Defending the Internet of Things

Similar documents
Deriving a Trusted Mobile Identity from an Existing Credential

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Six Steps to SSL Certificate Lifecycle Management

Entrust IdentityGuard

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

Strong Authentication for Healthcare

Executive Summary P 1. ActivIdentity

Strong Identity Authentication for First Responders

The Convergence of IT Security and Physical Access Control

A Proper Foundation: Extended Validation SSL

The Convergence of IT Security and Physical Access Control

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

CODE SIGNING. Why Developers Need to Digitally Sign Code and Applications entrust.com

THE LEADING EDGE OF BORDER SECURITY

Did security go out the door with your mobile workforce? Help protect your data and brand, and maintain compliance from the outside

Two-Factor Authentication

Strengthen security with intelligent identity and access management

Entrust IdentityGuard Versatile Authentication Platform for Enterprise Deployments. Sam Linford Senior Technical Consultant

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

Solving the Security Puzzle

Glossary of Key Terms

How To Manage A Password Protected Digital Id On A Microsoft Pc Or Macbook (Windows) With A Password Safehouse (Windows 7) On A Pc Or Ipad (Windows 8) On An Ipad Or Macintosh (Windows 9)

SIX STEPS TO SSL CERTIFICATE LIFECYCLE MANAGEMENT

Implementing Transparent Security for Desktop Encryption Users

EBA SECUREPAY COMPLIANCE GUIDE entrust.com

Enterprise Data Protection

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

IBM Security Privileged Identity Manager helps prevent insider threats

Using Entrust certificates with VPN

Wildcard and SAN: Understanding Multi-Use SSL Certificates

Understanding Enterprise Cloud Governance

ENTRUST CLOUD. SSL Digital Certificates, Discovery & Management entrust@entrust.com entrust.com

SECURITY IN THE INTERNET OF THINGS

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

An Oracle White Paper December Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

Managed Portable Security Devices

Token Security or Just Token Security? A Vanson Bourne report for Entrust

White paper December IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview

Strong Authentication for Secure VPN Access

Payment Card Industry Data Security Standard

The Oracle Mobile Security Suite: Secure Adoption of BYOD

Moving to Multi-factor Authentication. Kevin Unthank

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

10 easy steps to secure your retail network

WHITE PAPER Usher Mobile Identity Platform

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

What is Really Needed to Secure the Internet of Things?

Industrial Security Solutions

Data Security Concerns for the Electric Grid

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

PortWise Access Management Suite

Windows Embedded Security and Surveillance Solutions

BlackBerry Enterprise Solution and RSA SecurID

Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007

Achieve Deeper Network Security

Building Trust in a Digital World. Brian Phelps, BSc CISSP Director of Advanced Solutions Group EMEA Thales UK, Ltd.

future data and infrastructure

Injazat s Managed Services Portfolio

Security by Design WHITE PAPER

Two factor strong authentication. Complex solution for two factor strong authentication

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

SECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Frost & Sullivan. Publisher Sample

PRIME IDENTITY MANAGEMENT CORE

White Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication

Information Security Basic Concepts

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Achieve Deeper Network Security and Application Control

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Hard vs. Soft Tokens Making the Right Choice for Security

SOLUTION BRIEF SEPTEMBER Healthcare Security Solutions: Protecting your Organization, Patients, and Information

Developing Secure Software in the Age of Advanced Persistent Threats

White paper December Addressing single sign-on inside, outside, and between organizations

How To Manage A Privileged Account Management

CA Technologies Healthcare security solutions:

Healthcare Information Security Today

PKI: THE SECURITY SOLUTION FOR THE INTERNET OF THINGS

Enhancing Web Application Security

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

How To Protect Your Data From Harm With Safenet

CA Technologies Solutions for Criminal Justice Information Security Compliance

SAFEAPP TECHNOLOGY PROGRAM

Transcription:

Defending the Internet of Things Identity at the Core of Security +1-888-690-2424 entrust.com

Table of contents Introduction Page 3 Challenge: protecting & managing identity Page 4 Founders of identity security Page 5 Standardizing PKI Page 6 Secure mobile, leverage mobile Page 6 Identity management Page 7 Trusted advisor for critical architectures Page 7

