Building Trust in a Digital World Brian Phelps, BSc CISSP Director of Advanced Solutions Group EMEA Thales UK, Ltd.
2 Global incidents Equivalent of 117,339 incoming attacks per day, everyday Total number of detected incidents - growth of 66% CAGR www. pwc.com/gx/en/consulting-services/information-security-survey/download.jhtml
3 And more targeted www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ 2015 2014
4 How Much is Data Worth? At the end of April, there were 270 reported breaches with 102,372,157 records compromised! Thales e-security CONFIDENTIAL Source- Identity Theft Resource Center
5 Trust in a digital world ecommerce egovernment ecitizen Smart phones Smart grid Smart vehicles
6 Trust Management is a central problem to solve Organizations are losing control over their application environment Clouds, consumer devices (BYOD), remote connected devices, fragmented workforce - emphasis moves from control to trust Targeted attacks drive need for data neutralization Mobile, remote devices and cloud services increase attack surface Privacy requirements drive need for data protection wherever it resides Increased scrutiny and governance drives need to prove trust as well as simply establish it Dynamic business relationships requires trust to be dynamic Federated, transitory and anonymous relationships create the need for new trust models and technologies Virtualized and shared environments Need for trust varies by application but infrastructure is increasingly shared Scale and dynamics of connected everything forces automation of trust properties Manual controls are no longer practical or cost effective
7 Crypto is the key to establish and enforce trust Identity and Access Controls Data Confidentiality and privacy Data Integrity and Non-Repudiation
8 The role of cryptography Identity and Access Controls Password protection Key Management Credential management Strong authentication Payment card issuance Document signing Signed email DNSSEC SSL Payments processing Application-level encryption Public Key Infrastructure Audit & log signing Code signing Tokenization Email encryption Digital rights management Data Confidentiality and privacy Database encryption Disk encryption Tape encryption Point of sale encryption (P2PE) Server-file encryption Network encryption SAN switch encryption Data Integrity and Non-Repudiation
9 Thales e-security CONFIDENTIAL
10 The pain of key management Please rate the overall pain associated with key and certificate management in your organization 35% 30% 25% 20% 15% 10% 5% 0% 1-2 (Minor) 3-4 5-6 7-8 9-10 (Severe) Source: 2015 Global Encryption and Key Management Trends Study - Ponemon Institute (April 2015) 55%
11 What makes key management hard? Source: 2015 Global Encryption and Key Management Trends Study - Ponemon Institute (April 2015)
12 What s at stake? The secrecy of keys underpins trust if keys are stolen or misused, data is compromised The availability of keys keeps systems running lost keys can destroy data and bring services to a standstill Lifecycle management of keys is costly complexity, delays and errors can quickly escalate Key management is under intense scrutiny policies, controls and reporting simplify audits and compliance
13 Hardware secures applications everywhere Trusted Platform Modules (TPM) protect desktop apps Secure Elements and SIMs protect mobile apps Hardware Security Modules (HSM) protect server based apps
14 So, what s changing?
15 Mobile payments
16 Mobile Payments from Buzzwords to Business Mobile Payments HCE mpos Mobile Commerce EMV NFC TSM SE The race is finally on! Mobile acceptance versus mobile payments Retail versus Person to Person Disruptors versus incumbents
17 Knocking down the barriers 1. Convincing consumers to give it a try 2. Preparing the cardholder data 3. Equipping phones to protecting the data 4. Delivering the data to the phone 5. Enabling merchants to read the phones 6. Enabling user to easily authorize transactions 7. Encouraging consumers to make it a habit
18 Simple ecosystems are good Barrier Apple Android Apple Pay SE/TSM HCE 1. Convincing consumers to give it a try Apple Phone manufacturer, wallet provider 2. Preparing the cardholder data Card brands 3. Equipping phones to protecting the data Apple Issuer Phone manufacturer or carrier (SIM) 4. Delivering the data to the phone Apple Carrier or 3 rd 5. Enabling merchants to read the phones 6. Enabling user to easily authorize transactions 7. Encouraging consumers to make it a habit party Issuer Issuer Issuer (cloud) Issuer NFC NFC NFC Apple Wallet provider Issuer Apple? Issuer
19 Mobile Payments Thales PayShield HSM s significant player across the mobile payments ecosystem International roll-out in 2015 2015 campaign to target Android market through new HCE capability in payshield and ASAP partners Our blog www.thales-esecurity.com/blogs/2014/september/apple-enables-mobile-payments
20 Keys in the cloud Thales e-security CONFIDENTIAL
21 Amazon Key Management $1 per key per month $0.03 per 10,000 operations
