iot summit - building flexible & secure iot solutions
TRANSCRIPT
Building flexible and secure IoT solutions
IoT summitDecember 2016
Nicolas Bacca @btchip
A trust layer between the blockchain and the physical world
For industrials, enterprises and consumers
Securing the first and last mile
LEDGER TECHNOLOGY
Without trust, data has no actionable value
node
node
node
node
nodeCloud servers
User on a PC or a smartphone Industrial
sensor / IoT
node
node node
Connected object
Blockchain/ITtrusted zone
Physical worldabsence of trust
Is this really you?
Am I allowed to execute this transaction?
Critical temperature data
Did the driver got switched?
Security issues : development and deployment
Trust and low cost production chain are conflicting issues
How to provision secrets
How to verify that a device is genuine
Security issues : runtime
Protect against invalid data fed to the solution (bug or fraud, Dieselgate)
Protect against software hacks and exploits
Protect against physical attacks
Security issues : firmware upgrades
How to deploy the firmware
How to verify the firmware integrity
How to avoid compromising a whole batch (see http://iotworm.eyalro.net/)
The ubiquitous Safe
Best technical solution for at scale (CHEAP) secure deployment
Best technical solution against physical attacks (theft, evil maid)
A configurable Safe
Lot of resources invested in secure remote management
Great portability of Java Card, at least on paper
Sweet spot yet to be found
More security
More flexiblity
Generic MCU MPU Crypto
accel. Enclaves
16 bits smartcard
ARM SecureCore
Additional I/Os
In the meantime
Build a flexible platform to accommodate different design choices
Build on top of the smartcard security & ecosystem whenever (cost) possible
Create Plug and Play security upgrades for existing projects
Default IoT object architecture
Software, hardware vulnerabilities
Trust the environment
MCUSensors
More secure IoT object architecture
Software, (less) hardware vulnerabilities
Can be leveraged as an oracle
MCU (master)Sensors
Security chip (slave)
Stateless security operations
Ledger BOLOS architecture
Security built in on the most secure component
MCU (slave)Sensors
Security chip (master)
Stateless I/O requests
Tamper evident logic(shield, MEMS)
Tamper notification
Ledger first Hardware Oracle
Cryptographically attestable anti-tampering sensors
■ Secure chip ST31G480 (CC EAL6+)■ Sensor■ 3 axis anti-tampering MEMS■ USB interface for blockchain computer
Ledger platform architecture
Trusted / Secure component (Secure Element or enclave) with limited I/O options
Non trusted component with more I/O options
Screen
Direct control from the Trusted component, proxied
Pairing at boot time
User app 1
User app 2
Button
Sensor
USB
Native ARM implementation
Native application 1
Native application 2
Native application 3
MicrokernelSecretdata
MMU lock
User modeSupervisor mode
System call
UI application
BOLOS platform APIs summary
Remote Applications (or scriptlets) Management
Sound cryptographic APIs (acceleration / power analysis / side channel resistance)
Auditable (Open Source SDK, non secure kernel)
Portability (Secure Element, Enclave, Enclave OS app, MCU)
Comparison of different BOLOS implementations
Security Cost Efficient Flexibility
Secure Element ++ - ++
Enclave + + +
Enclave OS app + - -
MCU - ++ +
Getting started with development
IoT development board to be announced
Nano-S resources : compiler and SDK - https://github.com/ledgerhq/ledger-nano-s
Sample applications : https://github.com/LedgerHQ/blue-sample-apps
Documentation in progress : http://ledger.readthedocs.io/
Developer Slack : http://slack.ledger.co
Documentation is getting put together, so don’t hesitate to ask on Slack
Thank you @btchip