Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
SPYRUS Security Products for
the Internet of Things
Securing the Internet of Things With Accredited and Certified
Hardware Roots of Trust
SPYRUS, Inc. Proprietary, Commercial-In-ConfidenceJanuary 2017
January 2017 SPYRUS Security Products for the Internet of Things
DOCUMENT NO: 412-326001-01
SPYRUS,Inc.Proprietary Pagei Commercial-In-Confidence
January 2017 SPYRUS Security Products for the Internet of Things
DOCUMENT NO: 412-326001-01
SPYRUS,Inc.Proprietary Pageii Commercial-In-Confidence
SPYRUS Product Design Information License Agreement
PLEASE READ THIS! This is a legal agreement between SPYRUS, Inc. (“SPYRUS”) and the
recipient of this document, whether an individual or an entity (“You”). BY ACCESSING, USING
OR PROVIDING FEEDBACK ON THE ATTACHED DOCUMENT (“this document”), YOU AGREE
TO BE BOUND BY THESE TERMS.
1. This document is SPYRUS confidential information under Your most recent Non-Disclosure Agreement with SPYRUS. However, Your only rights to use this document are as described in
Paragraph 2, below. You are being granted a non-transferrable, defeasible license to review the material
in this document only if You comply with the terms herein.
2. You may review the material in this document only (a) to provide feedback to SPYRUS; or (b) as a
reference to assist You in planning and designing Your product, service or technology (“Your Product”) to
interface with a SPYRUS product, technology or service (“SPYRUS Product”) as described in this
document. All other rights are retained by SPYRUS; You have no other rights to use the intellectual
property in this document. You may not (i) duplicate any part of this document, (ii) remove this
Agreement or any notices from this document, or (iii) give any part of this document, or assign or
otherwise provide Your rights under this Agreement, to anyone else.
3. You have no obligation to give SPYRUS any suggestions, comments, or other feedback. If You do give
SPYRUS feedback on any version of this specification, You agree that:
• SPYRUS may freely use, disclose, reproduce, license or otherwise distribute, and exploit Your
feedback in its products, services, technologies, specifications and other documentation (“SPYRUS
Offerings”), without any intellectual property restrictions, payments or other obligations;
©Copyright2017SPYRUS,Inc.Allrightsreserved.
Documentnumber412-326001-01
Thisdocument(andthesoftwaredescribedinit)isfurnishedunderaSPYRUSEndUserLicenseAgreement(EULA)andmaybeusedorcopiedonlyinaccordancewiththetermsandconditionsofsuchlicense.Thisdocumentisprovidedforinformationalpurposesonlyandissubjecttochangewithoutnotice.SPYRUS,Inc.assumesnoresponsibilityorliabilityforanyerrorsorinaccuraciesthatmayappearinthisdocument.Exceptaspermittedbysuchlicense,nopartofthispublicationmaybereproduced,storedinaretrievalsystem,ortransmitted,inanyformorbyanymeans,withoutthepriorwrittenpermissionofSPYRUS,Inc.
Patents
ThisproductisprotectedunderoneormoreoftheU.S.patentsfoundatthefollowingaddress:www.spyrus.com/company/patent-markings.html
Trademarks
SPYRUS,theSPYRUSlogos,LYNKS,SecurePocketDrive,SecuritytotheEdge,SuiteBOnBoard,SPEX/,SPYCOS,Multisession,HydraPrivacyCard,Rosetta,andRosettaMicroSDHCareeitherregisteredtrademarksortrademarksofSPYRUS,Inc.,intheUnitedStatesand/orothercountries.IndividualSPYRUSproductsmayembodytechnologyprotectedbyoneormorepatents:http://www.spyrus.com/patent-markings/
Allothertrademarksarethepropertyoftheirrespectiveowners.
January 2017 SPYRUS Security Products for the Internet of Things
DOCUMENT NO: 412-326001-01
SPYRUS,Inc.Proprietary Pageiii Commercial-In-Confidence
• You also grant SPYRUS’ customers and other third parties, without charge, any patent or other
rights necessary to use, and to enable their products, services or technologies to interface with, Your
feedback that has been incorporated into any SPYRUS Product; and
• You will not give SPYRUS any feedback (i) which You have reason to believe is subject to any patent,
copyright or other intellectual property claim or right of any third party; or (ii) which is subject to
license terms that seek to require any SPYRUS Offering incorporating or derived from such
feedback, or any SPYRUS intellectual property, to be licensed or otherwise shared with any third
party.
