Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
IEEE-SA Internet of Things- Security & Standards
Srikanth Chandrasekaran
IEEE Standards Association
MOBILE WORLD CONGRESS, SHANGHAI
JUNE 2018
What does the IEEE Standards Association (IEEE-SA) do?
Vision: To be a world-class standards-development organization
Mission: To provide a high-quality, market-relevant standardization environment, respected worldwide
1200+ACTIVE
STANDARDS650+
STANDARDS UNDER DEVELOPMENT
IEEE standards span a broad spectrum of technologies, such as
Aerospace Electronics Broadband Over Power Lines Broadcast Technology Clean Technology Cognitive Radio Design Automation
Electromagnetic Compatibility Green Technology Ethernet/WLAN Medical Device Communications Nanotechnology Organic Components
Portable Battery Technology Power Electronics Power & Energy Radiation/Nuclear Reliability Transportation Technology
IEEE-SA Programs: Pre-Standards, Standards, Conformity Assessment
3
SharedConcerns
Healthcare
Home & Building
Retail
Energy
Manufactur-ing
Mobility/Transpor-
tation
Logistics
Media
Where does the input come from?*
4
Utilities
Hospitals & Doctors
ICT infrastructure providers
Public transport companies
City authorities
Automation equipment providers
Application developers
Consumer equipment providers
Appliances providers
Manufacturing industries
Logistics companies
Regulators
Consumers
Facility management
Insurance companies
*due to the diversity of IoT application areas only selected domains and stakeholders are shown
Retail stores
SECURITY – FROM HARDWARE IOT PERSPECTIVE
5
58%
42% SecurityFeatures
NotSecurityFeatures
Soon, the Internet of Things Will Expand the Security Need to Almost Everything We Do
*Rod Beckstrom, CEO and President of ICANN, former Director of the National Cyber Security Center
Source: “Secure Connections for Smart Cars,” Kurt Sievers NXP March2014
6
Malicious Logic & Embedded SoftwareInside Chip (Trojan Detection)
Dynamic Detection Insertion of logic to analyze runtime activity
Counterfeit Chips(Supply-Chain Security)
Over-produced, re-marked, cloned, recycled or otherwise unauthorized ICs
Motivated by Profit
Levels of Security Concerns - Impact of Software!
‘Side-Channel’ Attacks(On-Chip Countermeasures)
Simulation of attacks to identify weaknesses
Use of hardened IP or altered design to resist attack
7
VERIFICATIONEMERGING NEW ROLE
Verifying that a chip does nothing
it is NOT supposed to do
Complexity of Security Verification!
TRADITIONAL ROLEVerifying that a chip
does what it is SUPPOSED to do
8
SECURITY – NEED FOR VERTICAL & HORIZONTAL STANDARDS!
9
Sensor & Wireless Technologies: “Always Connected” World
Security in Healthcare & Wearables
10
ISO/IEEE 11073 series Health Informatics - Medical / Health Device Communication Standards
IEEE 2410-2015 - IEEE Standard for Biometric Open Protocol
IEEE 11073 PHD Cybersecurity (Pre-Standards Activity)
11
Security in Smart Grids
Find more smart grid standards and projects at http://smartgrid.ieee.org/standards
IEEE 1686 Standard for Substation IED Cybersecurity Capabilities
IEEE C37.240 Standard for Cyber Security Requirements for Substation Automation, Protection and Control Systems
IEEE 1711 Cryptographic Protocol for Cyber Security of Substation Serial Links
IEEE P1711.2 Standard for Secure SCADA Communications Protocol (SSCP_
IEEE 1402 Standard for Physical Security of Electric Power Substations
IEEE 2658 Guide for Cybersecurity Testing in Electric Power Systems
Blockchain, an IoT Security Protocol
12
Build trust, accelerate transactions, maintain regulatory compliance. Track billions of devices
Enable process of transactions and coordination between devices
Decentralization eliminates single points of failure
Cryptographic algorithms would make patient data more private
The ledger is tamper-proof and cannot be altered by hackers as it does not exist in any one location
Maintain a duly decentralized, trusted ledger of all transactions occurring in a network. This capability is essential to enable the many compliance and regulatory requirements
IEEE P2418.1 Standard for the Framework of Blockchain Use in IoT
IEEE P2418.3 Standard for the Framework of Distributed Ledger Technology (DLT) Use in Agriculture
IEEE P2418.4 Standard for the Framework of Distributed Ledger Technology (DLT) Use in Connected and Autonomous Vehicles
Digital Citizen, Internet of Things
13
Mobile Communication Device
Wearable ElectronicsMedical Devices
Ubiquitous Connectivity
Privacy and Security of Wearables– IEEE P2721 Standard for Wireless Health Device Security Assurance
• Security assurance mandatory and optional requirements for wireless healthcare devices balancing needs for security and clinical application.
• Assurance and certification against requirements • http://standards.ieee.org/develop/project/2721.html
– IEEE P7002 Data Privacy Process• requirements for a systems/software engineering process for privacy oriented considerations
regarding products, services, and systems utilizing employee, customer or other external user's personal data.
• http://standards.ieee.org/develop/project/7002.html– IEEE P2413 Standard for an Architectural Framework for the Internet of Things (IoT)
• Includes “quadruple trust” (protection, security, privacy, and safety) as a key component of IoT.• http://standards.ieee.org/develop/project/2413.html
– IEEE P2418 Standard for the Framework of Blockchain Use in Internet of Things (IoT)• scalability, security and privacy challenges with regard to blockchain in IoT e.g. tokens, smart
contracts, transactions.• http://standards.ieee.org/develop/project/2418.html
– IC17-013 11073 PHD Cybersecurity• build common ground about cybersecurity in the Personal Health Device community and create an
"information security toolbox“• http://standards.ieee.org/about/sasb/iccom/IC17-013-01_PHD_Cybersecurity.pdf
14
Driving Horizontal Security Frameworks– IEEE P802E
• Recommended Practice for Privacy Considerations for IEEE 802 Technologies– IEEE 1451
• Standard for a Smart Transducer Interface for Sensors, Actuators, Devices, and Systems - Common Functions, Communication Protocols, and Transducer Electronic Data Sheet (TEDS) Formats
– IEEE P2413: Architectural Framework for IoT• Working group focusing on ”Quadruple Trust: Identity, Privacy, Security and Safety”
– IEEE P1619• Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices
– IEEE P1912• Standard for Privacy and Security Architecture for Consumer Wireless Devices
– IEEE P2025.2• Standard for Consumer Drones: Privacy and Security
15
Close Engagement with Industry
16
In both Individual and Corporate Programs
Influence technology development Incubate new technologies,
standards and related services in a rapidly changing environment
Shape the direction of technology and its market place applications
Drive the development of corporate standards Gain advanced knowledge by
engaging in corporate standards projects
Network with global thought leaders Participate in an engaging environment of technical experts
Thank You!
17