thales esecurity iot overview · 6/14/2018 · iot overview kelvin cusack ... key...

www.thalesesecurity.comOPEN

Thales eSecurityIoT Overview

Kelvin Cusack – Senior Sales EngineerJune 2018

2This document may not be reproduced, modified, adapted, published,

translated, in any way, in whole or in part, or disclosed to a third party

without prior written consent of Thales - Thales © 2017 All rights reserved.

OPEN

Agenda

▌ Importance of trust

▌ Today’s IoT challenges

▌ Addressing key IoT security requirements

▌ Thales eSecurity focus areas




OPEN

IoT Fundamentals

Most digital transformation projects will rely on IoT initiatives as their backbone




OPEN

What if you can’t TRUST the data?

Today: Security/Trust is the top BARRIER to the IoT

Tomorrow: Security/Trust will ENABLE the IoT




OPEN

Edge devices are the IoT security game-changer

▌ Threats

Use of device as network entry point

Use of device as a bot

Altering function of the device

Remote control

Data capture

▌ Lack of security by design

Devices with default admin credentials

Devices with limited or no authentication support

Devices without means to update firmware

Abbott recall signals new erain medical device cybersecurity

July 2017




OPEN

Key security requirements for the IoT

▌ Establishing trust between distributed entities

Mutual authentication of devices, processes, and users

Validating integrity of remote systems

Secure configuration including software/firmware update

▌ Secure communications

Network and message level encryption - confidentiality

Message signing and validation – non-repudiation

▌ Protection of data

At rest and in use

Storage, file, database, and app-level encryption & tokenization

In many cases, your organization will use data from devices that it does not own/control!




OPEN

Device authentication is the starting point

▌ All access controls rely on credentials to validate

identities

▌ Securely created and injected cryptographic

credentials help

Create a root of trust

Enable ability to maintain

secure configuration

IoT Device TaxonomyAuthentication Methods

PKI/RSA

PKI/ECC

Lightweight/Symmetric

Password/None




OPEN

Solutions for device and data security

▌ Hardware root of trust/Public Key Infrastructure (PKI)

Protection of Root and Issuing Certificate Authorities

- Private key generation/protection and certificate signing

Creation and loading of device keys/certificates

- For manufacturers

Provisioning of keys/certificates for devices

- For customers putting IoT devices into operation

▌ Code signing

Signing of firmware updates/patches with HSM-protected signing keys ensures authenticity and integrity

▌ Encryption and key management

Protecting IoT “data at rest” at points of collection

Symmetric keys for on-board device data protection and comms

Use Cases

Key Products/Solutions

Encryption Key Management

Vormetric Transparent

Encryption




OPEN

Use case – root of trust for Polycom

▌ Problem

Prevent counterfeiting

Enable secure device authentication

▌ Solution

Embed keys and certificates at the time of

manufacture

nShield HSMs with CodeSafe working with

Microsoft PKI

Professional Services

▌ Similar customers include set-top-box

manufacturers




OPEN

Use case – code signing for Samsung ARTIK

▌ Problem

Need to securely sign code used in

manufacture of ARTIK product line

Includes Samsung and partner code

▌ Solution

nShield HSMs

- Supporting RSA and ECC algorithms

Professional Services

▌ Similar customers include Microsemi

THALES GROUP INTERNAL




OPEN

What about data protection?

▌ Wide range of data types

▌ Encryption is an important

technology

▌ Data protection

requirements vary across

use cases

▌ If you can’t read the data,

you can’t analyze it!




OPEN

Data protection use cases

▌ IoT data protection solutions must not impede data analysis and must work well in the cloud

▌ Scalability and transparency are critical requirements. Key advantages:

Live Data Transformation – zero downtime, transparent key rotation

Container security – isolate data access between containers

Orchestration – deploy & manage transparent encryption at scale

Cloud key management – compliance and best practices across multiple clouds

Key Products/Solutions




OPEN

A sampling of IoT partners




OPEN

Thales eSecurity IoT summary

▌ Importance of trust

If you can’t trust the data, there’s no point in collecting it, analyzing it, or making business decisions based on it

▌ Solutions focus areas:

Device authentication

Firmware integrity

Data confidentiality/privacy

▌ Industry involvement

Industrial Internet Consortium

EdgeX Foundry




OPEN

Thales eSecurity portfolio – focused only on security

thales esecurity iot overview · 6/14/2018 · iot overview kelvin cusack ... key...

Documents