TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

Size: px
Start display at page:

Download "TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing"

Transcription

1 TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing IoT Week 2014, Ignacio García Wellness Telecom

2 Outline Welcome Motivation Objectives TRESCCA client platform SW framework for secure mobile cloud applications Evaluation scenarios Summary Questions TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

3 Welcome Project participants: Ignacio García, Wellness Telecom, R&D Programme Manager. Antonio Alvarez, Wellness Telecom, R&D Project Manager. TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

4 Project overview FP7 STREP (4M EUR budget, 3M EUR funding) ICT Call Trustworthy ICT Duration: 10/ / partners from 4 different countries OFFIS (DE) Telecom ParisTech (FR) TEI of Crete (GR) CoSynth (DE) Virtual Open Systems (FR) ST Microelectronics (FR) Wellness Telecom (ES) TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

5 Motivation Growing number of IoT devices connected to the cloud. Lack of trust between customer and service provider Customer does not trust providers might give away private data Providers do not trust customers might steal or compromise (copyrighted) protected data Encryption does not solve the problem Works for storage, but not for computation EDN? TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

6 General approach Secure cloud on the client side (IoT Device) Enable providers to trust their users Enable customers to keep control of their data Develop a secure cloud client platform Hardware security through memory bus encryption and Network on Chip firewalls Software security through virtualization and strong isolation Enable mixed operation of trusted and untrusted application on same hardware SW framework for migrating mobile cloud applications with fine grained security policies Virtual Machines TRESCCA Client SoC Hardware with HSM TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

7 Typical Cloud Application TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

8 Typical Cloud Security Properties Key Security Properties Confidentiallity Integrity Availability Authenticity Non Repudation Privacy TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

9 TRESCCA Security Objectives Trusted compartment. To guarantee that a HW and SW trusted compartment exists inside the light client > It shall allow to delegate sensitive computing to the light client. Robustness against software denial of service. Availability of the trusted compartment only when software attacks are considered. Attestation. To set an attestation mechanism to certificate that the trusted compartment has not been tampered with. Authentication of delegated computing tasks. Provide means to authenticate computing tasks that the cloud infrastructure or end users delegate to the client. TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing 6/17/2014 9

10 TRESCCA Security Objectives Software upgrade and boot to boot integrity. Guarantee SW upgrades should no compromise the trusted compartment. Isolation between applications. Mechanism to guarantee perfect memory isolation between VMs. Robustness against software exploits and other logical attacks. Buffer overflows. Inter VMs isolation. Memory injection and/or dump by DMA capable peripherals. TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing 6/17/

11 TRESCCA Threat Model When designing security solutions, it is important to define the adversaries. Hardware side: The adversary has a complete physical access to the light client hardware. Except the internals of the main SoC. Software side: The adversary can load and launch arbitrary applications. In order to guarantee the security objectives two types of extensions will equip the light client: One module for logical security. One module for physical security. TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing 6/17/

12 HW Security Bus encryption Most internet connected devices are nowadays based on System on Chip architectures CPU, HW accelerators and peripheral controllers integrated on one chip Biggest HW threat: external bus probing attacks! Attacking HW on chip is much more expensive Protecting external bus through integrated Hardware Security Module: Prevent tampering with the external memory bus or the memory itself Protecting against bus sniffing and injection Multicore L1 L1 L1 Core Core Core On Chip Network Connectivity PCIe USB Accelerators GPU External RAM Audio Memory Ctrl TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

13 HW Security Hardware Security Module System-on-Chip with secured memory bus SW-Stack with HSM support TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

14 SW framework for secure mobile cloud applications Classic applications are static and monolithic Designed to run on only one instance One security policy for whole application TRESCCA approach Applications consist of multiple segments with different security policies Segments may move between clients and clouds Critical segments may only migrate to trusted devices Use HSM and NoC Firewall to secure segments Concept is currently under development Many challenges: heterogeneous environments, no shared storage, attestation, VM footprints, Application Segments TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

15 Overview on Scenarios Scenarios identified: Securing transactions or authentications Smart Grids and Cloud Systems Digital Right Management Demonstration stage will be based on these scenarios. Digital Right Management Smart Grids & Cloud Systems Securing transactions or authentications TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing 6/17/

