What’s The Right
Security for IoT?
IIC (Industrial Internet Consortium)
Public Forum
Yoshiaki Ujino
June 3, 2016
Agenda
1
Infineon introduction
2
Introduction to IoT
3
Risk Analysis
4
Countermeasures
5
Into the Future
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
2
Agenda
1
Infineon introduction
2
Introduction to IoT
3
Risk Analysis
4
Countermeasures
5
Into the Future
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
3
Infineon application portfolio
Automotive
(ATV)
Power Management &
Multimarket (PMM)
2016-06-03
Industrial Power
Control (IPC)
Chip Card & Security
(CCS)
Copyright © Infineon Technologies AG 2016. All rights reserved.
4
Infineon enables security in the
connected world
Courtesy: AUDI
Applications
Internet of Things (incl. Industry 4.0), mobile security,
embedded security, trusted computing, machine to
machine, (mobile) payment, SIM applications, transport
ticketing, government identification, NFC
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
5
Infineon offers security solutions for
smart cards and emerging use cases
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
6
Infineon’s active Role
in the Standardization Arena
Promoter of Trusted
Computing Group
Member of Industrial
Internet CONSORTIUM
Focus on approvals
for all relevant NFC
products
Contributing all
Active contribution
to ETSI standards
2016-06-03
Security Founding Member
relevant activities
Principal Member of
NFC Forum
Serving solutions
including OS
Co-Founder and active
contribution of Open Standard
for Public Transport
Copyright © Infineon Technologies AG 2016. All rights reserved.
7
Agenda
1
Infineon introduction
2
Introduction to IoT
3
Risk Analysis
4
Countermeasures
5
Into the Future
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
8
The increasing connectivity will influence the
life we know in manifold ways.
IoT growth until 2020
Source: Mario Morales, IDC
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
9
IoT is moving from a centralized structure to a
complex network of decentralized smart devices
Definition
“A world where physical
objects are seamlessly
integrated into the
information network.”
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
10
Internet of Things (IoT) Drives
Increased Profits
Smart Home
Automotive
Industrial
1
New capabilities and services
2
Greater efficiency
3
Increased flexibility and customization
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
ICT
11
IoT Trend Affects All Markets
Smart
Vehicles
Smart Cars
Smart Cities &
Energy
Smart Industry &
Business
Energy
Commercial,
Agriculture &
Construction Vehicles
Building Automation
Low speed vehicles
Professional Lighting
Smart Home &
Consumer Devices
Factory Automation
Smart Home
Medical Equipment
Smartphones,
Tablets & PCs
Other Business
Consumer
Electronics &
Wearables
incl. Trucks & Busses
Other Transport
Infrastructure
Smart ICT
Communication Networks
2016-06-03
Data Center / Server Farms
Copyright © Infineon Technologies AG 2016. All rights reserved.
12
Industrial manufacturing will go through
disruptive changes: 4th industrial (r)evolution
85%
of responding companies will have implemented 4.0
in their key areas by 2020
Source: Strategy& and PWC
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
13
Smart factories will only be built if
implementation is reliable and cost-effective.
Security need for Industry 4.0
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
14
Japan, Germany
team on Internet of Things standards
April 13, 2016 6:30 am JST
Japan, Germany team on Internet of Things standards
TOKYO -- Japan and Germany will join hands in creating international standards for Internet of
Things technology, Prime Minister Shinzo Abe said Tuesday.
Japan will "work toward establishing international standards together with Germany, a
country that also has a strong manufacturing industry," Abe said in a public-private forum on
investment. By 2020, Japan aims to have advanced systems at 50 locations that let companies
and factories share data collected through sensors, he said.
Tokyo and Berlin are to sign a memorandum of understanding for cooperation in the Internet
of Things as early as this month. In Japan, individual businesses have been separately
developing technologies for Internet-connected products. By cooperating with Germany, which
leads in the field, Japan hopes to play a major role in developing international IoT standards.
Germany and Japan can cooperate in many areas, since both have manufacturing sectors
that contribute more than 20% to their gross domestic product, said Henning Banthien,
secretary general of the Plattform Industrie 4.0, a German Internet of Things promotion
organization.
Abe also revealed plans to create a panel on artificial intelligence, with the goal of devising a
road map for development and commercialization of AI by the end of fiscal 2016.
(Nikkei)
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
15
IoT Has Many Layers
IoT Architecture
Gather data
Analyze
Send commands
Reliably convey
data and
commands
Send and receive
data and
commands
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
16
Agenda
1
Infineon introduction
2
Introduction to IoT
3
Risk Analysis
4
Countermeasures
5
Into the Future
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
17
IoT Attacks Growing
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
18
Each Layer can be Attacked
Security threats for IoT
Bad Server
An Eavesdropper
listening in on data or
commands can reveal
confidential information
about the operation of
the infrastructure.
Bad Device
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
A Bad Server sending
incorrect commands can
be used to trigger
unplanned events, to
send some physical
resource (water, oil,
electricity, etc.) to an
unplanned destination,
and so forth.
A Bad Device injecting
fake measurements can
disrupt the control
processes and cause
them to react
inappropriately or
dangerously, or can be
used to mask physical
attacks.*
19
Protecting Our Values with IoT Security
›
›
›
Provide safety and privacy
Maximize uptime
Protect revenue stream
›
›
Enable and create business models
Differentiate from competition
›
›
Reduce costs
Increase quality and reliability
Reliability
Security
Safety
Privacy
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
20
Agenda
1
Infineon introduction
2
Introduction to IoT
3
Risk Analysis
4
Countermeasures
5
Into the Future
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
21
Development guideline for connected world
Policy
Risk
Analysis
Design for
Countermeasure
Information-technology
Promotion Agency(IPA)
“Development guideline for
Connected world”
March 2016
Design for
Lifecycle
Security
Management
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
22
IoT Defenses
Common Defenses
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
23
Bad-Better-Best: Options for IoT Security
Main CPU
Crypto functionality
Strong isolation
Security certified
Tamper resistant
Manufactured by
security certified processes
Resistant against IP Theft
2016-06-03
Software
Main CPU