4. This document contains preliminary information that may change prior to release of any associated
SPYRUS Product, and is provided entirely “AS IS.” To the extent permitted by law, SPYRUS MAKES NO
WARRANTY OF ANY KIND, DISCLAIMS ALL EXPRESS, IMPLIED AND STATUTORY WARRANTIES, AND
SHALL HAVE NO LIABILITY TO YOU FOR ANY DAMAGES, IN CONNECTION WITH THIS DOCUMENT
OR ANY INTELLECTUAL PROPERTY IN IT.
5. If You are acquired, or if more than a 20% of Your ownership changes, this Agreement automatically
terminates and You must destroy this document.
6. This Agreement is governed by the laws of the State of California. Any dispute involving it must be
brought in the federal or state courts located in Santa Clara County, California, and You waive any
defenses allowing the dispute to be litigated elsewhere. If there is litigation, the losing party must pay
the other party’s reasonable attorneys’ fees, costs, and other expenses. If any part of this Agreement is
unenforceable, it will be considered modified to the extent necessary to make it enforceable, and the
remainder shall remain in effect. This Agreement is the entire agreement between You and SPYRUS
concerning this document; it may be changed only by a written document signed by both You and
SPYRUS.
January 2017 SPYRUS Security Products for the Internet of Things
DOCUMENT NO: 412-326001-01
SPYRUS,Inc.Proprietary Pageiv Commercial-In-Confidence
Table of Contents
SPYRUS Product Design Information License Agreement ...................................................................................... ii
Table of Contents .................................................................................................................................................. iv
Introduction ........................................................................................................................................................... 1
What is the Internet of Things? ............................................................................................................................... 1
Summary of Vulnerabilities of IoT Devices ............................................................................................................. 2
System-Specific Vulnerabilities .......................................................................................................................... 3
Cloud and Web-based Vulnerabilities ................................................................................................................. 3
Other Vulnerabilities .......................................................................................................................................... 4
Section 3 Securing the Internet of Things with Accredited and Certified Hardware Roots of Trust .......................... 5
The Cloud --- or “Cloud of Clouds” ...................................................................................................................... 5
The Importance of Strong Cryptography ............................................................................................................ 5
Rosetta Hardware Security Module – An Anchor of Trust ................................................................................... 5
Promoting Transparency across the Internet of Things ...................................................................................... 6
Section 4 Summary ................................................................................................................................................ 8
SPYRUSSecurityProducts SPYRUS,Inc.Proprietary 1 Commercial-In-Confidence
Introduction
In 1965, Gordon Moorei, co-founder of INTEL, proposed that the speed of computer chips would double
every 2 years yet their cost would, during the same period, half. His prediction has held true since it was
first raised. Some 4 years later, the first successful transportation of a human to the moon occurred on
July 20, 1969 and its central computer, known as the AGC (Apollo Guidance Computer). was a 16 bit
machine that was able to process 41.2 instructions per second. Much has changed since 1969. The
computing capacity of today’s modern machines and the communication speed are exponentially
advanced to that of 1969. Modern chip sets in most smartphones are able to process just over 3.5 billion
instructions per second. This increased processing power has expanded the functionality of modern
computers and mobile devices, extending their uses far afield, even to the point of emulating human
intelligence, and solving complex problems in a quick and direct manner. Furthermore, these same chips
are able to be programmed to allow modern society to communicate efficiently and to substantially
increase productivity. The impact of this communication efficiency and processing power has allowed for
the advent of the Internet of Things (IoT), which is predicted to encompass billions of devices to
interconnecting, communicating, and developing modes of autonomous and semi-autonomous activity
via machine to machine communications (M2M).For industrial automation, the IoT will assist in diagnostic
functionality, e.g. condition based maintenance rather than planned or periodic maintenance, leading to a
wholesale change in way enterprises are managed and otherwise supported.