Introduction More system complexity means that there is more threat surface that needs to be defended. It also means that there is more potential to make mistakes and introduce vulnerabilities. Attacks on traditional IT systems have resulted in massive loss of money, privacy and intellectual property. Even worse, attacks on the Internet of Things (IoT) potentially threaten our safety. This threat landscape exists alongside the ever-increasing demand for more technology to be embedded into coordinated devices used in healthcare, automobiles, aviation, critical infrastructure and smart city initiatives. More system complexity means that there is more threat surface that needs to be defended. It also means that there is more potential to make mistakes and introduce vulnerabilities. The opportunity to create a safe and secure system occurs when we realize that perimeter defenses are insufficient and that we must engineer comprehensive security throughout system processes. In highly automated systems, connected devices must assure trust by assuring authenticity. Too often, devices in automated and coordinated systems do not challenge the authenticity of the source of the commands that they act upon. In an ideal world, the identity of each system component would be authenticated, but system constraints demand that we optimize an architecture that achieves security and assures performance. 3

Challenge: protecting & managing identity What s at Risk? Critical infrastructure programmable logic units Automobile electronic control units Medical devices Smart city, including intelligent transportation Utilities and industrial control Building automation Securing identity is a central concept in reducing attack surfaces. Every attack we have studied requires an attack against identity in order to accomplish its malicious goals. The chain of trust shows us how system parts sitting directly in the sequence of a process must question each other s identity. Wherever an identity can be compromised, an attacker will find it and use it against the system. Authenticity of Parts This approach is suitable for parts that include firmware components. It also has the potential to allow secure in service upgrades because of the code-signing confirmation that authenticate the identity of the firmware source. Receiving Commands Identity of Source All networks should be considered unsafe. Any device that receives a valid command on a network should not blindly trust the source s identity. The authenticity of command is not enough, but the identity s authenticity of the command source is the key to reducing threat surface. These concepts are at the heart of what public key infrastructure (PKI) can accomplish. Sending Commands Identity of Destination Vulnerabilities and failures occur. Therefore, not all devices on a network should be trusted to hear commands sent on the network. An attacker who can read legitimate commands moving across a network can learn which commands to replay at a later time for malicious intent. The need for encrypted communications within an enclosed network of embedded devices is important to reduce attack surface. Authentication IoT is synonymous with remote connectivity, which is a fast-growing technology area. Without authentication, critical devices are at risk of attack. Too often, critical IoT devices and their networks are considered to be secure because of the perceived lack of physical access or the complexity of the communication protocol. Attacks have shown us that security by obscurity is insufficient. Secure elements and higher processing power in IoT devices have created opportunities to embed cryptographic capabilities enabling strong authentication. Security Culture As traditional vendors transition to solve IoT challenges, there will be struggles to manage, secure and authenticate 4 devices. Security that stands the test of implementation requires expertise that is forged through experience.

Founders of identity security Entrust has a long history of protecting identities and architecting systems that assure chains of trust. Entrust s core competencies such as PKI are highly applicable to security for the Internet of Things. This security expertise specifically protects identities. Entrust is a founder and editor of the underlying standards community, as well as the one of the primary architects for identity security within complex projects. Today, this leadership is further augmented by the strategic integration between Entrust and Datacard Group. As a single company, this partnership provides identity-based technologies that enable highly secure anywhere-anytime access for workforces of all sizes. Our solutions help consolidate identity information that is typically scattered through numerous databases. We create unified and trusted identities that provide enterprises with a single point of control and much greater security. Whether people are entering secure facilities, logging onto desktop computers or accessing networks remotely with mobile devices, Datacard Group and Entrust provide security and convenience for authorized users and strong lines of defense against unauthorized access. These high-assurance credential solutions, strong authentication platforms, encryption technologies, mobile security, managed PKI services and SSL certificates meet the needs of organizations with advanced requirements and complex ecosystems, including IoT. Our wide range of credential issuance solutions also meets the needs of enterprises looking to protect smaller populations and control access to a limited number of facilities. 5

