enabling embedded security for the internet of things

Report

Tags:

Post on 08-Jul-2015

164 Views

Category:

Software

0 Downloads

Preview:

Click to see full reader

DESCRIPTION

Innovators, manufacturers, and economists agree on one crucial vision for our future: Industry 4.0 is a huge potential for value creation waiting to be tapped. The payoff is enormous: third party sources predict that global investment in the industrial Internet of Things will reach USD 500 billion by 2020, a 2,500 percent increase from the USD 20 billion spent in 2012. The pervasive connectivity of the Internet of Things (IoT) exposes embedded devices to more security risks than ever before. As a result, safeguarding devices, data, and intellectual property becomes a key requirement embedded device manufacturers must meet to succeed in IoT. The strategic partnership between Wind River® and Wibu-Systems aims at offering modern techniques to tackle the security risks associated with vulnerabilities of interconnected cyber-physical systems. Together, we have developed a scalable protection and licensing system for VxWorks-based applications that grows along with your needs. Learn: • Ways to protect connected embedded devices, data, and intellectual property in the Internet of Things • Software-based security features delivered by the VxWorks® 7 Real-Time Operating System together with Security Profile for VxWorks • Complementary hardware-based CodeMeter® Security solution by Wibu-Systems • Benefits of a joint integrated solution featuring software- and hardware-based security for security-sensitive applications. ******************************** Request CodeMeter SDK and try out Wibu-Systems' premier technology for yourself http://www.wibu.com/cm ********************************

TRANSCRIPT

3 | © 2014 Wind River. All Rights Reserved.

ENABLING EMBEDDED SECURITY FOR THE INTERNET OF THINGS

Michel Chabroux, Senior Product Manager, Wind River

Marco Blume, Product Manager, WIBU Systems

4 | © 2014 Wind River. All Rights Reserved.

Agenda

VxWorks Overview

A Story…

Who needs security and why?

Security Profile for VxWorks Overview

Key Benefits

Key Features

Enhancement Options

Sample Applications

CodeMeter Security

5 | © 2014 Wind River. All Rights Reserved.

World’s most widely used commercial RTOS

Unrivaled technology partner ecosystem

Best-in-class foundation for creating differentiated, IoT-ready intelligent devices

VxWorksThe RTOS for the Internet of Things

Unrivaled Performance

Modular, Scalable Design

Safety and Security

Virtualization

6 | © 2014 Wind River. All Rights Reserved.

WHAT DO AIR CONDITIONERS HAVE TO DO WITH IDENTITY THEFT?

A Story…

7 | © 2014 Wind River. All Rights Reserved.

A well known retailer has experienced a

security breach resulting in identity theft

for millions of consumers.

The breach actually began when the

retailer’s HVAC maintenance vendor was

broken into.

Network passwords the vendor used to

monitor the retailer’s HVAC systems

were stolen.

These same passwords gave hackers

network access to the retailers Point-of-

Sale machines.

With this access, hackers installed

malicious software that captured Credit

Card data the time of transactions.

Taking place over the holiday season,

the attack captured the identity data from

millions of unsuspecting shoppers.

Everything connected must be secure!

9 | © 2014 Wind River. All Rights Reserved.

From Islands to Networked ConstructionsNew Attack Vectors for Cyber Physical Systems

A Cyber Physical System (CPS) is a system of collaborating computational elements controlling physical entities*

* Wikipedia

10 | © 2014 Wind River. All Rights Reserved.

Security Threats

Operator

Manipulation

– Sabotage

– Human mistakes

– Intelligence services / Displeased employees

Intellectual property

– Recipes

– Configuration data

Production data

– Machine log

– Produced amounts

Manufacturer

Cloning of a machine

Imitation of a machine

– Extraction of intellectual property (reverse engineering)

Manipulation (warranty)

– Not authorized updates

– Manipulation of counters

– Manipulation of flight records

Not authorized access to source code

11 | © 2014 Wind River. All Rights Reserved.

Copy protection

IP protection

Integrity

Authenticity

Security Objectives

12 | © 2014 Wind River. All Rights Reserved.

A collection of software-based security features to effectively safeguard devices and data

Compatible with VxWorks 7 Core Platform and all industry-specific profiles for VxWorks 7

Can be reinforced with a hardware-based solution from Wibu-Systems for high security applications and flexible licensing

Security Profile for VxWorksComprehensive Security for Your IoT-Ready Devices

13 | © 2014 Wind River. All Rights Reserved.

Solid foundation for security-sensitive applications

Flexible, configurable, readily expandable security suite

Upgradeable, future-proof solution

Protection for your intellectual property

Security Profile for VxWorksKey Benefits

14 | © 2014 Wind River. All Rights Reserved.

Security Profile for VxWorksKey Features

Protect from tampering with code and unauthorized access.

Safeguard data even when the device is powered down.

Secure network communications and prevent attacks.

Prevent execution of non-authentic code.

Boot-up OperationData

TransmissionRest/

Shutdown

Secure Boot

Digital signature verification

Decryption*

Secure Run-Time Loader

Digital signature verification

Decryption*

Advanced User Management

Prevention of unauthorized access

Help for creating and enforcing user-based policies

Network Security

OpenSSL

SSH

Cryptography Libraries

IPsec and IKE

Encrypted Containers

TrueCrypt-compatible AES-encrypted file containers

Ability for data in containers to remain encrypted even when the device is idle or powered off

Passkey protection using customizable functions

* Can be enabled or disabled

15 | © 2014 Wind River. All Rights Reserved.