16 Evaluation Scenarios Smart Meter Gateway Transmits smart meter data to cloud for accounting Aggregation and anonymization of customer data Protection of integrity and confidentiality DRM (Video on Demand) E commerce Running a DRM service in parallel to untrusted applications on same hardware Attestation, authorization and strong isolation Protecting and limiting sharing of private data Separation of services (shopping, payment, delivery) only controlled by customer Attestation, authorization, application migration TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

17 Overview on Scenarios Digital Right Management Certificate that the different SW components are trustworthy. Effective authentication of users. Verify device authenticity (boot loader, trusted compartment OS and Services). Users may try to tamper the device. The system must be able to restrict/avoid certain operations if the device has been compromised. The system must be able to guarantee that sensible user information cannot be stolen. TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

18 Overview on Scenarios TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

19 Overview on Scenarios Securing transactions or authentications Effective autenthication. Application to data paradigm. Avoiding to hand over sensitive information. Migration from untrusted to trusted execution environments. TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

20 Overview on Scenarios Smart Grids and Cloud Systems Certificate the trustworthy of the different components. Effective authentication to meters and systems. Authentication of users. Data stored on the cloud a has not been modified by any third party. The system must be able to restrict access for certain operations according to user s profile. The system must be able to guarantee that the metrics collected are trustworthy (Avoid feeding the system with false data). TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

21 Overview on Scenarios TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

22 Overview on Scenarios Digital Right Management Smart Grids Securing Transactions UC1: Shared resources as a threat for integrity, confidentiality and availability. X X UC2: Data leakage while storing or transferring data between client and Cloud. X X X UC3: Malicious access or modification of critical information on external memory pages. X X UC4: Uncontrolled access to memory regions. X X UC5: Integrity and confidentiality of memory shared between VMs. X UC6: Integrity of boot process and software stacks. X X UC7: Protection of migrating applications. X TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

23 Summary Lack of trust limits potential of cloud applications Growing number of mobile embedded devices connected to cloud TRESCCA establishes trust by securing cloud client device Memory bus encryption protects against board level attacks NoC firewalls secure HW IP components on HW and SW level Virtualization technology combined with HW security ensures strong isolation of SW applications Running trusted and untrusted applications in parallel SW Framework for mobile and secure cloud applications Application segments move between clients and cloud depending on use case, policy and level of trust Initial prototypes and results expected at the end of 2014 TRESCCA technology can also be scaled down for smaller devices. Though for some of it there might be limits, e.g. virtualization might not be feasible or useful on small processors and microcontrollers. TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

24 Main Actual achievements Hybrid migration Initial prototype of VM migration between OpenStack and client, Virtual prototype of HSM Mem and HSM NoC TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

25 Summary Questions TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC

EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE 6 2018 PUBLIC PUBLIC 2 Key concerns with IoT.. PUBLIC 3 Why Edge Computing? CLOUD Too far away Expensive connectivity

More information

New Approaches to Connected Device Security

New Approaches to Connected Device Security New Approaches to Connected Device Security Erik Jacobson Architecture Marketing Director Arm Arm Techcon 2017 - If you connect it to the Internet, someone will try to hack it. - If what you put on the

More information

Connecting Securely to the Cloud

Connecting Securely to the Cloud Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico

More information

ARM Security Solutions and Numonyx Authenticated Flash

ARM Security Solutions and Numonyx Authenticated Flash ARM Security Solutions and Numonyx Authenticated Flash How to integrate Numonyx Authenticated Flash with ARM TrustZone* for maximum system protection Introduction Through a combination of integrated hardware

More information

INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD

INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental

More information

Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development

Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development Part1 - PSA Tech Seminars 2017 Agenda Platform Security Architecture Architecture overview Trusted Firmware-M IoT Threat

More information

Trustzone Security IP for IoT

Trustzone Security IP for IoT Trustzone Security IP for IoT Udi Maor CryptoCell-7xx product manager Systems & Software Group ARM Tech Forum Singapore July 12 th 2017 Why is getting security right for IoT so important? When our everyday

More information

Cyber security mechanisms for connected vehicles

Cyber security mechanisms for connected vehicles Infineon Security Partner Network Partner Use Case Cyber security mechanisms for connected vehicles Protecting automotive vehicle networks and business models from cyber security attacks Products AURIX

More information

Secure Sharing of an ICT Infrastructure Through Vinci

Secure Sharing of an ICT Infrastructure Through Vinci Secure Sharing of an ICT Infrastructure Through Vinci Fabrizio Baiardi 1 Daniele Sgandurra 2 1 Polo G. Marconi - La Spezia, University of Pisa, Italy 2 Department of Computer Science, University of Pisa,

More information

Security of Embedded Systems

Security of Embedded Systems Security of Embedded Systems Matthias Schunter, Intel Labs, Ahmad Sadeghi, TU Darmstadt + Teams (F. Brasser, L. Davi, P. Koeberl, S. Schulz, et. al.) 1 2015 Intel Corporation What is an Embedded System?

