- Toward Trustful IoT Life -



Similar documents
CSMS. Cyber Security Management System. Conformity Assessment Scheme

GEMALTO M2M KEY TECHNOLOGY TRENDS OF M2M

Embedded Java & Secure Element for high security in IoT systems

The Forefront of ICT International Standardization for Smart City and Smart Grid

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

The Internet of Things (IoT) Opportunities and Risks

SECURING YOUR MODERN DATA CENTER WITH CHECK POINT

Security in Vehicle Networks

Technical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium , Miami Beach FL / USA

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Security in ST : From Company to Products

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

The Internet of Things: Opportunities & Challenges

Automotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri

Ecom Infotech. Page 1 of 6

Summer projects for Dept. of IT students in the summer 2015

gehr Project: Nation-wide EHR Implementation in JAPAN

Thibaut Kleiner (HoU) Rolf Riemenschnieder (HoS) E1 Network Technologies DG CONNECT European Commission

ISA Security Compliance Institute ISASecure IACS Certification Programs

Developing software for Autonomous Vehicle Applications; a Look Into the Software Development Process

SECURE YOUR BUSINESS WHEREVER IT TAKES YOU. Protection Service for Business

1. Fault Attacks for Virtual Machines in Embedded Platforms. Supervisor: Dr Konstantinos Markantonakis,

Securing Virtual Applications and Servers

BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective

The Internet of Things Risks and Challenges

Management of Security Information and Events in Future Internet

IoT R&I on IoT integration and platforms INTERNET OF THINGS FOCUS AREA

C015 Certification Report

Certification Report

Building A Secure Microsoft Exchange Continuity Appliance

Research Report: Addressing Security Concerns for Connected Devices in the Internet of Things Era

M 2 M IWG. Eclipse, M2M and the Internet of Things. Overview. M 2 M Industry WorkGroup! M2M?

Innovative Security for an Accelerating World New Approaches for Chief Security Officers

Bring Your Own Internet of Things: BYO IoT

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Chapter 2: Transparent Computing and Cloud Computing. Contents of the lecture

Information security due diligence

Vehicular On-board Security: EVITA Project

NTT R&D s anti-malware technologies

CSSC-CL Announces ISASecure Certification of Hitachi and Yokogawa Industrial Control Devices. ~For More Globally Competitive Control System Devices ~

for Vehicle Cyber Security

The Next Generation Data Centers: SPECS and The 3 rd Platform.

In the pursuit of becoming smart

Enterprise Security Architecture for Cyber Security. M.M.Veeraragaloo 5 th September 2013

Security risk analysis approach for on-board vehicle networks

Toward Connected Vehicle with AGL

Internet of Things: What is going to change in our lives

Right-Sizing M2M Security: The Best Security is Security Tailored to Your Application

The Internet of Things (IoT) and Industrial Networks. Guy Denis Rockwell Automation Alliance Manager Europe 2015

IoT IT Security and Secure Development Life Cycle

Certification Report

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

Trusted Network Connect (TNC)

Enterprise Application Enablement for the Internet of Things

Unified Threat Management, Managed Security, and the Cloud Services Model

How Attackers are Targeting Your Mobile Devices. Wade Williamson

FIA Protection Against Mileage Fraud by Common Criteria

PROTECTION FOR SERVERS, WORKSTATIONS AND TERMINALS ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

The Future of Smart In our Daily Lives

McAfee Security Architectures for the Public Sector

McAfee - Overview. Anthony Albisser

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

Nine Steps to Smart Security for Small Businesses

How To Understand The Power Of The Internet Of Things

The relevance of cyber-security to functional safety of connected and automated vehicles

VON BRAUN LABS. Issue #1 WE PROVIDE COMPLETE SOLUTIONS ULTRA LOW POWER STATE MACHINE SOLUTIONS VON BRAUN LABS. State Machine Technology

OT PRODUCTS AND SOLUTIONS MACHINE TO MACHINE

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment

Internet of Things (IoT): Security Awareness. Sandra Liepkalns, CRISC

Palo Alto Networks. October 6

QRadar SIEM 6.3 Datasheet

How To Protect Your Network From Attack

ISA Security Compliance Institute

Engineering and R&D Services (ERS) EVP & Global Head Sales and Practice

This is a preview - click here to buy the full publication

Certification Report

Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.]

