IEEE-SA Internet of Things - Security & Standards Srikanth Chandrasekaran IEEE Standards Association MOBILE WORLD CONGRESS, SHANGHAI JUNE 2018
What does the IEEE Standards Association (IEEE-SA) do? Vision: To be a world-class standards-development organization Mission: To provide a high-quality, market-relevant standardization environment, respected worldwide 1200 + ACTIVE STANDARDS 650 + STANDARDS UNDER DEVELOPMENT IEEE standards span a broad spectrum of technologies, such as Aerospace Electronics Broadband Over Power Lines Broadcast Technology Clean Technology Cognitive Radio Design Automation Electromagnetic Compatibility Green Technology Ethernet/WLAN Medical Device Communications Nanotechnology Organic Components Portable Battery Technology Power Electronics Power & Energy Radiation/Nuclear Reliability Transportation Technology IEEE-SA Programs: Pre-Standards, Standards, Conformity Assessment
3
Where does the input come from?* Consumer equipment providers Hospitals & Doctors Consumers Healthcare Insurance companies ICT infrastructure providers Regulators Media Home & Building Appliances providers Facility management Logistics companies Logistics Shared Concerns Retail Retail stores Public transport companies City authorities Mobility/ Transportation Manufacturing Energy Application developers Utilities Manufacturing industries Automation equipment providers *due to the diversity of IoT application areas only selected domains and stakeholders are shown 4
42% 58% Security Features Not Security Features SECURITY FROM HARDWARE IOT PERSPECTIVE 5
Soon, the Internet of Things Will Expand the Security Need to Almost Everything We Do *Rod Beckstrom, CEO and President of ICANN, former Director of the National Cyber Security Center Source: Secure Connections for Smart Cars, Kurt Sievers NXP March2014 6
Levels of Security Concerns - Impact of Software! Malicious Logic & Embedded Software Inside Chip (Trojan Detection) Counterfeit Chips (Supply-Chain Security) Side-Channel Attacks (On-Chip Countermeasures) Over-produced, re-marked, cloned, recycled or otherwise unauthorized ICs Motivated by Profit Dynamic Detection Insertion of logic to analyze runtime activity Use of hardened IP or altered design to resist attack Simulation of attacks to identify weaknesses 7
Complexity of Security Verification! VERIFICATION EMERGING TRADITIONAL NEW ROLE Verifying that a chip does nothing what it it is is NOT SUPPOSED supposed to to do do 8
Sensor & Wireless Technologies: Always Connected World SECURITY NEED FOR VERTICAL & HORIZONTAL STANDARDS! 9
Security in Healthcare & Wearables ISO/IEEE 11073 series Health Informatics - Medical / Health Device Communication Standards IEEE 2410-2015 - IEEE Standard for Biometric Open Protocol IEEE 11073 PHD Cybersecurity (Pre-Standards Activity) 10
Security in Smart Grids IEEE 1686 Standard for Substation IED Cybersecurity Capabilities IEEE C37.240 Standard for Cyber Security Requirements for Substation Automation, Protection and Control Systems IEEE 1711 Cryptographic Protocol for Cyber Security of Substation Serial Links IEEE P1711.2 Standard for Secure SCADA Communications Protocol (SSCP_ IEEE 1402 Standard for Physical Security of Electric Power Substations IEEE 2658 Guide for Cybersecurity Testing in Electric Power Systems Find more smart grid standards and projects at http://smartgrid.ieee.org/standards 11
Blockchain, an IoT Security Protocol Build trust, accelerate transactions, maintain regulatory compliance. Track billions of devices Enable process of transactions and coordination between devices Decentralization eliminates single points of failure Cryptographic algorithms would make patient data more private The ledger is tamper-proof and cannot be altered by hackers as it does not exist in any one location Maintain a duly decentralized, trusted ledger of all transactions occurring in a network. This capability is essential to enable the many compliance and regulatory requirements IEEE P2418.1 Standard for the Framework of Blockchain Use in IoT IEEE P2418.3 Standard for the Framework of Distributed Ledger Technology (DLT) Use in Agriculture IEEE P2418.4 Standard for the Framework of Distributed Ledger Technology (DLT) Use in Connected and Autonomous Vehicles 12
Digital Citizen, Internet of Things Ubiquitous Connectivity Mobile Communication Device Wearable Electronics Medical Devices 13
Privacy and Security of Wearables IEEE P2721 Standard for Wireless Health Device Security Assurance Security assurance mandatory and optional requirements for wireless healthcare devices balancing needs for security and clinical application. Assurance and certification against requirements http://standards.ieee.org/develop/project/2721.html IEEE P7002 Data Privacy Process requirements for a systems/software engineering process for privacy oriented considerations regarding products, services, and systems utilizing employee, customer or other external user's personal data. http://standards.ieee.org/develop/project/7002.html IEEE P2413 Standard for an Architectural Framework for the Internet of Things (IoT) Includes quadruple trust (protection, security, privacy, and safety) as a key component of IoT. http://standards.ieee.org/develop/project/2413.html IEEE P2418 Standard for the Framework of Blockchain Use in Internet of Things (IoT) scalability, security and privacy challenges with regard to blockchain in IoT e.g. tokens, smart contracts, transactions. http://standards.ieee.org/develop/project/2418.html IC17-013 11073 PHD Cybersecurity build common ground about cybersecurity in the Personal Health Device community and create an "information security toolbox http://standards.ieee.org/about/sasb/iccom/ic17-013-01_phd_cybersecurity.pdf 14
Driving Horizontal Security Frameworks IEEE P802E Recommended Practice for Privacy Considerations for IEEE 802 Technologies IEEE 1451 Standard for a Smart Transducer Interface for Sensors, Actuators, Devices, and Systems - Common Functions, Communication Protocols, and Transducer Electronic Data Sheet (TEDS) Formats IEEE P2413: Architectural Framework for IoT Working group focusing on Quadruple Trust: Identity, Privacy, Security and Safety IEEE P1619 Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices IEEE P1912 Standard for Privacy and Security Architecture for Consumer Wireless Devices IEEE P2025.2 Standard for Consumer Drones: Privacy and Security 15
16 Close Engagement with Industry In both Individual and Corporate Programs Influence technology development Incubate new technologies, standards and related services in a rapidly changing environment Shape the direction of technology and its market place applications Drive the development of corporate standards Gain advanced knowledge by engaging in corporate standards projects Network with global thought leaders Participate in an engaging environment of technical experts
Thank You! 17