IEEE-SA Internet of Things- Security & Standards

Srikanth Chandrasekaran

IEEE Standards Association

MOBILE WORLD CONGRESS, SHANGHAI

JUNE 2018

What does the IEEE Standards Association (IEEE-SA) do?

Vision: To be a world-class standards-development organization

Mission: To provide a high-quality, market-relevant standardization environment, respected worldwide

1200+ACTIVE

STANDARDS650+

STANDARDS UNDER DEVELOPMENT

IEEE standards span a broad spectrum of technologies, such as

Aerospace Electronics Broadband Over Power Lines Broadcast Technology Clean Technology Cognitive Radio Design Automation

Electromagnetic Compatibility Green Technology Ethernet/WLAN Medical Device Communications Nanotechnology Organic Components

Portable Battery Technology Power Electronics Power & Energy Radiation/Nuclear Reliability Transportation Technology

IEEE-SA Programs: Pre-Standards, Standards, Conformity Assessment

3

SharedConcerns

Healthcare

Home & Building

Retail

Energy

Manufactur-ing

Mobility/Transpor-

tation

Logistics

Media

Where does the input come from?*

4

Utilities

Hospitals & Doctors

ICT infrastructure providers

Public transport companies

City authorities

Automation equipment providers

Application developers

Consumer equipment providers

Appliances providers

Manufacturing industries

Logistics companies

Regulators

Consumers

Facility management

Insurance companies

*due to the diversity of IoT application areas only selected domains and stakeholders are shown

Retail stores

SECURITY – FROM HARDWARE IOT PERSPECTIVE

5

58%

42% SecurityFeatures

NotSecurityFeatures

Soon, the Internet of Things Will Expand the Security Need to Almost Everything We Do

*Rod Beckstrom, CEO and President of ICANN, former Director of the National Cyber Security Center

Source: “Secure Connections for Smart Cars,” Kurt Sievers NXP March2014

6

Malicious Logic & Embedded SoftwareInside Chip (Trojan Detection)

Dynamic Detection Insertion of logic to analyze runtime activity

Counterfeit Chips(Supply-Chain Security)

Over-produced, re-marked, cloned, recycled or otherwise unauthorized ICs

Motivated by Profit

Levels of Security Concerns - Impact of Software!

‘Side-Channel’ Attacks(On-Chip Countermeasures)

Simulation of attacks to identify weaknesses

Use of hardened IP or altered design to resist attack

7

VERIFICATIONEMERGING NEW ROLE

Verifying that a chip does nothing

it is NOT supposed to do

Complexity of Security Verification!

TRADITIONAL ROLEVerifying that a chip

does what it is SUPPOSED to do

8

SECURITY – NEED FOR VERTICAL & HORIZONTAL STANDARDS!

9

Sensor & Wireless Technologies: “Always Connected” World

Security in Healthcare & Wearables

10

ISO/IEEE 11073 series Health Informatics - Medical / Health Device Communication Standards

IEEE 2410-2015 - IEEE Standard for Biometric Open Protocol

IEEE 11073 PHD Cybersecurity (Pre-Standards Activity)

11

Security in Smart Grids

Find more smart grid standards and projects at http://smartgrid.ieee.org/standards

IEEE 1686 Standard for Substation IED Cybersecurity Capabilities

IEEE C37.240 Standard for Cyber Security Requirements for Substation Automation, Protection and Control Systems

IEEE 1711 Cryptographic Protocol for Cyber Security of Substation Serial Links

IEEE P1711.2 Standard for Secure SCADA Communications Protocol (SSCP_

IEEE 1402 Standard for Physical Security of Electric Power Substations

IEEE 2658 Guide for Cybersecurity Testing in Electric Power Systems

Blockchain, an IoT Security Protocol

12

Build trust, accelerate transactions, maintain regulatory compliance. Track billions of devices

Enable process of transactions and coordination between devices

Decentralization eliminates single points of failure

Cryptographic algorithms would make patient data more private

The ledger is tamper-proof and cannot be altered by hackers as it does not exist in any one location

Maintain a duly decentralized, trusted ledger of all transactions occurring in a network. This capability is essential to enable the many compliance and regulatory requirements

IEEE P2418.1 Standard for the Framework of Blockchain Use in IoT

IEEE P2418.3 Standard for the Framework of Distributed Ledger Technology (DLT) Use in Agriculture

IEEE P2418.4 Standard for the Framework of Distributed Ledger Technology (DLT) Use in Connected and Autonomous Vehicles

Digital Citizen, Internet of Things

13

Mobile Communication Device

Wearable ElectronicsMedical Devices

Ubiquitous Connectivity

Privacy and Security of Wearables– IEEE P2721 Standard for Wireless Health Device Security Assurance

• Security assurance mandatory and optional requirements for wireless healthcare devices balancing needs for security and clinical application.

• Assurance and certification against requirements • http://standards.ieee.org/develop/project/2721.html

– IEEE P7002 Data Privacy Process• requirements for a systems/software engineering process for privacy oriented considerations

regarding products, services, and systems utilizing employee, customer or other external user's personal data.

• http://standards.ieee.org/develop/project/7002.html– IEEE P2413 Standard for an Architectural Framework for the Internet of Things (IoT)

• Includes “quadruple trust” (protection, security, privacy, and safety) as a key component of IoT.• http://standards.ieee.org/develop/project/2413.html

– IEEE P2418 Standard for the Framework of Blockchain Use in Internet of Things (IoT)• scalability, security and privacy challenges with regard to blockchain in IoT e.g. tokens, smart

contracts, transactions.• http://standards.ieee.org/develop/project/2418.html

– IC17-013 11073 PHD Cybersecurity• build common ground about cybersecurity in the Personal Health Device community and create an

"information security toolbox“• http://standards.ieee.org/about/sasb/iccom/IC17-013-01_PHD_Cybersecurity.pdf

14

Driving Horizontal Security Frameworks– IEEE P802E

• Recommended Practice for Privacy Considerations for IEEE 802 Technologies– IEEE 1451

• Standard for a Smart Transducer Interface for Sensors, Actuators, Devices, and Systems - Common Functions, Communication Protocols, and Transducer Electronic Data Sheet (TEDS) Formats

– IEEE P2413: Architectural Framework for IoT• Working group focusing on ”Quadruple Trust: Identity, Privacy, Security and Safety”

– IEEE P1619• Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices

– IEEE P1912• Standard for Privacy and Security Architecture for Consumer Wireless Devices

– IEEE P2025.2• Standard for Consumer Drones: Privacy and Security

15

Close Engagement with Industry

16

In both Individual and Corporate Programs

Influence technology development Incubate new technologies,

standards and related services in a rapidly changing environment

Shape the direction of technology and its market place applications

Drive the development of corporate standards Gain advanced knowledge by

engaging in corporate standards projects

Network with global thought leaders Participate in an engaging environment of technical experts

Thank You!

17