Preparing for the future of IoT security · Internet of Things –Endless opportunities but also...
Transcript of Preparing for the future of IoT security · Internet of Things –Endless opportunities but also...
Preparing for thefuture of IoT securityThe IoT Security starts HERE!
Claus GruendelSenior Director – G+D Mobile Security
June 01/02 – IoTExpo Berlin 2017
Internet of Things – Endless opportunities but also high risk
Source: Gartner Forecast – Internet of Things
(in mio. Units)
Gartner forecast on IoT installed base51%Companies do not
feel prepared for
security attacks of
IIoT devices.
64%Already recognized
the need to protect
against IIoT
attacks.
>90%Companies expect
a significant
increase in risk
caused by the use
of IIoT.
96%Companies expect
to see an increase
in security attacks
on IIoT in 2017.
90%Study expect IIoT
deployments to
rise.
Source: tripwire.com – The State of Security: Stories, trends, insights @ tripwire.com/blog
0
5,000
10,000
15,000
20,000
25,000
2013 2014 2015 2016 2017 2018 2019 2020
Business IOT
Consumer IOT
2G+D Mobile Security | IoTExpo Berlin June 01, 2017
The digital transformation challenge – IoT is getting complex
Connect
Flexible connectivity
eSIM management
LPWAN/LoRa
Secure UHF
Collect
Secure IoT platform
Consume
Transparency
Products
Processes
Partners
Manageability
Access management
Granular policy management
Device management
Update of HW/SW
Identity
Device identity
User identity
Product identity
Virtual identity
Security
Active protection
Security lifecycle
Anomaly detection
Retrofit
3G+D Mobile Security | IoTExpo Berlin June 01, 2017
Analytics
IoT - Wide range of devices with values and risk exposure as well as
individual security requirements
IoT Device Value
€1.00
€10.00
€100.00
€1,000.00
€10,000.00
€100,000.00
€1,000,000.00
€10,000,000.00
€100,000,000.00
SmartSensor
WearableConsumer
IoT
SmartDevice
BusinessIoT
HealthDevice
PublicIoT
AutomotiveIoT
IndustrialIoT
Even the easiest to develop
type of endpoint device must
behave in a reliable, high
quality, and secure manner
because it is expected to
participate in a network that
could eventually span up to
millions of devices in size
GSMA IoT Security Guidelines, 2016
Challenges identified to provide this security based on the early market
dynamics
G+D Mobile Security | IoTExpo Berlin June 01, 2017 4
Security-by-designSmart, flexible and scalable solutions are needed to secure the IoT in future
BUT – IoT SECURITY CANNOT BE RETROFIT!
Secure
OS
SecureApps
Trusted Identification
Secure Provisioning
Secure Platform
Secure Processes
Secure Policy
Control
Secure Communication
Secure Update
Secure Lifecycle
Management
Secure Hardware
G+D Mobile Security | IoTExpo Berlin June 01, 2017 5
IoT System Security Functions & Mechanism
Data Generation + Connectivity
Protected devices + identity & lifecycle
Gateways & Basestations
Network Security Management
Integration + Data aggregation
E2E Security
Presentation & System Integration
DB & Ops Security
User(s) & System(s)
App / Web
User
Secure Edge Computing
Data Access Control
Data Proof of Origin
Data Analysis, Storage & Trans-
formation
DB & Ops Security
Air Interface Security
Radio Data Protection
Network Robustness
Device Integrity
Key & Local Data
Protection
Gateway Integrity & Identity
Endpoint Control
Incident Recognition
Incident Reporting
Device Identity
Storage / Cloud Security
Key & Local Data Protection
Management & Analysis
Monitoring
Analysis & Reporting
Key Injection
Key Provisioning
Data Collection
M2M
Identity Management & Authentication
Anomaly Detection
G+D Mobile Security | IoTExpo Berlin June 01, 2017 6
IoT Platform
DE
CIS
ION
S!
IoT security starts HERE! – Secure Connectivity & Data GenerationS
ec
uri
ty S
erv
ice
OEM
MCU
Bare MCU Design
Appliance Appliance
MCU
Bare MCU
Unique Device Key
Personalization Application Firmware
Mastering
Mastering Tool End Product
Secure Provisioning
Secure
▪Boot
▪Com Channel
▪Authenticity
▪Network Key
▪Application Key
▪ Identity!
