IIoT Endpoint Security –

The Model in Practice

February 22, 2017

Industrial Internet Security Framework

#IICSeries

Guest Speakers

2

MARCELLUS BUCHHEITPresident and CEO, Wibu-Systems USAEditor, Industrial Internet Consortium Security Framework@WibuSystems

TERRENCE BARRHead of Solutions Engineering, Electric Imp, Inc.@electricimp

Motivation

Unprotected devices in internet are dangerous!

They can be used to:

• Intrude into local networks: stealing or deleting private data

• Block or alter websites or internet communication

• Upload viruses and start Denial-of-Service (DoS) attacks

Additional for IIoT:

• Shut down public or private services (electricity, water, sewer etc.)

• Prevent commercial usage (production, hospitals, hotels, PoS etc.),

• Damage or destroy industrial installations or produced parts

3

Motivation

Unprotected devices problematic for component manufacturer

• Example: FTC charges D-Link for unsecure routers and IP cameras• https://www.ftc.gov/news-events/press-releases/2017/01/ftc-charges-d-link-put-consumers-privacy-risk-

due-inadequate

Unprotected devices problematic for users/operators

• Example: Point-of-Sale (POS) attack at Target end of 2013

• 40 million credit cards and 70 million addresses stolen

• Target paid $50M+ for settlements• http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/

4

A few words about Wibu-Systems

• Wibu-Systems was founded in 1989 in Germany

• Global company targeting secure software licensing

• Offer security and licensing solutions for IIoT systems and devices

• More about the company: www.wibu.com

• More about the key product: http://www.wibu.com/codemeter

• More about IIoT security: http://www.wibu.com/embedded-software-security

• And since 2015 member of the Industrial Internet Consortium (IIC)

5

About the IIC

Industrial Internet Consortium

Security Webinar

February 22, 2017Kathy Walsh, walsh@iiconsortium.orgDirector of Marketing

The Industrial Internet is Leading the Next Economic Revolution

7GDP data extracted from the Futurist 2007

Bring Together the Players to Accelerate Adoption

8

Connectivity

Standards

Technology

Research Academia

Systems

Integration

Security

Government

Big Data Industries

The Industrial Internet:

A $32 trillion opportunity

The IIC: Things are Coming Together

9

Things are coming together.

AcademiaStandards

Research Systems Integration

Government

IndustriesConnectivity

Technology

Big Data

Security

The Industrial Internet Consortium is a global, member supported organization that promotes the accelerated growth of the Industrial Internet of Things by coordinating ecosystem initiatives to securely connect, control and integrate assets and systems of assets with people, processes and data using common architectures, interoperability and open standards to deliver transformational business and societal outcomes across industries and public infrastructure.

Launched in March 2014 by five founding members:

AT&T, Cisco, General Electric, IBM & Intel.

The IIC is an open, neutral “sandbox” where industry, academia and government meet to collaborate, innovate and enable.

Industrial Internet Consortium Mission

Over 250 Member OrganizationsSpanning 30 Countries

Securing IIoT Endpoints --

The Model

Industrial Internet Consortium

Security Webinar

February 22, 2017Marcellus Buchheit, mabu@wibu.comWibu-Systems USA Inc.

Overview

What is an endpoint?

Why endpoint security?

Security functions of an endpoint

Implementing endpoint security

12

What is an Endpoint?

13

The IIoT Landscape: Where are Endpoints?

E

P

E

PE

P

E

P

E

PE

P

E

P

What is an Endpoint (II)?

IISF and IIC defines endpoints similar as ISO/IEC 24791-1:2010 standard does:

• An endpoint is one of two components that either implements and exposes an interface to other components or uses the interface of another component.

14

IIC simplified this definition (see IIC Vocabulary, version 2.0):

• An endpoint is a component that has an interface for network communication. … but added a note for clarification:

• An endpoint can be of various types including device endpoint or an endpoint that provides cloud connectivity.

Endpoint 1 Endpoint 2Communication

What is an Endpoint (III)?

15

The IIoT Landscape: Endpoints are everywhere!

E

P

E

PE

P

E

P

E

PE

P

E

P

What is an Endpoint (IV)?

Summary:

• Endpoints are everywhere in an IIoT System (including edge and cloud)

• One single (security) model for all locations

• A single computer, even a device, can have several endpoints

• Example Router: One LAN endpoint, one WAN endpoint

• Frequently shared code/data between multiple endpoints

• Endpoint and its communication is another model

16

Why endpoint security?

Endpoints are the only location in an IIoT system where:

• Execution code is stored, started and updated

• Data is stored, modified or applied (“Data at Rest” / “Data in Use“)

• Communication to another endpoint is initiated and protected

• Network security is analyzed, configured, monitored and managed

17

Result: An attack to an IIoT system typically starts in attacking one or more endpoints:

• Try to access the execution code and analyze to find weak security implementation

• Attack weak communication protection via network

• Modify or replace (“hijack”) the execution code in a malicious way

• ...

IISF Endpoint Protection Model

18

Threats and Vulnerabilities to an IIoT Endpoint

19

1. Hardware components2/3. Boot process4. Operating System5. Hypervisor/Sep. Kernel6. Non-OS Applications7. Applications and their API8. Runtime Environment9. Containers10. Deployment11. Data at Rest, Data in Use12. Monitoring/Analysis13. Configuration/Management14. Security Model/Policy15. Development Environment

Endpoint security: Solutions

• Start with a clean design of the security model and policies

• Define endpoint identity, authorization, authentication• How other endpoints see me? What can they do with me?