More information

Security in NFC Readers

Security in NFC Readers Security in Readers Public Content and security, a different kind of wireless Under the hood of based systems Enhancing the security of an architecture Secure data exchange Information security goals Cryptographic

More information

Designing Security & Trust into Connected Devices

Designing Security & Trust into Connected Devices Designing Security & Trust into Connected Devices Rob Coombs Security Marketing Director TechCon 11/10/15 Agenda Introduction Security Foundations on Cortex-M Security Foundations on Cortex-A Use cases

More information

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing Security and Privacy in Cloud Computing Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 5 03/08/2010 Securing Clouds Goal: Learn about different techniques for protecting a cloud against

More information

Security and Performance Benefits of Virtualization

Security and Performance Benefits of Virtualization Security and Performance Benefits of Virtualization Felix Baum mentor.com/embedded Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered

More information

#RSAC #RSAC Thing Thing Thing Thing Thing Thing Edge Edge Gateway Gateway Cut costs Create value Find information in data then act Maintain Things Enrol Authorized Users & Things Authentication

More information

How to protect Automotive systems with ARM Security Architecture

How to protect Automotive systems with ARM Security Architecture How to protect Automotive systems with ARM Security Architecture Thanks to this app You can manoeuvre The new Forpel Using your smartphone! Too bad it s Not my car Successful products will be attacked

More information

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July 2017 -- IETF 99 th, Prague 2 What do we mean by security? Communication Security Aims

More information

SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS

SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS Christoph Krauß, christoph.krauss@aisec.fraunhofer.de Dagstuhl Seminar 11441: Science and Engineering of CPS, November 2011 Overview Introduction Securing

More information

Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability

Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability Communications and Embedded Systems Department Southwest Research Institute Gary Ragsdale, Ph.D., P.E. August 24 25,

More information

Certifying Program Execution with Secure Processors. Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology

Certifying Program Execution with Secure Processors. Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology Certifying Program Execution with Secure Processors Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology Motivation All PCs may soon include trusted computing

More information

Real-time Communications Security and SDN

Real-time Communications Security and SDN Real-time Communications Security and SDN 2016 [Type here] Securing the new generation of communications applications, those delivering real-time services including voice, video and Instant Messaging,

More information

Trustworthy ICT. FP7-ICT Objective 1.5 WP 2013

Trustworthy ICT. FP7-ICT Objective 1.5 WP 2013 Trustworthy ICT FP7-ICT-2013-10 Objective 1.5 WP 2013 1 General Overview Focused in a limited number of technologies in emerging application of high economic impact in the security area, Cloud Computing

More information

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1. Securing the Smart Grid Understanding the BIG Picture The Power Grid The electric power system is the most capital-intensive infrastructure in North America. The system is undergoing tremendous change

More information

Hypervisor Security First Published On: Last Updated On:

Hypervisor Security First Published On: Last Updated On: First Published On: 02-22-2017 Last Updated On: 05-03-2018 1 Table of Contents 1. Secure Design 1.1.Secure Design 1.2.Security Development Lifecycle 1.3.ESXi and Trusted Platform Module 2.0 (TPM) FAQ 2.

More information

Towards Trustworthy Internet of Things for Mission-Critical Applications. Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things

Towards Trustworthy Internet of Things for Mission-Critical Applications. Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things Towards Trustworthy Internet of Things for Mission-Critical Applications Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things Internet of Things is a game changer Organizations are benefiting from

More information

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have

More information

Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices

Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices Dr. Johann Heyszl, Head of Hardware Security Department Fraunhofer-Institute for Applied and Integrated Security

More information

Survey of Cyber Moving Targets. Presented By Sharani Sankaran

Survey of Cyber Moving Targets. Presented By Sharani Sankaran Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of

