How can webapps benefit from automotive environment, with safety?

Similar documents
Norton Mobile Privacy Notice

Right-Sizing M2M Security: The Best Security is Security Tailored to Your Application

OT PRODUCTS AND SOLUTIONS MACHINE TO MACHINE

Analysis of advanced issues in mobile security in android operating system

Secure Authentication for the Development of Mobile Internet Services Critical Considerations

Strong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012

A brief on Two-Factor Authentication

Enhancing Web Application Security

Secure USB Flash Drive. Biometric & Professional Drives

Mobile Device as a Platform for Assured Identity for the Federal Workforce

A New Approach to IoT Security

Introduction. PCI DSS Overview

Building Trust in a Digital World. Brian Phelps, BSc CISSP Director of Advanced Solutions Group EMEA Thales UK, Ltd.

The Importance of Secure Elements in M2M Deployments: An Introduction

Catapult PCI Compliance

Modern two-factor authentication: Easy. Affordable. Secure.

FWD. What the Internet of Things will mean for business

EBA STRONG AUTHENTICATION REQUIREMENTS

IOT for Automotive and Transport Challenges and Opportunities

Enabling Smart Data on M2M Gateways and Aggregators

Global Mobile Identity and Access Management Market

Device-Centric Authentication and WebCrypto

WHITE PAPER Security in M2M Communication What is secure enough?

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

Security in Vehicle Networks

Choosing an Enterprise-Class Wireless Operating System: A Comparison of BlackBerry, iphone and Windows Mobile

Hard vs. Soft Tokens Making the Right Choice for Security

E-Virus in Six Cisco Routers

M-Shield mobile security technology

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

The research area of SET group is software engineering, and model-based software engineering in particular:

Global Encryption and Key Management Trends Study

Vehicular On-board Security: EVITA Project

Secure Data Exchange Solution

TABLE OF CONTENTS. Introduction 3 OTP SMS Two-Factor Authentication 5 Technical Overview 9 Features 10 Benefits 11 About MobiWeb 12 Quality 13

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Public Key Applications & Usage A Brief Insight

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013

Remote Access and Home Working Policy London Borough of Barnet

Securing end-user mobile devices in the enterprise

Identity and Access Management Solutions MWC 2016

Increasing M2M device intelligence drive fast decisions and help new business

vehicle cloud Connected vehicle cloud Under the hood

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

How-To Guide: Cyber Security. Content Provided by

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

What is our purpose?

Maintain Fleet Management Solutions Using Wide Area Wireless Technology

GEMALTO M2M KEY TECHNOLOGY TRENDS OF M2M

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

Connected Cars Combining Security and Safety

Welcome Guide for MP-1 Token for Microsoft Windows

Better Mobility for the Enterprise: Windows Phone 8.1 and MobileIron

Secure software updates for ITS communications devices

Content Protection and Security Considerations for 5G KILROY HUGHES

Security aspects of e-tailing. Chapter 7

ADDING STRONGER AUTHENTICATION for VPN Access Control

Policy for Protecting Customer Data

EECS 588: Computer and Network Security. Introduction

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Secure Web Access Solution

Dell OpenManage Mobile Version 1.4 User s Guide (Android)

A WIDER SHARING ECOSYSTEM. The pivotal role of data in transport solutions

Trusted Computing in Mobile Platforms

Chapter 1: Introduction

BlackBerry 10.3 Work Space Only

Secure and Reliable Data Exchange with IoT Devices. Vinny Sakore & Amit Trivedi February 29, 2016

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

What is Really Needed to Secure the Internet of Things?

Mobility, Security Concerns, and Avoidance

M2M innovations that will drive the market: Big Data, Cloud and LTE technologies impact?

French Justice Portal. Authentication methods and technologies. Page n 1

Securing Virtual Desktop Infrastructures with Strong Authentication

Web Apps For Cars

Strong Authentication for Secure VPN Access

Smart Cities. Photo used under Creative Commons from nigelhowe

Secure your business DIGIPASS BY VASCO. The world s leading software company specializing in Internet Security

exceet Secure Solutions Smart & Secure Network From Vision to Reality

Key Enablers for the Cloud Service Broker: Identity, Privacy, and Security

Two-Factor Authentication

BlackShield Authentication Service

How To Make A Multi-Tenant Platform Secure And Secure

Executive Summary. Page 2 of 12

Acquisition of Novero. Investor presentation 18th December 2015

Thatcham Research The Insurers Automotive Research Centre

10 Quick Tips to Mobile Security

How to handle data privacy issues in the car industry

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

The Internet of Things Risks and Challenges

Introduction (Contd )

74% 96 Action Items. Compliance

A8.1 Asset Management Responsibility for assets: To identify organisational assets and define appropriate protection responsibilities.

