Upload
team-wibu
View
277
Download
1
Embed Size (px)
Citation preview
Industry 4.0: Cyber-Security Challenges on the Horizon
Speaker 2Speaker 3
Oliver Winzenried | Co-Founder and [email protected]
Threats in Industry 4.0 and IoT
Impact on medical equipment
Solutions
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 2
Threats in Industry 4.0 & IoT
Security & Piracy
2015-04-21
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 3
Security Problem: Threats Today
2015-04-21
Manipulation & Tampering Cyber-Attacks: Stuxnet, Duqu, Flame, … FAZ 31.03.2014: Computer Criminals
earn more than drug dealers Espionage: NSA, Prism, Tempora, … Industrial espionage
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 4
Security Problem: Threats Today
Cyber-Attacks (German Television, January 14, 2015)
2015-04-21
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 5
Piracy Problem: Latest Studies
2015-04-21
German Engineering Federation (VDMA) 2014: 7.9 Billion € piracy losses in 2013 9 of 10 companies affected 71% affected by piracy
51% affected by piracy of complete machines
JMF-Study: Losses in Japan 1.8 times higher (2013) BSA-Study: Losses 63 Billion US$, globally 42%
2003 2006 2007 2008 2010 2012 2014
50%
66% 67% 68%62%
67% 71%
N=337
Is your company
affected
by product or brand
piracy?Yes
:71%
No:29%
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 6
Piracy Problem: Latest Studies
2015-04-21
German Engineering Federation (VDMA) 2014: Source of counterfeiting
Economic espionage
Blackmail or theft
Industrial espionage
Legal disclosure
Loss of know-how
No specific information required
Reverse engineering
0%
1%
15%
18%
31%
42%
72%
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 7
Impact of Industry 4.0on Medical Equipment
2015-04-21
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 8
Trends towards large Networks and increased Connectivity -> Security
2015-04-21
Departments
Large networks
WWW
Single Workstations
Sender
Remote Monitoring
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 9
All kind of Medical Equipment -> Security & Piracy
2015-04-21
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 10
Impacts on Medical Equipment using Embedded Systems
Increased functionality achieved through software Piracy -> easy to counterfeit and reverse engineer
Software monetization -> use of licensing for new business models
Security is a Must! Connectivity increases speed, efficiency and quality but risks as well
Pro: faster diagnostic, remote diagnostic, lower cost sharing information & resources
Contra: risk of tampering equipment and data as well as privacy of patients’ data
2015-04-21
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 11
Advantages of Software Monetization
2015-04-21
Reduced number of product designs
High, mid and low ranges covered with one product
Reduced production complexity & investment
Fewer production lines, consolidated component purchase
Reduced Inventory costs
Lower level of finished goods
in stock
Simple upgrade of product features
in the field
Upgrade all products in the field with the same
software revision
Simplified technical support and maintenance
Customer team supports only the
latest software version
Cost effective and real-time product
upgrade
Sell an upgrade and activate new features in real-time
Enablement of new business models
Pre-, Post-Paid and Pay-per-useproduct offerings
Automated sales process with ERP
integration
Simplified integration with
ready connectors
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 12
Solutions
2015-04-21
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 13
Technical Solutions
2015-04-21
Know-how Protection -> using data and program code encryption IP in embedded systems, PLCs, devices, IoT IP in software, source code and algorithms, in production data and service documents
Software and Product Protection -> encryption & unclonable crypto keys Counterfeiting reduction, prevention of unauthorized use (active and passive)
Flexible Licensing -> using target encryption and business process integration New business models for features and data, simplify logistics, monetize software in hardware
Tamper Protection -> using digital signature Prevention of manipulation – Cyber-Security
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 14
CodeMeter - Overview
2015-04-21
CodeMeter Key Storage (Hardware / Software)
License Models
Software Integration Automatic Code Protection / API
Backoffice Integration License deployment
License administration
Software Integration
Back Office Integration
Protection Suite: Ax/Ex/Ix-Protector
CodeMeter License Central
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 15
Scalable Solution with CodeMeter
2015-04-21
CodeMeter Embedded
Personal Computer
