Date post: | 16-Apr-2017 |
Category: |
Internet |
Upload: | globalsign |
View: | 617 times |
Download: | 2 times |
Strong Security Elements for IoT Manufacturing
LANCEN LACHANCE
VICE PRESIDENTPRODUCT
MANAGEMENTGLOBALSIGN
@ThingsExpo
WHATYOU WILLLEARNTODAY
1
2
Examining of security risks with smart connected products
3
Implementing security through the manufacturing processManufacturing IoT use cases
@ThingsExpo
Privacy and security will become more distinguishing factors in consumer IoT
How do I build my product to achieve these privacy and security goals?
1. Security by Design2. Stand on the Shoulders of Giants3. Application within the Manufacturing
Process
/////
/////
INTRODUCTION
@ThingsExpo
• No winning architectures, although seeing some standardization within verticals
• Peak Hype - Organizations are still mostly developing their strategy, but some use cases emerging
• New entrants with smart connected products often lacking information security experience
• Huge number of industry consortiums trying to drive standards
IoT SECURITY OBSERVATIONS
@ThingsExpo
WHYinvest in security
for your IoE ecosystem?
REDUCE RISKSProtect brandPrevent Fraud
SafetyPrivacy
Legal Compliance VALUE ADD
Differentiators Certifications
DIFFERINGPRIORITIES
ConsumerIndustrialEnterprise
@ThingsExpo
Why?– Changes are much cheaper
to make early in design cycle– Proper information security
and privacy is rarely ever ‘bolt on’
/////
/////Design – Production – Usage
Product Lifecycle
Cost
to c
hang
e
How?– Identify value components / assets in ecosystem – Think like a hacker– Assess the probability and magnitude of a
compromise– Evaluate technology components in each area
SECURITY BY DESIGN
@ThingsExpo
Remember – the internet of things, is still the internet
Internet and information security principles and best practices have matured over the past decade
Things are just one part, we still have users, services, and organizations
There are solutions and standards existing today succeeding in providing distributed trusted identity
/////
/////
/////
/////
STANDING ON THE SHOULDERS OF GIANTS
@ThingsExpo
Information Security Concepts
AUTHENTICATION
ENCRYPTION
DATA INTEGRITY
@ThingsExpo
PKI (Public Key Infrastructure) and it’s implementation in protocols like TLS, enable a range of information security principles to be achieved
Security focused crypto-processors, like TPMs, pair perfectly with software based PKI to build and maintain device identity
/////
/////
PROVEN SOLUTIONS FOR DEVICE IDENTITY
@ThingsExpo
SMART & SECURE MANUFACTURING• Theory is nice, but what
about the realities of provisioning identity in the product manufacturing lifecycle?
• How does an IoT product architect / developer address concerns of:– Minimal trust in contract
manufacturing environments
– Preventing overproduction / counterfeiting
– Audit, tracking, and reporting
– Network connectivity
@ThingsExpo
• Q: Can you select technology that limits the amount of trust you need in the manufacturing environment?
• A: Yes! Combining TPM hardware with PKI and enrollment techniques, enables robust identity assumptions– Result is high confidence in the
device identity with• Assurance that the
hardware to protect keys is genuine
• Assurance that keys associated with identity credential are protected with hardware
• Identity credential issued from known and trusted root.
SMART & SECURE MANUFACTURING
@ThingsExpo
Identity Provisioning Architecture
@ThingsExpo
• Network Appliances– Feature licensing protection
• Smart Connected Home Appliances– Secure authentication and private
communications• Diagnostic Equipment– Trusted interface for administration
• Connect Car & ECU security– Car gateway identity protection and secure
firmware updates
USE CASE APPLICATIONS
@ThingsExpo
• Simplified infrastructure requirements and costs– Minimal additional hardware
and security concerns– Reduces cost to expand
manufacturing to multiple sites• Saas models to allow elasticity
– Expenses: Shift from capital expense to operational expense
– Performance: Scale up from POC to billions of devices without changing infrastructure hardware
• Built in mechanisms for auditability, access control, and reporting
///
USING THE CLOUDFOR IDENTITY ISSUANCE
@ThingsExpo
Size, scale, and scope of your ecosystem
Diversity of devices and processing power
Trust models and complex relationships
Lifecycle management across device and cloud
/////
/////
/////
/////
NEW CONSIDERATIONS FROM THE IoT
@ThingsExpo
A flexible & scalable PKI platform can meet the needs of high-volume PKI use cases in the internet of things
Volume Velocity+ Variety+ Usage & Lifecycle
+
While being cost effective
Billions of certificates, identities, and relying parties per ecosystem
Flexible certificate needs to support the cross domain use cases
KEEPING PACE WITH THE SPEED OF THE IoT
@ThingsExpo
///// Implement security and identity from the outset
/////
Leverage established standards covering authentication, authorization, encryption, and data integrity
///// Each deployment is going to have its own needs, need solutions that are flexible!
Ensure service provides are capable of maintaining security and oversight
/////
THE ANSWER TO IDENTITY IN IoT?
@ThingsExpo
Public Trust
Private TrustTrust needs arescenario dependent
The Things
Consumer
Administrator
Business
3rd Party Application
Vendor
Data Web Services
AdminPortal
Thing Web Services
Consumer Web Portal
Partner Web Portal
Cloud Provider
Identity ServicesPKI, Authentication, Authorization,
& Identity Relationships
Example Ecosystem