Certification Report

22 July, 2010 IT Security Center (ISEC) Information-technology Promotion Agency (IPA) Copyright 2010 Information-Technology Promotion Agency, Japan 1

Enabling Manufacturing Transformation in a Connected World. John Shewchuk Technical Fellow DX

Data Driven Assessment of Cyber Risk:

Unleashing the Power of the Internet of Things

Reduce Medical Device Compliance Costs with Best Practices.

Cyber Security and Privacy - Program 183

ARC Forum Orlando 2015 Building a Secure Industrial Internet of Things

Personal Security Practices of the CAO

Transcription:

CCDS Introduction - Toward Trustful IoT Life - Connected Consumer Device Security Council (CCDS) Kosuke Ito, Secretary General Copyright 2015 Connected Consumer Device Security Council Proprietary 1

ISSUE: Threats from Cooperated If even Single App is safe, but may be vulnerable in cooperated situation A consumer device infected malware spread to other device and apps Difference of security levels between each apps domains Malware AV, Home Appliance Apps Energy, HEMS Apps ITS, Vehicle Apps Apps Cooperation Medical, Healthcare Apps Other Consumer Intrusion 2 Server Cooperation Intrusion via vulnerable app, Crack to cooperative app 2 Copyright 2015 Connected Consumer Device Security Council Proprietary 2

Trust(safety and security)level Difference 1Different Level of Requirement For Safety and Security Level by product domains Required or Demanding Level Actual Product Level 安 心 安 全 Domain A Product 連 携 安 心 安 全 Domain B Product 連 携 安 心 安 全 Domain C Product 2Total Security Level will be leveled at the lowest product When connected Copyright 2015 Connected Consumer Device Security Council Proprietary 3

Lack of Security Standard for IoT Increasing the threats on IoT systems Lack of Security Standard for IoT Func. Safety Security Nuclear Plant Basic Domain IEC61513 Organization Basic Domain Certification Program by CSSC in JP Industrial System IEC61511 (CSMS) Not yet defined IEC 62443 Automotive IEC 61508 ISO 26262 ISO 27001 (ISMS) Lack of Guideline or Standard for Consumer IoT systems Healthcare Medical Home App IEC 60601 IEC60335 Not yet defined Not yet defined Test Tool Development supported by Okinawa Pref. Elec./ Electronic Control System IEC62061 Security Func. Product/parts Discuss By IPA ISO 15408 セキュリティ 評 価 認 証 CSSC: 技 術 研 究 組 合 制 御 システムセキュリティセンター IPA: 独 立 行 政 法 人 情 報 処 理 推 進 機 構 JIPDEC 一 般 財 団 法 人 日 本 情 報 経 済 社 会 推 進 協 会 Copyright 2015 Connected Consumer Device Security Council Proprietary 4

Overview of Automotive Standardization JARI ITSに 関 する 国 際 的 な 標 準 化 の 取 り 組 み http://www.jari.or.jp/tabid/113/default.aspx Copyright 2015 Connected Consumer Device Security Council Proprietary 5

Value and Cost Balance IoT service value > Security Protection Cost Function and Architecture Cost Up by complex architecture Comply Important Requirement such as Safety Safety ISO/IEC 61508 SIL 1~4 ISO 26262 ASIL QM, A~D, etc Security ISO/IEC 15408/CC EAL 1~7 FIPS 140-2 Level 1~4 ETIS ITS/C2C-CC TAL 1~4, etc Countermeasure Also countermeasure by architecture and Usability Quality Keep Higher Quality Different Priority and Judgement level Product domain by domain Copyright 2015 Connected Consumer Device Security Council Proprietary 6

CCDS Overview Name: Connected Consumer Device Security council Est: October 6 th, 2014 Chairman: Dr. Hideyuki Tokuda Prof. of Keio University Special Advisor of Cyber Security to the Cabinet Representative Director: Dr. Tsukasa Ogino Kyoto University Director: Dr. Atsuhiro Goto Prof. of Inst. Of Information Security Director: Katsutoshi Hasegawa (President, esol Inc.) Director: Hiroyuki Hattori (Director, Witz Member: 74(Principal/Regular:30, General:33, Academic:11) Copyright 2015 Connected Consumer Device Security Council Proprietary 7

