtualisation and Embedded Security
Automotive Software Development Challenges Virtualisation and Embedded Security 1 Public ETAS-PGA/PRM-E October 2014 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, Automotive
More informationCHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS
CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS Prof. Dr.-Ing. Georg Sigl Institute for Security in Information Technology Technical University Munich sigl@tum.de Fraunhofer Research Institution
More informationSecure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge
Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge Mitgliederversammlung EIKON e.v. 26. Februar 2014 Prof. Dr.-Ing. Georg Sigl Lehrstuhl für Sicherheit in
More informationTechnical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium 2012-01-18, Miami Beach FL / USA
Technical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium 2012-01-18, Miami Beach FL / USA Dr. Stephan Beirer s.beirer@gai-netconsult.de Sichere ebusiness
More informationEmbedded Java & Secure Element for high security in IoT systems
Embedded Java & Secure Element for high security in IoT systems JavaOne - September 2014 Anne-Laure SIXOU - ST Thierry BOUSQUET - ST Frédéric VAUTE - Oracle Speakers 2 Anne-Laure SIXOU Smartgrid Product
More informationSecurity architecture Integrating security into the communicating vehicle. Norbert Bissmeyer, Fraunhofer SIT June 18 th 2015
Security architecture Integrating security into the communicating vehicle Norbert Bissmeyer, Fraunhofer SIT June 18 th 2015 Overview PRESERVE provides a close-to-market V2X Security Architecture (VSA)
More informationOn Security Evaluation Testing
On Security Evaluation Testing Kerstin Lemke-Rust Hochschule Bonn-Rhein-Sieg Workshop: Provable Security against Physical Attacks Lorentz Center, 19 Feb 2010 Kerstin Lemke-Rust (H BRS) On Security Evaluation
More informationEmbedded Security for Modern Building Automation Systems
Embedded Security for Modern Building Automation Systems Daniel Höttges, ESCRYPT GmbH Embedded Security, Bochum, Germany Marko Wolf, ESCRYPT GmbH Embedded Security, München, Germany Digitalization and
More informationIoT Security Concerns and Renesas Synergy Solutions
IoT Security Concerns and Renesas Synergy Solutions Simon Moore CTO - Secure Thingz Ltd Agenda Introduction to Secure.Thingz. The Relentless Attack on the Internet of Things Building protection with Renesas
More informationPUF Physical Unclonable Functions
Physical Unclonable Functions Protecting next-generation Smart Card ICs with SRAM-based s The use of Smart Card ICs has become more widespread, having expanded from historical banking and telecommunication
More informationSecure egovernment Where convenience meets security. www.infineon.com/ccs
Secure egovernment Where convenience meets security www.infineon.com/ccs Gaining transparency Electronic ID documents replace and enhance conventional ID documents that governments have been issuing for
More informationSecurity Domain Separation as Prerequisite for Business Flexibility. Igor Furgel T-Systems
Security Domain Separation as Prerequisite for Business Flexibility Igor Furgel T-Systems 23th-25th September, 2008, page 2 What are we speaking about? What is a Security Domain and what do we need it
More informationM2M For industrial and automotive
M2M For industrial and automotive Content ST at a glance... 4 Where to find us... 5 The value chain... 5 Secure MCU... 6 Focus on ST33 secure microcontrollers... 6 M2M fields of application... 7 What is
More informationMeet The Family. Payment Security Standards
Meet The Family Payment Security Standards Meet The Family Payment Security Standards Payment Processing Electronic payments are increasingly becoming part of our everyday lives. For most people, it can
More informationSide Channel Analysis and Embedded Systems Impact and Countermeasures
Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks Cryptographic devices Side
More informationCryptography and Key Management Basics
Cryptography and Key Management Basics Erik Zenner Technical University Denmark (DTU) Institute for Mathematics e.zenner@mat.dtu.dk DTU, Oct. 23, 2007 Erik Zenner (DTU-MAT) Cryptography and Key Management
More informationCertification Report. NXP Secure Smart Card Controller P40C012/040/072 VD