Operator
G+D Mobile Security | IoTExpo Berlin June 01, 2017 7
Silicon Provider
G+D Mobile Security | IoTExpo Berlin June 01, 2017 8
Secure Device Environments cover different use cases and markets –Balancing of security needs, efforts and market size need is essential
All other devices
Dedicated devices / users dealing with confidential information
Secure Devices / CxO´s
HSD, Public
authorities
▪ Dedicated devices▪ Hardened OS plus SE
▪ SE, SIM card, eSE, SD card
▪ Trusted Execution Environment
▪ Device security capabilities
▪ WBC▪ TAK (incl. WBC)
Secu
rity
leve
l
+++
+
Co
sts
/ E
ffo
rts
+++
+
Mar
ket
size
niche
mass
De
vice
ch
oic
e
1-2
many
Go
vern
men
tB
2C &
En
terp
rise
Note: The levels are to be understood as minimum-levels. Of course, higher level security can be used on lower layers of the pyramid as well!
Devices / User dealing with sensitive information
Secu
re S
ervi
ces
few
many
Co
nsu
mer
G+D Mobile Security | IoTExpo Berlin June 01, 2017 9
Secure IoT – It all starts with a trusted ID, and it ends up with a new one ...
Unique ID based Authentication and Confidentiality
Data Privacy and Integrity
Service
Maintenance
Analytics
Customer
IDENTITY + SECURITY + CONNECTIVITY + “MANAGEABILITY”User ID
User ID
ID Management
Lifecycle Management
Secure Apps
...
IoT Device Bearer network Cloud ServiceGateway
2G...5G, LoRa,
LPWAN, WiFi,
BLE, Zigbee...
ID/Policy
ControlDevice ID
Fine granular Policy based Access
ID
ID
Cyber Protection and Device individual “self learning” Anomaly DetectionYou can´t secure what you can´t
update – An ID is key!
G+D Mobile Security | IoTExpo Berlin June 01, 2017 10
IoT security Design Rules
Design & built (tailored) Security in, adding it later can be very hard
Define and build a minimal security foundation
The FOCUS is also on IoT endpoints
KISS: Keep security mechanismas simple, avoid the „black box“
Use existing standards
Encrypt (sensitive) data at rest and in transit
Use well-studied cryptographic building blocks
Develop a realistic threat model
Identity and Access Management must be part of the design
Consider analytics and anomaly mechanisms
IoT security for the distributed cloud
Open access IoT networks, distributed cloud
2022 and beyond
G+D Mobile Security | IoTExpo Berlin June 01, 2017 11
Self administering objects – each
with their own security
A pre-requiste for securely
utilizing BLOCKCHAINS!
G+D Mobile Security | IoTExpo Berlin June 01, 2017 12
G+D Mobile Security – SecYOUrity and Beyond
Connectivity + Identity + Security + “Manageability”
Provider for connectivity
Security and ID mgmt.
Enabler for new
Business Opportunities
… & Added Value New use-cases
Flexibility
Ease of use
Seamless integration
Fit for purpose
Resilience
…
Security … Identification
Authentication
Connectivity
Physical access
Logical access
Policy management
Data protection
IP protection
Device protection
Privacy
Device management
...
Connected Car
Automotive IoT
Industrial IoT
Industry 4.0
Business IoT
Consumer IoT
Smart Cities
Safety Risk
Assets Finance
Damage
ID/IP Theft
Blackmail
G+D Mobile Security | IoTExpo Berlin June 01, 2017 13
100 millionauthentication cardsprotecting access for customers worldwide
+1.5 billionEMV cards provisioned over the past 5 years
660 million contactless and dual interface cards issued over the past 6 years
8 of the top 10car manufacturers trust in G+D Mobile Security’s connected car solutions
>100mobile payment solutions provided to leading financial institutions
+1 billionmobile devicesmanaged globally
2.9 billionSIM cards managed in over 80 countries
#1in eSIM management
Scalable IoT Security for Enterprises and OEMs
Managed connectivity for
telecommunication industries
SECURING
MOBILE
LIFE
Digital Banking for financial institutions
G+D Mobile Security –Securing & Managing billions of connected digital identities today
Thank you for
your attention!
www.twitter.com/GI_DE_com
www.gi-de.com
www.linkedin.com/company/giesecke-&-devrient
www.gi-de.com/youtube
Claus GruendelSenior DirectorGiesecke & Devrient - Mobile Security
mail: [email protected]: +49 172 262 04 61
© Giesecke & Devrient GmbH, 2017.