IoT It s All About Security

Similar documents
Security and Performance Benefits of Virtualization

EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC

The Open Application Platform for Secure Elements.

Securing IoT with the ARM mbed ecosystem

Who s Protecting Your Keys? August 2018

Security: The Key to Affordable Unmanned Aircraft Systems

Designing Security & Trust into Connected Devices

Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development

Designing Security & Trust into Connected Devices

Designing Security & Trust into Connected Devices

Cisco Desktop Collaboration Experience DX650 Security Overview

Introduction to Device Trust Architecture

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

ARM Security Solutions and Numonyx Authenticated Flash

New Approaches to Connected Device Security

M2M / IoT Security. Eurotech`s Everyware IoT Security Elements Overview. Robert Andres

The Smart Grid Security Innovation Alliance. John Reynolds October 26, 2011 Cambridge, Massachusetts

How I Learned to Stop Worrying and Love the Internet of Things

Simplify PCI Compliance

10 Steps to Virtualization

Google on BeyondCorp: Empowering employees with security for the cloud era

The Next Steps in the Evolution of Embedded Processors

Presentation's title

ARM mbed mbed OS mbed Cloud

A Developer's Guide to Security on Cortex-M based MCUs

Trustzone Security IP for IoT

HySecure Quick Start Guide. HySecure 5.0

SIERRAWARE SIERRATEE FOR MIPS OMNISHIELD

BUILDING A SMARTER SMART GRID: COUNTERACTING CYBER-THREATS IN ENERGY DISTRIBUTION

Hypervisor Security First Published On: Last Updated On:

Real-Time Systems and Intel take industrial embedded systems to the next level

Building a chain of trust from the device to the cloud Christian Kuhn, Senior Director, Business Development DNAC - 16 November 2017

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

Industry-leading Application PaaS Platform


Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

Innovation policy for Industry 4.0

Cybersecurity with Automated Certificate and Password Management for Surveillance

Creating the Complete Trusted Computing Ecosystem:

Multicore platform towards automotive safety challenges

Accelerating IoT with ARM mbed

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel

SafeNet HSM solutions for secure virtual amd physical environments. Marko Bobinac SafeNet PreSales Engineer

Enhanced Privacy ID (EPID), 156

Digital Trust Ecosystem

LINUX CONTAINERS. Where Enterprise Meets Embedded Operating Environments WHEN IT MATTERS, IT RUNS ON WIND RIVER

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION

THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS

How to protect Automotive systems with ARM Security Architecture

Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles

Jim Reavis CEO and Founder Cloud Security Alliance December 2017

CSI: VIDEO SURVEILLANCE CONVERTING THE JUGGERNAUT

Achieving End-to-End Security in the Internet of Things (IoT)

HW isolation for automotive environment BoF

GSE/Belux Enterprise Systems Security Meeting

Accelerating IoT with ARM mbed

Building a More Secure Cloud Architecture

Lecture 3 MOBILE PLATFORM SECURITY

Provisioning secure Identity for Microcontroller based IoT Devices

Accelerating IoT with ARM mbed

Old, New, Borrowed, Blue: A Perspective on the Evolution of Mobile Platform Security Architectures

Hardened Security in the Cloud Bob Doud, Sr. Director Marketing March, 2018

BUILDING the VIRtUAL enterprise

Corente Cloud Services Exchange

Operating system hardening

VMware Horizon 7 Administration Training

Connecting Securely to the Cloud

Towards Trustworthy Internet of Things for Mission-Critical Applications. Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things

ARM TrustZone for ARMv8-M for software engineers

IBM Tivoli Directory Server

Secure Sharing of an ICT Infrastructure Through Vinci

On Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor

Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008

Resilient IoT Security: The end of flat security models

The next step in IT security after Snowden

Smart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017

SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE

Addressing Cybersecurity in Infusion Devices

Cyber Security Requirements for Electronic Safety and Security

The Device Has Left the Building

Red Hat OpenStack Platform 10 Red Hat OpenDaylight Product Guide

NI Linux Real-Time. Fanie Coetzer. Field Sales Engineer SA North. ni.com

Improving Security in Embedded Systems Felix Baum, Product Line Manager

Building Trust in the Internet of Things

Digital Renewable Ecosystem on Predix Platform from GE Renewable Energy

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague

ViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project

Beyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited

Alcatel-Lucent OmniVista Cirrus Simple, secure cloud-based network management as a service

Why Microsoft Azure is the right choice for your Public Cloud, a Consultants view by Simon Conyard

Verizon Software Defined Perimeter (SDP).