What is the Internet of Things?
The base layer of the IoT environment is composed of smart things that capture raw data and can either
process the data internally or communicate the data to other more powerful devices or systems. This
layer is generally known as the “sensory swarm layer” because it comprises a heterogeneous myriad of
resource properties and communication technologies. The next layer comprises a vast range of mostly
unsecured communication and networking devicesii. These devices are already present in our daily life and
can be exploited, by the sensory swarm, as a bridge to the standard Internet and also to outsource data for
computational, storage, and analytical functions where the sensory swarm cannot manage the captured
data itself. The final layer is composed of data management and processing technology such as cloud
computing environments and large multifunctional systems that can process data into information and
knowledge for decision making purposes.
Security questions abound, not just from “hacking” to exfiltrate information, but also to the injection of
malware to create significant loss of material and even life through denial of service or false actions. Some
vital issues remain outstanding accelerating the need for security. For example:
a. How pervasive will the IoT ultimately become? Where does society draw the line at autonomous or
predictive control of vehicles?
b. Which industries are the most likely adopters of this technology? What are the limits?
c. With this extended interconnectivity what aspects will fall within critical infrastructure?
SPYRUSSecurityProducts SPYRUS,Inc.Proprietary 2 Commercial-In-Confidence
d. What new standards are required to ensure the resilient nature of the IoT in response to either
natural disaster or purposeful catastrophe?
e. If the IoT becomes a critical component for society’s needs, what is the best way to secure the
interdependent functionality of the holistic IoT environment?
f. What architectural design will better secure IoT both internally and externally; that is if an IoT
device becomes contaminated with some malware, how is it best to restrict the spread of the
computer contagion?
g. Due to the complexity of the interdependence of IoT devices, what is the best security framework
for IoT and, in particular, what can go wrong?
h. What about metrics for data provenance, trustworthiness of data?
i. Who will likely be held accountable for any system failures and how to compensate for economic
damages? How is liability attributed?
j. What policy issues should be considered before a massive failure arises? Do the issues differ from
industry to industry? Can the failure can be identified as part of critical infrastructure protection?
This paper will look at the security infrastructure of the Internet of Things, and although addressing each
of these issues is a monumental task in itself, we will provide some guidance as to possible solutions as
well as policy considerations.
Summary of Vulnerabilities of IoT Devices
Abuse of intelligent devices is a phenomenon that has been predicted by the mass media as well as
forward thinkers for decades. Types of attack include:
• Denial of Service,
• Spamming attacks,
• Unauthorized access of sensitive data at rest or in transmission, and privilege escalation,
• Erosion of privacy: PII harvesting, identity theft, privacy erosion, and
• Facilitator for cloud and web-based attacks.
These are very real concerns. For example, in January 2014, the security firm Proofpoint Inc. reported a
spam attack by a botnet consisting of compromised routers, multimedia centers, smart TVs and at least
one smart refrigerator1. In this instance, IoT lightbulbs and lighting systems, webcams, baby monitors,
and other apparently smart but innocent devices demonstrated their vulnerability to reprogramming or
firmware modification attacks similar in many ways to the well-known “Bad USB” attack. These areas of
exposure have multiple effects that combine sources of their vulnerabilities and different impacts to home
users versus industrial users.
1 See “Proofpoint Uncovers Internet of Things (IoT) Cyberattack”, https://www.proofpoint.com/us/proofpoint-uncovers-internet-things-iot-cyberattack
SPYRUSSecurityProducts SPYRUS,Inc.Proprietary 3 Commercial-In-Confidence
System-Specific Vulnerabilities
Vulnerabilities of the IoT abound, partly because of the following major areas of exposure:
• IoT surface technology is new and untested,
• Weak or non-existent authentication protection in IoT devices,
• IoT is built on the foundations of older insecure technology,
• IoT may lack secure storage of cryptographic keys and other critical security parameters,
and
• IoT may lack secure update mechanisms to replace old / insecure software and firmware.
