Post on 22-Aug-2020
transcript
www.thalesesecurity.comOPEN
Thales eSecurityIoT Overview
Kelvin Cusack – Senior Sales EngineerJune 2018
2This document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part, or disclosed to a third party
without prior written consent of Thales - Thales © 2017 All rights reserved.
OPEN
Agenda
▌ Importance of trust
▌ Today’s IoT challenges
▌ Addressing key IoT security requirements
▌ Thales eSecurity focus areas
3This document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part, or disclosed to a third party
without prior written consent of Thales - Thales © 2017 All rights reserved.
OPEN
IoT Fundamentals
Most digital transformation projects will rely on IoT initiatives as their backbone
4This document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part, or disclosed to a third party
without prior written consent of Thales - Thales © 2017 All rights reserved.
OPEN
What if you can’t TRUST the data?
Today: Security/Trust is the top BARRIER to the IoT
Tomorrow: Security/Trust will ENABLE the IoT
5This document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part, or disclosed to a third party
without prior written consent of Thales - Thales © 2017 All rights reserved.
OPEN
Edge devices are the IoT security game-changer
▌ Threats
Use of device as network entry point
Use of device as a bot
Altering function of the device
Remote control
Data capture
▌ Lack of security by design
Devices with default admin credentials
Devices with limited or no authentication support
Devices without means to update firmware
Abbott recall signals new erain medical device cybersecurity
July 2017
6This document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part, or disclosed to a third party
without prior written consent of Thales - Thales © 2017 All rights reserved.
OPEN
Key security requirements for the IoT
▌ Establishing trust between distributed entities
Mutual authentication of devices, processes, and users
Validating integrity of remote systems
Secure configuration including software/firmware update
▌ Secure communications
Network and message level encryption - confidentiality
Message signing and validation – non-repudiation
▌ Protection of data
At rest and in use
Storage, file, database, and app-level encryption & tokenization
In many cases, your organization will use data from devices that it does not own/control!
7This document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part, or disclosed to a third party
without prior written consent of Thales - Thales © 2017 All rights reserved.
OPEN
Device authentication is the starting point
▌ All access controls rely on credentials to validate
identities
▌ Securely created and injected cryptographic
credentials help
Create a root of trust
Enable ability to maintain
secure configuration
IoT Device TaxonomyAuthentication Methods
PKI/RSA
PKI/ECC
Lightweight/Symmetric
Password/None
8This document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part, or disclosed to a third party
without prior written consent of Thales - Thales © 2017 All rights reserved.
OPEN
Solutions for device and data security
▌ Hardware root of trust/Public Key Infrastructure (PKI)
Protection of Root and Issuing Certificate Authorities
- Private key generation/protection and certificate signing
Creation and loading of device keys/certificates
- For manufacturers
Provisioning of keys/certificates for devices
- For customers putting IoT devices into operation
▌ Code signing
Signing of firmware updates/patches with HSM-protected signing keys ensures authenticity and integrity
▌ Encryption and key management
Protecting IoT “data at rest” at points of collection
Symmetric keys for on-board device data protection and comms
Use Cases
Key Products/Solutions
Encryption Key Management
Vormetric Transparent
Encryption
9This document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part, or disclosed to a third party
without prior written consent of Thales - Thales © 2017 All rights reserved.
OPEN
Use case – root of trust for Polycom
▌ Problem
Prevent counterfeiting
Enable secure device authentication
▌ Solution
Embed keys and certificates at the time of
manufacture
nShield HSMs with CodeSafe working with
Microsoft PKI
Professional Services
▌ Similar customers include set-top-box
manufacturers
10This document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part, or disclosed to a third party
without prior written consent of Thales - Thales © 2017 All rights reserved.
OPEN
Use case – code signing for Samsung ARTIK
▌ Problem
Need to securely sign code used in
manufacture of ARTIK product line
Includes Samsung and partner code
▌ Solution
nShield HSMs
- Supporting RSA and ECC algorithms
Professional Services
▌ Similar customers include Microsemi
THALES GROUP INTERNAL
11This document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part, or disclosed to a third party
without prior written consent of Thales - Thales © 2017 All rights reserved.
OPEN
What about data protection?
▌ Wide range of data types
▌ Encryption is an important
technology
▌ Data protection
requirements vary across
use cases
▌ If you can’t read the data,
you can’t analyze it!
12This document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part, or disclosed to a third party
without prior written consent of Thales - Thales © 2017 All rights reserved.
OPEN
Data protection use cases
▌ IoT data protection solutions must not impede data analysis and must work well in the cloud
▌ Scalability and transparency are critical requirements. Key advantages:
Live Data Transformation – zero downtime, transparent key rotation
Container security – isolate data access between containers
Orchestration – deploy & manage transparent encryption at scale
Cloud key management – compliance and best practices across multiple clouds
Key Products/Solutions
13This document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part, or disclosed to a third party
without prior written consent of Thales - Thales © 2017 All rights reserved.
OPEN
A sampling of IoT partners
14This document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part, or disclosed to a third party
without prior written consent of Thales - Thales © 2017 All rights reserved.
OPEN
Thales eSecurity IoT summary
▌ Importance of trust
If you can’t trust the data, there’s no point in collecting it, analyzing it, or making business decisions based on it
▌ Solutions focus areas:
Device authentication
Firmware integrity
Data confidentiality/privacy
▌ Industry involvement
Industrial Internet Consortium
EdgeX Foundry
15This document may not be reproduced, modified, adapted, published,
translated, in any way, in whole or in part, or disclosed to a third party
without prior written consent of Thales - Thales © 2017 All rights reserved.
OPEN
Thales eSecurity portfolio – focused only on security