TÜV Rheinland Nederland B.V. Version 20101101 Certification Report NXP Secure Smart Card Controller P40C012/040/072 VD Sponsor and developer: NXP Semiconductors Germany GmbH, Business Unit Identification
More informationSecure Data Exchange Solution
Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates
More informationIdentification of Authenticity Requirements in Systems of Systems by Functional Security Analysis
Identification of Authenticity Requirements in Systems of Systems by Functional Security Analysis Andreas Fuchs and Roland Rieke {andreas.fuchs,roland.rieke}@sit.fraunhofer.de Fraunhofer Institute for
More informationCertification Report
Certification Report EAL 4 Evaluation of SecureDoc Disk Encryption Version 4.3C Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification
More informationSecurity risk analysis approach for on-board vehicle networks
1 Security risk analysis approach for on-board vehicle networks Alastair Ruddle Consultant, MIRA Limited Motivation 2 o o Future vehicles will become mobile nodes in a dynamic transport network vehicle
More informationCommon Criteria Evaluations for the Biometrics Industry
Common Criteria Evaluations for the Biometrics Industry Kathy Malnick Senior Manager Criterian Independent Labs An initiative of the WVHTC Foundation Presentation outline Common Criteria defined Common
More informationfuture data and infrastructure
White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal
More informationCertification Report
Certification Report EAL 4+ Evaluation of Entrust Authority Security Manager and Security Manager Administration v8.1 SP1 Issued by: Communications Security Establishment Canada Certification Body Canadian
More informationContactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, 2006. Developed by: Smart Card Alliance Identity Council
Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions July, 2006 Developed by: Smart Card Alliance Identity Council Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked
More informationIoT Security Platform
IoT Security Platform 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there
More informationPRIME IDENTITY MANAGEMENT CORE
PRIME IDENTITY MANAGEMENT CORE For secure enrollment applications processing and workflow management. PRIME Identity Management Core provides the foundation for any biometric identification platform. It
More informationEmbedding Trust into Cars Secure Software Delivery and Installation
Embedding Trust into Cars Secure Software Delivery and Installation André Adelsbach, Ulrich Huber, Ahmad-Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security, Bochum, Germany Third Workshop
More informationNetwork Security in Building Networks
Network Security in Building Networks Prof. Dr. (TU NN) Norbert Pohlmann Institute for Internet Security - if(is) Westphalian University of Applied Sciences Gelsenkirchen, Germany www.if-is.net Content
More informationProtection Profile Digital Tachograph Vehicle Unit (VU PP) Version 1.0 BSI-CC-PP-0057-2010
Protection Profile Digital Tachograph Vehicle Unit (VU PP) Version 1.0 BSI-CC-PP-0057-2010 Dipl.-Phys. Certification Federal Office for Information Security (BSI), Germany Topics of VU-PP CC 3.1 R3 Overview
More informationEntrust Smartcard & USB Authentication
Entrust Smartcard & USB Authentication Technical Specifications Entrust IdentityGuard smartcard- and USB-based devices allow organizations to leverage strong certificate-based authentication of user identities
More informationPervasive Computing und. Informationssicherheit
Pervasive Computing und 11. Symposium on Privacy and Security Rüschlikon, 13. September 2006 Prof. Christof Paar European Competence Center for IT Security www.crypto.rub.de Contents 1. Pervasive Computing
More informationPrivyLink Cryptographic Key Server *
WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology
More informationUNCLASSIFIED Version 1.0 May 2012
Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice
More informationCertification Report
Certification Report EAL 2 Evaluation of with Gateway and Key Management v2.9 running on Fedora Core 6 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria
More informationSecurity IC Platform Protection Profile
Security IC Platform Protection Profile Version 1.0 15.06.2007 developed by Atmel Infineon Technologies AG NXP Semiconductors Renesas Technology Europe Ltd. STMicroelectronics Registered and Certified