Security in Cloud Environments

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

7540 Unit Handbook (Units ) February 2016 (November 2015) Version 1.1 Relating to the following City & Guilds qualifications:

Thales e-security. Security Solutions. PosAm, 06th of May 2015 Robert Rüttgen

IPM Secure Hardening Guidelines

Transcription:

IoT It s All About Security Colin Walls colin_walls@mentor.com Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.

Fashions in Embedded Software C++ Windows CE Java Eclipse UML low power design IoT 2

Home Automation 3

Home Automation Introducing IoT 4

Home Automation Introducing IoT Merry Christmas! 5

Wearables Indirect IoT 6

7

Defining IoT Devices Standalone For purpose built device no network connection Connected Networked device with limited capabilities and one way access Managed Monitor Configure Update 8

CLOUD WAN SERVICES LAN Open fridge remind me to track food eaten PAN 9

Safety vs Security Safety: Protecting the world from the device Security: Protecting the device from the world The two can be related: e.g., a security breach could result in a safety issue 10

Security Standards Industrial Automation ISA/IEC 62443:EDSA www.isa.org/isa99/ Federal Mandate U.S. Federal Executive Order (EO) 13636 www.whitehouse.gov/the-press-office/2013/02/12/executive-orderimproving-critical-infrastructure-cybersecurity Power Grid/Smart Grid NERC CIP www.nerc.com/pa/stand/pages/cipstandards.aspx NIST IR 7628 www.nist.gov/smartgrid/upload/nistir-7628_total.pdf NITRD (Tailored Trustworthy Spaces) www.nitrd.gov/pubs/nitrd_tts-smartgrid_workshop_2011.pdf OMG Security Fabric http://sfsig.omg.org/index.htm 11

Security Building Blocks Harden the device Hypervisor TrustZone Secure boot, attestation, anti-tamper Leverage hardware security features (TPM/TEE, Secure device ID, crypto acceleration) Protect the data Data encryption, key and password obfuscation Secure the communication path Security protocols Mutual authentication Firewall Enable visibility and management Management system integration (policy management, event reporting) Secure firmware updates, key management 12

Security Building Blocks: Virtualization Embedded hypervisors High performance, e.g. runtime and boot time Strong isolation Highly robust Apps Linux Mem vdev vcpu vcpu App RTOS Mem Dev vcpu App BME Mem Dev vcpu Hypervisor Security Strong isolation and containment of guests Secure critical information and software Based on hardware such as ARM TrustZone Consolidation and Widespread use of open source software Embedded Linux gaining widespread adoption System robustness allowed by separation IP protection provided through system partitioning CPU Devices Hypervisor CPU Memory 13

Additional Virtualization Benefits Security and Robustness Isolation of critical software from the rest of the code and reducing the burden of testing and re-certification Licensing and IP Separation Partitioning of the software with incompatible licensing terms and protecting of proprietary IP from open source licensing terms Software Reuse Upgrade path from an RTOS based device to the one that incorporate Linux, allowing to leverage Linux software ecosystem while preserving legacy investment Real Time Performance Devices that take advantage of Linux ecosystem and wealth of existing functionality could benefit from real time responsiveness of BM guest Fast Startup Starting VMs in a particular order would help with staged boot process 14

Securing Embedded Device Data Data at rest: device is off, how the data is protected? Anti-tampering, encrypted files and databases, trusted boot Data in use: while generated or being processed is it secured? Obfuscation, chain of trust, attestation, ADRING, TrustZone, MMU based protection methods, user privileges and secure file systems Data in transit: leaving the device, is it being hijacked? Encryption, tunneling protocols, VPN, SSL, IKE/IPSEC, denial of service, firewall 15

When to address device security? Securing IoT device is not just a matter of selecting the right processor and software, one has to be concerned with many aspects of device lifecycle! Design Destruction or disposal Vulnerability Landscape Production Operation & Maintenance Deployment Data needs to be protected at rest, use and transit at all phases! Cryptography Security! 16

17

Thank you Colin Walls colin_walls@mentor.com http://blogs.mentor.com/colinwalls Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback