Cyber- & HW- security in IoT World NTB Buchs

Similar documents
Embedded Java & Secure Element for high security in IoT systems

M2M For industrial and automotive

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Security in ST : From Company to Products

ZigBee Technology Overview

Internet of things (IOT) applications covering industrial domain. Dev Bhattacharya

The Internet of Things: Opportunities & Challenges

Wireless Microcontrollers for Environment Management, Asset Tracking and Consumer. October 2009

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

Reducing Configuration Complexity with Next Gen IoT Networks

Smart Card Technology Capabilities

IoT Security Concerns and Renesas Synergy Solutions

IoT Security Platform

Using BroadSAFE TM Technology 07/18/05

Side Channel Analysis and Embedded Systems Impact and Countermeasures

Hardware Security Modules for Protecting Embedded Systems

Today. Important From Last Time. Old Joke. Computer Security. Embedded Security. Trusted Computing Base

Atmel Crypto Elements Atmel Corporation

Chapter 1: Introduction

Introducing etoken. What is etoken?

PrivyLink Cryptographic Key Server *

In the pursuit of becoming smart

W ith an estimated 14 billion devices connected to

DesignWare IP for IoT SoC Designs

Certification Report. NXP Secure Smart Card Controller P40C012/040/072 VD

Microsemi Security Center of Excellence

AppliedMicro Trusted Management Module

What is Really Needed to Secure the Internet of Things?

What is a Smart Card?

PUF Physical Unclonable Functions

Secure Network Communications FIPS Non Proprietary Security Policy

Vehicular On-board Security: EVITA Project

Pervasive Computing und. Informationssicherheit

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

NXP & Security Innovation Encryption for ARM MCUs

Trusted Platform Module

TPM Key Backup and Recovery. For Trusted Platforms

SecureDoc Disk Encryption Cryptographic Engine

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

NXP Secure Smart Card Controllers P5CD016V1D / P5CD021V1D / P5CD041V1D / P5Cx081V1D with DESFire EV1

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257

NXP Secure Smart Card Controllers P5CC008, P5CC012 V1A/ V1A(s)

Cisco Trust Anchor Technologies

M-Shield mobile security technology

Enabling Smart Data on M2M Gateways and Aggregators

Secure Data Exchange Solution

Internet of Things. Opportunities for device differentiation

Smartcard IC Platform Protection Profile

Reviving smart card analysis

Index. BIOS rootkit, 119 Broad network access, 107

Industry 4.0: Cyber-Security Challenges on the Horizon

The Internet of Things

Key & Data Storage on Mobile Devices

congatec AG How to come around the IoT data security challenges

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release corrections. ADYTON Release 2.12.

Vehicular Security Hardware The Security for Vehicular Security Mechanisms

Secure Hardware PV018 Masaryk University Faculty of Informatics

Questions from The New SensorTag - IoT Made Easy Webinar

The Impact of IoT on Semiconductor Companies

Smarter Infrastructure for a Smarter World

Safety and security related features in AUTOSAR

Confidentio. Integrated security processing unit. Including key management module, encryption engine and random number generator

Enterprise Application Enablement for the Internet of Things

Security in Vehicle Networks

Secure Internet of Things Project

RIOT CONTROL The Art of Managing Risk for Internet of Things

Preventing fraud in epassports and eids

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Securing the Internet of Things

Overview. SSL Cryptography Overview CHAPTER 1

CRYPTOGRAPHY AS A SERVICE

FIPS Security Policy 3Com Embedded Firewall PCI Cards

VON BRAUN LABS. Issue #1 WE PROVIDE COMPLETE SOLUTIONS ULTRA LOW POWER STATE MACHINE SOLUTIONS VON BRAUN LABS. State Machine Technology

Security concept for gateway integrity protection within German smart grids

Industrial Networks & Databases

SPINS: Security Protocols for Sensor Networks

A 360 degree approach to security

End-to-End Security in Wireless Sensor Networks (WSNs) Talk by Claudio Anliker Supervised by Dr. Corinna Schmitt University of Zurich