More informationSecureD Technical Overview
WHITEPAPER: SecureD Technical Overview WHITEPAPER: SecureD Technical Overview CONTENTS section page 1 The Challenge to Protect Data at Rest 3 2 Hardware Data Encryption Provides Maximum Security 3 3 SecureD
More informationCryptographic and Security Testing Laboratory. Deputy Laboratory Director, CST Laboratory Manager
Cryptographic and Security Testing Laboratory Deputy Laboratory Director, CST Laboratory Manager About our Cryptographic and Security Testing Laboratory Bringing together a suite of conformance testing
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationCertification Report
Certification Report McAfee Network Security Platform v7.1 (M-series sensors) Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification
More informationApplied and Integrated Security. C. Eckert
Applied and Integrated Security 1 Joseph von Fraunhofer (1787-1826) Researcher discovery of Fraunhofer Lines in the sun spectrum Inventor new methods of lens processing Entrepreneur head of royal glass
More informationReviving smart card analysis
Reviving smart card analysis Christopher Tarnovsky Karsten Nohl chris@flylogic.net nohl@srlabs.de Executive summary Modern smart cards should be analyzed 1. Smart card chips provide the trust base for
More informationSetting up a SQ20xx WIFI and Laptop for a Peer-to-peer (Ad-hoc) connection
Setting up a SQ20xx WIFI and Laptop for a Peer-to-peer (Ad-hoc) connection Setting up the logger for a Peer-to-peer (Ad-hoc) connection The SQ20xx WIFI needs to be powered by an external supply. Connect
More informationRecommended 802.11 Wireless Local Area Network Architecture
NATIONAL SECURITY AGENCY Ft. George G. Meade, MD I332-008R-2005 Dated: 23 September 2005 Network Hardware Analysis and Evaluation Division Systems and Network Attack Center Recommended 802.11 Wireless
More informationFunctional diagram: Secure encrypted data. totally encrypted. XOR encryption. RFID token. fingerprint reader. 128 bit AES in ECB mode Security HDD
Secure encrypted data Encryption Access Control XOR encryption RFID token 128 bit AES in ECB mode Security HDD fingerprint reader enter password by keyboard 256 bit AES in CBC mode 1-2-3-4-5-6-7-8 PIN
More informationHow to Drop your Anchor
How to Drop your Anchor Enabling Trust in Cloud-Based Services Andreas Curiger CTO Securosys SA DIGS DC Day, Sep 16, 2015 10:30-10:55 The Promising World of Cloud Computing Cloud computing offers network
More informationBroadSAFE Enhanced IP Phone Networks
White Paper BroadSAFE Enhanced IP Phone Networks Secure VoIP Using the Broadcom BCM11xx IP Phone Technology September 2005 Executive Summary Voice over Internet Protocol (VoIP) enables telephone calls
More informationEfficient and Faster PLC Software Development Process for Automotive industry. Demetrio Cortese IVECO Embedded Software Design
Efficient and Faster PLC Software Development Process for Automotive industry Demetrio Cortese IVECO Embedded Software Design 13-06-2013 Automotive OEM Mandatory Requirement Delivery the new vehicle in
More informationTest vehicle tool to assess candidate ITSEF s competency
Test vehicle tool to assess candidate ITSEF s competency September 28, 2011 Takayuki TOBITA IT Security Center (ISEC) Information-technology Promotion Agency, JAPAN (IPA) 1 Common Criteria Scheme in Japan
More informationJoint Interpretation Library
for smart cards and similar devices Document purpose: provide requirements to developers and guidance to evaluators to fulfill the Security Architecture requirements of CC V3 ADV_ARC family. Version 2.0
More informationWi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003
Wi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003 2003 Wi-Fi Alliance. Wi-Fi is a registered trademark of the Wi-Fi Alliance
More informationCertification Report
Certification Report EAL 4+ Evaluation of ncipher nshield Family of Hardware Security Modules Firmware Version 2.33.60 Issued by: Communications Security Establishment Canada Certification Body Canadian
More informationPart A) I. Focus areas from the perspective of the German Government s on automated and connected driving
Cybersecurity and data protection Part A) Focus areas for presentation at the IG ITS/AD meeting in November 2015 Part B) Issues for discussion Part C) Preliminary Draft proposal for Guidelines on measures
More informationWhat is a Smart Card?
