IoT Security Platform

Similar documents
IoT Security for Critical Information Infrastructures. Andrey Tikhonov

How to protect Automotive systems with ARM Security Architecture

Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop

Introduction to Device Trust Architecture

CSI: VIDEO SURVEILLANCE CONVERTING THE JUGGERNAUT

Windows IoT Security. Jackie Chang Sr. Program Manager

Trustzone Security IP for IoT

Designing Security & Trust into Connected Devices

Designing Security & Trust into Connected Devices

Designing Security & Trust into Connected Devices

Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge

M2M / IoT Security. Eurotech`s Everyware IoT Security Elements Overview. Robert Andres

Strong Security Elements for IoT Manufacturing

A Developer's Guide to Security on Cortex-M based MCUs

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague

Trusted Computing Today: Benefits and Solutions

MASP Chapter on Safety and Security

Identity and Authentication PKI Portfolio

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

ARM European Technical Symposium The security challenges that IoT and Mobile Computing Devices are facing. Pierre Garnier, COO

CYBERSECURITY AND SERVICE STATIONS

IoT and the Role of PLATFORMS. Balajee Sowrirajan SVP and Managing Director Samsung Semiconductors India R&D

Security+ SY0-501 Study Guide Table of Contents

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

Beyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited

Ch 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated

Innovation is Thriving in Semiconductors

Trusted Platform Modules Automotive applications and differentiation from HSM

The Device Has Left the Building

Creating the Complete Trusted Computing Ecosystem:

Pulseway Security White Paper

IoT Market: Three Classes of Devices

Sentinet for BizTalk Server SENTINET

Resilient IoT Security: The end of flat security models

Bringing you an end to end Mobile Connect Solution. Mobile Connect for Mobile Network Operator. Mars 2016

Verizon Software Defined Perimeter (SDP).

How I Learned to Stop Worrying and Love the Internet of Things

Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development

Innovation policy for Industry 4.0

Security for Secure IoT: Advanced Architectures for IoT Gateways. Simon Forrest Director of Segment Marketing, Consumer Electronics

SYMANTEC DATA CENTER SECURITY

Google on BeyondCorp: Empowering employees with security for the cloud era

Using the tpm with iot

Security Readiness Assessment

Securing the future of mobility

Beyond TrustZone Part 1 - PSA

Verasys Enterprise Security and IT Guide


USING DEVICE LIFECYCLE MANAGEMENT TO FUTURE PROOF YOUR IOT DEPLOYMENT

Putting Trust Into The Network Securing Your Network Through Trusted Access Control

THE NEW LANDSCAPE OF AIRBORNE CYBERATTACKS

GlobalPlatform Trusted Execution Environment (TEE) for Mobile

EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC

PKI is Alive and Well: The Symantec Managed PKI Service

INTERNET OF BIG THINGS : SMART INFRASTRUCTURES FOR IMPROVED MOBILITY. Sarah WELDON

Securing IoT with the ARM mbed ecosystem

ARM mbed Towards Secure, Scalable, Efficient IoT of Scale

Man in the Middle Attacks and Secured Communications

IC32E - Pre-Instructional Survey

2013 Cisco and/or its affiliates. All rights reserved. 1

Internet of Things: Driving the Transformation

Provisioning secure Identity for Microcontroller based IoT Devices

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Cybersecurity with Automated Certificate and Password Management for Surveillance

Open Mobile API The enabler of Mobile ID solutions. Alexander Summerer, Giesecke & Devrient 30th Oct. 2014

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Windows 10 IoT Core Azure Connectivity and Security

SSG Platform Security Division & IOTG Jan Krueger Product Manager IoT Security Solutions

Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

GSE/Belux Enterprise Systems Security Meeting

Accelerating intelligence at the edge for embedded and IoT applications

Exploring the potential of Mobile Connect: From authentication to identity and attribute sharing. Janne Jutila, Head of Business Development, GSMA

IoT It s All About Security

MOBILE SECURITY OVERVIEW. Tim LeMaster

Stopping Advanced Persistent Threats In Cloud and DataCenters

INTERNET OF THINGS KONTRON

Automotive Anomaly Monitors and Threat Analysis in the Cloud

ARM mbed Technical Overview

Rethink Remote Access

ASC Chairman. Best Practice In Data Security In The Cloud. Speaker Name Dr. Eng. Bahaa Hasan

