What's The Right Security for IoT?
Transcript of What's The Right Security for IoT?
What’s The Right Security for IoT? IIC (Industrial Internet Consortium) Public Forum Yoshiaki Ujino June 3, 2016
Agenda
Infineon introduction
Introduction to IoT
Risk Analysis
Countermeasures
Into the Future
1
2
3
4
5
2 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Agenda
Infineon introduction
Introduction to IoT
Risk Analysis
Countermeasures
Into the Future
1
2
3
4
5
3 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Infineon application portfolio
Industrial Power Control (IPC)
Power Management & Multimarket (PMM)
Chip Card & Security (CCS)
Automotive (ATV)
4 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Infineon enables security in the connected world
Courtesy: AUDI
Applications
Internet of Things (incl. Industry 4.0), mobile security, embedded security, trusted computing, machine to machine, (mobile) payment, SIM applications, transport ticketing, government identification, NFC
5 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Infineon offers security solutions for smart cards and emerging use cases
6 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Infineon’s active Role in the Standardization Arena
Member of Industrial Internet CONSORTIUM
Active contribution to ETSI standards
Contributing all
relevant activities
Serving solutions including OS
Focus on approvals for all relevant NFC products
Principal Member of NFC Forum
Co-Founder and active contribution of Open Standard for Public Transport
Security Founding Member Promoter of Trusted Computing Group
7 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Agenda
Infineon introduction
Introduction to IoT
Risk Analysis
Countermeasures
Into the Future
1
2
3
4
5
8 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
The increasing connectivity will influence the life we know in manifold ways.
IoT growth until 2020
Source: Mario Morales, IDC
9 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Definition
IoT is moving from a centralized structure to a complex network of decentralized smart devices
“A world where physical objects are seamlessly integrated into the information network.”
10 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Internet of Things (IoT) Drives Increased Profits
Smart Home Automotive Industrial ICT
Greater efficiency 2
Increased flexibility and customization 3
New capabilities and services 1
11 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
IoT Trend Affects All Markets
Factory Automation
Smart Vehicles
Smart Cars
Commercial, Agriculture & Construction Vehicles incl. Trucks & Busses
Low speed vehicles
Smart Cities & Energy
Smart Industry & Business
Smartphones, Tablets & PCs
Consumer Electronics & Wearables
Smart Home
Smart Home & Consumer Devices
Other Business
Other Transport
Energy
Building Automation
Professional Lighting
Infrastructure
Data Center / Server Farms Communication Networks
Smart ICT
Medical Equipment
12 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Industrial manufacturing will go through disruptive changes: 4th industrial (r)evolution
85% of responding companies will have implemented 4.0
in their key areas by 2020 Source: Strategy& and PWC
13 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Security need for Industry 4.0
Smart factories will only be built if implementation is reliable and cost-effective.
14 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Japan, Germany team on Internet of Things standards
April 13, 2016 6:30 am JST
Japan, Germany team on Internet of Things standards
TOKYO -- Japan and Germany will join hands in creating international standards for Internet of
Things technology, Prime Minister Shinzo Abe said Tuesday.
Japan will "work toward establishing international standards together with Germany, a
country that also has a strong manufacturing industry," Abe said in a public-private forum on
investment. By 2020, Japan aims to have advanced systems at 50 locations that let companies
and factories share data collected through sensors, he said.
Tokyo and Berlin are to sign a memorandum of understanding for cooperation in the Internet
of Things as early as this month. In Japan, individual businesses have been separately
developing technologies for Internet-connected products. By cooperating with Germany, which
leads in the field, Japan hopes to play a major role in developing international IoT standards.
Germany and Japan can cooperate in many areas, since both have manufacturing sectors
that contribute more than 20% to their gross domestic product, said Henning Banthien,
secretary general of the Plattform Industrie 4.0, a German Internet of Things promotion
organization.
