Strong Security Elements for IoT Manufacturing

LANCEN LACHANCE

VICE PRESIDENTPRODUCT

MANAGEMENTGLOBALSIGN

@ThingsExpo

WHATYOU WILLLEARNTODAY

1

2

Examining of security risks with smart connected products

3

Implementing security through the manufacturing processManufacturing IoT use cases

@ThingsExpo

Privacy and security will become more distinguishing factors in consumer IoT

How do I build my product to achieve these privacy and security goals?

1. Security by Design2. Stand on the Shoulders of Giants3. Application within the Manufacturing

Process

/////

/////

INTRODUCTION

@ThingsExpo

• No winning architectures, although seeing some standardization within verticals

• Peak Hype - Organizations are still mostly developing their strategy, but some use cases emerging

• New entrants with smart connected products often lacking information security experience

• Huge number of industry consortiums trying to drive standards

IoT SECURITY OBSERVATIONS

@ThingsExpo

WHYinvest in security

for your IoE ecosystem?

REDUCE RISKSProtect brandPrevent Fraud

SafetyPrivacy

Legal Compliance VALUE ADD

Differentiators Certifications

DIFFERINGPRIORITIES

ConsumerIndustrialEnterprise

@ThingsExpo

Why?– Changes are much cheaper

to make early in design cycle– Proper information security

and privacy is rarely ever ‘bolt on’

/////

/////Design – Production – Usage

Product Lifecycle

Cost

to c

hang

e

How?– Identify value components / assets in ecosystem – Think like a hacker– Assess the probability and magnitude of a

compromise– Evaluate technology components in each area

SECURITY BY DESIGN

@ThingsExpo

Remember – the internet of things, is still the internet

Internet and information security principles and best practices have matured over the past decade

Things are just one part, we still have users, services, and organizations

There are solutions and standards existing today succeeding in providing distributed trusted identity

/////

/////

/////

/////

STANDING ON THE SHOULDERS OF GIANTS

@ThingsExpo

Information Security Concepts

AUTHENTICATION

ENCRYPTION

DATA INTEGRITY

@ThingsExpo

PKI (Public Key Infrastructure) and it’s implementation in protocols like TLS, enable a range of information security principles to be achieved

Security focused crypto-processors, like TPMs, pair perfectly with software based PKI to build and maintain device identity

/////

/////

PROVEN SOLUTIONS FOR DEVICE IDENTITY

@ThingsExpo

SMART & SECURE MANUFACTURING• Theory is nice, but what

about the realities of provisioning identity in the product manufacturing lifecycle?

• How does an IoT product architect / developer address concerns of:– Minimal trust in contract

manufacturing environments

– Preventing overproduction / counterfeiting

– Audit, tracking, and reporting

– Network connectivity

@ThingsExpo

• Q: Can you select technology that limits the amount of trust you need in the manufacturing environment?

• A: Yes! Combining TPM hardware with PKI and enrollment techniques, enables robust identity assumptions– Result is high confidence in the

device identity with• Assurance that the

hardware to protect keys is genuine

• Assurance that keys associated with identity credential are protected with hardware

• Identity credential issued from known and trusted root.

SMART & SECURE MANUFACTURING

@ThingsExpo

Identity Provisioning Architecture

@ThingsExpo

• Network Appliances– Feature licensing protection

• Smart Connected Home Appliances– Secure authentication and private

communications• Diagnostic Equipment– Trusted interface for administration

• Connect Car & ECU security– Car gateway identity protection and secure

firmware updates

USE CASE APPLICATIONS

@ThingsExpo

• Simplified infrastructure requirements and costs– Minimal additional hardware

and security concerns– Reduces cost to expand

manufacturing to multiple sites• Saas models to allow elasticity

– Expenses: Shift from capital expense to operational expense

– Performance: Scale up from POC to billions of devices without changing infrastructure hardware

• Built in mechanisms for auditability, access control, and reporting

///

USING THE CLOUDFOR IDENTITY ISSUANCE

@ThingsExpo

Size, scale, and scope of your ecosystem

Diversity of devices and processing power

Trust models and complex relationships

Lifecycle management across device and cloud

/////

/////

/////

/////

NEW CONSIDERATIONS FROM THE IoT

@ThingsExpo

A flexible & scalable PKI platform can meet the needs of high-volume PKI use cases in the internet of things

Volume Velocity+ Variety+ Usage & Lifecycle

+

While being cost effective

Billions of certificates, identities, and relying parties per ecosystem

Flexible certificate needs to support the cross domain use cases

KEEPING PACE WITH THE SPEED OF THE IoT

@ThingsExpo

///// Implement security and identity from the outset

/////

Leverage established standards covering authentication, authorization, encryption, and data integrity

///// Each deployment is going to have its own needs, need solutions that are flexible!

Ensure service provides are capable of maintaining security and oversight

/////

THE ANSWER TO IDENTITY IN IoT?

@ThingsExpo

Public Trust

Private TrustTrust needs arescenario dependent

The Things

Consumer

Administrator

Business

3rd Party Application

Vendor

Data Web Services

AdminPortal

Thing Web Services

Consumer Web Portal

Partner Web Portal

Cloud Provider

Identity ServicesPKI, Authentication, Authorization,

& Identity Relationships

Example Ecosystem

@ThingsExpo

THANK YOU!QUESTIONS?

Lancen.LaChance@globalsign.com

twitter.com/globalsign