The Integrated Smart & Security Platform Powered the Developing of IOT

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

ONEM2M INDUSTRY DAY ALAN SOLOWAY, QUALCOMM. 12 July 2017

DesignWare IP for IoT SoC Designs

UNIK Building Mobile and Wireless Networks Maghsoud Morshedi

the SWIFT Customer Security

Deliverable D3.5 Harmonised e-authentication architecture in collaboration with STORK platform (M40) ATTPS. Achieving The Trust Paradigm Shift

The onem2m standard Horizontal Service Layer

Windows Phone 8 Security

SICS Software Week, October 2014

Trusted Computing Use Cases and the TCG Software Stack (TSS 2.0) Lee Wilson TSS WG Chairman OnBoard Security November 20, 2017

OSIsoft Technologies for the Industrial IoT and Industry 4.0 Chris Felts, Sr. Product Manager Houston Regional Seminar, October 4, 2017

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Transcription:

IoT Security Platform Andrey Doukhvalov Head of Future Tech Industrial Cybersecurity: Safegarding Progress Saint Petersburg, Russia September, 2017 1

IoT Malware in Action In 2016 one million devices have been infected with BASHLITE. 96 % are IoT devices (cameras and DVRs), 4% are home routers 1% are compromised Linux servers. Remaiten is a Malware which infects Linux on embedded systems by brute forcing using frequentl y used default username and passwords combinations from a list in order to infect a system Linux.Darlloz is worm which infects Linux em bedded systems. It targets the internet of things a nd infects routers, security cameras, set-top boxe s by exploiting a PHP vulnerability 900,000 customers of German ISP Deutsche Telekom 2,400 home routers across the UK 2

IoT Security Landscape Root-of-Trust, Strong Authentication, Verification DNSSEC / DANE Infrastructure @ Edge Gateways / Smart Devices Network DataCenter/ Cloud Authentication (verified) Service discovery / provisioning / pairing Trusted execution environment Network security / firewall Secure Boot Authentication (verified) Encryption Message integrity MitM protection DNS spoofing protection Authentication (verified) PKI / certificate management Trusted execution environment Network security / firewall Access control (role based) IoT Device Security Communication Security Cloud Security 3

IoT Developer Survey 2017 HOME IOT INDUSTRIAL ENERGY CONNECTED AUTOMATION PLATFORM AUTOMATION MANAGEMENT CITIES = = The Eclipse IoT Working Group, IEEE IoT, AGILE IoT and IoT Council co-sponsored an online survey to better understand how developers are building IoT solutions. The survey was open from February 7 until March 17, 2017. A total of 713 individuals participated in the survey. Each partner promoted the survey to their communities through social media and web sites. 4

Key Industries / Trends 2016-2017 IoT platform / middleware 41,6% Home automation 41,1% Industrial automation Connected / smart cities Energy management Building automation 26,1% 33,4% 33,3% 36,4% 2016 2017 Agriculture Healthcare Automotive Transportation 25,5% 22,7% 21,4% 20,1% Participation of other industries is growing 5

Hardware Components in IoT Solutions What hardware components are included in your IoT solution? 86,8% 50,8% 50,2% 36,2% 35,1% 33,5% 25,4% 17,4% 4,5% 4,1% Sensors Actuators Gateway / hub device Edge node device Camera / video capture LCD display Touch screen Audio playback / speaker None Other 6

Security is the N1 IoT Developers concern Security 46,7% Interoperability 24,4% Connectivity 21,4% Integration with hardware 19,3% Standards 15,0% Return on investment (ROI) 14,8% Cost 14,7% Scalability 14,1% Privacy 13,7% Performance Data analytics 12,3% 12,3% SECURITY Complexity Maintenance 9,0% 8,2% INTEROPERABILITY CONNECTIVITY Certification / conformance 4,4% Other 3,8% I don't know 2,4% 7

IoT Security Technologies Communication security 48,3% Data encryption JSON web token or similar token formats 34,4% 43,2% TLS/SSL (48,3%) Public key infrastructure 27,2% OAuth & OpenID 24,3% Encryption (43,2%) Over the air update 18,5% No security technology is used 16,4% Identity & PKI (51,5%) Secure boot 11,4% Use of Hardware Security Module (HSM) Use of Trusted Platform Modules (TPM) 10,6% 10,0% LifeCycle (29,5%) Don't know 9,3% Other 2,5% Root of Trust (55%) 8

