Strong Security Elements for IoT Manufacturing LANCEN LACHANCE VICE PRESIDENT PRODUCT MANAGEMENT GLOBALSIGN
WHAT YOU WILL LEARN TODAY 1 2 3 Examining of security risks with smart connected products Implementing security through the manufacturing process Manufacturing IoT use cases
INTRODUCTION Privacy and security will become more distinguishing factors in consumer IoT How do I build my product to achieve these privacy and security goals? 1. Security by Design 2. Stand on the Shoulders of Giants 3. Application within the Manufacturing Process
IoT SECURITY OBSERVATIONS No winning architectures, although seeing some standardization within verticals Peak Hype - Organizations are still mostly developing their strategy, but some use cases emerging New entrants with smart connected products often lacking information security experience Huge number of industry consortiums trying to drive standards
REDUCE RISKS Protect brand Prevent Fraud Safety Privacy Legal Compliance WHY invest in security for your IoE ecosystem? VALUE ADD Differentiators Certifications DIFFERING PRIORITIES Consumer Industrial Enterprise
Cost to change SECURITY BY DESIGN Why? Changes are much cheaper to make early in design cycle Proper information security and privacy is rarely ever bolt on Design Production Usage Product Lifecycle How? Identify value components / assets in ecosystem Think like a hacker Assess the probability and magnitude of a compromise Evaluate technology components in each area
STANDING ON THE SHOULDERS OF GIANTS Remember the internet of things, is still the internet Internet and information security principles and best practices have matured over the past decade Things are just one part, we still have users, services, and organizations There are solutions and standards existing today succeeding in providing distributed trusted identity
Information Security Concepts AUTHENTICATION ENCRYPTION DATA INTEGRITY
PROVEN SOLUTIONS FOR DEVICE IDENTITY PKI (Public Key Infrastructure) and it s implementation in protocols like TLS, enable a range of information security principles to be achieved Security focused crypto-processors, like TPMs, pair perfectly with software based PKI to build and maintain device identity
SMART & SECURE MANUFACTURING Theory is nice, but what about the realities of provisioning identity in the product manufacturing lifecycle? How does an IoT product architect / developer address concerns of: Minimal trust in contract manufacturing environments Preventing overproduction / counterfeiting Audit, tracking, and reporting Network connectivity
SMART & SECURE MANUFACTURING Q: Can you select technology that limits the amount of trust you need in the manufacturing environment? A: Yes! Combining TPM hardware with PKI and enrollment techniques, enables robust identity assumptions Result is high confidence in the device identity with Assurance that the hardware to protect keys is genuine Assurance that keys associated with identity credential are protected with hardware Identity credential issued from known and trusted root.
Identity Provisioning Architecture
USE CASE APPLICATIONS Network Appliances Feature licensing protection Smart Connected Home Appliances Secure authentication and private communications Diagnostic Equipment Trusted interface for administration Connect Car & ECU security Car gateway identity protection and secure firmware updates
/// USING THE CLOUD FOR IDENTITY ISSUANCE Simplified infrastructure requirements and costs Minimal additional hardware and security concerns Reduces cost to expand manufacturing to multiple sites Saas models to allow elasticity Expenses: Shift from capital expense to operational expense Performance: Scale up from POC to billions of devices without changing infrastructure hardware Built in mechanisms for auditability, access control, and reporting
NEW CONSIDERATIONS FROM THE IoT Size, scale, and scope of your ecosystem Diversity of devices and processing power Trust models and complex relationships Lifecycle management across device and cloud
KEEPING PACE WITH THE SPEED OF THE IoT A flexible & scalable PKI platform can meet the needs of high-volume PKI use cases in the internet of things Volume + Velocity + Variety + Usage & Lifecycle Billions of certificates, identities, and relying parties per ecosystem Flexible certificate needs to support the cross domain use cases While being cost effective
THE ANSWER TO IDENTITY IN IoT? Implement security and identity from the outset Ensure service provides are capable of maintaining security and oversight Leverage established standards covering authentication, authorization, encryption, and data integrity Each deployment is going to have its own needs, need solutions that are flexible!
Example Ecosystem Identity Services PKI, Authentication, Authorization, & Identity Relationships Vendor Public Trust Private Trust Trust needs are scenario dependent 3 rd Party Application Data Web Services Thing Web Services Cloud Provider Partner Web Portal Consumer Web Portal Admin Portal Administrator The Things Business Consumer
THANK YOU! QUESTIONS? Lancen.LaChance@globalsign.com twitter.com/globalsign