Lesson-3 CASE STUDY OF AN EMBEDDED SYSTEM FOR SMART CARD

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Course Content Summary ITN 262 Network Communication, Security and Authentication (4 Credits)

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Secure web transactions system

Trends and Standards in LAN Cabling Systems Intelligent Buildings

How To Use Atmel'S Atmel Crypto Device For A Year On A Computer Or Cell Phone

Logitech Advanced 2.4 GHz Technology

Pulse Secure, LLC. January 9, 2015

Using etoken for SSL Web Authentication. SSL V3.0 Overview

An Introduction to Cryptography as Applied to the Smart Grid

Network Security 101 Multiple Tactics for Multi-layered Security

Transcription:

Cyber- & HW- security in IoT World NTB Buchs Security Solutions by Avnet Silica - DACH Costica Dima

. And the growth of the IoT is... From the Internet of Devices to the Internet of Everyday Things. 2 20 January 2017

The innovation is driven by two converging technologies 3 20 January 2017

CPS = Cyber Physical System Autonomous embedded systems as well as process modules for production, logistic, engineering, coordination and management and even as internet services With sensors and actuators to collect physical data and influence physical processes (preferably) wirelessly connected to each other and the internet, using w.w. data and Services Providing multimodal (man-machine) interfaces In a smart factory environment these CPS become CPPS (Cyber physical production systems) -> connected to machines, storage systems and production facilities 4 20 January 2017

ICT* is the innovation driver for all areas of demand 5 20 January 2017 * ICT = Information and Communication Technology

what next?.. Industry 4.0! Industry 4.0 is the technical integration of CPS into production and logistic and the utilization of the IoT within industrial processes this will also have consequences as well on value chains, business models and downstream services as well as on the organisation of workforce. 6 20 January 2017

some markets. Smart City Smart Integration Gateways Network Mgmt Platform Device Mgmt Systems Web server apps Cloud services Analytics Condition Monitoring Smart Grid HVAC Metering Energy Monitoring Lighting Appliances Alarm, Security & Access Control Health & Fitness monitoring Power Generation & Storage Smart Public Services Smart Mobility Power Transportation Power Distribution Demand Response Integration of small power generation Smart Home & Building Smart Manufacturing (Industrie 4.0) PLC Drives Sensors Identification / Vision Valvues Digital Signage Waste Mgmt, Street Lighting Public safety Utility Supply Asset & Vehicle tracking and monitoring Transportation, Traffic & Parking mgmt Communication Wireless Thread / Zigbee BLE WM-Bus 6LoWPAN WiFi Prop. LPWAN GSM/GPRS ZWave Wired Ethernet PLC KNX DALI LONWORKS Fibre HART Twisted Pair IO-Link CAN Security Authentification Authorisation Encryption Secure Memory/Boot Signature 9 20 January 2017

Hyper-connectivity has changed our world forever 10 20 January 2017 2014 Avnet, Inc. Proprietary and confidential.

Security threats at all levels of IoT architectures 11 20 January 2017

Why do we need HW security.. Counterfeiting Fake Medications Are a Growing Threat There's lots of profit in counterfeit drugs, so consumers should be on guard By Nancy Shute, Posted 8/21/07 Indian firm probed over counterfeit medicine Ranbaxy supplies drugs to U.S., Bush's AIDS initiative Amy Fagan, Friday, August 1, 2008 12 20 January 2017

Why is CYBERSECURITY essential? 13 20 January 2017

Why do we need HW security.. Hack Attacks 14 20 January 2017

. Public Safety & Cyber Security for Government. 15 20 January 2017

. Industrial Automation Systems. More than 100000 systems affected by Stuxnet worm Industrial Computers even in Nuclear Facilities A tamper resistant secure element validating that only signed software is executed 16 20 January 2017

HW vs SW for key protection. Key Benefits HW 17 20 January 2017

How to achieve Security by Design Security toolbox for connected objects = cryptography Access control Non-repudiation Signature / Certificate Authentication Anti-cloning Signature / Certificate Encryption & Signature Data integrity Attack detect - Anti-tampering - Authentication Resilience Encryption (Pk,Pr) Confidentiality Secure memory - Anti-tampering - Authentication IP protection 18 20 January 2017