An Introduction to Smart Cards and RFIDs Prof. Keith E. Mayes Keith.Mayes@rhul.ac.uk Director of the ISG - Smart Card Centre www.scc.rhul.ac.uk Learning Objectives (MSc MSc) Identify the various types
More informationSecure software updates for ITS communications devices
Secure software updates for ITS communications devices - International Standardization Activity in ITU-T SG17 - Masashi Eto, Senior researcher, Cybersecurity laboratory, Network security research institute,
More informationVON BRAUN LABS. Issue #1 WE PROVIDE COMPLETE SOLUTIONS ULTRA LOW POWER STATE MACHINE SOLUTIONS VON BRAUN LABS. State Machine Technology
VON BRAUN LABS WE PROVIDE COMPLETE SOLUTIONS WWW.VONBRAUNLABS.COM Issue #1 VON BRAUN LABS WE PROVIDE COMPLETE SOLUTIONS ULTRA LOW POWER STATE MACHINE SOLUTIONS State Machine Technology IoT Solutions Learn
More informationAutoSAR Overview. FESA Workshop at KTH 2010 04 12. Prof. Jakob Axelsson Volvo Cars and Mälardalen University
AutoSAR Overview FESA Workshop at KTH 2010 04 12 Prof. Jakob Axelsson Volvo Cars and Mälardalen University This presentation is based on a tutorial prepared by the AutoSAR Consortium AUTOSAR Members Status
More informationAPWG. (n.d.). Unifying the global response to cybecrime. Retrieved from http://www.antiphishing.org/
DB1 Phishing attacks, usually implemented through HTML enabled e-mails, are becoming more common and more sophisticated. As a network manager, how would you go about protecting your users from a phishing
More informationAssurance or Insurance?
Cybersecurity Today and Tomorrow: Assurance or Insurance? Apostol Vassilev, Ph.D. Research Lead - STVM, CSD, NIST (HOST 2016, May 3-5, The Ritz-Carlton, McLean, VA) Image Courtesy: verizonenterprise.com/verizon-insights-lab/dbir/2016/
More informationIT Security of Commercial Vehicles
IT Security of Commercial Vehicles Public Key Infrastructures and their Contribution to Safety and New Business Models Hakan Cankaya 1, Daniel Estor 2, and Moritz Minzlaff 1 1 ESCRYPT GmbH, Bismarckstr.
More informationPublic Key Cryptography in Practice. c Eli Biham - May 3, 2005 372 Public Key Cryptography in Practice (13)
Public Key Cryptography in Practice c Eli Biham - May 3, 2005 372 Public Key Cryptography in Practice (13) How Cryptography is Used in Applications The main drawback of public key cryptography is the inherent
More informationAutomotive and Industrial Data Security
André Weimerskirch Cybersecurity for Cyber-Physical Systems Workshop April 23-24, 2012 Overview Introduction and Motivation Risk analysis Current and future security solutions Conclusions Communication
More informationRaising Awareness of Issues by Adapting the NIST IT Security Services Model to E-Business Systems. Robert L. Probert, Victor Sawma¹
E-Commerce Security Raising Awareness of Issues by Adapting the NIST IT Security Services Model to E-Business Systems Robert L. Probert, Victor Sawma¹ School of Information Technology and Engineering University
More informationVisa Inc. PIN Entry Device Requirements
Visa Inc. PIN Entry Device Requirements The following information is applicable for Visa Inc. regions. Visa Inc. regions include Asia-Pacific (AP); Central and Eastern Europe, Middle East and Africa (CEMEA);
More informationBy: Magiel van der Meer. Supervisors: Marc Smeets Jeroen van der Ham
University of Amsterdam SNE - Project 2 By: Magiel van der Meer Supervisors: Marc Smeets Jeroen van der Ham July 2, 2014 Encryption and authenticity more important Personal data over untrusted networks..
