Arete Technology Confidential

2 Security Threats on IoT Arete Technology Confidential When everything goes to the Internet, changing human life, it brings great convenience and smartness If you do “NOTHING”… it maybe a disaster Security

3 Security Risk on Manufacture IoT Arete Technology Confidential Chrysler, Jeep Cherokee Hacker approaches to manufacture (w/o Internet) USB storage Maintenance PC Sensor Camera Current IoT Remote Monitor , 1.4 million cars were recalled because hackers can take over the vehicle through Uconnect. In 2014, Hacking on manufacturing factories increases eight times than ever, from American ICS-CERT

4 Security Threats on IoT Arete Technology Confidential A Fake Server Sending incorrect commands which can be used to trigger unplanned events, or send some physical instruction (shutdown, restart, …etc) A Fake Device Injecting fake measurements which can disrupt the control processes and cause them to react (generate surroundings or tool overheating event,…etc) Data Corruption Modification of users’ data (Decrease meter numerical values to save money) An Eavesdropper Listening to commands or data which can reveal confidential information about the operation of the infrastructure

5 Importance of Device Authentication in IoT Material from ST-Micro Arete Technology Confidential

6 Solutions that Arete provide Arete Technology Confidential Communication interface Answer ® RTOS Secure CPU Core Secure Boot Crypto Vault Key Asset Bus Scramble Network Management Autonomous Mix Interface Mesh Authorization Security Components Authentication Crypto API BT WiFi ZigBee Ethernet PLC UART Integrity Checking, Anti-power analysis, Ani-invasive attack Security SOC Tamper Resistance Anti-clone, Confidentiality Sub-G

7 Peer-to-Peer Device Authentication Arete Technology Confidential Sensor, End device Device 1 ANSWER® Device 2 ANSWER® Device 3 ANSWER® Cloud Server Gateway Router Session key 1-2 Session key 2-3 Network1 key No central Certificate Authority is needed in the process of device authentication Existing network protocols are applied between gateways and Answer ® devices. CA Device 4 ANSWER® Device 5 ANSWER® Network2 key Session key 4-5 Session key 3-4

8 Arete Technology Confidential Use Case

9 Device Authentication using Triple-DH Arete Technology Confidential Device 1 Device 2 Device1 Key Pair: Y = y*G, Epoch key pair: B = b*G Device2 Key Pair: X = x*G, Epoch key pair: A = a*G Hello[r dev1 ] Certificate[Cert Dev2 ] KeyExchange[A] r = r dev1 +r dev2 Hello[r dev2 ] Verify(Cert Dev2 ) and get X k 2 = 2DHKDF((A+d A X)b, r) r = r dev1 +r dev2 k 3 = 3DH-KDF((A+d A X) (b+e B y), r) Certificate[Enc k2 [Cert Dev1 ]] KeyExchange[B] k 2 = 2DH-KDF((a+d A x)B, r) Decrypt and get Cert Dev1 Verify(Cert Dev1 ) and get Y k 3 = 3DH-KDF ((a+d A x) (B+e B Y), r) Key pairs generation Nonce Exchange Device 2 Cert. & Key A delivery Device 2 Cert. Verification Device 1 Cert. & Key B delivery Device 1 Cert. Verification Session key delivery encrypted by common derived key k3, Enc k3 [Sek]

10 ANSWER® System is the Solution Arete Technology Confidential A utonomous N euro S ecure W ise E fficiency R elay

11 Arete Technology Confidential Thanks for Listening

12 Comparison with chips in IoT Arete Technology Confidential General MCU Authentication Device DSP/Crypto Processor Secure CPU Core Built-in Crypto Vault Authentication Secure boot/FOTA ANSWER RTOS Arete SOC Security Performance