Presentation is loading. Please wait.

Presentation is loading. Please wait.

IoT Security – fel vagyunk rá készülve?

Published byLorraine Booker Modified over 5 years ago

Similar presentations

Presentation on theme: "IoT Security – fel vagyunk rá készülve?"— Presentation transcript:

1 IoT Security – fel vagyunk rá készülve?
Kovács Krisztián | November 21.

2 Silicon Labs FOUNDED IN 1996 LISTED SLAB ~35,000 CUSTOMERS >1,600 PATENTS A track record of multiple industry firsts, transforming and disrupting large markets Core competencies in mixed-signal and RF CMOS silicon architectures, software, and systems Focus on high-quality, diversified markets Well positioned for sustainable growth Krisztián Kovács Leading the WW IoT Applications team Managing the Engineering Design Center in Budapest

3 Is it a real concern? Smart Engineers What you see You aimed here
The gun shot here Silicon Labs Confidential

4 Yes, it IS… Mirai botnet enslaved poorly defended IoT devices:
10/12/16 - launched DDoS attack against Dyn shut down much of the internet service in the US Mirai is still enslaving new devices today! How it works? Attack through Telnet with default passwords Does two things: Tries to login to random IP to deploy itself Enables a CLI being able to trigger a DDoS attack Built for most common IoT CPU architectures: x86, ARM, PowerPC, etc. Lives in memory until reboot Silicon Labs Confidential

5 Governments start to act
Guidelines Code of Practice IoT Security law Educating the industry Collection of technology related best practices, white papers cybersecurity/nist-initiatives-iot “Code of Practice for consumer IoT security” 13 outcome-focused guidelines, covering the whole device life cycle ications/secure-by-design/code-of- practice-for-consumer-iot-security California issued the first “IoT Security Law” Device makers are mandated to establish “reasonable” security -governor-signs-countrys-first-iot- security-law/ (CNET, US-California, Sept 28, 2018) Silicon Labs Confidential

6 Increased attack surface
Accessibility to hardware Limited processing power in end nodes Proprietary / / Silicon Labs Confidential

7 Industry incorporates HW security features
Secure Enclave: Isolates keys and key usage from application Application can use, but not see keys Enhanced Cryptography: Lightning fast HW engines for IoT chipers Mbed TLS library that uses the HW engines optimally HW Crypto Engines w/DPA Secure Identities True Random Numbers TrustZone Debug Lock Secure Key Storage w/PUF Secure Boot Tamper Detectors Silicon Labs Confidential

8 Industry incorporates HW security features
True Random Number Generation: Needed for cryptography & communication protocols HW peripheral with conditioning and health test Secure Debug Lock: JTAG permits full access to code and data on a device Desired to protect, but reopen for RMA or upgrades Tamper protection: Voltage, clock, temp. and magnetic tamper detection Detection of broken enclosure via buttons and trace HW Crypto Engines w/DPA Secure Identities True Random Numbers TrustZone Debug Lock Secure Key Storage w/PUF Secure Boot Tamper Detectors Silicon Labs Confidential

9 Industry incorporates security SW features
Secure boot: Most attacks rely on changing/controlling the code running on a device Secure the firmware running on the device Over The Air update: There is no such things as “SECURE DEVICE” Critical to build in a secure way of upgrading the device on the field Silicon Labs Confidential

10 Industry incorporates security SW features
TrustZone: Added security in case of bugs or an attack ARM Armv8-M TrustZone (Cortex-M23/33) offers software isolation to code, memory and I/O while retaining real-time deterministic response and minimal switching overhead Secure state is kept as small as possible to reduce the attack surface and vulnerabilities Programs running in secure state can access both secure and non-secure information, whereas non- secure programs can only access non-secure resources Silicon Labs Confidential

11 Application security Never use static passwords
Force user to set password Don’t allow common passwords Silicon Labs Confidential

12 Final thoughts Security is a process, not a feature!
IoT devices will need to evolve, continuously monitored and protected against cyber attacks Be a good citizen! Secure your IoT applications! Technology is there: USE it correctly! Encryption, authentication, secure updates, etc. Silicon Labs Confidential

13 Thank you!

Download ppt "IoT Security – fel vagyunk rá készülve?"

Similar presentations

1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
CS 345 Computer System Overview

CS 345 Computer System Overview
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Intel ® Research mote Ralph Kling Intel Corporation Research Santa Clara, CA.

Intel ® Research mote Ralph Kling Intel Corporation Research Santa Clara, CA.
Bootstrapping Trust in Commodity Computers Bryan Parno, Jonathan McCune, Adrian Perrig 1 Carnegie Mellon University.

Bootstrapping Trust in Commodity Computers Bryan Parno, Jonathan McCune, Adrian Perrig 1 Carnegie Mellon University.
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.

CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
Oscar Pozzzobon Technical Director, Qascom ION GNSS 2011, September 23, Portland, US.

Oscar Pozzzobon Technical Director, Qascom ION GNSS 2011, September 23, Portland, US.
Protecting Data on Smartphones and Tablets from Memory Attacks

Protecting Data on Smartphones and Tablets from Memory Attacks
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partners only. Do not distribute. C97-721796-00.

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partners only. Do not distribute. C
Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.

Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.
Profit from a practical IP Billing Solution Suresh Balasubramanian Senior Product Manager Macrovision.

Profit from a practical IP Billing Solution Suresh Balasubramanian Senior Product Manager Macrovision.
Www.appmobi.com The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.

The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 draft-urien-eap-smartcard-06.txt “EAP-Support in Smartcard”

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 draft-urien-eap-smartcard-06.txt “EAP-Support in Smartcard”
Bootloaders Many embedded processors have flash memory. This allows us to alter a product even though it is in the users hands: -fix bugs -upgrade or enhance.

Bootloaders Many embedded processors have flash memory. This allows us to alter a product even though it is in the users hands: -fix bugs -upgrade or enhance.
If it’s not automated, it’s broken!

If it’s not automated, it’s broken!
WP2: Security aware low power IoT Processor

WP2: Security aware low power IoT Processor
iTWIN The Limitless - Pen drive

iTWIN The Limitless - Pen drive
Asset Performance Management

Asset Performance Management
Trusted? 05/4/2016 Charles Sheehe, CCSDS Security Working Group GRC POC All information covered is from public sources.

Trusted? 05/4/2016 Charles Sheehe, CCSDS Security Working Group GRC POC All information covered is from public sources.
Securing Network Servers

Securing Network Servers

Similar presentations

Ads by Google