This document and the information therein are the property of Safran. They must not be copied or communicated to a third party without the prior written authorization of Safran IoT Security of Things Event / 19th October 2016 / Telecom Business Unit 1
SECURE ELEMENTS FOR IOT SECURITY NICHOLAS VONDRAK, MARKETING MANAGER
10/19/2016
This document and the information therein are the property of Safran. They must not be copied or communicated to a third party without the prior written authorization of Safran
Why the discussion?
Month/day/year
IoT Security of Things Event / 19th October 2016 / Telecom Business Unit 2
Huge opportunity Tremendous risk
“~26 smart objects for every human being on Earth!” -Intel
This document and the information therein are the property of Safran. They must not be copied or communicated to a third party without the prior written authorization of Safran
IoT security challenges
Month/day/year
IoT Security of Things Event / 19th October 2016 / Telecom Business Unit
Identity: Authenticating Endpoints, services, and the customer or end-user operating the Endpoint
Security: Ensuring that system integrity can be verified, tracked, and monitored
Privacy: Reducing the potential for harm to individual end-users
Availability: Ensuring constant connectivity between Endpoints and their respective services
3
Inline with CIA (confidentiality, integrity, availability) information security goals
This document and the information therein are the property of Safran. They must not be copied or communicated to a third party without the prior written authorization of Safran
“A secure element (SE) is a tamper-resistant platform (typically a one chip secure microcontroller) capable of securely hosting applications and their confidential and cryptographic data (e.g. key management)”
-GlobalPlatform
A proposed solution
Month/day/year
IoT Security of Things Event / 19th October 2016 / Telecom Business Unit 4
“Because these devices are connected to the network, if they lack adequate security they offer the possibility of being used as an entry point to the network for attackers, who may have little interest in the device or service itself except as an entry point.”
-SIMalliance, An analysis of the security needs of the 5G market
1.eSIM 2.SIM 3.eSE
This document and the information therein are the property of Safran. They must not be copied or communicated to a third party without the prior written authorization of Safran
Secure element as one solution – use cases
Month/day/year
IoT Security of Things Event / 19th October 2016 / Telecom Business Unit 5
Communication cryptographic keys
Network & service authentication
credentials
Sensitive data protection (i.e. biometric templates)
Application
authenticity identifiers
Secure provisioning of unique device &
user identities
a SE as eSIM, eSE or SIM can address all of these needs
This document and the information therein are the property of Safran. They must not be copied or communicated to a third party without the prior written authorization of Safran
• Balance between security, convenience and cost will continue to evolve
• A solution will only be as secure as its weakest link… a secure element alone is not enough
• Registration is just as important as authentication
• As the evolution in capabilities of criminals evolves so must the advancements of technologists
Secure element as one solution - conclusion
Month/day/year
IoT Security of Things Event / 19th October 2016 / Telecom Business Unit 6
This document and the information therein are the property of Safran. They must not be copied or communicated to a third party without the prior written authorization of Safran Month/day/year
IoT Security of Things Event / 19th October 2016 / Telecom Business Unit 7
Nic Vondrak NORAM Marketing Manager | Safran Identity & Security [email protected]