ARM European Technical Symposium The security challenges that IoT and Mobile Computing Devices are facing. Pierre Garnier, COO

Transcription

1 ARM European Technical Symposium The security challenges that IoT and Mobile Computing Devices are facing Pierre Garnier, COO 1 INVESTORS INSIDE Secure PRESENTATION ARM European Technical SEPTEMBER Symposium 2012 December 4, 2014

2 Jennifer Lawrence truly believes Smartphone should be more secure 2 INVESTORS INSIDE Secure PRESENTATION ARM European Technical SEPTEMBER Symposium 2012 December 4, 2014

3 3 INVESTORS INSIDE Secure PRESENTATION ARM European Technical SEPTEMBER Symposium 2012 December 4, 2014 The «9/11» of the Smartphone is coming

4 The security challenges that IoT and Mobile Computing Devices are facing Who is INSIDE Secure? Security within a hyper-connected world? Security world is changing! Security at the Heart of the System Security Solutions for Mobile, IoT and Anti-Counterfeiting 4 INVESTORS INSIDE Secure PRESENTATION ARM European Technical SEPTEMBER Symposium 2012 December 4, 2014

5 A World Leader in Embedded Security for Mobile and Connected Devices $154.6M revenue in 2013, generated through the sale / licensing of secure microcontrollers (HW), HW IP and software An IPR portfolio of circa 700 patents Revenue CAGR : +25.5% Serving more than 100 blue chip customers on growing and diversified end-markets INSIDE Secure are shipping in over 300m devices per year 340 employees with European & U.S. development centers Supportive reference shareholders: Bpifrance (7.1%) and GIMV (12.5%) 5 INVESTORS INSIDE Secure PRESENTATION ARM European Technical SEPTEMBER Symposium 2012 December 4, 2014

6 From Mobile Computing to the IoT world Billions of connected devices, enabling multiple day-to-day applications and services, managing many private information need to be Trusted 6 INVESTORS INSIDE Secure PRESENTATION ARM European Technical SEPTEMBER Symposium 2012 December 4, 2014

7 Add-On Security Methods Have Failed Target Hit by Credit-Card Breach Customers Info May Have Been Stolen Over Black Friday Weekend Home Depot s Suspected Breach Looks Just Like the Target Hack The Wall Street Journal December 19, 2013 Bloomberg BusinessWeek September 02, 2014 DATA BREACHES IDENTITIES EXPOSED 93M The total number of breaches in 2013 was 62% greater than in IDENTITIES EXPOSED 552M DATA BREACHES 253 One month after Heartbleed first hit the headlines, 300,000 of the 600,000 servers originally affected remain vulnerable. white-hat' hacker Rob Graham 1 Symantec 2014 Internet Security Threat Report 7 INVESTORS INSIDE Secure PRESENTATION ARM European Technical SEPTEMBER Symposium 2012 December 4, 2014

8 8 INVESTORS INSIDE Secure PRESENTATION ARM European Technical SEPTEMBER Symposium 2012 December 4, 2014 Malware on the move

9 Smartphone Multiple Risks Source: Sophos 9 INVESTORS INSIDE Secure PRESENTATION ARM European Technical SEPTEMBER Symposium 2012 December 4, 2014

10 The World of Security is changing From a world where any non-secure device/object was becoming (as a sudden) secure when connected to a smart card to a world of Embedded security Security need to the tightly embedded at the heart of any system, at the heart of the main processor of the device (e.g. Smartphone, IoT Device, etc) Security Architectures and Certification Schemes need to be re-invented. 10 INVESTORS INSIDE Secure PRESENTATION ARM European Technical SEPTEMBER Symposium 2012 December 4, 2014

11 Security Levels to be adapted to the needs RichOS Apps RichOS TEE SE RichOS Apps are considered as lowest level of security The RichOS provide some security mechanisms for applications Protection again badly behaved applications The RichOS also protects itself with some SW mechanisms Protection against software attacks, basic attacks from the internet TEE leverages some hardware re-enforced protections provided by the host processors Efficient protection against software attacks, Trojan, Root kits Medium attacks from the device user But there is a need for security against Hardware attack Protection against hardware attacks on stolen devices Protect users and services providers credentials (secrete keys, certificates, Ids) Protection against User attacks Protect service providers assets 11 INVESTORS INSIDE Secure PRESENTATION ARM European Technical SEPTEMBER Symposium 2012 December 4, 2014

12 Security at the Heart of the System Cloud Services Peer Device Strong User Authentication Strong Execution Environment Strong Cloud/Peer Auth./Communication EMBEDDED SECURE ELEMENT JAVACARD OS APPLETS CRYPTO-CELLS PACKET ENGINES RNGS SAFEZONE SECURITY TOOLKITS DATA ENCRYPTION EMBEDDED DRM EMBEDDED VPN DRM CLIENT VPN CLIENT MATRIX SSL PAYMENT SECURE TAMPER PROOF CHIPS SECURE IPs for COMPONENTS APPLICATION PROCESSOR PLATFORM OS (Android, ios, etc) APPLICATIONS END-to-END Provided by INSIDE Secure 12 INVESTORS INSIDE Secure PRESENTATION ARM European Technical SEPTEMBER Symposium 2012 December 4, 2014

13 Key Drivers and Solutions for Mobile Security 1 Mobile Payment 2 Entertainment Content Protection 3 Enterprise «BYOD*» Secure Element Galaxy S4, S5 HCE Metaforic immunization software Ready for NFC adoption in any scenario with Visa and MasterCard certified solutions INSIDE Secure DRM solution in use by about 50 customers High value added services installed in about 200 handset models for 40 clients * Bring Your Own Device 13 INVESTORS INSIDE Secure PRESENTATION ARM European Technical SEPTEMBER Symposium 2012 December 4, 2014

14 Secure Internet of Things : When toasters, cars, thermostats and fridges attack Recent news that a botnet army which sent 750,000 spam s included some refrigerators discovery of a Linux worm that can infect security cameras GIGAOM January 2014 security controller secure middleware SSL internet secure platform on a chip IPSec secure SSL Toolkits 14 INVESTORS INSIDE Secure PRESENTATION ARM European Technical SEPTEMBER Symposium 2012 December 4, 2014

15 Anti-Counterfeiting and Brand Protection: every object has an identity Secure Database and Personalization Services Trusted VaultNFC Apps VPN Secure NFC Tags TEE Secure Communications with VPN 15 INVESTORS INSIDE Secure PRESENTATION ARM European Technical SEPTEMBER Symposium 2012 December 4, 2014

16 Take aways The World of Security is changing from Connected security to Embedded security Security needs to be integrated at the heart of your system There are architectural and certification challenges ahead! All Security is a living process: Choose your solution carefully Choose your partners even more so INSIDE Secure designs, develops and sells embedded security systems for smartphones, tablets, and other devices connected to the Internet, in order to protect transactions, content, and communications. 16 INVESTORS INSIDE Secure PRESENTATION ARM European Technical SEPTEMBER Symposium 2012 December 4, 2014

17 Thanks! Pierre Garnier 17 INVESTORS INSIDE Secure PRESENTATION ARM European Technical SEPTEMBER Symposium 2012 December 4, 2014