The Right Security for IoT
July 21, 2015
Michael Armentrout
Regional Marketing / Business Development Manager
Infineon Technologies
Agenda
Business Drivers for IoT Security
INDUSTRIE 4.0
MOBILITY
Real-World Examples
LOGISTICS
GRIDS
INTELLIGENT
FACTORY
Finding the Right Solutions
BUILDINGS
Into the Future
DEVICES
2015-07-14
Copyright © Infineon Technologies AG 2015. All rights reserved.
Page 2
Agenda
Business Drivers for IoT Security
INDUSTRIE 4.0
MOBILITY
Real-World Examples
LOGISTICS
GRIDS
INTELLIGENT
FACTORY
Finding the Right Solutions
BUILDINGS
Into the Future
DEVICES
2015-07-14
Copyright © Infineon Technologies AG 2015. All rights reserved.
Page 3
Internet of Things Drives
Increased Profits
Smart Home
Connected Car
Industrial
1
New capabilities and services
2
Greater efficiency
3
Increased flexibility and customization
2015-07-14
Copyright © Infineon Technologies AG 2015. All rights reserved.
Critical
Infrastructure
Page 4
How can you benefit from the right security
in IoT?
Maximize uptime of services (e.g. production
line, smart home service)
Protect revenue stream
Enable and create business models
Differentiation from competition
Reduce costs
Increase quality and reliability
Data
Security
Information/ IP
Communication
2015-07-14
Copyright © Infineon Technologies AG 2015. All rights reserved.
Page 5
IoT impact on system architecture
Supervisor Level
1
Generation, analysis, and
usage of data
Control Level
2
Continuous communication
3
Automated adjustments
Field Level
2015-07-14
Copyright © Infineon Technologies AG 2015. All rights reserved.
Page 6
Security Threats for IoT
An Eavesdropper listening in on
data or commands can reveal
confidential information about the
operation of the infrastructure.
A Fake Device injecting fake
measurements can disrupt the
control processes and cause them
to react inappropriately or
dangerously, or can be used to
mask physical attacks.*
A Fake Server sending incorrect
commands can be used to trigger
unplanned events, to send some
physical resource (water, oil,
electricity, etc.) to an unplanned
destination, and so forth.
2015-07-14
Copyright © Infineon Technologies AG 2015. All rights reserved.
Page 7
Security protects your essential values
Get Data
Security Requirements
Passwords/Keys/ID’s
Anti-counterfeiting
Espionage
Sensitive information
Manipulate System
Physical access
IP protection and feature
activation
Secure SW updates
Infrastructure security
Sabotage
System control
2015-07-14
Process
know-how protection
Copyright © Infineon Technologies AG 2015. All rights reserved.
Page 8
Agenda
Business Drivers for IoT Security
INDUSTRIE 4.0
MOBILITY
Real-World Examples
LOGISTICS
GRIDS
INTELLIGENT
FACTORY
Finding the Right Solutions
BUILDINGS
Into the Future
DEVICES
2015-07-14
Copyright © Infineon Technologies AG 2015. All rights reserved.
Page 9
Security Breach Examples
2015-07-14
Copyright © Infineon Technologies AG 2015. All rights reserved.
Page 10
Heartbleed bug in OpenSSL had strong
visible and hidden impacts on industry
Damage
Time
Cost
Reputation
2015-07-14
Copyright © Infineon Technologies AG 2015. All rights reserved.
Page 11
Agenda
Business Drivers for IoT Security
INDUSTRIE 4.0
MOBILITY
Real-World Examples
LOGISTICS
GRIDS
INTELLIGENT
FACTORY
Finding the Right Solutions
BUILDINGS
Into the Future
DEVICES
2015-07-14
Copyright © Infineon Technologies AG 2015. All rights reserved.
Page 12
Trust Anchors are essential for system
security
Key integrity
is essential for
system security
Trust Anchors
Key store
Crypto operation
Key management
1
Compromised keys
= no Security
2
Cloning of key leaves
no traces
3
2015-07-14
Key handling must be
secured through the
whole lifecycle
including
manufacturing
Copyright © Infineon Technologies AG 2015. All rights reserved.
