Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Confidential and Proprietary -- © 2017 Device Authority
Applied IoT Security for Healthcare and Industrial
Confidential and Proprietary -- © 2017 Device Authority
The FUTURE of IoT…?
Confidential and Proprietary -- © 2017 Device Authority
www.deviceauthority.com
Or the future of IoT?
Confidential and Proprietary -- © 2017 Device Authority
www.deviceauthority.com
• IoT can significantly increase the value of an organisation….
• The trick is not to significantly increase the risk to your brand’s integrity and reputation at the same time…..
• Safety Risk • Compliance Risk • Intellectual Property Risk • Operational Risk • Financial Risk
Why is this important?
Confidential and Proprietary -- © 2017 Device Authority
www.deviceauthority.com
Security challenges for IoT
Device Attack • Unintended access and steal credentials
• Gain access to valuable IP / software
• Malicious software injection
Network Attack • Gain access to transmitted data
• Multiple entry and exit points
Server Attack • Gain access to data
• Control access of devices
• Disgruntled employees
Confidential and Proprietary -- © 2017 Device Authority
High
High
Low
IoT Security Gap Today
Passwords
PUF IoT
Secu
rity
Val
ue
Operational Efficiencies
PKI
Confidential and Proprietary -- © 2017 Device Authority
Identity & integrity is at the heart of the problem
Users => Devices, Applications, Services
Strong authentication for Trust
UI Driven
X
Non-shared
Access to data
Devices => Devices, Applications, Users
Device Credentials for Trust
API Driven
20X
Shared
Hard to access vast data sources
Autonomous
Vs
Confidential and Proprietary -- © 2017 Device Authority
www.deviceauthority.com
Device Authority Ltd: Proven Platform, Partner Ecosystem, Recognized by Experts
The UK’s Most Innovative Small Cyber Security Company
IMPACT REPORT – May 2nd 2017 Device Authority takes a dynamic approach to IAM for IoT devices
On the Radar: Device Authority secures IoT with scalability and automation
TechRadar™: Internet Of Things Security, Q1 2017 A Mix of New and Existing Technologies Help Secure IoT Deployments
Cool Vendor - 2016
6
Confidential and Proprietary -- © 2017 Device Authority
www.deviceauthority.com
Device Authority Solution Benefits
Provision Devices at IoT Scale without human
intervention
IoT Application / Owner Controlled Security
(including certificates)
Manage Credentials/Certificates as per the application
policy
5
Confidential and Proprietary -- © 2017 Device Authority
KeyScaler™ PKI Auto-Provisioning & Management for IoT
Device Registry Policy Management
Certificate & Key Management
Device Authentication Security Events, Alarms, Notifications and Logs
API Services
Service Connectors
Control Panel
Service Access Controller
KeyScaler™ Auto-Provisioning Platform
IoT Devices & Apps
Confidential and Proprietary -- © 2017 Device Authority
www.deviceauthority.com
Example Partnership: Intel Zero Touch Device Onboarding & Ownership Transfer
Confidential and Proprietary -- © 2017 Device Authority
www.deviceauthority.com
KeyScaler™ Delegated Security Management
• Tokenized security instructions and operation results • Mutual PKI signature validation performed to ensure that tokens are valid
• No backend integration required with IoT apps/platforms
• KeyScaler™ only talks to devices
• Simplifies client-side integration and comm’s with KeyScaler
• Single, Intelligent call (Device Check-in) with KeyScaler
• Provides an extensible design for security operations management
• Easy to add new DSM instructions and security operations
• Flexible model for triggering KeyScaler security operations
• Security operations can be triggered by devices, IoT applications or KeyScaler policies
Confidential and Proprietary -- © 2017 Device Authority
www.deviceauthority.com
Demo 1: Delegated Security Management (DSM)
Confidential and Proprietary -- © 2017 Device Authority
www.deviceauthority.com
Integrity Validation Check Service
KeyScaler™
IoT Device
IoT Application/Cloud Service
Issue DSM Check-in Instruction (IVC)
Device Authentication with Executable Validation
2
#
Set Device Validation State
IVC Challenge
1 DSM Check-in
w/IVC
3
4
IVC Response 5
6 DSM Validation Token
7 DSM Validation Token
Update Device Validation State
8
# #
# Valid signature and
executable Hash Inventory
Confidential and Proprietary -- © 2017 Device Authority
www.deviceauthority.com
Use Case: Smart Factory
• Machines used on the factory floor machining components, generating power …
• Driving towards Smart Factory 4.0 & Cloud computing
• Requirements for device Identity and Integrity to ensure authenticity of machines
• Data privacy is a must to prevent against industrial espionage
• Can’t use without stronger provisioning, authentication, data security/privacy
Confidential and Proprietary -- © 2017 Device Authority
www.deviceauthority.com
Flowrate = 5 Mode = 2 Location = 42.3601, 71.0589 °
Flowrate = yIHBhc3Npb24 Mode = dDSLsd£dUWFSdY Location = WdsOI7&%sIuYs
extension
Flowrate = yIHBhc3Npb24 Mode = dDSLsd£dUWFSdY Location = WdsOI7&%sIuYs
Encrypted
Flowrate = 5 Mode = 2 Location = 42.3601, 71.0589°
Only registered, authorized device can decrypt the data
Use Case: Portable Oxygen Concentrator
9
Confidential and Proprietary -- © 2017 Device Authority
www.deviceauthority.com
Demo 2: End-to-End Data Encryption
Confidential and Proprietary -- © 2017 Device Authority
www.deviceauthority.com
Use Case: Surgical Robot
• Uses pre-modelled surgical instructions to perform automated surgery
• IoT platform used to deploy surgical files to robots, and receive post-surgery results
• Due to restrictions in hospital, devices may be offline
• Can’t use without stronger provisioning, authentication, data security/privacy
Confidential and Proprietary -- © 2017 Device Authority
www.deviceauthority.com
Demo 1: Delegated Security Management (DSM)
• Tokenized security instructions and operation results
• Simplifies client-side integration and communication with KeyScaler
• Provides an extensible design for security operations management
• Flexible model for triggering KeyScaler security operations
Demo 2: Always On End to End data privacy
• Automated Secure Device Registration and Onboarding
• End to End data privacy from source, in transit and at rest
2 Demos
Confidential and Proprietary -- © 2017 Device Authority
www.deviceauthority.com
Summary for Unified Security in IoT
1. Device Trust - Identity, Integrity
2. Data Trust - Security, Privacy
3. Operationalizing the trust at IoT Scale
Confidential and Proprietary -- © 2017 Device Authority
Thank You! Q&A