Application security as crucial to the modern distributed trust model
-
Upload
line-corporation -
Category
Technology
-
view
3.293 -
download
0
Transcript of Application security as crucial to the modern distributed trust model
© 2017 Intertrust Technologies Corporation. All rights reserved.
Application security as crucial to the modern distributed trust modelLINE-Intertrust Security Summit 1 —TokyoMay 17, 2017
Dave Maher, CTO Intertrust
© 2017 Intertrust Technologies Corporation. All rights reserved.
Three drivers for Application layer security
2
1. Scale
2. Hyper-connectivity
3. Implications of Merger of the Cyber and Physical worlds
© 2017 Intertrust Technologies Corporation. All rights reserved.
Scale
3
20204
BILLIONConnected People
$4 TRILLIONRevenue Opportunity
25+ MILLION
Apps
25+ BILLION
Embedded and Intelligent Systems
50 TRILLION
GBs of Data
© 2017 Intertrust Technologies Corporation. All rights reserved.
Hyperconnectivity and dynamic and ephehemeral networks
4
© 2017 Intertrust Technologies Corporation. All rights reserved.
Merger of Cyber and Physical worlds bring huuuuge risks
5
© 2017 Intertrust Technologies Corporation. All rights reserved.
Isolation defeats the purpose of connectivity
6
© 2017 Intertrust Technologies Corporation. All rights reserved.
Ransomware and other malware
7
© 2017 Intertrust Technologies Corporation. All rights reserved.
Software self-defense addresses scale
8
Things must become responsible for themselves
© 2017 Intertrust Technologies Corporation. All rights reserved. 9
© 2017 Intertrust Technologies Corporation. All rights reserved.
• Security within the device or application — self-defense
• Security mechanisms that are simple for users, self-maintaining, inexpensive yet strong
• Security can be lightweight yet strong
• Defense-in-depth: Additional layers, including
• Network security where appropriate
• Cloud-based services that can detect patterns of illicit activity
• Protection of application data and device sensor info
• Protection of resources
• Secure delegation: Make it easy to give access to legitimate users but hard for illicit users
Trust models — what we rely on for Safety, Security, Privacy
10
© 2017 Intertrust Technologies Corporation. All rights reserved.
Model for an internet connected thing
11
Sensors
Physical Interfaces
Communications
Security Associations
Remote Controller
CloudServices
Thing
Remote Front Panel Status
Security Manager
© 2017 Intertrust Technologies Corporation. All rights reserved.
• Except by legitimate users
• Part of a defensed in depth strategy
• When a device or application appears on a network, don’t shout out too much
• Incremental and tokenized discovery can keep things friendly for legitimate users
• Protocols can help assure things appear uninteresting to illegitimate users
Make valuable devices difficult to discover
12
© 2017 Intertrust Technologies Corporation. All rights reserved.
Reference Monitor
13
Reference Monitor
Security Associations
Audit Trail
Device ControlsUser
© 2017 Intertrust Technologies Corporation. All rights reserved.
• A Security Association (SA) is the establishment of shared security attributes between two network entities to support secure communication
• We can use a similar approach for authorization using Message Authentication Codes
• We can include permissions in an SA authorizing use of commands or access to state and sensor data in a device or application
• Keys are typically part of an SA
• We can use cloud services to simplify SA management and associated key management for IoT devices and applications
Security Associations
14
© 2017 Intertrust Technologies Corporation. All rights reserved.
Secure Key Vault
15
• Access to applications and devices can be protected using cryptographic keys in security associations
• Need a secure place to keep them
© 2017 Intertrust Technologies Corporation. All rights reserved.
• Collect behavior info from devices and applications
• Learn normal behavior
• Detect and classify anomalies
• Determine threat thresholds
• Set alarms and notifications
• All without tipping off intruders
Secure Telemetry and Threat Analytics
16
© 2017 Intertrust Technologies Corporation. All rights reserved.
1. When we design applications and IoT devices today we must keep in mind• Scale• Hyper-connectivity• Implications of Merger of the Cyber and Physical worlds
2. We CAN keep things simple and friendly but we must take care
17
Conclusion
© 2017 Intertrust Technologies Corporation. All rights reserved.
Thank you