iot – it’s all about security
TRANSCRIPT
![Page 1: IoT – It’s All About Security](https://reader031.vdocuments.us/reader031/viewer/2022020707/61feb6c70c55f426d6492525/html5/thumbnails/1.jpg)
mentor.com/embedded
Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions.Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
Colin [email protected]
IoT – It’s All About Security
![Page 2: IoT – It’s All About Security](https://reader031.vdocuments.us/reader031/viewer/2022020707/61feb6c70c55f426d6492525/html5/thumbnails/2.jpg)
2 mentor.com/embedded2
Fashions in Embedded Software
C++ Windows CE Java Eclipse UML low power design IoT
![Page 3: IoT – It’s All About Security](https://reader031.vdocuments.us/reader031/viewer/2022020707/61feb6c70c55f426d6492525/html5/thumbnails/3.jpg)
3 mentor.com/embedded33
Home Automation
![Page 4: IoT – It’s All About Security](https://reader031.vdocuments.us/reader031/viewer/2022020707/61feb6c70c55f426d6492525/html5/thumbnails/4.jpg)
4 mentor.com/embedded44
Home AutomationIntroducing IoT
![Page 5: IoT – It’s All About Security](https://reader031.vdocuments.us/reader031/viewer/2022020707/61feb6c70c55f426d6492525/html5/thumbnails/5.jpg)
5 mentor.com/embedded55
Merry Christmas!
Home AutomationIntroducing IoT
![Page 6: IoT – It’s All About Security](https://reader031.vdocuments.us/reader031/viewer/2022020707/61feb6c70c55f426d6492525/html5/thumbnails/6.jpg)
6 mentor.com/embedded66
WearablesIndirect IoT
![Page 7: IoT – It’s All About Security](https://reader031.vdocuments.us/reader031/viewer/2022020707/61feb6c70c55f426d6492525/html5/thumbnails/7.jpg)
7 mentor.com/embedded7
![Page 8: IoT – It’s All About Security](https://reader031.vdocuments.us/reader031/viewer/2022020707/61feb6c70c55f426d6492525/html5/thumbnails/8.jpg)
8 mentor.com/embedded8
Defining IoT Devices Standalone
— For purpose built device – no network connection
Connected— Networked device with limited capabilities and — one way access
Managed— Monitor— Configure— Update
![Page 9: IoT – It’s All About Security](https://reader031.vdocuments.us/reader031/viewer/2022020707/61feb6c70c55f426d6492525/html5/thumbnails/9.jpg)
9 mentor.com/embedded99
SERVICES
LAN
WAN
CLOUD
PAN
Open fridge – remind
me to track food eaten
![Page 10: IoT – It’s All About Security](https://reader031.vdocuments.us/reader031/viewer/2022020707/61feb6c70c55f426d6492525/html5/thumbnails/10.jpg)
10 mentor.com/embedded10
Safety vs Security
Safety: Protecting the world from the device
Security: Protecting the device from the world
The two can be related: e.g., a security breach could result in a safety issue
![Page 11: IoT – It’s All About Security](https://reader031.vdocuments.us/reader031/viewer/2022020707/61feb6c70c55f426d6492525/html5/thumbnails/11.jpg)
11 mentor.com/embedded11
Security Standards Industrial Automation
— ISA/IEC 62443:EDSA– www.isa.org/isa99/
Federal Mandate— U.S. Federal Executive Order (EO) 13636
– www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity
Power Grid/Smart Grid— NERC CIP
– www.nerc.com/pa/Stand/Pages/CIPStandards.aspx — NIST IR 7628
– www.nist.gov/smartgrid/upload/nistir-7628_total.pdf — NITRD (Tailored Trustworthy Spaces)
– www.nitrd.gov/pubs/NITRD_TTS-SmartGrid_Workshop_2011.pdf — OMG Security Fabric
– http://sfsig.omg.org/index.htm
![Page 12: IoT – It’s All About Security](https://reader031.vdocuments.us/reader031/viewer/2022020707/61feb6c70c55f426d6492525/html5/thumbnails/12.jpg)
12 mentor.com/embedded12
Security Building Blocks Harden the device
— Hypervisor— TrustZone— Secure boot, attestation, anti-tamper— Leverage hardware security features (TPM/TEE, Secure device ID,
crypto acceleration) Protect the data