SCOPE: Embedded/IoT/M2M in general, Connected Consumer which are not operated (monitored and controlled) by professionals Power, Utility EV/HV HEMS Network Smart Meter Battery Automated Driving V2X Communication PV HEMS Console Home Appliance Road Side UNIT ITS&Vechile Safety AV Network 4K 8K Contents Network Appliance Home Server ECU Home Gateway Medical/Healthcare Network Care Robots Medical, Healthcare Healthcare server After Telematics, Eco, Drive Recorder, etc. Potable New Services Convenience Wearable Cloud HEMS company Contents Provider Medical, Healthcare Vehicle and Traffic Control Copyright 2015 Connected Consumer Device Security Council Proprietary 8 お 弁 当 セ ー ル ATM Public Area Office Area Network MFP Remote Monitor / Maintenance 8

Goal and Activities Activities 1. Definition of secure development guidelines for consumer devices and discuss global standardization Goal Among daily usage of the consumer devices, unexpected device behavior affects injury, risk one s life, financial property. Our goal is to make the connected consumer devices working cooperative with safety and security. For the sustainable goal, we promote security awareness and reference point of good practices to all stakeholder company and organization in each domains. 2. Discuss certification scheme based on secure development guideline 3. Discuss the way of assurance for basically consumer safety and security 4. Development of vulnerabilities validation in cooperated consumer devices 5. Building test beds for verify attacks and countermeasures 6. Human resource development through those activities 7. Along with standards of development and security, we support development of validation tools and verification environment Copyright 2015 Connected Consumer Device Security Council Proprietary 9

CCDS External Cooperation IoT Security Guideline Dev. Design Process Guide = Security by Design Security Testing Guide ->International Std. 安 心 安 全 なサービス 製 品 開 発 を 目 指 す! Connected World Development Guideline WG IoT Vuln. Evaluation PF Dev. Vulnerability Testing Tool Development Testing Scenario Development Developing the Security Testing Platform Copyright 2015 Connected Consumer Device Security Council Proprietary 10

Cyber Security Policy for Vitalizing Society and its sustainable development by NISC Security By Design (SBD) System Design with Security Consideration from planning and design stage Preparation of the general guidelines to affect security on IoT system Enforcement of the technology development and proof trial in consideration of the characteristic (long life cycle, limit of the processing capacity) of the IoT system, importance of the hardware genuine nature 出 典 :NISC:サイバーセキュリティ 戦 略 ( 案 )より Copyright 2015 Connected Consumer Device Security Council Proprietary 11

PLAN: Secure Development Guideline Definition Per Domains Secure Development Guideline Common V2X, Probe Remote Access, Control Vehicle common part Arrange basic items for embed devices Discuss Integrated situation includes cyber space for Automated Drv. Embedded Domain Health Data Wearable Comm. Remote Access, Control HEMS Cooperation Healthcare common part Home Appliance common part Embedded Systems common part (Base) Cooperated Services common part Office (MFP, etc.) Public Space (ATM, etc.) Cyber System Domain As a beginning, Discuss for each Apps Arrange each common part Copyright 2015 Connected Consumer Device Security Council Proprietary 12

Founding the 3 rd Party Security V&V Evaluation Center 国 内 大 手 企 業 が 参 加 Automotives On-Board Head Units, Body Control ECUs Home Okinawa Pref. CCDS 重 要 生 活 機 器 連 携 セキュリティ 協 議 会 IoT Vuln. Testing Ctr. 2015 年 度 ~2017 年 度 R&D Center IPA Connected World Development Guideline Working Group Home GW, IoT GW for sensor network IoT Security Guideline Development WG Certification Authority (Future) Financial Terminals ATM/POS ATM/POS Testing Tool Dev. Testing DB Dev. & Ope Vuln. Evaluation Platform Evaluation Testing Platform System IoT Evaluation Test Scenario And Test result Integration Testing Process Dev. Trial Testing (Training) 3 rd Party Testing Service 3 rd Party Security V&V Evaluation Ctr (Future) Venders in Okinawa V&V: Verification and Validation Vuln: Vulnerability Copyright 2015 Connected Consumer Device Security Council Proprietary 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information