22 HSMs in the cloud The Key Vault service performs all cryptographic operations on HSM-protected keys inside Hardware Security Modules. The service uses Thales nshield HSMs Dan Plastina - Microsoft Our blog www.thales-esecurity.com/blogs/2015/february/trust-anchors-in-the-azure-cloud
23 Microsoft Azure Key Vault
24 Evolving cloud landscape Users (service consumers) Software Applications & content Platform OS, tools & services Infrastructure Hardware & networks
25 Evolving cloud landscape Users (service consumers) Enterprises running private clouds Enterprises with workloads in the cloud Service providers operating from the cloud Software Applications & content Platform OS, tools & services Infrastructure Hardware & networks
26 Evolving cloud landscape Users (service consumers) Enterprises running private clouds Enterprises with workloads in the cloud Service providers operating from the cloud Software Applications & content CSP CSP CSP CSP Platform OS, tools & services Infrastructure Hardware & networks Private infrastructure Public infrastructure Private infrastructure
27 Evolving cloud landscape Users (service consumers) Enterprises running private clouds Enterprises with workloads in the cloud Service providers operating from the cloud Software Applications & content CSP CSP CSP CSP Platform OS, tools & services Infrastructure Hardware & networks Private infrastructure Public infrastructure Private infrastructure
28 Evolving cloud landscape Users (service consumers) Enterprises running private clouds Enterprises with workloads in the cloud Service providers operating from the cloud Software Applications & content CSP CSP CSP CSP Platform OS, tools & services Infrastructure Hardware & networks Private infrastructure Public infrastructure Private infrastructure
29 Crypto-currency Thales e-security CONFIDENTIAL
30 Cryptocurrency We looked at every HSM on the market to find one that could support Bitcoin wallets, and none of them could do it, so we built it ourselves {using codesafe}. Thales really came through for us, and the level of enthusiasm they have for our growing industry is incredible. Micah Winkelspecht - Gem CEO and Founder Our blog www.thales-esecurity.com/blogs/2015/january/bitcoin-steps-up-to-bank-grade-security
31 Digital currency Bitcoin Wallets to store private keys Public key crypto Bitcoin mining Interface to traditional payment rails
32 Bitcoin Hacks Reports suggested the site shut down after it discovered that an estimated 744,000 bitcoins - about $350m ( 210m) - had been stolen due to a loophole in its security.
33 Bitcoin Hacks
34 What is our value proposition Private key protection Key derivation for privacy and scale Multi-signature for dual control security
35
36 IoT Touches EVERYTHING Asset tracking Consumer Smart homes & cities Energy Agriculture Automotive Security Building management National infrastructure Embedded Healthcare Mobile
37 Big Numbers Big Challenge
38 Market Potential - The Internet of Things A development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data. Oxford Dictionary
39 The IoT Has Passed an Inflection Point According to Cisco Internet Business Systems Group (IBSG), the Internet of Things was born in 2008 when more things were connected to the Internet than people. According to Gartner, By 2020, the number of smart-phones, tablets, and PCs in use will reach about 7.3 billion units. In contrast, the IoT will have about 26 billion units at that time. IDC Predicts that IoT will reach $3 Trillion by 2020.
40 Impact of those things Economic value-add by vertical in 2020 (total value-add $1.9 Trillion) Source - The Internet of Things, Worldwide Forecast (Gartner Nov 2013)
41 Problems are we trying to solve Establishing trust between distributed entities Mutual authentication of devices, processes and users Credential creation, management, provisioning, validation and revocation Validating integrity of remote systems Secure configuration Secure communications between systems and devices Network and message level encryption Message signing and validation non-repudiation Protection of data at rest and in use in command/control systems Storage, file, database and application level encryption and tokenization Multi-platform support for multiple application environments Datacenter, cloud, mobile and embedded systems (e.g. Internet of Things) Support for a wide range of scale and assurance levels
42 The Automobile the Ultimate Connected Thing While a lot of the discussions surrounding connected vehicles focus on safety and anti hacking measures, several industry strategic positions are clear: Autonomous vehicles are Job One Infotainment systems will converge with mobile phones The connected car will become a payments platform
43 There is an App for that! Unlock and Lock Doors Track status of vehicles systems Schedule automated commands Control the heater/ air conditioner Open the sunroof Gather GPS data And its an OPEN SOURCE APP! Thales e-security CONFIDENTIAL
44 What about Paying Cars? BumperPay Announces $100 Million Series A Funding High Speed P2P payments Drive Through Services Thales e-security CONFIDENTIAL
45