Industrial PC
Embedded System
Mobile / Tablet
Control Equipment / PLC
Microcontroller
Field Programmable Gate Array
High Power
Small Size
CodeMeter Runtime
CodeMeter µEmbedded
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 16
Wibu-Systems Protection Suite - Overview
2015-04-21
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 17
Wibu-Systems Protection Suite – Protection Process
2015-04-21
Prot
ecte
d Ex
ecut
able
/ Li
brar
y
Orig
inal
Exe
cuta
ble
/ Lib
rary
Header
Original Code
Header
Encrypted Code
Credentials(Hash, Signature, …)
ExProtector
Keys for Encryption and Code Signing
AES Key (FSB)
ECC Private Key
Certificate(s)
Encrypted Random AES Key
Firm Code | Product Code
Hash
Signature
Certificate(s)
ExProtector
Credentials(Hash, Signature, …)
01.05.2023 Schutz und Sicherheit für Anlagen, Maschinen und Embedded Systeme 18
ExProtector – Integration in the Operating System Loader
Operating System
ExEngine(ExProtector Runtime)
CodeMeter Embeded Driver
Operating System(Original)
Engineering
Modified LoaderOriginal Loader
Root Public Key
01.05.2023 WIBU-SYSTEMS AG 19
Secure Boot
Protected Operating Systems / Runtime
Protected Bootloader
Anchor of Trust
Protected Application (Binary Code)
ExEngine(Security Engine)
ExEngine(Security Engine)
ExEngine(Security Engine)
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 20
Wibu-Systems Protection Suite – Integration in OEM solutions
2015-04-21
Integration in Development Tools:
Ease-of-use Complex protection schemes Support of Standards
Back office Integration
Create, administrate and deploy licenses
Integrate in ERP, CRM, e-commerce and Cloud
Usage Tracking and Compliance
2015-04-21 MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 21
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 22
Back office Integration: CodeMeter License Central
2015-04-21
ERP
Http
Soap
Lice
nses
Key
Acco
unts
StatisticsSupport Items
User
Order
Shop
Browser
ConnectorGateway
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 23
Back office Integration: CodeMeter License Central
2015-04-21
Create, administrate and deploy Licenses Ease of use for the end user
Integration in licensed software
License transfer
Usage tracking and monitoring -> compliance & billing
Cost reduction for the ISV / OEM Integration in ERP, CRM and e-commerce solutions
On-premise or cloud solution
Secure Key Storage
CmDongles
CmActLicenses
Network License Server
2015-04-21 MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 24
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 25
CmDongle – Security with secure smart card chip
2015-04-21
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 26
CmActLicenses: Software-only solution bound to a target device
2015-04-21
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 27
License use or distribution over the network or from the Cloud
2015-04-21
One solution, CodeMeter, for all three scenarios
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 28
WIBU-SYSTEMS
2015-04-21
Company Overview
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 29
1989...2015: More than 25 years in business
2015-04-21
Founded in 1989 By Oliver Winzenried and Marcellus Buchheit Headquarters in Germany (Karlsruhe) Focus on Protection, Licensing and Security Technological leader with international patents ISO 9001:2008 certified
WIBU-SYSTEMS worldwide Subsidiaries in Seattle, USA – Shanghai and Beijing, China – Belgium
– France – Ireland – Netherlands – Portugal – Spain – UK Exclusive distribution partners in Japan – Korea – Russia and many
more countries Top 2 vendor in hardware-based protection Top 3 vendor in software licensing Global Awards
WIBU-SYSTEMS AG
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 30
1989...2015: More than 25 years in business
2015-04-21
1989...2015: Memberships & Co-operations
2015-04-21 MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon
Developer Programs
R&D Projects
Organizations
Standardization
2015-04-21 MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 31
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 32
1989...2015: Customers and Partners
2015-04-21
MEDTEC 2015: Industry 4.0 Cyber-Security Challenges on the Horizon 33
1989…2015: Latest Activities and Awards
2015-04-21
German National IT Government Summit,Hamburg, October 2014 Wibu technology in Industry 4.0 demonstration
of IFX, DTAG, Belden and Wibu-Systems
SIIA CODiE Award 2014 Winner Best Content Delivery
German IT Security Award from Horst Goertz Foundation Winner 1st prize with KIT (100,000 €)
Deutschland: +49-721-931720
USA: +1-425-7756900
China: +86-21-55661790
http://www.wibu.com
Deutschland: +49-721-931720
USA: +1-425-7756900
China: +86-21-55661790
http://www.wibu.com
01.05.2023 WIBU-SYSTEMS AG 34