Crowded spectrum allocation and prohibitive costs of new communication modalities make it infeasible to
deploy widespread secure and resilient communication networks for the IoT. In general, business and
industrial applications, energy distribution and control, natural resources and transportation, and critical
infrastructure sectors will be forced to employ the dominant data networks that have already serviced
these sectors for decades. In doing so, IoT applications may inherit and possibly magnify any vulnerability
that exists in the underlying communications and control layers.
Cloud and Web-based Vulnerabilities
A significant area of vulnerability relates to the integration of the IoT with Cloud-based web interfaces and
mobile interfaces. In many cases, password security is non-existent or set to too low a level of complexity
and length to provide sufficient protection. Compounding this vulnerability, many systems are reported to
lack the ability to lock accounts after a specified threshold of failed attempts has taken place. While other
technologies may have similar weaknesses, the impact of a successful IoT attack is often high and
detection capabilities are often low.
Cloud-based web interfaces have frequently enabled attackers to access protected services using the
above attacks, i.e., weak password policy and lack of account lockout, in conjunction with account
enumeration. The latter vulnerability holds if it is possible to collect a set of valid usernames by interacting
with the authentication mechanism of the application. Attackers who can manipulate web-based IoT
services to reveal when a username exists on the system can be used to build a list of users. This facilitates
brute force username / password attacks. While conventional home IoT systems are likewise vulnerable to
this attack family, unless strong password protection and account locking are in place, the general lack of
hardware key protection and data encryption in cloud services can render a cloud-based web interface a
much more open gateway to unauthorized access.
Other generic web user interface vulnerabilities have also been found to infest IoT devices and systems.
These include persistent cross-site scripting (XSS), poor session management, weak default credentials
and credentials transmitted in clear text. In one 2014 study2, Seventy percent of IoT devices with cloud
and mobile components were found to positively enable a potential attacker to determine valid user
accounts through account enumeration or the password reset feature. Other web vulnerability issues
2See:Hewlett-Packard,“HPStudyReveals70PercentofInternetofThingsDevicesVulnerabletoAttack”,http://www8.hp.com/us/en/hp-news/press-release.html?id=1744676#.V46A2RJnC60
SPYRUSSecurityProducts SPYRUS,Inc.Proprietary 4 Commercial-In-Confidence
include SQL injection, non-persistent XSS with request forgery, and the existence of known default
credentials.
Other Vulnerabilities
The vulnerabilities described here are by no means an exhaustive list, but have been selected to indicate in
general where and what type of vulnerability can be found in IoT devices and their underlying
communications networks and service delivery systems. A holistic view of the attack surface of the
system is essential as well as a depth analysis of underlying systems within or associated with the IoT
technology. Collections of vulnerabilities may have a multiplier effect, as has been mentioned, and the
high aggregations of these vulnerabilities in many current systems should be a cause for caution and
further study.
Inadequate software / firmware protection is another significant area of concern in IoT systems. This
protection is only partly addressed by physical security. IoT systems are particularly sensitive in the area of
update mechanisms and their security. Updates sent without encryption, or unsigned, are at risk of
unauthorized modification. In a recent HP study3, “60 percent of devices did not use encryption when
downloading software updates, an alarming number given that software powers the functionality of the
tested devices. Some downloads could even be intercepted, extracted and mounted as a file system in
Linux where the software could be viewed or modified.”
If the update location is writable, vulnerability to unauthorized malicious updates is present. Updates
must be verifiable as to their origin, and here signatures are invaluable, and authentication must be
required as well before an update can take place. In a technology like the IoT, it is necessary to actually
have an update process or at least a manual procedure as new and more secure versions of software and
firmware are developed. Devices that run out-of-date software/firmware are vulnerable to attack based on
known bugs or security flaws.
The list of IoT vulnerabilities goes on and will in all likelihood continue to grow. Device memory security is
critical, especially regarding the use of cleartext usernames, passwords and other credentials. Key storage
is critical and must follow standard security practices regarding encryption and integrity protection.
Device ID and serial number exposure must be controlled and protected. Device physical interfaces,
coatings, and enclosures must be secure and resist tamper and penetration attack, and sensors must be
resistant to damage or physical modification. Removal of storage media must be prevented or allowed
only under authenticated and authorized control.