Standardizing PKI From its early days (as a division of Northern Telecom) to the present, Entrust has played a strong leadership role in the standardization, implementation and deployment of PKI. In 1992, Entrust supplied one of the world s first PKI implementations to the Canadian Department of National Defence. The system, Packet Data Security Overlay (PDSO), provided end-to-end security for X.25 data communication systems. Development of the base PKI standard, commonly referred to as X.509 began in 1985 and was completed in 1988. Entrust was one of the primary technical contributors to that first edition and also played a leadership role as ITU-T and ISO/ IEC editor for the project. Since that first edition, Entrust has continued participation in the development of new architectures and features to the present time and have, at various times, chaired the X.509 committee and provided project editorship. In addition to these primary PKI standards activities, Entrust has also participated and in some cases played leadership roles in numerous industry forums, regional standards initiatives and application-specific initiatives. Some of these include the CA/Browser Forum, Electronic Messaging Association, ICAO, ETSI, American Bar Association and others. Secure mobile, leverage mobile Entrust both secures and leverages mobile devices. Device certificates ensure that authorized devices securely connect to a network. Entrust Mobile Smart Credentials enable strong authentication and transaction-signing. The isolation of mobile operating system applications provides greater security than desktop environments. Future devices will even enable credentials to be stored in secure elements. Entrust s mobile SDK provides authentication/ credential functionality that can work within a custom mobile application. Many of the advances in mobile security technologies such as Trusted Execution Environments and secure elements are models that should be leveraged by IoT technologies. Easy-to-use mobile user interfaces, along with the high levels of security functionality, are a combination in security rarely seen. If security requires the input and/or decision-making of a human, security is likely to fail. Mobile is an opportunity for success. 6

Identity management Entrust s flagship authentication solution, Entrust IdentityGuard is one of the most robust authentication and identity-assurance platforms in the market. It delivers an unmatched breadth of capabilities and flexibility to meet the most demanding security environments. Identity management is a challenge for most organizations. Authentication vendors often do not have an identity management platform to match customer needs. Existing point authentication solutions are no longer up to the task of thwarting advances that exploit vulnerabilities in a variety of channels or mediums. Whether the root threats originate from internal or external sources, critical information, data and identities are at constant risk. SOFTWARE AUTHENTICATION PLATFORM SMS Mobile Soft Token Transaction Verification Mobile Device Certificates Mobile Smart Credential Password Device Authentication IP-Geolocation Digital Certificates Grid / egrid OTP Tokens Knowledge Based Smartcards and USB Transaction Signing Mutual Authentication Biometrics Trusted advisor for critical architectures As a trusted PKI advisor, Entrust has served a key role assisting with the design of PKI architectures for specific projects. One of these, the U.S. Federal PKI (FPKI) working group, included design, development and deployment of the first bridge CA. This concept enabled different agencies to operate their own PKI infrastructures in a relatively autonomous environment, supporting common policies and enabling secure communications among a variety of agencies. Another example, the design of Extended Access Control (EAC) for the European Union epassport application. This included the design of a Single Point of Contact (SPOC) supporting certificate management between EU member states and delegation of authorization and access control permissions from a passport issuer to foreign border control. EAC, and its associated PKI architecture, are becoming more widely adopted for other applications as well, including ISO/IEC standards for driver s licenses and national ID cards (e.g., Germany). 7

Entrust and you More than ever, Entrust understands your organization s security pain points. Entrust offers software authentication platforms that strengthen security in a wide range of identity and transaction ecosystems. Government agencies, financial institutions and other enterprises rely on Entrust solutions to strengthen trust and reduce complexity for consumers, citizens and employees. Now, as part of Datacard Group, Entrust offers an expanded portfolio of solutions across more than 150 countries. Together, Datacard Group and Entrust issue more than 10 million secure identities every day, manage billions of secure transactions annually and issue a majority of the world s financial cards. For more information about Entrust solutions, call +1 888-690-2424, email entrust@entrust.com or visit www.entrust.com. Company Facts Website: entrust.com Employees: 359 Customers: 5,000 Offices: 10 globally Headquarters Three Lincoln Centre 5430 LBJ Freeway, Suite 1250 Dallas, TX 75240 USA Sales North America: +1-888-690-2424 EMEA: +44 (0) 118 953 3000 Email: entrust@entrust.com Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. Entrust is a registered trademark of Entrust Limited in Canada. All other company and product names are trademarks or registered trademarks of their respective owners. The material provided in this document is for information purposes only. It is not intended to be advice. You should not act or abstain from acting based upon such information without first consulting a professional. ENTRUST DOES NOT WARRANT THE QUALITY, ACCURACY OR COMPLETENESS OF THE INFORMATION CONTAINED IN THIS ARTICLE. SUCH INFORMATION IS PROVIDED AS IS WITHOUT ANY REPRESENTATIONS AND/OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, BY USAGE OF TRADE, OR OTHERWISE, AND ENTRUST SPECIFICALLY DISCLAIMS ANY AND ALL REPRESENTATIONS, AND/OR WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, NON-INFRINGEMENT, OR FITNESS FOR A SPECIFIC PURPOSE. 30091-1-0914

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information