Presentation is loading. Please wait.

Presentation is loading. Please wait.

IoT Cooperation Strategy

Published byFrancis Lawrence Modified over 7 years ago

Similar presentations

Presentation on theme: "IoT Cooperation Strategy"— Presentation transcript:

1 IoT Cooperation Strategy
November 2016

2

3 Change of Security’s Paradigm
“Traditional security method in IT environment is not effective anymore. So, device security and internalized-security technology are needed. Application Security PC/Server Network Traditional IT Security IoT Device Security [Solution by Sec Hardware/OS] Security Solution Added Device Secu. → Internalized Secu.

4 Problems of IoT Device Security
“Device Security needed, But hard to React because of following problems” Limited processing power & memory Difficulty in installation & execution of security solution Easy physical access Difficulty in protection of certification or password by physical control Countless HW, OS, APP Various ways of threat or attack

5 Increased Threat for IoT Device Security
“More dangerous because hardware control can be hijacked by hacking of firmware of IoT device” OS Level Firmware Hacking CPU Boot Loader Device OS Application SW Home appliance(100,000) Used for scattering spam mail ( , Proofpoint) Chrysler Car Control hijacked by Firmware Attack ( , WSOCTV) Hacking of NEST thermal control system - Appearance of IoT Ransomware ( , ‘DEFCON’)

6 Development Process of Device Security
“Developing from Laptop-based sec to Mobile, IOT-based sec But, not enough standardization for device security and remote-attestation ” 2005 2010 2015 Laptop Smart Phone IoT Device TPM Embedded SE Security built-in MCU ARM Trust Zone (Android) Secure Element (iOS) Hardware TPM Linux RTOS Firmware Windows iOS/Android iOS Android OS Windows SecureBoot Trusted Boot File System Encryption Application Sandbox Mutual Authentication Firmware Encryption Comm. Encryption Secure Boot Trusted Boot File System Encryption Application Sandbox (SE Linux) Key Security Measures Secure Boot Trusted Boot

7 Current position of market in IoT Security
(US $) 7.9B YR 2015 36.95 (Source: MarketsandMarkets, Jan 2016) Billion YR 2020 CAGR: 36.1% IoT Security “Globally, IOT Security Market is in start-phase” 2015yr 8B will increase 2020yr about 40B Trend of introducing of R&D security format and certification South Korea, Introduction of IoT device security certification is scheduled from 2017yr. (Ministry of Science, ICT, and Future Planning, 2016)

8 Current position of market in IoT Security
Chipset Vendors IoT Platforms IoT Service Providers Things Gateways IOT Service Platform Applications SECURITY PLATFORM (Device Security) (Gateway Security) ( • ) (Remote Attestation) (Device Security) (Gateway Security) ( • ) (Remote Attestation) (Device Security) ( • ) ( • ) ( • ) ( • ) (Gateway Security) ( • ) ( • ) ( • ) ( • ) (IoT Platform) ( • ) ( • ) ( • ) ( • ) (Remote Attestation)

9 Main Technology in IoT Security
“Hardware-based certification / encrypt and digital-sign tech Can block illegal duplication or transformation of device” . Private-ID Certification Firmware encoding (Confidentiality) Secure boot and Update of code-sign (Integrity) Device Co-Certification Remote- Attestation (Remote Attestation) Specific information (Creation of Private-ID) CPU CPU Verify the integrity by exchange between digital-signed certification information and boot process information Root of Trust boot loader boot loader (Signature) Quote Kernel/ Firmware (Firmware decoding) (Signature) Server Health? RAM Kernel/ Firmware Boot Record Hash ? X (Signature) x Malware (Signature) Rootfs The current hash Z Reply (Firmware Encoding) Reboot to get back to clean image Prevention for illegal device duplication Prevention for illegal device transformation Detect duplicated or transformed device

10 How to apply IoT Security
“Application of proper security and IoT service business remote-Attestation for every IoT Device, Gateway, Service Platform Device Platform Gateway Platform Service Platform Smart City Device Identity Remote Attestation Security Programmable MCU TPM (Trusted Platform Module) Device password Server open-key Maker open-key Device password Server open-key Maker open-key Smart Factory Server ? Health? Reply Send signed code Device open-key Hash Table Env. Energy SDK Smart Home SecurityOS Firmware encoding Secure Boot SELinux Verify the integrity by exchanging digital-signed boot process information RTOS Firmware encoding Secure Boot Embedded Linux Smart Farm Detection of illegally duplicated or camouflaged device Detection of illegally transformed device(HW, SW, setting point) Protection of Data and control order Safe signed patch HW Private-ID certification Prevention of illegal duplication Prevention of system transformation Message Sign/Encoding Update Code-sign HW Private-ID certification Prevention of system transformation Isolation of Application File/Communication Encoding Update Code-sign Health Safety