Privilege escalation should be tightly controlled. Reset to insecure states must be disallowed and the
existence and accredited validation testing of the finite state machine or similar formal or semi-formal
model of the device behavior is a very big plus. The list of device mobile applications and their security
postures further expand the vulnerabilities that include many of the ones we have touched upon and will,
no doubt, grow.
3See:Hewlett-Packard,“HPStudyReveals70PercentofInternetofThingsDevicesVulnerabletoAttack”,http://www8.hp.com/us/en/hp-news/press-release.html?id=1744676#.V46A2RJnC60
SPYRUSSecurityProducts SPYRUS,Inc.Proprietary 5 Commercial-In-Confidence
Securing the Internet of Things with Accredited and Certified Hardware Roots of Trust
The Cloud --- or “Cloud of Clouds”
A recent White Paper by Forester4 performs a 25-criteria evaluation of internet of things (IoT) software
platform providers, identifying the 11 most significant ones including Amazon Web Services (AWS), Ayla
Networks, Cisco Jasper, Exosite, General Electric (GE), IBM, LogMeIn, Microsoft, PTC, SAP, and Zebra
Technologies. Regardless of the various methodologies of infrastructure integration, billing, and
stakeholder involvement, the family of platform providers share the same challenges with security as
depicted earlier. Moreover, the increasing dependence of commerce and industry on the Internet of
Things ecosystem has evolved into an interlinked set of hardware, software, and modalities of ubiquitous
connectivity which has created a myriad of new security challenges coupled with an exacerbation of
legacy security issues. These concerns have resulted in the generation of numerous security standards by
governmental organizations, most recently being the issuance of “Strategic Principles for Securing the
Internet of Things” by the Department of Homeland Security (DHS). In particular, the DHS document
highlights the following principles for securing the Internet of Things:
• Incorporate security at the design phase
• Advance security updates and vulnerability management
• Build on proven security practices
• Prioritize measures according to potential impact
• Promote transparency across the Internet of Things
• Connect carefully and deliberately
The Importance of Strong Cryptography
All SPYRUS products described in this White Paper incorporate military grade Suite B encryption including
elliptic curve, AES-256, and SHA-256, which is suitable for up to TOP SECRET based on Operational
Security Doctrine. High assurance elliptic curve algorithms such as ECC P-384, ECCP-521 are employed
for authentication, keywrap, device ID and related functions. The SPYRUS products are available in
multiple form factors including USB 3.0 and microSDHC, all with internal FIPS 140-2 Level 3 rated Suite B
PKI HSMs (Secure Elements), and are suitable for end user integration into embedded, sensor, wearable,
and legacy desktop and mobile devices. In most instances, the SPYRUS devices are ready for submission
to regulatory bodies for accreditation, particularly in light of their “Made in USA” supply chain for trusted
manufacturing environment and existing accreditation by NIST and other bodies.
Rosetta® Hardware Security Module – An Anchor of Trust
Enforcement within any strong security solution must be anchored in some point of trust. There must be
something you trust to hold up to and defend against the threat environment within which you are trying
to establish a secure solution. Within every Rosetta microSDHC™ there is a FIPS 140-2 Level 3 certified
Rosetta SPYCOS® (SPYRUS Cryptographic Operating System) security controller to which all security is
4 The Forrester Wave™: IoT Software Platforms, Q4 2016 “The 11 Providers That Matter Most And How They Stack Up”, Michele Pelino and Andrew Hewitt,
November 15, 2016
SPYRUSSecurityProducts SPYRUS,Inc.Proprietary 6 Commercial-In-Confidence
anchored. As a hardware trust anchor, this controller provides superior protection to any software trust
anchor that can be provided. The cryptographic security boundary of this controller is the die itself, so that
it can be embedded in other products for specialized applications. This is the trust anchor embedded in all
the various form factors of the Rosetta microSDHC product family.
The main advantage of hardware based security is its ability to implement robust, built-in counter
measures to address a variety of physical and logical attacks commonly leveled against security
applications and processes. Protecting these within a hardware security boundary provides an isolated
environment in which strong protection mechanisms can be employed. Many of these security features
within the Rosetta SPYCOS security controller are built into the processor chip on which SPYCOS runs.