More information

SECURITY FOR CONNECTED OBJECTS. Alain MERLE CEA-LETI

SECURITY FOR CONNECTED OBJECTS. Alain MERLE CEA-LETI SECURITY FOR CONNECTED OBJECTS Alain MERLE CEA-LETI Alain.merle@cea.fr Source: CISCO, AT&T IOT: SOME FIGURES Cisco predicts 50B of connected object by 2020 X-as-a-service a breakthrough for carrier s business

More information

IDACCS Wireless Integrity protection in a smart grid environment for wireless access of smart meters

IDACCS Wireless Integrity protection in a smart grid environment for wireless access of smart meters IDACCS Wireless 2014 Integrity protection in a smart grid environment for wireless access of smart meters Prof- Dr.-Ing. Kai-Oliver Detken DECOIT GmbH Fahrenheitstraße 9 D-28359 Bremen URL: http://www.decoit.de

More information

Designing Security & Trust into Connected Devices

Designing Security & Trust into Connected Devices Designing Security & Trust into Connected Devices Eric Wang Sr. Technical Marketing Manager Tech Symposia China 2015 November 2015 Agenda Introduction Security Foundations on ARM Cortex -M Security Foundations

More information

SECURITY MODELS FOR APPLICATION PROTECTION AND AGAINST REVERSE ENGINEERING

SECURITY MODELS FOR APPLICATION PROTECTION AND AGAINST REVERSE ENGINEERING SECURITY MODELS FOR APPLICATION PROTECTION AND AGAINST REVERSE ENGINEERING SECURITY @ KONTRON PETER MÜLLER, DIRECTOR PRODUCTLINE BOARDS & MODULES TELEREX OCTOBER, 2017 AGENDA 01 02 03 04 TECHNOLOGICAL

More information

INTERNET OF THINGS KONTRON

INTERNET OF THINGS KONTRON INTERNET OF THINGS SECURITY @ KONTRON EMBEDDED COMPUTING CONFERENCE 2017 ECC WINTERTHUR SEPTEMBER 5 TH, 2017 AGENDA 01 INTRODUCTION 02 SECURITY LAYERS 03 KONTRON & S&T // 2 WHAT IS IN IT FOR YOU THROUGH

More information

Why Security Fails in Federated Systems

Why Security Fails in Federated Systems Why Security Fails in Federated Systems Dr. Clifford Neuman, Director USC Center for Computer Systems Security Information Sciences Institute University of Southern California CSSE Research Review University

More information

Scalable Architectural Support for Trusted Software

Scalable Architectural Support for Trusted Software Scalable Architectural Support for Trusted Software David Champagne and Ruby B. Lee Princeton University Secure Processor Design 11/02/2017 Dimitrios Skarlatos Motivation Apps handle sensitive/secret information

More information

Windows IoT Security. Jackie Chang Sr. Program Manager

Windows IoT Security. Jackie Chang Sr. Program Manager Windows IoT Security Jackie Chang Sr. Program Manager Rest Physical access to a device will not give access to data Data & Control Execution Data owner has full control over data processing Motion Transport

More information

IoT It s All About Security

IoT It s All About Security IoT It s All About Security Colin Walls colin_walls@mentor.com Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered trademark of Linus Torvalds

More information

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control SESSION ID: CDS-T11 Sheung-Chi NG Senior Security Consulting Manager, APAC SafeNet, Inc. Cloud and Virtualization Are Change the

More information

Securing Cloud Computing

Securing Cloud Computing Securing Cloud Computing NLIT Summit, May 2018 PRESENTED BY Jeffrey E. Forster jeforst@sandia.gov Lucille Forster lforste@sandia.gov Sandia National Laboratories is a multimission laboratory managed and

More information

Vidder PrecisionAccess

Vidder PrecisionAccess Vidder PrecisionAccess Transparent Multi-Factor Authentication June 2015 910 E HAMILTON AVENUE. SUITE 430. CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview...

