IoT Security Platform



Similar documents
Using BroadSAFE TM Technology 07/18/05

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao

Content Teaching Academy at James Madison University

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Start building a trusted environment now... (before it s too late) IT Decision Makers

PrivyLink Cryptographic Key Server *

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

Key Management Interoperability Protocol (KMIP)

Complying with PCI Data Security

IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Overview. SSL Cryptography Overview CHAPTER 1

Cloud security architecture

Cornerstones of Security

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Guide to Data Field Encryption

Key Management Best Practices

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

ERserver. iseries. Secure Sockets Layer (SSL)

NVM memory: A Critical Design Consideration for IoT Applications

How To Encrypt Data With Encryption

Problems of Security in Ad Hoc Sensor Network

Facilitated Self-Evaluation v1.0

CSE/EE 461 Lecture 23

DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES

Fighting product clones through digital signatures

UNCLASSIFIED Version 1.0 May 2012

SubmitedBy: Name Reg No Address. Mirza Kashif Abrar T079 kasmir07 (at) student.hh.se

Solving data residency and privacy compliance challenges Delivering business agility, regulatory compliance and risk reduction

Data Storage Security in Cloud Computing

Threat Model for Software Reconfigurable Communications Systems

Security Digital Certificate Manager

PUF Physical Unclonable Functions

Embedded Java & Secure Element for high security in IoT systems

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Ciphire Mail. Abstract

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

CyberSource Payment Security. with PCI DSS Tokenization Guidelines

Cisco Trust Anchor Technologies

Security Architecture Whitepaper

Public Key Infrastructure (PKI)

CRYPTOGRAPHY IN NETWORK SECURITY

Chap. 1: Introduction

Technical Brief Distributed Trusted Computing

THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS

USB Portable Storage Device: Security Problem Definition Summary

IoT Security Concerns and Renesas Synergy Solutions

MovieLabs Specification for Enhanced Content Protection Version 1.0

DiamondStream Data Security Policy Summary

True Identity solution

Chapter 1: Introduction

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Internet of things (IOT) applications covering industrial domain. Dev Bhattacharya

TELECOMMUNICATION NETWORKS

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Securing an IP SAN. Application Brief

future data and infrastructure

Module 1: e- Learning

Associate Prof. Dr. Victor Onomza Waziri

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Public Key Encryption and Digital Signature: How do they work?

Security Digital Certificate Manager

Insight Guide. Encryption: A Guide

NXP & Security Innovation Encryption for ARM MCUs

Secure Network Communications FIPS Non Proprietary Security Policy

Full Drive Encryption Security Problem Definition - Encryption Engine

Secure Data Exchange Solution

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

Hardware Security Modules for Protecting Embedded Systems

Savitribai Phule Pune University

Managed Encryption Service

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

Microsemi Security Center of Excellence

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Alliance Key Manager Solution Brief

SSL A discussion of the Secure Socket Layer

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

End-to-End Security in Wireless Sensor Networks (WSNs) Talk by Claudio Anliker Supervised by Dr. Corinna Schmitt University of Zurich

A Framework for Secure and Verifiable Logging in Public Communication Networks

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Developing Secure Software in the Age of Advanced Persistent Threats

White Paper. Enhancing Website Security with Algorithm Agility

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

EXAM questions for the course TTM Information Security May Part 1

Guidelines on use of encryption to protect person identifiable and sensitive information

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

DRAFT Standard Statement Encryption

Transcription:

IoT Security Platform

2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there is an emerging opportunity for cyber hackers with the introduction of IoT (Internet of Things) devices. Devices that were once isolated and secure by default will be connected and communicating over the network. The addition of IoT devices weakens a once stable cyber system and exposes it to attacks. Explosive growth of IoT devices will expand a porous digital border that can be easily breached if not protected. Over the next five years, the number of connected devices is expected to at least double, with 75% of the growth coming from non-hub devices such as sensor nodes and accessories. This massive growth will create entirely new categories of products and services for devices, sensors, consumer products and vehicles, through the power of connection. These connections will drive innovation, but they will also expand the cyberattack space in ways never before experienced in the history of the computer industry. A new way of securing devices is required. To combat this expanding threat, Rubicon Labs has built an IoT Security Platform to enable ecosystems to drive IoT innovation with a scalable hardware security platform that manifests trust.

3 Rubicon Labs IoT Security Platform delivers advanced security with the following features: Minimal semiconductor footprint Low power consumption Hardware key protection Zero-knowledge keys Distributed device activation Zero-knowledge certificate authority Universal architecture Secure identity Signing Authentication Encryption Renewability Scalable security Powerful ecosystem

4 Technical Details Two IoT device types Rubicon Labs divides IoT devices into two categories: Simple and Complex. These two device types define the IoT classes that we support. Simple: These are state machine or microcontroller driven and designed for very small gate count and low-power environments. Typically, this is a fixed operation IoT core that supports secure identity and signing. Complex: Characterized by a CPU driven architecture that requires complex capabilities with significant local processing and functionality. These systems may run a mainstream Linux/ Unix-based OS, but will have a range of power consumption requirements. Complex IoT devices include industrial controllers, home gateways and vehicle subsystems.

5 20K Gates Minimal semiconductor footprint, low power consumption Rubicon Labs IoT Security Platform uses minimal hash and symmetric encryption semiconductor blocks to achieve and surpass the cryptographic strength of larger, far less efficient public key cryptography engines. For authentication in Simple IoT devices, the semiconductor IP core can be as small as 20K gates. For more Complex systems, Rubicon offers integration with a RISC based embedded CPU, allowing far greater capability with a footprint below 100K gates.