This chip provides an enhanced level of on-chip security features to fulfill the strong security requirements
of a Common Criteria evaluation at an EAL-5 level. These countermeasures include a wide variety of
hardware tamper detection circuits and physical protection shields.
Promoting Transparency across the Internet of Things
Figure 1: SPYRUS components cover all aspects of the “chain of trust” between sensor data acquisition through secure transmission and storage of data, including protection against malware.
SPYRUS has been at the forefront of hardware based security products, espousing open standards as well
as a common interface across product platforms. Figure 1 is a high level overview of the SPYRUS
“Security in a Box®” concept for securing all aspects of an IoT application from raw data ingest through
storage and security for cloud based analysis and dissemination of results. Table 1 is a snapshot of the
salient features of SPYRUS products supporting IoT security functions across a wide range of applications
and venues. Figure 2 is a brief snapshot of the capabilities of the SPYRUS “IoT Stack” in supporting
development and deployment in cloud service provider platforms.
SPYRUSSecurityProducts SPYRUS,Inc.Proprietary 7 Commercial-In-Confidence
Table 1: Relevant SPYRUS® product families supporting hardware Root of Trust functions for the Internet of Things.
SPYRUS Product Description URL for more documentation
Rosetta® USB Series II and III/Rosetta Smart Card
FIPS 140-2 Level 3 certified, EAL5+ tamper proof USB miniature form factor or ISO 7810 Smart Card Approximately 32K of EEPROM available for X.509 certificates and data storage ECC/AES/SHA-2 and legacy RSA support
https://www.spyrus.com/wp-
content/downloads/400-100000-
17DSRosettaSeriesIISC_USB.pdf
Rosetta Micro Embedded HSM in QFN8 surface mount package FIPS140-2 Level 3 certified, EAL5+ tamper proof
http://www.spyrus.com/rosetta-hsm/
WorkSafe Pro™ USB 3.0 Windows To Go
USB 3.0 Windows To Go, Sizes 32 GB to 1 TB in compact USB form factor Built in SPYCOS® Suite B PKI FIPS 140-2 Level 3, EAL 5+ HSM for use in external authentication, VPN, secure login Supports Windows 10, also 8.1 on Windows and MacOS platforms Hardware XTS - AES-256 encryption, In FIPS 140-2 Level 3 certification MIL-810, IEC, ISO testing including immersion, shock, dust, radiation
http://www.spyrus.com/windows-to-go-live-drives/
Windows to Go Xtreme (WTG Xtreme™)
As above, supporting four user profiles and storage partitions cryptographically separated. Suitable for multi-domain use, support multiple users on same device
http://www.spyrus.com/windows-to-go-xtreme/
LINUX2Go™ and Linux2Go Xtreme
As per WorkSafe Pro and WTG Xtreme but with LINUX operating system
http://www.spyrus.com/windows-to-go-live-drives/
PocketVault™ P-3X USB 3.0 Storage
USB 3.0 interface with SSD quality storage to 1 TB Built in SPYCOS Suite B PKI HSM for use in external authentication, VPN, secure login Hardware XTS - AES-256 encryption, In FIPS 140-2 Level 3 certification, MIL-810, IEC, ISO testing including immersion, shock, dust, radiation
http://www.spyrus.com/secure-storage/
Rosetta microSDHC™ microSDHC form factor, internal SPYCOS Suite B PKI HSM with approved for classified RNG Sizes to 128 GB in Class 10 performance, Hardware AES-256 Encryption
http://www.spyrus.com/secure-storage/
SPYRUSSecurityProducts SPYRUS,Inc.Proprietary 8 Commercial-In-Confidence
Figure 2: SPYRUS IoT stack as applied to Microsoft Azure and Amazon Web Services Pragma IoT
cloud platforms. Implementations with other service providers similar.