More information

Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop

Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop Part2 Security Enclaves Tech Seminars 2017 Agenda New security technology for IoT Security Enclaves CryptoIsland

More information

Lecture Embedded System Security Introduction to Trusted Computing

Lecture Embedded System Security Introduction to Trusted Computing 1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2015 Roadmap: Trusted Computing Motivation Notion of trust

More information

A Developer's Guide to Security on Cortex-M based MCUs

A Developer's Guide to Security on Cortex-M based MCUs A Developer's Guide to Security on Cortex-M based MCUs 2018 Arm Limited Nazir S Arm Tech Symposia India Agenda Why do we need security? Types of attacks and security assessments Introduction to TrustZone

More information

Secure automotive on-board networks

Secure automotive on-board networks Secure automotive on-board networks Basis for secure vehicle-to-x communication Dr.-Ing. Olaf Henniger Fraunhofer SIT / Darmstadt 2 December 2010 Presentation overview EVITA project overview Security challenges

More information

Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge

Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge Key Threats Internet was just growing Mail was on the verge Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering Key Threats Code Red and Nimda (2001), Blaster (2003), Slammer

More information

Lecture Embedded System Security Introduction to Trusted Computing

Lecture Embedded System Security Introduction to Trusted Computing 1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2012 Roadmap: Trusted Computing Motivation Notion of trust

More information

Resilient IoT Security: The end of flat security models

Resilient IoT Security: The end of flat security models Resilient IoT Security: The end of flat security models Xiao Sun Senior Application Engineer ARM Tech Symposia China 2015 November 2015 Evolution from M2M to IoT M2M Silos of Things Standards Security

More information

Scalable Security solutions to enable Cyber Security and to manage Digital Identities

Scalable Security solutions to enable Cyber Security and to manage Digital Identities Scalable Security solutions to enable Cyber Security and to manage Digital Identities It s all about managing identities GIC@CeBIT 2017 International Cyber Security Conference Axel Deininger 20.03.2017

More information

Designing Security & Trust into Connected Devices

Designing Security & Trust into Connected Devices Designing Security & Trust into Connected Devices Eric Wang Senior Technical Marketing Manager Shenzhen / ARM Tech Forum / The Ritz-Carlton June 14, 2016 Agenda Introduction Security Foundations on Cortex-A

More information

Building a chain of trust from the device to the cloud Christian Kuhn, Senior Director, Business Development DNAC - 16 November 2017

Building a chain of trust from the device to the cloud Christian Kuhn, Senior Director, Business Development DNAC - 16 November 2017 Building a chain of trust from the device to the cloud Christian Kuhn, Senior Director, Business Development DNAC - 16 November 2017 Trust is vital and it s what we provide enabling our clients to deliver

More information

Securing Cloud Applications with a Distributed Web Application Firewall Riverbed Technology

Securing Cloud Applications with a Distributed Web Application Firewall Riverbed Technology Securing Cloud Applications with a Distributed Web Application Firewall www.riverbed.com 2013 Riverbed Technology Primary Target of Attack Shifting from Networks and Infrastructure to Applications NETWORKS

More information

Live Demo: A New Hardware- Based Approach to Secure the Internet of Things

Live Demo: A New Hardware- Based Approach to Secure the Internet of Things SESSION ID: CCS-W04 Live Demo: A New Hardware- Based Approach to Secure the Internet of Things Cesare Garlati Chief Security Strategist prpl Foundation @CesareGarlati Securing the Internet of (broken)

More information

M2M / IoT Security. Eurotech`s Everyware IoT Security Elements Overview. Robert Andres

M2M / IoT Security. Eurotech`s Everyware IoT Security Elements Overview. Robert Andres M2M / IoT Security Eurotech`s Everyware IoT Security Elements Overview Robert Andres 23. September 2015 The Eurotech IoT Approach : E2E Overview Application Layer Analytics Mining Enterprise Applications

More information

Introduction to Device Trust Architecture

Introduction to Device Trust Architecture Introduction to Device Trust Architecture July 2018 www.globalplatform.org 2018 GlobalPlatform, Inc. THE TECHNOLOGY The Device Trust Architecture is a security framework which shows how GlobalPlatform

More information

The Open Application Platform for Secure Elements.

The Open Application Platform for Secure Elements. The Open Application Platform for Secure Elements. Java Card enables secure elements, such as smart cards and other tamper-resistant security chips, to host applications, called applets, which employ Java

More information

Cyber Moving Targets. Yashar Dehkan Asl

Cyber Moving Targets. Yashar Dehkan Asl Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target techniques, their threat models, and their technical details. Cyber moving target technique: Defend a system

More information

Privacy and Security in Smart Grids

Privacy and Security in Smart Grids Faculty of Computer Science, Institute of Systems Architecture, Chair for Privacy and Data Security Privacy and Security in Smart Grids The German Approach Sebastian Clauß, Stefan Köpsell Dresden, 19.10.2012