Page 13
Bad security is result of bad processes and
weak technology
Root Causes
Process /
Organizational
Lack of security
processes
Quality of Security
Lack of structured
attack analysis
Lack of security
evaluation
Technology
Lack of strong
isolation of security
critical function
2015-07-14
Copyright © Infineon Technologies AG 2015. All rights reserved.
Page 14
Security processes determine security
quality
PROCESS
Threat and attack
scenario analysis
Security
objectives and
measurement
Security-certified
production
Secured
personalization
Operation &
Maintenance
Security hardware &
software architecture
expertise
Security
Requirements &
Architecture
The
result
Detailed
Design
Secured design
and development
environments
2015-07-14
of
System
Verification
& Validation
processes
Large portfolio of
security controller
products
Integration,
Test &
Verification
Security Lab
for security
penetration
testing
Copyright © Infineon Technologies AG 2015. All rights reserved.
Page 15
...
Attack n
Use case
...
Use case
2015-07-14
Security Evaluation
Attack 2
Test
QUALITY
Specified Security Measures
Attack 1
In Specified
Operating Modes
Out of Spec operating Modes
Security evaluation addresses attacks
with a structured methodology
Security Documents
1. Defined attack scenario
2. Defined
countermeasures
3. Evaluation report by
independent 3rd party
Test coverage for
specified operation
Copyright © Infineon Technologies AG 2015. All rights reserved.
Page 16
The challenge of complex systems
evaluation
evaluation
effort/time
QUALITY
Out of
Spec
Evaluation/
Certification
Out of
Spec
In Spec
Testing
In Spec
complexity
Security
Economically
Controllerfeasable
2015-07-14
Economically
Copyright © Infineon Technologies AG 2015. All rights reserved.
System
on a chip
infeasable
(SOC)
Page 17
Comparing Hardware & Software-based
Trust Anchors
Main
MCU
TECHNOLOGY
Crypto functionality
SW
Strong isolation
Security certified
Tamper proof
Manufactured using
security certified processes
Personalized using
security certified processes
2015-07-14
Copyright © Infineon Technologies AG 2015. All rights reserved.
Main
MCU
SE
Page 18
IoT embedded systems require
scalable solutions and great variety of devices
Performance / Footprint
~ 3 Ghz CPU
~ x GByte
~ 400 Mhz
~ 1 GByte
~ Mhz MCU
~ 50 kByte
2015-07-14
Copyright © Infineon Technologies AG 2015. All rights reserved.
Security needs
to scale with
system foot print
and abilities
Page 19
Scalable Trust Anchors for Manufacturing
OPTIGA™
Trust
OPTIGA™
Trust E
OPTIGA™
Trust P
OPTIGA™
TPM
Security Level
+
+++
CC EAL 5+
CC EAL 4+
Design in complexity
low
low
medium
medium
Feature set
Personalization
(loading of keys and certificates)
Authentication
PKI-supported
Programmable TPM standard
Authentication
System complexity
2015-07-14
Copyright © Infineon Technologies AG 2015. All rights reserved.
Page 20
Agenda
Business Drivers for IoT Security
INDUSTRIE 4.0
MOBILITY
Real-World Examples
LOGISTICS
GRIDS
INTELLIGENT
FACTORY
Finding the Right Solutions
BUILDINGS
Into the Future
DEVICES
2015-07-14
Copyright © Infineon Technologies AG 2015. All rights reserved.
Page 21
Likely Future Developments
Additional functionality
Expanded security features
Expanded cryptographic algorithms
Tighter integration with IoT systems
Hardware Root of Trust standard
― As it is today for IT equipment
Growing requirements for stronger security
Regulations, insurance, etc.
Continuing exploitation and damage
2015-07-14
Copyright © Infineon Technologies AG 2015. All rights reserved.
Page 22
Summary
2015-07-14
IoT requires solid security.
Security is a result of solid
processes, quality, and technology.
Scalable Hardware Trust Anchors
provide the right security for IoT in
manufacturing.
Copyright © Infineon Technologies AG 2015. All rights reserved.
Page 23
IoT Smart Home Demo at Infineon Booth
Smart Home
Showcasing
Use cases shown
Authentication
License Management
System Integrity
Secure Communication
Boot process protection
Products shown
OPTIGA™ Trust
OPTIGA™ Trust E
OPTIGA™ Trust P
OPTIGA™ TPM
2015-07-14
Copyright © Infineon Technologies AG 2015. All rights reserved.
Page 24