Security and Compliance challenges in Mobile environment

Passing PCI Compliance How to Address the Application Security Mandates

STRONGER AUTHENTICATION for CA SiteMinder

Open Source Solution for IVI: Tizen IVI. Brett Branch Tizen IVI Product Marketing

Trusted Platforms for Homeland Security

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

How to Secure Your Environment

Transcription:

How can webapps benefit from automotive environment, with safety? Web and automotive W3C workshop Pierre.Girard@gemalto.com Rome, November 14, 2012

Agenda! Gemalto introduction! Car as a programming platform! Safety, security and privacy requirements! Recommendations

Gemalto at a glance Customers Employees Shareholders Society 50 Government programs & customers worldwide 490 telecoms with services for 2.5 billion subscribers 10,000 employees 90 nationalities 40 countries 2B Revenue PFO up by 15% at 239M Eco friendly design & manufacturing practices Developing local markets 300 financial institutions serving more than 500 million cardholders Sponsored community service projects Nov. 14, 2012 Pierre Girard 3

The need for digital security and trust is booming Device Integrity! Secure Boot! Secured IMEI! Secured SIMLock! Remote Wipe/Lock! Firmware Upgrade! Firmware Integrity! MTM (TCG) User Protection! Data Encryption! Access Control! Trusted User Interface! Parental Control Digital Content Management! DRM! Application usage (App stores, ) Enterprise! Email encryption! Email signature! VPN (https)! VolP! Data protection! AntiViruses! Device integrity Mobile Payment! Strong authentication (3D Secure, OTP, )! Remote payment! Transportation! Ticketing! Digital signature Government/ Identification! Strong authentication! PIN entry! Digital signature! ecitizen apps and it has to come with convenience Nov. 14, 2012 Pierre Girard 4

Machine to Machine Communications How our M2M solutions are making a difference Mobile health Smart energy Track & trace Automotive Our customers We allow patients to be treated at home and alert healthcare providers if necessary We help power smart grids, balance loads, reduce home energy consumption & speedily charge electric vehicles We ensure goods can always be located by their owners, logistics companies but not the bad guys We have announced our partnership with Deutsche Telekom & BMW for ecall widescale deployment Nov. 14, 2012 Pierre Girard 5 5

Hardware factorization in cars Navigation Speed radar locator Ecodriving Multimedia Nov. 14, 2012 Pierre Girard 6

Car as a programming platform! Services are provided as apps! The car needs to provide a rich API in order to be an attractive platform for developers Case study: RelayRides app on OnStar! Can we avoid the native app fragmentation problem? Nov. 14, 2012 Pierre Girard 7

How to protect! Safety How to prevent access to CAN bus by malicious in-car apps? How to prevent malicious firmware upgrade?! Privacy How to selectively disclose location, driving patterns, Big Data or local aggregation and inference? Anonymous authentication and payment! Security How to prevent car stealing by hacking? How to prevent mileage modification? How to prevent Denial Of Service? Nov. 14, 2012 Pierre Girard 8

Which threat model?! The car use cases and lifecycle is more complex than a electronic appliance! Who would be the attacker? Driver(s), passengers, owner, car dealer, maintenance operator, thieves, remote hacker! Both remote and physical attacks will be faced! The car life cycle need to be considered Wiping personal data when reselling the car, locking when in maintenance! Various use cases Renting, sharing, company fleet Nov. 14, 2012 Pierre Girard 9

Software security Hardware security! Protected environment! Trusted users! Direct access to data! Unprotected environment! Non trusted users! No direct access to data! Tamper resistant devices Nov. 14, 2012 Pierre Girard 10

A security framework will be needed! Of course we need permissions on API But it s not so simple Avoid the Click I accept syndrome! Permissions need to be managed based on Service provider / developer identity Certification status User authentication Car life cycle state (e.g. in maintenance) Real time context (e.g. speed)! Apps and services will also need Users and car authentication Billing framework Nov. 14, 2012 Pierre Girard 11

Identification and authentication! Management of identities and roles Roles = owner, driver, passenger, shift manager, fleet manager, maintainer,! Flexible authentication methods Biometrics Cryptography Hardware based! Flexible security levels Not the same level needed for kids screen skinning and door opening! Various form factors USB tokens, SD cards, mobile phone, key fob, driving license,. Nov. 14, 2012 Pierre Girard 12

App life cycle management! Actors Developer Service provider Car platform manager Evaluation and certification entity! App life cycle Development Evaluation and certification Loading and installation Usage Upgrade Uninstall Nov. 14, 2012 Pierre Girard 13

Recommendations! Technical Standardize a powerful and attractive car API Design a safety / security / privacy model Permission based Role based With a flexible authentication framework! Method Encourage automotive industry and service providers to participate Connect with other W3C workgroups (sysapp, deviceapi) Reuse from existing specifications (e.g. OMTP Bondi) Connect with other organizations (Genivi, OneM2M ) Nov. 14, 2012 Pierre Girard 14

Thank you! Nov. 14, 2012 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information