IoT Security Simplified · Proven Platform, Partner Ecosystem, Recognized by Experts The UK’s Most Innovative Small Cyber Security Company IMPACT REPORT – ndMay 2 2017 Device

Confidential and Proprietary -- © 2017 Device Authority

Applied IoT Security for Healthcare and Industrial


The FUTURE of IoT…?


www.deviceauthority.com

Or the future of IoT?



• IoT can significantly increase the value of an organisation….

• The trick is not to significantly increase the risk to your brand’s integrity and reputation at the same time…..

• Safety Risk • Compliance Risk • Intellectual Property Risk • Operational Risk • Financial Risk

Why is this important?



Security challenges for IoT

Device Attack • Unintended access and steal credentials

• Gain access to valuable IP / software

• Malicious software injection

Network Attack • Gain access to transmitted data

• Multiple entry and exit points

Server Attack • Gain access to data

• Control access of devices

• Disgruntled employees


High

High

Low

IoT Security Gap Today

Passwords

PUF IoT

Secu

rity

Val

ue

Operational Efficiencies

PKI


Identity & integrity is at the heart of the problem

Users => Devices, Applications, Services

Strong authentication for Trust

UI Driven

X

Non-shared

Access to data

Devices => Devices, Applications, Users

Device Credentials for Trust

API Driven

20X

Shared

Hard to access vast data sources

Autonomous

Vs



Device Authority Ltd: Proven Platform, Partner Ecosystem, Recognized by Experts

The UK’s Most Innovative Small Cyber Security Company

IMPACT REPORT – May 2nd 2017 Device Authority takes a dynamic approach to IAM for IoT devices

On the Radar: Device Authority secures IoT with scalability and automation

TechRadar™: Internet Of Things Security, Q1 2017 A Mix of New and Existing Technologies Help Secure IoT Deployments

Cool Vendor - 2016

6



Device Authority Solution Benefits

Provision Devices at IoT Scale without human

intervention

IoT Application / Owner Controlled Security

(including certificates)

Manage Credentials/Certificates as per the application

policy

5


KeyScaler™ PKI Auto-Provisioning & Management for IoT

Device Registry Policy Management

Certificate & Key Management

Device Authentication Security Events, Alarms, Notifications and Logs

API Services

Service Connectors

Control Panel

Service Access Controller

KeyScaler™ Auto-Provisioning Platform

IoT Devices & Apps



Example Partnership: Intel Zero Touch Device Onboarding & Ownership Transfer



KeyScaler™ Delegated Security Management

• Tokenized security instructions and operation results • Mutual PKI signature validation performed to ensure that tokens are valid

• No backend integration required with IoT apps/platforms

• KeyScaler™ only talks to devices

• Simplifies client-side integration and comm’s with KeyScaler

• Single, Intelligent call (Device Check-in) with KeyScaler

• Provides an extensible design for security operations management

• Easy to add new DSM instructions and security operations

• Flexible model for triggering KeyScaler security operations

• Security operations can be triggered by devices, IoT applications or KeyScaler policies



Demo 1: Delegated Security Management (DSM)



Integrity Validation Check Service

KeyScaler™

IoT Device

IoT Application/Cloud Service

Issue DSM Check-in Instruction (IVC)

Device Authentication with Executable Validation

2

#

Set Device Validation State

IVC Challenge

1 DSM Check-in

w/IVC

3

4

IVC Response 5

6 DSM Validation Token

7 DSM Validation Token

Update Device Validation State

8

# #

# Valid signature and

executable Hash Inventory



Use Case: Smart Factory

• Machines used on the factory floor machining components, generating power …

• Driving towards Smart Factory 4.0 & Cloud computing

• Requirements for device Identity and Integrity to ensure authenticity of machines

• Data privacy is a must to prevent against industrial espionage

• Can’t use without stronger provisioning, authentication, data security/privacy



Flowrate = 5 Mode = 2 Location = 42.3601, 71.0589 °

Flowrate = yIHBhc3Npb24 Mode = dDSLsd£dUWFSdY Location = WdsOI7&%sIuYs

extension

Flowrate = yIHBhc3Npb24 Mode = dDSLsd£dUWFSdY Location = WdsOI7&%sIuYs

Encrypted

Flowrate = 5 Mode = 2 Location = 42.3601, 71.0589°

Only registered, authorized device can decrypt the data

Use Case: Portable Oxygen Concentrator

9



Demo 2: End-to-End Data Encryption



Use Case: Surgical Robot

• Uses pre-modelled surgical instructions to perform automated surgery

• IoT platform used to deploy surgical files to robots, and receive post-surgery results

• Due to restrictions in hospital, devices may be offline

• Can’t use without stronger provisioning, authentication, data security/privacy



Demo 1: Delegated Security Management (DSM)

• Tokenized security instructions and operation results

• Simplifies client-side integration and communication with KeyScaler

• Provides an extensible design for security operations management

• Flexible model for triggering KeyScaler security operations

Demo 2: Always On End to End data privacy

• Automated Secure Device Registration and Onboarding

• End to End data privacy from source, in transit and at rest

2 Demos



Summary for Unified Security in IoT

1. Device Trust - Identity, Integrity

2. Data Trust - Security, Privacy

3. Operationalizing the trust at IoT Scale


Thank You! Q&A

Documents

IoT Security Simplified · Proven Platform, Partner Ecosystem, Recognized by Experts The UK’s Most Innovative Small Cyber Security Company IMPACT REPORT – ndMay 2 2017 Device