More informationSecurity in ST : From Company to Products
Security in ST : From Company to Products July 2015 Thierry FENSCH Innovation, Collaboration and Efficiency Director Grenoble Site A global semiconductor leader 2014 revenues of $7.40B Who we are 2 Approximately
More informationPlain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75
Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationApplying Common Criteria to a cloud type payment service
1 Applying Common Criteria to a cloud type payment service Kenji Yamaya ECSEC Laboratory Inc. 2 Evaluation of a cloud system Tablet internet cloud Newly developed terminal products Mobile POS Smart Phone
More informationLecture VII : Public Key Infrastructure (PKI)
Lecture VII : Public Key Infrastructure (PKI) Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 Problems with Public
More informationNational Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016
National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION
More informationDRAFT Standard Statement Encryption
DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held
More informationOffer Highly Available SAAS Solutions with Huawei. Huang Li Executive Vice President of isoftstone
Offer Highly Available SAAS Solutions with Huawei Huang Li Executive Vice President of isoftstone Contents Contents 1 2 3 4 5 6 7 Significance of SMEs in Urban Development SME Status Quo IT Capabilities
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationEnd-to-End Security in Wireless Sensor Networks (WSNs) Talk by Claudio Anliker Supervised by Dr. Corinna Schmitt CSG@IFI, University of Zurich
End-to-End Security in Wireless Sensor (WSNs) Talk by Supervised by Dr. Corinna Schmitt CSG@IFI, University of Zurich Content 1. Motivation 2. Security Issues and Principles 3. Internet-of-Things and Wireless
More informationHardware in the Loop (HIL) Testing VU 2.0, 182.117, WS 2008/09
Testen von Embedded Systems Hardware in the Loop (HIL) Testing VU 2.0, 182.117, WS 2008/09 Raimund dkirner Testing Embedded Software Testing the whole system including the physical environment is not possible
More informationHardware and Software Design for Automotive Security
32 IJCSNS International Journal of Computer Science and Network Security, VOL.15 No.9, September 2015 Hardware and Software Design for Automotive Security Gaurav Bansod Faculty of Engineering,Symbiosis
More informationSupporting Document Guidance. Security Architecture requirements (ADV_ARC) for smart cards and similar devices. April 2012. Version 2.
Supporting Document Guidance Security Architecture requirements (ADV_ARC) for smart cards and similar devices April 2012 Version 2.0 CCDB-2012-04-003 Foreword This is a supporting document, intended to
More informationEnhancing Organizational Security Through the Use of Virtual Smart Cards
Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company
More informationThe Challenges of Securing the Internet of Things (IoT) at Scale
The Challenges of Securing the Internet of Things (IoT) at Scale Ulf Lindqvist, Ph.D. Program Director, SRI International Chair, IEEE Computer Society s Technical Committee on Security and Privacy Vice
More informationISO 27002:2013 Version Change Summary
Information Shield www.informationshield.com 888.641.0500 sales@informationshield.com Information Security Policies Made Easy ISO 27002:2013 Version Change Summary This table highlights the control category
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationInitial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance
Emerging Technology Whitepaper Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance For Transmissions of Cardholder Data and Sensitive Authentication Data Program Guide Version
More informationSecurity Policy. Trapeze Networks
MP-422F Mobility Point Security Policy Trapeze Networks August 14, 2009 Copyright Trapeze Networks 2007. May be reproduced only in its original entirety [without revision]. TABLE OF CONTENTS 1. MODULE
More informationAdvancements in Wireless Access-Control Security. By Vivien Delport Director of Applications. And
Advancements in Wireless Access-Control Security By Vivien Delport Director of Applications And Cristian Toma Applications Engineer Security, Microcontroller & Technology Development Division Microchip
More informationKeeping Up with the Data & Security Demands of the Automotive IoT
Keeping Up with the Data & Security Demands of the Automotive IoT AESIN 2015 Robert Moran Automotive Systems Engineering O C T O B E R 2 0 1 5 External Use Keeping Up with the Data & Security Demands of
More informationAchieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER
with Convenience and Personal Privacy version 0.2 Aug.18, 2007 WHITE PAPER CONTENT Introduction... 3 Identity verification and multi-factor authentication..... 4 Market adoption... 4 Making biometrics
More informationDigital Signatures and Interoperability
Setting Processes for Electronic Signature Dr. Joachim Schiff On behalf of the SPES Consortium Workgroup City of Saarbruecken IKS Nell-Breuning-Allee 1 D-66115 Saarbruecken Germany Tel. 0049 681 905 5000
More information