— Data encryption, key and password obfuscation Secure the communication path
— Security protocols— Mutual authentication— Firewall
Enable visibility and management— Management system integration (policy management, event
reporting)— Secure firmware updates, key management
![Page 13: IoT – It’s All About Security](https://reader031.vdocuments.us/reader031/viewer/2022020707/61feb6c70c55f426d6492525/html5/thumbnails/13.jpg)
13 mentor.com/embedded13
Security Building Blocks: Virtualization
Embedded hypervisors— High performance, e.g. runtime and boot
time— Strong isolation— Highly robust
Hypervisor Security— Strong isolation and containment of guests— Secure critical information and software — Based on hardware such as ARM TrustZone
Consolidation and Widespread use of open source software
— Embedded Linux gaining widespread adoption
— System robustness allowed by separation— IP protection provided through system
partitioning
Mem Dev
App
RTOS
Mem Dev
App
BME
vCPU vCPU
MemoryDevices
CPU
Hypervisor
Mem vDev
Apps
Linux
vCPU vCPU
CPU
![Page 14: IoT – It’s All About Security](https://reader031.vdocuments.us/reader031/viewer/2022020707/61feb6c70c55f426d6492525/html5/thumbnails/14.jpg)
14 mentor.com/embedded14
Additional Virtualization Benefits Security and Robustness
— Isolation of critical software from the rest of the code and reducing the burden of testing and re-certification
Licensing and IP Separation— Partitioning of the software with incompatible licensing terms and
protecting of proprietary IP from open source licensing terms Software Reuse
— Upgrade path from an RTOS based device to the one that incorporate Linux, allowing to leverage Linux software ecosystem while preserving legacy investment
Real Time Performance— Devices that take advantage of Linux ecosystem and wealth of
existing functionality could benefit from real time responsiveness of BM guest
Fast Startup— Starting VMs in a particular order would help with staged boot
process
![Page 15: IoT – It’s All About Security](https://reader031.vdocuments.us/reader031/viewer/2022020707/61feb6c70c55f426d6492525/html5/thumbnails/15.jpg)
15 mentor.com/embedded15
Securing Embedded Device Data Data at rest: device is off, how the data is protected?
— Anti-tampering, encrypted files and databases, trusted boot
Data in use: while generated or being processed is it secured?
— Obfuscation, chain of trust, attestation, ADRING, TrustZone, MMU based protection methods, user privileges and secure file systems
Data in transit: leaving the device, is it being hijacked?— Encryption, tunneling protocols, VPN, SSL, IKE/IPSEC, denial of
service, firewall
![Page 16: IoT – It’s All About Security](https://reader031.vdocuments.us/reader031/viewer/2022020707/61feb6c70c55f426d6492525/html5/thumbnails/16.jpg)
16 mentor.com/embedded16
When to address device security?Securing IoT device is not just a matter of selecting the right processor and software, one has to be concerned with many aspects of device lifecycle!
Data needs to be protected at rest, use and transit at all phases!
Cryptography ≠ Security!
Design
Production
DeploymentOperation & Maintenance
Destruction or disposal Vulnerability
Landscape
![Page 17: IoT – It’s All About Security](https://reader031.vdocuments.us/reader031/viewer/2022020707/61feb6c70c55f426d6492525/html5/thumbnails/17.jpg)
17 mentor.com/embedded17
![Page 18: IoT – It’s All About Security](https://reader031.vdocuments.us/reader031/viewer/2022020707/61feb6c70c55f426d6492525/html5/thumbnails/18.jpg)
mentor.com/embedded
Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions.Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
Colin [email protected]
http://blogs.mentor.com/colinwalls
Thank you