Abe also revealed plans to create a panel on artificial intelligence, with the goal of devising a
road map for development and commercialization of AI by the end of fiscal 2016.
(Nikkei)
15 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
IoT Architecture
IoT Has Many Layers
Gather data Analyze
Send commands
Reliably convey data and
commands
Send and receive data and
commands
16 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Agenda
Infineon introduction
Introduction to IoT
Risk Analysis
Countermeasures
Into the Future
1
2
3
4
5
17 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
IoT Attacks Growing
18 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Security threats for IoT
Each Layer can be Attacked
An Eavesdropper
listening in on data or
commands can reveal
confidential information
about the operation of
the infrastructure. A Bad Device injecting
fake measurements can
disrupt the control
processes and cause
them to react
inappropriately or
dangerously, or can be
used to mask physical
attacks.*
A Bad Server sending
incorrect commands can
be used to trigger
unplanned events, to
send some physical
resource (water, oil,
electricity, etc.) to an
unplanned destination,
and so forth.
Bad Server
Bad Device
19 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Protecting Our Values with IoT Security
› Provide safety and privacy › Maximize uptime › Protect revenue stream
› Enable and create business models › Differentiate from competition
Security
Privacy
Safety Reliability
› Reduce costs › Increase quality and reliability
20 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Agenda
Infineon introduction
Introduction to IoT
Risk Analysis
Countermeasures
Into the Future
1
2
3
4
5
21 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Development guideline for connected world
Information-technology
Promotion Agency(IPA)
“Development guideline for
Connected world”
March 2016
Policy
Risk
Analysis
Design for
Countermeasure
Design for
Lifecycle
Security
Management
22 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Common Defenses
IoT Defenses
23 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Bad-Better-Best: Options for IoT Security
Main CPU Software Main CPU Hardware Software
Manufactured by security certified processes
Security certified
Tamper resistant
Strong isolation
Resistant against IP Theft
Crypto functionality
-
-
-
-
- 24 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Scalable Trust Anchors for IoT
OPTIGA™ Trust
Design-in complexity
Feature set
Security Level
Personalization (loading of keys and certificates)
OPTIGA™ TPM
CC EAL 4+
low medium
Authentication TPM standard
OPTIGA™ Trust P
CC EAL 5+
medium
Programmable
OPTIGA™ Trust E
low
PKI-supported
Authentication
Security and Complexity
Note: basic | advanced
25 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
IoT solution with Optiga Trust P Macnica Mpression Adaptive Bee
https://store.macnica.co.jp/library/116873
26 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Agenda
Infineon introduction
Introduction to IoT
Risk Analysis
Countermeasures
Into the Future
1
2
3
4
5
27 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Likely Future Developments in IoT Security
– Expanded security features
– Expanded cryptographic algorithms
– Hardware Root of Trust standard in all IoT systems
– As today for IT and payment
– Regulations, insurance, etc.
› Continuing exploitation and damage
› Additional functionality
› Tighter integration with IoT systems
› Growing external requirements for stronger security
28 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Summary
To protect our values, strong IoT security is needed.
Scalable Hardware Trust Anchors provide the Right Security for IoT.
IoT shows tremendous promise.
29 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
IoT / Industry 4.0 Security Forum
30 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Part of your life.
Part of tomorrow.
We make life easier, safer and greener – with technology that achieves more, consumes
less and is accessible to everyone. Microelectronics
from Infineon is the key to a better future.
31 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.
Contact Information
Thank You For Your Attention
Infineon Technologies Japan K.K. Yoshiaki Ujino Manager Regional Center Chipcard & Security Japan Marketing Group Infineon Technologies Japan K.K.
Gate City Osaki East Tower 21F 1-11-2 Osaki, Shinagawa-ku Tokyo 141-0032, Japan Tel +81,3,5745,7298(Dial In) E-mail: [email protected] URL: http://www.infineon.com/jp
32 2016-06-03 Copyright © Infineon Technologies AG 2016. All rights reserved.