• Define proper data protection model• Integrity and confidentiality, especially of shared data-in-rest but also data-in-

use

• Define secure hardware, BIOS, roots of trust• Includes lifetime of hardware, BIOS update, consistent root of trust

• Select secure OS, hypervisor, programming language• Consider lifetime of (open source?), dynamic of programming language

• Consider isolation principles (4 different models explained in IISF)

• Plan remote code update and provide code integrity• Security has an unspecific expiration date: needs update

• Code integrity prevents malicious remote code-hijacking

20

Endpoint security: Solutions (II)

• Plan “beyond the basics” security instantly

• Plan security configuration and management• For example: defining, replacing and updating of keys and certificates

• User-friendly setting of access rights and authorization

• Plan endpoint monitoring and analysis• For example: log all security configuration changes

• Log all unexpected remote activity

• Provide user-friendly analysis, alerts etc.

• Implement “state of the art”:

• Have a team of experienced security implementers

• Use latest versions of development tools, OS, hypervisors, libraries

• Test a lot, including malicious attacks

• Prepare and test your first remote update

21

Endpoint Security in Practice

Example which implements this endpoint security model in practice:

Terrence Barr, Electric Imp

22

Securing IIoT Endpoints --

In Practice

Industrial Internet Consortium

Security Webinar

February 22, 2017Terrence Barr, terrence@electricimp.comHead of Solutions Engineering

Endpoint Security

Electric Imp Introduction

Electric ImpIndustrial-strength IoT starts here

Secure IoT Connectivity Platform

Authorized Hardwarefor connected devices

impOS™ and hardware

impCloud™

imp Enterprise API’s

BlinkUp™ & impFactory™

imp

Secu

re™

Proven IoT Deployments at Scale• 2016: surpassed 1 Million WiFi/Ethernet devices

• 18B+ data messages per month

• 100+ customers; 105+ countries

Full Lifecycle, Trusted Security• Passed security review

and pen-testing:

• In process: UL 2900-2-2: Cybersecurity Certification for Industrial Controls plus first Affiliate program

• Aligned with IIC Security Framework

Fastest Prototype-to-Production• 5 months for GE connected air conditioner

Endpoint Security

Implementation Approach

Endpoint Security: Part of Integrated and Managed SecuritySilicon-to-Cloud Security – Defense in Depth & Defense in Time

7. Full Lifecycle Managed Services

1. Edge Device Security incl. Secure Silicon & Managed Software

4. Secure Communication via Managed Tunnel

3. Trusted Manufacture & Commissioning

6. Secure Cloud and Application Integration

2. Data Privacy, Integrity & Confidentiality

5. Protected Public &Private Cloud

IISF Endpoint Protection

Techniques

Electric Imp Implementation

Protecting Endpoints: General Endpoint protection from the silicon upwards, every level tightly

integrated and tested for full coverage of security objective and no weak

links

Architectural Considerations for

Protecting Endpoints

Designed from the ground up for resource-constrained IoT devices and

real-world use cases and proven in large-scale customer deployments

Endpoint Physical Security Disabled hardware interfaces, tampering destroys individual module

Establish Roots of Trust Unique per-device keys, secure provisioning via cloud device

management

Endpoint Identity One-Time-Programming at module manufacturing time

Endpoint Access Control Mutual authentication with RSA certificates and ECC challenge-

response

Endpoint Integrity Protection HSM protected keys, secure boot, non-execution barriers with cloud

alerts

Endpoint Data Protection All processing on-die, all off-die storage with device-unique encryption.

TLS 1.2, AES-128, EDH forward secrecy.

Endpoint Monitoring and Analysis Extensive monitoring of security-sensitive operations

Endpoint Configuration and

Management

Endpoints managed, configured, and provisioned from the impCloud, all

updates signed, encrypted, and logged

Cryptography Techniques for AES-128 GCM+AEAD with device-unique keys, hardware accelerator

© Property of Electric Imp, Inc.CONFIDENTIAL – NOT FOR DISTRIBUTION

Endpoint Security

Real-World Case Study

• Replace analogue lines• Customer delight exceeds

expectations• Recognized as Business

Transformation success story

1.5M Customers worldwide

Securityfor regulated

markets

Reduce service calls by

20%

© Property of Electric Imp, Inc.CONFIDENTIAL – NOT FOR DISTRIBUTION

ROI –Payback in 45 days on connectivity costs alone

impSecureTM: Integrated Silicon-to-Cloud Security and Connectivity managed by Electric Imp

‘Drop-In’ Postage Meter Retrofit: Device-to-Cloud Security and Connectivity

imp ApplicationModule

impOSTM

Meter Integration

Code Virtual Machine

paired Virtual Machine

CloudMeterCode

CloudIntegration

Code

Operations & Device Lifecycle Management

Cloud Services

Electric ImpManaged Cloud

USB

Commerce Cloud

Device-paired Virtual Machines

Scalable to millions of

devices

No changes to meter

No changes to cloud

Audited and TestedMeets Postal and Government

Security Requirements

WiFiEthernet

IP tunnel

&imp

Endpoint Security

Conclusion

Integrated Security Platform: Customer Benefits

Leverage Proven Solution• Build on tested and trusted security at a platform level

Isolation of Security Concerns• Minimize time-to-market and risk of security mistakes

Integrated, Silicon to Cloud Security• No weak links, even devices exposed in the field for many years

Managed Security as a Service• Offload headache of ongoing security monitoring and maintenance

Qualify once, reuse many times• Enable rapid, low-risk multi-product IoT strategy

®

Transforming the worldthrough the power

of secure connectivity

Thank you!

35

Things are coming together.Community. Collaboration. Convergence.

www.iiconsortium.org

Additional Resources available as attachments

• Industrial Internet Security Framework

• Security Claims Evaluation Testbeds

• White Paper: Business Viewpoint of Securing the Industrial Internet

• Upcoming Webinars:

• March 30, 2017 Building Blocks for Securing the Smart Factory

• April, 2017 TBD