More information

Trusted Computing Group

Trusted Computing Group Trusted Computing Group Backgrounder May 2003 Copyright 2003 Trusted Computing Group (www.trustedcomputinggroup.org.) All Rights Reserved Trusted Computing Group Enabling the Industry to Make Computing

More information

Trojan-tolerant Hardware & Supply Chain Security in Practice

Trojan-tolerant Hardware & Supply Chain Security in Practice Trojan-tolerant Hardware & Supply Chain Security in Practice Who we are Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge George Danezis Professor, UCL Petr Svenda CTO, Enigma Bridge

More information

Creating a Practical Security Architecture Based on sel4

Creating a Practical Security Architecture Based on sel4 Creating a Practical Security Architecture Based on sel4 Xinming (Simon) Ou University of South Florida (many slides borrowed/adapted from my student Daniel Wang) 1 Questions for sel4 Community Is there

More information

SGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut

SGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut SGX Security Background Masab Ahmad masab.ahmad@uconn.edu Department of Electrical and Computer Engineering University of Connecticut 1 Security Background Outline Cryptographic Primitives Cryptographic

More information

Secure Technology Alliance Response: NIST IoT Security and Privacy Risk Considerations Questions

Secure Technology Alliance Response: NIST IoT Security and Privacy Risk Considerations Questions Secure Technology Alliance Response: NIST IoT Security and Privacy Risk Considerations Questions April 26, 2018 The Secure Technology Alliance IoT Security Council is pleased to submit our response to

More information

CIS 4360 Secure Computer Systems SGX

CIS 4360 Secure Computer Systems SGX CIS 4360 Secure Computer Systems SGX Professor Qiang Zeng Spring 2017 Some slides are stolen from Intel docs Previous Class UEFI Secure Boot Windows s Trusted Boot Intel s Trusted Boot CIS 4360 Secure

More information

REM: Resource Efficient Mining for Blockchains

REM: Resource Efficient Mining for Blockchains REM: Resource Efficient Mining for Blockchains Fan Zhang, Ittay Eyal, Robert Escriva, Ari Juels, Robbert van Renesse Vancouver, Canada 13 September 2017 USENIX Security 2017 1 The Cryptocurrency Vision

More information

Bromium: Virtualization-Based Security

Bromium: Virtualization-Based Security Bromium: Virtualization-Based Security TAG-Cyber Briefing Presented by Simon Crosby CTO, Co-Founder of Bromium Bromium 2016 2 Bromium 2016 3 Real-time Detection & Analysis Malware manifest Bromium 2016

More information

Cisco Secure Boot and Trust Anchor Module Differentiation

Cisco Secure Boot and Trust Anchor Module Differentiation Solution Overview Cisco Secure Boot and Trust Anchor Module Differentiation Cisco Trust Anchor Technologies provide the foundation for Cisco Trustworthy Systems. Cisco Secure Boot helps ensure that the

More information

Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel

Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel Steve Pancoast Vice President, Engineering Secure Thingz Inc Rajeev Gulati Vice President and CTO Data IO Corporation 1

More information

Trusted Virtual Domains: Towards Trustworthy Distributed Services. Ahmad-Reza Sadeghi System Security Lab Ruhr-Universität Bochum

Trusted Virtual Domains: Towards Trustworthy Distributed Services. Ahmad-Reza Sadeghi System Security Lab Ruhr-Universität Bochum Trusted Virtual Domains: Towards Trustworthy Distributed Services Ahmad-Reza Sadeghi System Security Lab Ruhr-Universität Bochum The Main Motivation Trustworthy Distributed Computing Selected Applications..

More information

DELIVERING TRUSTED CLOUDS How Intel and Red Hat integrated solutions for secure cloud computing

DELIVERING TRUSTED CLOUDS How Intel and Red Hat integrated solutions for secure cloud computing DELIVERING TRUSTED CLOUDS How Intel and Red Hat integrated solutions for secure cloud computing Steve Orrin - Federal Chief Technologist, Intel Steve Forage - Senior Director, Cloud Solutions, Red Hat

More information

Thomas Lin, Naif Tarafdar, Byungchul Park, Paul Chow, and Alberto Leon-Garcia

Thomas Lin, Naif Tarafdar, Byungchul Park, Paul Chow, and Alberto Leon-Garcia Thomas Lin, Naif Tarafdar, Byungchul Park, Paul Chow, and Alberto Leon-Garcia The Edward S. Rogers Sr. Department of Electrical and Computer Engineering University of Toronto, ON, Canada Motivation: IoT