6 Hardware Key Protection (Root of Trust) Rubicon Labs has patented technology for making secrets and keys inaccessible in memory. The foundation of this innovation is a unique coupling of a keyed one-way hash function with a secure memory space. This coupling creates a vault that can be provisioned with a key whose value is never known by anyone or anything, but it is still usable by the device. This breakthrough in technology allows a device to construct zero-knowledge systems for digital identity and secure communication. Zero-knowledge proofs are among the most powerful tools cryptographers have ever devised. They are a mathematical means to prove an assertion without revealing any other information. The Rubicon IoT Security Platform enforces this paradigm. The only interaction that the CPU can have with the key is to write data to the input of the keyed hash function and then read the resulting output. Rubicon Labs technology and product implement secure secrets but also protect code that interacts with those secrets or a derivative of them. Security is anchored to a hardware root of trust, which establishes a tamper-resistant secure environment that begins when the first zero-knowledge proof is established, not when power is applied to the device. Thus, Rubicon devices do not have a secure boot requirement. The protection logic is contained within a Secure Mode Controller. This block is responsible for implementing the hardware root-of-trust that forms the core of the security system.

7 Zero-Knowledge Keys Each IoT device has a one-time programmable key burned into its silicon when it is fabricated. This key represents half of the dual 256 bit zero-knowledge hardware secret. Secure keys can be derived from this same structure, creating zero knowledge keys. The dynamic portion of the zero-knowledge key is provisioned by contacting a Rubicon Labs Distributed Device Activation Server. Once contacted, signed entropy is sent to the device and subsequently used for zero-knowledge key derivation. Once the secret is set the first time, the server-supplied entropy input may be saved along with its signature to a local persistent storage device. This allows the device to re-initialize the secret on subsequent power cycles without having to communicate again with the server.

8 Distributed device activation Device activation is designed for distributed cooperation with untrusted parties. This prevents any one party from having full control of device activation, and addresses any concerns with single points of compromise for cryptographic activation keys. Rubicon Labs patented distributed device activation is accomplished by building on zero-knowledge key derivatives, along with cryptographic key splitting. No single part of the activation key can be used without assembling it from multiple independently sourced parts. A policy can be defined to allow for a threshold of keys to be available (N of M in a set) before key reconstruction is mathematically possible. This allows a hardware vendor to have an untrusted relationship with a service provider, but still enable secure activation across multiple independent security boundaries.

9 Zero-knowledge certificate authority The device activation server can be leveraged as a powerful certificate authority. It brokers trust relationships between devices and has a foundation of zero-knowledge keys. This is a simplification to the key and identity-provisioning problem that has challenged vendors as networks have grown. Universal Architecture The Rubicon Labs technology is fully portable, and interoperable with any CPU architecture because it secures data, not addresses. The solution is built with NIST algorithms and does not require new CPU instructions or compilers. If an IoT device requires security, then this solution is designed to provide it. Secure Identity Once provisioned with a zero-knowledge key, we build secure identity on top of it. Identity verification and management can then be used for authentication, authorization and secure communication. Identity management is accomplished by brokering relationships through the Rubicon Labs IoT Device Server. The Device Server has the ability to recreate and use the zero-knowledge keys it has provisioned to the IoT devices. This service provides identity and trust to the network, and once trust has been brokered between two devices, independent and secure communication is unlocked and enabled.

10 Signing Signing is used when it is important to detect forgery or tampering of data. Digital signatures validate that a known Rubicon Labs IoT Device has created messages or data, and accomplished by using the keyed hash functionality in conjunction with a derivative of the zero-knowledge secret. The signing function can take an arbitrary amount of data and append a signed hash to the output. This data can be sent to another device, or to a Rubicon Labs Device Server for data aggregation or sensor analytics. Authentication When bi-directional identity is established between two devices, the receiver can authenticate signed data. Digital signatures assure the receiver that messages and data were not altered in transit, are bound to the sender, and the sender is prevented from denying the transmission. Authentication is simply signature validation using a key derived from a device s embedded zeroknowledge key. Encryption Data privacy is provided via encryption. Similar to signing and authentication, the zero-knowledge key is used as the foundation for establishing protection. Session keys are derived through an innovative key exchange that is brokered through the Rubicon Labs Device Server. Keyed hash functions are used with zeroknowledge keys to rapidly derive symmetric session keys for protecting communication.

11 Renewability Critical for breach recovery, Rubicon Labs unique and patented two-part hardware secret allows key revocation and renewal by re-writing the dynamic half of the secret, while allowing the permanent half of the secret to remain unchanged. Scalable security All IoT Security Platform cryptographic operations are based on symmetric key cryptography and one-way hash functions. This is fundamental to the low gate count achieved by the platform, and also allows for the security to scale. The solution is strong enough to protect high-value keys in the data center, but flexible enough that it can be deployed to the lowest-end sensors. It is a licensed solution that supports scaled pricing based on device and data value. Low power Rubicon Labs simple, efficient symmetric encryption and hash blocks save vast numbers of computational cycles, and power and energy compared with traditional computationally complex asymmetric cryptography. In comparison to handshakes setup with SSL using RSA 2048 keys, Rubicon Labs approach is roughly 3,000 times more computationally efficient. This has profound benefits for the increasingly crucial issue of energy consumption in IoT. Powerful ecosystem Rubicon is enabling an ecosystem by making its hardware architecture readily available to semiconductor device suppliers on a royalty-free basis. Rubicon Labs is committed to enabling the widest possible use cases for its IoT Security Platform. Device platforms will range from Simple embedded state machines to microcontrollers, to more Complex embedded processors. The Rubicon Labs Device Server can be hosted or colocated and will enable a secure network of Rubicon-compliant devices. This will provide a foundation of security for the Internet of Things to fulfill its promise of broad innovation while becoming part of the fabric of everyday life.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information