Section 4 Summary
There is a pressing requirement for ubiquitous security in the continued evolution of Internet of Things
applications, secure Machine to Machine (M2M) and related legacy IoT-friendly systems. As applications
evolve to a more “personal” level, where actual lifestyles are affected or public safety such as the control
or prediction of vehicular guidance is implemented, essential qualities that safeguard information assets
and mitigate risk become mandatory. Not the least of which are of safe passwords and credentials, strong
authentication services, hardware protection and high-assurance encrypted storage of keys and critical
security parameters, secure transport of critical information and software / firmware updates, and
regulation and third party security evaluation and certification of devices. The coupling and integration of
hardware roots of trust such as those in the SPYRUS ecosystem, coupled with the integration of HSM and
USB security tokens in legacy systems are important first steps in the process. The flexible nature of the
devices under test will dictate the progress of these architectures and test their effectiveness.
There is every reason to be hopeful that the IoT will become a security-enabling technology that can
protect sensitive information in home and industry against privacy, sensitive information disclosure and
monetary loss due to the factors considered above. The present state of affairs with the IoT is that it
provides industry, government and the public with asymmetric risk and uneven benefit, i.e. it adds more
exposure to attack surfaces that already have their fair share and the value of its services may not
compensate the impact of a serious attack. The road to a brighter picture is not necessarily long, but
RosettaSD RosettaUSB Rosettamicro
CCIDIFDDriver
ISO7816Driver
FileSystem
SmartIO
PCSCPCSCIFDDriver
PCSC-like
PKCS11
NcryptNshareSDK
Other…
PCSC PCSC-likeSPYRUS
OperatingSystem
EmbeddedSystem
PCSC-like
libUSB
Specifications subject to change without notice.
© Copyright 2013-2015 SPYRUS, Inc. All rights reserved. SPYRUS, the SPYRUS logos, Secured by SPYRUS, WorkSafe, Toughboot, SPYRUS Enterprise Management System, and Rosetta are either registered trademarks or trademarks of SPYRUS in the United States and/or other countries. All other trademarks are the property of their respective owners. Individual SPYRUS products are
protected by one or more of the following patents or patent applications: http://www.spyrus.com/patent-markings
Corporate Headquarters
1860 Hartog Drive
San Jose, CA 95131-2203
+1 (408) 392-9131 phone
+1 (408) 392-0319 fax
Australia Office
Level 7, 333 Adelaide Street
Brisbane QLD 4000, Australia
+61 7 3220-1133 phone
+61 7 3220-2233 fax
www.spyrus.com.au
East Coast Office
+1 (732) 329-6006 phone
+1 (732) 832-0123 fax
UK Office
+44 (0) 113 8800494
Proudly designed, engineered,
and manufactured in the USA
For more information about SPYRUS products, visit www.spyrus.com or contact us by email or phone.
SPYRUS’s family of hardware roots of trust, encompassing embedded devices through Rosetta microSDHC and USB 3.0 devices and applications provide IoT developers and systems integrators with a complete operating environment and security functions that includes extensive FIPS 140-2 Level 3 rated authentication coupled with a variety of secure storage and sharing solutions for securing the various entities within an Internet of Things architecture. All Rosetta versions feature superior security defense of the operating system, documents, and identity credentials from tampering and theft with layered hardware and software encryption depending on the particular model.
The entire family of devices is intended to also maintain compatibility with the optional SPYRUS Enterprise Management System (SEMS™) in 2017 and beyond. Combining a public key with a smart card-enabled ecosystem and SPYRUS security applications extends a true end-to-end security approach for enterprise smart card and PKI infrastructure to mobile users for authentication to IoT applications and networks. Please visit the SPYRUS website at www.spyrus.com to find out more or contact a sales rep-resentative at [email protected] or [email protected] .
Document number 412-326001-01
Moore, G., “Moore’s Law at 40”, In Brock, D. “Understanding Moore’s Law: Four Decades of Innovation” Chapter 7. http://www.chemheritage.org/Downloads/Publications/Books/Understanding-Moores-Law/Understanding-Moores-Law_Chapter-07.pdf <ACCESSED 4 July 2016>
Niyato, D., Lu, X., Wang, P., Kim, D., & Han, Z., “Economics of Internet of Things (IoT): An Information Market Approach.” http://arxiv.org/pdf/1510.06837.pdf <AC-CESSED 4 July 2016>