More information

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2007

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2007 Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing Hermann Härtig Technische Universität Dresden Summer Semester 2007 Goals Understand: authenticated booting the difference

More information

IoT Security for Critical Information Infrastructures. Andrey Tikhonov

IoT Security for Critical Information Infrastructures. Andrey Tikhonov IoT Security for Critical Information Infrastructures Andrey Tikhonov Impact 2 THE SCALE OF EVENTS Weapons of Mass Destruction Extreme weather events Natural Disasters Cyber Attacks Climate Change Likelihood

More information

MASP Chapter on Safety and Security

MASP Chapter on Safety and Security MASP Chapter on Safety and Security Daniel Watzenig Graz, Austria https://artemis.eu MASP Chapter on Safety & Security Daniel Watzenig daniel.watzenig@v2c2.at Francois Tuot francois.tuot@gemalto.com Antonio

More information

Telit Intelligent Modules Harness the Power of Intel Atom x3 Processors

Telit Intelligent Modules Harness the Power of Intel Atom x3 Processors Telit Intelligent Modules Harness the Power of Intel Atom x3 Processors To provide IoT developers with unrivaled choice, flexibility & performance. TELIT WHITEPAPER INTRODUCTION As developers work on creating

More information

Smart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017

Smart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017 Smart Antennas and : Enabling Secure Convergence July 5, 2017 About OpenSynergy OpenSynergy develops software solutions for embedded automotive systems. OpenSynergy s product portfolio includes key software

More information

Trusted Platform Modules Automotive applications and differentiation from HSM

Trusted Platform Modules Automotive applications and differentiation from HSM Trusted Platform Modules Automotive applications and differentiation from HSM Cyber Security Symposium 2017, Stuttgart Martin Brunner, Infineon Technologies Axiom: Whatever is connected can (and will)

More information

SEGRID storyline. Workshop SEGRID November 14 th, 2016, Barcelona, Spain

SEGRID storyline. Workshop SEGRID November 14 th, 2016, Barcelona, Spain Workshop SEGRID November 14 th, 2016, Barcelona, Spain SEGRID storyline This project has received funding from the European Union s Seventh Framework Programme for research, technological development and

More information

Windows 10 IoT Core Azure Connectivity and Security

Windows 10 IoT Core Azure Connectivity and Security Windows 10 IoT Core Azure Connectivity and Security Published July 27, 2016 Version 1.0 Table of Contents Introduction... 2 Device identities... 2 Building security into the platform... 3 Security as a

More information

Provisioning secure Identity for Microcontroller based IoT Devices

Provisioning secure Identity for Microcontroller based IoT Devices Provisioning secure Identity for Microcontroller based IoT Devices Mark Schaeffer, Sr. Product Marketing Manager, Security Solutions Synergy IoT Platform Business Division, Renesas Electronics, Inc. May

More information

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017 PENETRATION TESTING OF AUTOMOTIVE DEVICES Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017 Imagine your dream car 2 Image: 2017 ESCRYPT. Exemplary attack demonstration only. This is NOT

More information

SGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees

SGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 3b SGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees Slide deck extracted from Kamran s tutorial on SGX and Chenglu s security analysis

More information

OCTOBER 2016 TELIT WHITE PAPER

OCTOBER 2016 TELIT WHITE PAPER OCTOBER 2016 TELIT WHITE PAPER TELIT INTELLIGENT MODULES HARNESS THE POWER OF INTEL ATOM TM x3 PROCESSORS TO PROVIDE IoT DEVELOPERS WITH UNRIVALLED CHOICE, FLEXIBILITY & PERFORMANCE. CONTENTS INTRODUCTION

More information

Operating System Security

Operating System Security Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.