Attack tree Tool for evaluating the cost of attacks Do not pay for water at home Slow down meter Fool data reporting to concentrator Hack my record @ water company Alter electronics Alter mechanics Alter firmware Report fake water consumption with dummy meter Find back-door on water company IT system Bribe employee Insert pulse divider between spinning contact and counter Disassemble firmware and reprogram Reverse engineer wireless protocol and security key 19 20 January 2017

A trustworthy HW security Anchor 21 20 January 2017

major challenges for HW security solution to meet TRNG Secrets (keys) never leave the Valut Secure MCU / Secrets (keys) stored in Tamper Resistant Valut Secure Trust Provisioning & Key Generation / Management 22 20 January 2017

Certification Standards & Organizations by applications egov: ebanking: POS ATM Credit Cards Payments EMV ICC Specification for Payment Systems Common Criteria Version 3.1 level EAL5+ in conformance to BSI-PP-0035-2007 EMVCo approval Some of the Computer based application systems require TCG certification of components based on TPM1.2 or 2.0 23 20 January 2017 *TCG = Trusted Computer Group *TPM = Trusted Platform Module

Trusted Platform Module (TPM) Standards comparison 24 20 January 2017

This is what a Secure Element is A Secure Element is basically a micro-controller with added co-processors for the cryptographic protocols plus integrated tamper resistant techniques to protect against all sort of attacks. Typical MCU functions: CPU, memory (ROM, E2PROM, RAM), Interface (I2C, SPI, UART), Clock/timers; reset function, I/Os, voltage regulators, etc. Coprocessor for cryptographic algorithms: symmetric and/or asymmetric Tamper-resistant techniques, i.e. glue logic, security routing, shielding, sensors, etc. Application-dedicated functions Tracking functions Usage Control functions Anti-counterfeiting functions IP protection functions SPI or I²C Application Crypto Library Key Management Application Management Secure Storage Application Installer I²C & ISO7816 protocols Secure Firmware Host MCU 32 bit CPU PKI ECC RSA AES 3DES SHA True TIMER Rando Flash RAM m Gen. I/O Secure MCU core Interface 25 20 January 2017

. Secure communications. Problem Protect data exchanges from potential eavesdroppers Secure systems against hackers from sensor to server Solution A secure element capable of: Strong authentication Root key storage Session key generation and storage Encryption / decryption 26 20 January 2017

INF OPTIGA - Hardware-based security solutions 27 20 January 2017

NXP A-Series Turnkey Solution: Overview 28 20 January 2017 AIS-31 compliant True Random Number Generator

Maxim Security ICs DeepCover Secure Microcontrollers Analog Micros Integrated Analog and Security Support for private and public key cryptography e.g. MAX66300, MAX71637 DeepCover Authentication ICs Generic cryptographic support enabling trusted boot and trusted communications MAXQ1050 Future micros Enables hardware authentication as well as simple Public Key Infrastructure DS28XXXX 29 20 January 2017

STM STSAFE-A STSAFE-J (Java) & TPM Easy to use security services for IoT developers MOQ: 10k min Flexibility: +- Authentication Secure communication General Purpose MCU Secure storage CC EAL5+ certified I2C STSAFE-A secure element Secure Firmware upgrade USB Type-C 30 20 January 2017

AVS-exclusive TO136 Safran-StarChip/Trusted Objects Volumes: <1k-100M! Flexibility: ++ Tracking Crypto Library Key Management 32 bit CPU DFN6 package HW EMVco and CC EAL4+ certified Crypto processor Usage Control Secure proprietary firmware Memory Management Interface Counterfeiting Flash RAM I/O TO 136 is a fully integrated solution: 32 bit Secure CPU hardware, compliant with EMV Co standard Customizable on-demand software, optimized for the IoT Host code to interface with secure hardware through I2C Product personalization with AVS-exclusive secure logistics IP protection I²C & ISO7816 protocols I2C Host MCU Authenticate Device and/or Server Secure communication Session key establishment Broadcast key management Secure data storage Setup a TLS connection Implement USB Type C authentication 31 20 January 2017

32 20 January 2017 Thank you.