Copyright © Infineon Technologies AG 2016. All rights reserved.
Software
Hardware






24
Scalable Trust Anchors for IoT
OPTIGA™
Trust
OPTIGA™
Trust E
Security Level
Design-in complexity
Feature set
Personalization
(loading of keys and certificates)
low
Authentication

low
OPTIGA™
Trust P
OPTIGA™
TPM
CC EAL 5+
CC EAL 4+
medium
medium
PKI-supported
Programmable TPM standard
Authentication



Security and Complexity
Note:

basic |
2016-06-03
 advanced
Copyright © Infineon Technologies AG 2016. All rights reserved.
25
IoT solution with Optiga Trust P
Macnica Mpression Adaptive Bee
https://store.macnica.co.jp/library/116873
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
26
Agenda
1
Infineon introduction
2
Introduction to IoT
3
Risk Analysis
4
Countermeasures
5
Into the Future
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
27
Likely Future Developments in IoT Security
› Additional functionality
– Expanded security features
– Expanded cryptographic algorithms
› Tighter integration with IoT systems
– Hardware Root of Trust standard in all IoT systems
– As today for IT and payment
› Growing external requirements for stronger security
– Regulations, insurance, etc.
› Continuing exploitation and damage
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
28
Summary
2016-06-03
IoT shows tremendous promise.

To protect our values, strong IoT
security is needed.

Scalable Hardware Trust Anchors
provide the Right Security for IoT.

Copyright © Infineon Technologies AG 2016. All rights reserved.
29
IoT / Industry 4.0 Security Forum
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
30
We make life easier, safer
and greener – with technology
that achieves more, consumes
less and is accessible to
everyone. Microelectronics
from Infineon is the
key to a better future.
Part of your life.
Part of tomorrow.
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
31
Contact Information
Infineon Technologies Japan K.K.
Yoshiaki Ujino
Manager
Regional Center Chipcard & Security Japan
Marketing Group
Infineon Technologies Japan K.K.
Gate City Osaki East Tower 21F
1-11-2 Osaki, Shinagawa-ku
Tokyo 141-0032, Japan
Tel +81,3,5745,7298(Dial In)
E-mail: yoshiaki.ujino@infineon.com
URL: http://www.infineon.com/jp
Thank You For Your Attention
2016-06-03
Copyright © Infineon Technologies AG 2016. All rights reserved.
32