More information

JAVA IEEE TRANSACTION ON CLOUD COMPUTING. 1. ITJCC01 Nebula: Distributed Edge Cloud for Data Intensive Computing

JAVA IEEE TRANSACTION ON CLOUD COMPUTING. 1. ITJCC01 Nebula: Distributed Edge Cloud for Data Intensive Computing JAVA IEEE TRANSACTION ON CLOUD COMPUTING 1. ITJCC01 Nebula: Distributed Edge Cloud for Data Intensive Computing 2. ITJCC02 A semi-automatic and trustworthy scheme for continuous cloud service certification

More information

Sanctum: Minimal HW Extensions for Strong SW Isolation

Sanctum: Minimal HW Extensions for Strong SW Isolation CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 7a Sanctum: Minimal HW Extensions for Strong SW Isolation Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen Department of Electrical &

More information

Beyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited

Beyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited Beyond TrustZone PSA Rob Coombs Security Director Part1 - PSA Tech Seminars 2017 Agenda Platform Security Architecture Architecture overview Trusted Firmware-M IoT Threat models & security analyses Summary

More information

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing 30/05/11 Goals Understand principles of: Authenticated booting The difference to (closed) secure

More information

Enabling FPGAs in Hyperscale Data Centers

Enabling FPGAs in Hyperscale Data Centers J. Weerasinghe; IEEE CBDCom 215, Beijing; 13 th August 215 Enabling s in Hyperscale Data Centers J. Weerasinghe 1, F. Abel 1, C. Hagleitner 1, A. Herkersdorf 2 1 IBM Research Zurich Laboratory 2 Technical

More information

THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS

THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS By Bill Graham and Michael Weinstein WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Driven by the convergence of cloud technology, rapidly

More information

Securing the Frisbee Multicast Disk Loader

Securing the Frisbee Multicast Disk Loader Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah 1 What is Frisbee? 2 Frisbee is Emulab s tool to install whole disk images from a server to many clients using

More information

Intel Software Guard Extensions

Intel Software Guard Extensions Intel Software Guard Extensions Dr. Matthias Hahn, Intel Deutschland GmbH July 12 th 2017 cryptovision Mindshare, Gelsenkirchen Intel SGX Making Headlines Premium Content requiring Intel SGX on PC Intel

More information

Intel s s Security Vision for Xen

Intel s s Security Vision for Xen Intel s s Security Vision for Xen Carlos Rozas Intel Corporation Xen Summit April 7-8, 7 2005 INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. EXCEPT AS PROVIDED IN INTEL'S TERMS

More information

CHALLENGES GOVERNANCE INTEGRATION SECURITY

CHALLENGES GOVERNANCE INTEGRATION SECURITY CLOUD SERVICES The adoption and migration to the cloud is rooted in the need for speed and flexibility in creating and managing services. These benefits are often impacted by the difficulty of enterprises

More information

Smart Attacks require Smart Defence Moving Target Defence

Smart Attacks require Smart Defence Moving Target Defence Smart Attacks require Smart Defence Moving Target Defence Prof. Dr. Gabi Dreo Rodosek Executive Director of the Research Institute CODE 1 Virtual, Connected, Smart World Real World Billions of connected

More information

HW isolation for automotive environment BoF

HW isolation for automotive environment BoF HW isolation for automotive environment BoF Michele Paolino m.paolino@virtualopensystems.com AGL All Member Meeting 2016, 2016-09-07, Munich, Germany http://www.tapps-project.eu/ Authorship and sponsorship

More information

The Next Steps in the Evolution of Embedded Processors

The Next Steps in the Evolution of Embedded Processors The Next Steps in the Evolution of Embedded Processors Terry Kim Staff FAE, ARM Korea ARM Tech Forum Singapore July 12 th 2017 Cortex-M Processors Serving Connected Applications Energy grid Automotive

More information

T-Systems. Secure Software Download

T-Systems. Secure Software Download T-Systems. Secure Software Download A Maintenance Process? 26.09.2007, Page 1 Reasons for Download Business chances / Critical questions Bug Fixes A software update for a security system is cheaper and

More information

ARM European Technical Symposium The security challenges that IoT and Mobile Computing Devices are facing. Pierre Garnier, COO

ARM European Technical Symposium The security challenges that IoT and Mobile Computing Devices are facing. Pierre Garnier, COO ARM European Technical Symposium The security challenges that IoT and Mobile Computing Devices are facing Pierre Garnier, COO 1 INVESTORS INSIDE Secure PRESENTATION ARM European Technical SEPTEMBER Symposium

More information

UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)

UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update) UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update) Koji NAKAO, NICT, Japan (Expert of UNECE WP29/TFCS) General Flow of works in WP29/TFCS and OTA Data protection

More information

A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud Data

A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud Data An Efficient Privacy-Preserving Ranked Keyword Search Method Cloud data owners prefer to outsource documents in an encrypted form for the purpose of privacy preserving. Therefore it is essential to develop

More information