What can we learn from mobile & apply to IoT? Lifecycle Securi ty Communications Secur ity non-truste d truste d Device Securi ty Crypto Root oftrust trusted softwar e trusted secur hardwar e e syste m secur e stor age 99

IoT Security should be integrated Situation Most IoT developers are not security experts Little to no knowledge of hardware Prior experience in mobile app development Time to market & functionality beat security Strategy Ease of use requirements on tools & IoT platform providers Hide complexity of hardware based security Provide built-in security functions Use standard methods and building blocks 10

How much security you need? Attack Cost Security Subsyst em Secure Element Традиционные TLS/S SL Hardware isolatedtee/sp M* SW & HWAttacks Physical access to de vice JTAG, Bus, IO Pins, Time, money & equipment. Software Attacks & lightweighthardware attacks Buffer overflows Interrupts Malware CommunicationAttacks Man InThe Middle WeakRNG Code vulnerabilities *Trusted Execution Environment / Secure PartitioningMan ager Security Cost 1 1

GlobalPlatform Trusted Execution Environment В 2010, под эгидой GlobalPlatform был запущен проект Trusted Execution Environment (TEE). Инициатива была запущена в ответ на изменения на рынке мобильности: требования к безопасности существенно возросли по мере того как потребители начали использовать мобильные устройства для финансовых и платежных транзакций. Кроме того, по мере роста потребления контента (видео, музыка) на разных типах устройств, старые методы защиты контента оказались недостаточны. Для защиты премиального контента его владельцы традиционно использовали Digital Rights Management (DRM), Conditional Access (CA) и др. подобные схемы часто использовали аппаратноусиленную защиту контента, в то время как теперь они столкнулись со средой где взаимодействует множество разных агентов.кроме того, изменение путей доставки контента (3G, 4G, Wi-Fi, WiMAX, Bluetooth, NFC) предъявляет повышенные требования к коммуникационным каналам.

Global Platform Trusted Execution Environment TEE became the global standard for embedded security 13

TEE Platform in action 14

Global Platform TEE Management Framework The newly emerging TEE MF standard lays ground to the remotely controlled embedded security The goals of the security model for administrationare: to provide means to manage the Trusted Execut ion Environment (TEE), Security Domains (SD), and Trusted Applications(TA), to ensure the security and the integrity of these e ntities, to enable the confidentiality of the data, to provide a scalable model allowing deployments involving a unique Actor or multipleactors, and to enforce the security policy of eachactor w hile preserving its assets. To ensure the security and integrity of these entities, th e TMF code implementation on the device is a Trusted OS Component (see [TEE Arch]), or composed from a group of such components. As such it inherits the same security requirements as other Trusted OS Component s. 15

Субъекты Безопасности Объекты Безопасности Integrated Security TEE MF System Applications SoC HV Security General 1 6 Kaspersky IoT Security Platform - proposal Security Operation Center Gateway Edge Security Services Mngmnt KATA KSN, DPI TMS/TFS, KICS Security Center FW AV VPN Logging Inspection Cloud security services Systems Management Policy Management Lifecycle Security Comm Security Device Security Service Discovery Provisioning Pairing Hypervisor TEE Services KOS TEE Trusted Boot Trusted Channel OTA Trusted Storage Crypto Non-TEE 3 rd -party TEE KOS TEE KOS TEE on trusted SoC KOS TEE + SE on trusted SoC

Device Level Gateway/Networking Security Operation Center Platform Roadmap Services KL Core Assets Ecosystem Anomaly Detection MLAD/KATA Industrial Modules Malware Protection IoT Platform Connectors KSN/CF/AV KSC for IoT (TEE MF) Security Services Trusted IoT Platform Trusted Monitoring KSN/CV/AV/TMS/KICS Industrial Protocols Lifecycle Security Firmware Update Add-Ons Communication Security Trusted Channel Devices (Router, STB) Device Security Device Pairing Devices (Router, STB) System Security KSS (Lib -> Agent) KSS Linux Trusted Hypervisor KSH TEE functions Integrated Security KOS SoC (Elvis)

IoT Security Platform Lets discuss it Andrey Doukhvalov Head of Future Tech Industrial Cybersecurity: Safegarding Progress Saint Petersburg, Russia September, 2017 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback