Upload
team-wibu
View
167
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Innovators, manufacturers, and economists agree on one crucial vision for our future: Industry 4.0 is a huge potential for value creation waiting to be tapped. The payoff is enormous: third party sources predict that global investment in the industrial Internet of Things will reach USD 500 billion by 2020, a 2,500 percent increase from the USD 20 billion spent in 2012. The pervasive connectivity of the Internet of Things (IoT) exposes embedded devices to more security risks than ever before. As a result, safeguarding devices, data, and intellectual property becomes a key requirement embedded device manufacturers must meet to succeed in IoT. The strategic partnership between Wind River® and Wibu-Systems aims at offering modern techniques to tackle the security risks associated with vulnerabilities of interconnected cyber-physical systems. Together, we have developed a scalable protection and licensing system for VxWorks-based applications that grows along with your needs. Learn: • Ways to protect connected embedded devices, data, and intellectual property in the Internet of Things • Software-based security features delivered by the VxWorks® 7 Real-Time Operating System together with Security Profile for VxWorks • Complementary hardware-based CodeMeter® Security solution by Wibu-Systems • Benefits of a joint integrated solution featuring software- and hardware-based security for security-sensitive applications. ******************************** Request CodeMeter SDK and try out Wibu-Systems' premier technology for yourself http://www.wibu.com/cm ********************************
Citation preview
3 | © 2014 Wind River. All Rights Reserved.
ENABLING EMBEDDED SECURITY FOR THE INTERNET OF THINGS
Michel Chabroux, Senior Product Manager, Wind River
Marco Blume, Product Manager, WIBU Systems
4 | © 2014 Wind River. All Rights Reserved.
Agenda
VxWorks Overview
A Story…
Who needs security and why?
Security Profile for VxWorks Overview
Key Benefits
Key Features
Enhancement Options
Sample Applications
CodeMeter Security
5 | © 2014 Wind River. All Rights Reserved.
World’s most widely used commercial RTOS
Unrivaled technology partner ecosystem
Best-in-class foundation for creating differentiated, IoT-ready intelligent devices
VxWorksThe RTOS for the Internet of Things
Unrivaled Performance
Modular, Scalable Design
Safety and Security
Virtualization
6 | © 2014 Wind River. All Rights Reserved.
WHAT DO AIR CONDITIONERS HAVE TO DO WITH IDENTITY THEFT?
A Story…
7 | © 2014 Wind River. All Rights Reserved.
A well known retailer has experienced a
security breach resulting in identity theft
for millions of consumers.
The breach actually began when the
retailer’s HVAC maintenance vendor was
broken into.
Network passwords the vendor used to
monitor the retailer’s HVAC systems
were stolen.
These same passwords gave hackers
network access to the retailers Point-of-
Sale machines.
With this access, hackers installed
malicious software that captured Credit
Card data the time of transactions.
Taking place over the holiday season,
the attack captured the identity data from
millions of unsuspecting shoppers.
Everything connected must be secure!
9 | © 2014 Wind River. All Rights Reserved.
From Islands to Networked ConstructionsNew Attack Vectors for Cyber Physical Systems
A Cyber Physical System (CPS) is a system of collaborating computational elements controlling physical entities*
* Wikipedia
10 | © 2014 Wind River. All Rights Reserved.
Security Threats
Operator
Manipulation
– Sabotage
– Human mistakes
– Intelligence services / Displeased employees
Intellectual property
– Recipes
– Configuration data
Production data
– Machine log
– Produced amounts
Manufacturer
Cloning of a machine
Imitation of a machine
– Extraction of intellectual property (reverse engineering)
Manipulation (warranty)
– Not authorized updates
– Manipulation of counters
– Manipulation of flight records
Not authorized access to source code
11 | © 2014 Wind River. All Rights Reserved.
Copy protection
IP protection
Integrity
Authenticity
Security Objectives
12 | © 2014 Wind River. All Rights Reserved.
A collection of software-based security features to effectively safeguard devices and data
Compatible with VxWorks 7 Core Platform and all industry-specific profiles for VxWorks 7
Can be reinforced with a hardware-based solution from Wibu-Systems for high security applications and flexible licensing
Security Profile for VxWorksComprehensive Security for Your IoT-Ready Devices
13 | © 2014 Wind River. All Rights Reserved.
Solid foundation for security-sensitive applications
Flexible, configurable, readily expandable security suite
Upgradeable, future-proof solution
Protection for your intellectual property
Security Profile for VxWorksKey Benefits
14 | © 2014 Wind River. All Rights Reserved.
Security Profile for VxWorksKey Features
Protect from tampering with code and unauthorized access.
Safeguard data even when the device is powered down.
Secure network communications and prevent attacks.
Prevent execution of non-authentic code.
Boot-up OperationData
TransmissionRest/
Shutdown
Secure Boot
Digital signature verification
Decryption*
Secure Run-Time Loader
Digital signature verification
Decryption*
Advanced User Management
Prevention of unauthorized access
Help for creating and enforcing user-based policies
Network Security
OpenSSL
SSH
Cryptography Libraries
IPsec and IKE
Encrypted Containers
TrueCrypt-compatible AES-encrypted file containers
Ability for data in containers to remain encrypted even when the device is idle or powered off
Passkey protection using customizable functions
* Can be enabled or disabled
15 | © 2014 Wind River. All Rights Reserved.
Security Profile for VxWorksKey Features – Secure Loader
UEFI
VxWorks Image
Trusted by UEFI
Signer‘s certificate
Signed by Wind River Workbench user
Signer‘s certificate in Bootloader
Applications(LKMs/DKMs, RTPs)
Signed by Wind River Workbench user
Signer‘s certificate in VxWorks image
Proprietary Wind River EFI loader
16 | © 2014 Wind River. All Rights Reserved.
Security Profile for VxWorksKey Features – Digital Signature
Wibu CaTool
Based on elliptic curve cryptography (ECC)
Lead generates the root key and certificate
Lead signs certificates for other developers– Signs requests from other developers
– Creates signer’s keys and signs certificates
Lead sends signed certificates to individual developers
17 | © 2014 Wind River. All Rights Reserved.
Security Profile for VxWorksKey Features – Encryption
AES encryption
Configured from VxWorks Source Build
18 | © 2014 Wind River. All Rights Reserved.
Security Profile for VxWorksKey Features – Advanced User Management
User database– No default user
– Dynamic definition of users
– Customizable encryption keys
If enabled, all access to target will require a login
19 | © 2014 Wind River. All Rights Reserved.
Security Profile for VxWorksKey Features – Encrypted Containers
Protect data at rest– Files are encrypted at all times using
AES encryption
TrueCrypt-compatible containers
Can be created on any host platform
Can be configured to mount automatically
Passphrase encryption can be customized
20 | © 2014 Wind River. All Rights Reserved.
Security Profile for VxWorksEnhancement for Security-Critical Applications
Software-based security delivered by Security Profile can be reinforced with CodeMeter® hardware-based security by Wibu-Systems.
CodeMeter Security adds flexible licensing and hardware binding
CodeMeterLicense Central
VxWorks 7 Core Platform
Security Profile for VxWorks
Wibu-Systems Basic Security
IP Protection Integrity Protection
Wibu-Systems CodeMeter
Hardware Protection License Management
21 | © 2014 Wind River. All Rights Reserved.
Prevention of operation disruptions, public security risks, and industrial espionage – Hacking, tampering, and unauthorized access
to power grid and plant control systems
– Piracy, illegal cloning, and code reverse-engineering
Protection via:– Encryption
– Digital signatures
– Advanced user management
– Secure remote access
– Hardware-based security
Security Profile for VxWorksUse Case – Industrial Systems and Energy
22 | © 2014 Wind River. All Rights Reserved.
Protection of sensitive data in transit and at rest – Safeguarding patient data (HIPAA)
Encryption and user management
– Protection of manufacturer-proprietary information stored onboard
Encrypted containers
Protection from tampering with medical device software– Digital signatures
Prevention of piracy and reverse-engineering– Encryption and hardware-based security
Security Profile for VxWorksUse Case – Medical Devices
23 | © 2014 Wind River. All Rights Reserved.
Hardware-based key store
License management
New business models
Business process integration of license and rights deployment using CodeMeter License Central
Upgrading to CodeMeter SecurityAdditional Opportunities
24 | © 2014 Wind River. All Rights Reserved.
Wibu-Systems CodeMeter Dongle Overview
ASIC µSDSD
CardCF
CardUSB
Dongle
Smart card based hardware security
Industry compliant hardware
Optional SLC flash memory
Communication as HID device for USB possible
Many Form Factors – One Technology
25 | © 2014 Wind River. All Rights Reserved.
Wibu-Systems CmActLicense
Software based license
Same features as CodeMeter dongles
Bound to target system fingerprint
26 | © 2014 Wind River. All Rights Reserved.
Wibu-Systems CodeMeter License Central
CodeMeter License Central– Design of license models
– Creation, delivery and management of licenses
Benefits– Cost and time reduction thanks to integration and automation into
business processes
– Additional revenue streams through flexible licensing models
– New customers and new markets
Support for CmDongles and CmActLicenses
27 | © 2014 Wind River. All Rights Reserved.
Process IntegrationWibu-Systems CodeMeter License Central
Integration in ERP, CRM, e-shop and customers’ portals
Man
ufa
ctu
rer
Us
er
Cloud
Ticket /
Fingerprint
4
Ticket:
ABCDE-FGHIJ-KLMNO-PQRST-UVWXY3
Update
file(License)5
Ticket
2
SKU1
28 | © 2014 Wind River. All Rights Reserved.
Where to Buy
VxWorks Security Profile is distributed by Wind River
License Central, CmDongles and CmActLicenses are distributed by Wibu-Systems
29 | © 2014 Wind River. All Rights Reserved.
More Information
Toll-free: 800-545-WIND (800-545-9463)
Toll-free (EMEA): +00-800-4988-4988
www.vxworks.com
Wibu-Systems
Germany: +49-721-93172-0
USA: +1-425-775-6900
China: +86-21-5566-1790
www.wibu.com
30 | © 2014 Wind River. All Rights Reserved.