11 Case Study Ⅰ. LG Electronics
“Introduce Security Module by Security MCU installed mini SD card” Secu. MCU SDK Security Module Mini SD Interface HW Private-ID certification Prevention of illegal duplication Prevention of system transformation Message Sign/Encoding Update Code-sign

12 Case Study Ⅱ. VS. “Introduce eSE built-in or eSE separate MCU style
in Security Module.” eSE Built – in MCU eSE separate MCU Core Board Secure SoC MS1000 Device authentication Anti-cloning Message signing Anti-forgery Secure updates with signed code

13 Case Study Ⅲ. SK Telecom “Remote Attestation plug-in for SKT’s IoT Platform (ThingPlug)” Key Features Plan Develop Release Distribution manage Prevention of firmware transformation Date Protection Remote Monitoring Safe Update Secure Boot Password Library Device diagnosis Firmware sign FOTA Update Remote Attestation LoRa Device (i.e. AMI) LoRa Module SECURE MCU SDK

14 Case Study Ⅳ. Security Platform
“Industrial Smart Factory Sensor Module(WICON)+Security Module [ Security Module ] WiFi BLE 3G, LTE Security Control Secure Element (Unique Private KEY, Public KEY of CA, Certificate of Mfg.) WICON Secure Boot MS500 (Security Built-in MCU) Device Authentication Comm. Encryption Secure Update with Signed Code

15 Recommendation for cooperation
“Build device remote-attestation of business operator in IoT service as common standard requirement” ☞ can develop(or need development of) standard-proper Trusted boot(Security chip or maker) ☞ Security by Design & Privacy by Design Security Chip Maker Device Maker IoT service business operator 2015 <Security Exclusive processor> Trusted Boot & Remote Attestation Server Health? ? 2016 <Security Engine integral MCU> Reply Verify the integrity through digital-signed boot process information exchange by protection of password from every physical, logical attack.

16 Thank you! Jaesoo Kim

Download ppt "IoT Cooperation Strategy"

Similar presentations

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Vpn-info.com.

Vpn-info.com.
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Preventing Theft of Quality of Service on Open Platforms Kwang-Hyun Baek and Sean W. Smith Department of Computer Science Dartmouth College

Preventing Theft of Quality of Service on Open Platforms Kwang-Hyun Baek and Sean W. Smith Department of Computer Science Dartmouth College
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.

Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Part of the BRE Trust Protecting People, Property and the Planet Smart Buildings and Security: Developing a unified approach Will Lloyd BRE Global Limited,

Part of the BRE Trust Protecting People, Property and the Planet Smart Buildings and Security: Developing a unified approach Will Lloyd BRE Global Limited,
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Building an Application Server for Home Network based on Android Platform Yi-hsien Liao Supervised by : Dr. Chao-huang Wei Department of Electrical Engineering.

Building an Application Server for Home Network based on Android Platform Yi-hsien Liao Supervised by : Dr. Chao-huang Wei Department of Electrical Engineering.
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Presentation By Deepak Katta

Presentation By Deepak Katta
All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영 2015. 04. 21.

All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영
Session Agenda Designed to address BIOS Limitations Needed for the larger server platforms (Intel-HP Itanium) First called Intel Boot Initiative.

Session Agenda Designed to address BIOS Limitations Needed for the larger server platforms (Intel-HP Itanium) First called Intel Boot Initiative.
Trusted Computing BY: Sam Ranjbari Billy J. Garcia.

Trusted Computing BY: Sam Ranjbari Billy J. Garcia.
ANDROID Presented By Mastan Vali.SK. © artesis 2008 | 2 1. Introduction 2. Platform 3. Software development 4. Advantages Main topics.

ANDROID Presented By Mastan Vali.SK. © artesis 2008 | 2 1. Introduction 2. Platform 3. Software development 4. Advantages Main topics.
An approach to on the fly activation and deactivation of virtualization-based security systems Denis Efremov Pavel Iakovenko

An approach to on the fly activation and deactivation of virtualization-based security systems Denis Efremov Pavel Iakovenko
Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.

Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.

Similar presentations

Ads by Google