Security Profile for VxWorksKey Features – Secure Loader

UEFI

VxWorks Image

Trusted by UEFI

Signer‘s certificate

Signed by Wind River Workbench user

Signer‘s certificate in Bootloader

Applications(LKMs/DKMs, RTPs)

Signed by Wind River Workbench user

Signer‘s certificate in VxWorks image

Proprietary Wind River EFI loader

16 | © 2014 Wind River. All Rights Reserved.

Security Profile for VxWorksKey Features – Digital Signature

Wibu CaTool

Based on elliptic curve cryptography (ECC)

Lead generates the root key and certificate

Lead signs certificates for other developers– Signs requests from other developers

– Creates signer’s keys and signs certificates

Lead sends signed certificates to individual developers

17 | © 2014 Wind River. All Rights Reserved.

Security Profile for VxWorksKey Features – Encryption

AES encryption

Configured from VxWorks Source Build

18 | © 2014 Wind River. All Rights Reserved.

Security Profile for VxWorksKey Features – Advanced User Management

User database– No default user

– Dynamic definition of users

– Customizable encryption keys

If enabled, all access to target will require a login

19 | © 2014 Wind River. All Rights Reserved.

Security Profile for VxWorksKey Features – Encrypted Containers

Protect data at rest– Files are encrypted at all times using

AES encryption

TrueCrypt-compatible containers

Can be created on any host platform

Can be configured to mount automatically

Passphrase encryption can be customized

20 | © 2014 Wind River. All Rights Reserved.

Security Profile for VxWorksEnhancement for Security-Critical Applications

Software-based security delivered by Security Profile can be reinforced with CodeMeter® hardware-based security by Wibu-Systems.

CodeMeter Security adds flexible licensing and hardware binding

CodeMeterLicense Central

VxWorks 7 Core Platform

Security Profile for VxWorks

Wibu-Systems Basic Security

IP Protection Integrity Protection

Wibu-Systems CodeMeter

Hardware Protection License Management

21 | © 2014 Wind River. All Rights Reserved.

Prevention of operation disruptions, public security risks, and industrial espionage – Hacking, tampering, and unauthorized access

to power grid and plant control systems

– Piracy, illegal cloning, and code reverse-engineering

Protection via:– Encryption

– Digital signatures

– Advanced user management

– Secure remote access

– Hardware-based security

Security Profile for VxWorksUse Case – Industrial Systems and Energy

22 | © 2014 Wind River. All Rights Reserved.

Protection of sensitive data in transit and at rest – Safeguarding patient data (HIPAA)

Encryption and user management

– Protection of manufacturer-proprietary information stored onboard

Encrypted containers

Protection from tampering with medical device software– Digital signatures

Prevention of piracy and reverse-engineering– Encryption and hardware-based security

Security Profile for VxWorksUse Case – Medical Devices

23 | © 2014 Wind River. All Rights Reserved.

Hardware-based key store

License management

New business models

Business process integration of license and rights deployment using CodeMeter License Central

Upgrading to CodeMeter SecurityAdditional Opportunities

24 | © 2014 Wind River. All Rights Reserved.

Wibu-Systems CodeMeter Dongle Overview

ASIC µSDSD

CardCF

CardUSB

Dongle

Smart card based hardware security

Industry compliant hardware

Optional SLC flash memory

Communication as HID device for USB possible

Many Form Factors – One Technology

25 | © 2014 Wind River. All Rights Reserved.

Wibu-Systems CmActLicense

Software based license

Same features as CodeMeter dongles

Bound to target system fingerprint

26 | © 2014 Wind River. All Rights Reserved.

Wibu-Systems CodeMeter License Central

CodeMeter License Central– Design of license models

– Creation, delivery and management of licenses

Benefits– Cost and time reduction thanks to integration and automation into

business processes

– Additional revenue streams through flexible licensing models

– New customers and new markets

Support for CmDongles and CmActLicenses

27 | © 2014 Wind River. All Rights Reserved.

Process IntegrationWibu-Systems CodeMeter License Central

Integration in ERP, CRM, e-shop and customers’ portals

Man

ufa

ctu

rer

Us

er

Cloud

Ticket /

Fingerprint

4

Ticket:

ABCDE-FGHIJ-KLMNO-PQRST-UVWXY3

Update

file(License)5

Ticket

2

SKU1

28 | © 2014 Wind River. All Rights Reserved.

Where to Buy

VxWorks Security Profile is distributed by Wind River

License Central, CmDongles and CmActLicenses are distributed by Wibu-Systems

29 | © 2014 Wind River. All Rights Reserved.

More Information

Toll-free: 800-545-WIND (800-545-9463)

Toll-free (EMEA): +00-800-4988-4988

www.vxworks.com

Wibu-Systems

Germany: +49-721-93172-0

USA: +1-425-775-6900

China: +86-21-5566-1790

www.wibu.com

http://www.vxworks.com/
http://www.wibu.com/

30 | © 2014 Wind River. All Rights Reserved.

top related

debugging of embedded iotsystems with a multi-domain...
Documents
innovation unleashed: solutions enabling embedded...
Documents
enabling the internet of things (iot)
Documents
enabling technologies for internet of things: …...abstract...
Documents
enabling safer embedded systems issue #03 june 2017 m ·...
Documents
internet of things: enabling digital transformation and a
Documents
enabling internet-of-things: opportunities brought...
Documents
enabling the internet of things - opentext developer ·...
Documents
enabling accelerated networking - seminar by enea at the...
Software
android things - elinux · pdf file1 android things:...
Documents
embedded devices on the internet of things
Technology
keysight technologies the internet of things: enabling
Documents
android things : building embedded devices
Technology
overview on internet of things (iot) architectures, enabling...
Documents
internet of things connectivity for embedded devices
Technology
enabling the internet of things understanding iot
Documents
enabling high level application development for internet of...
Education
enabling the internet of things with real-time hadoop
Technology
enabling high performance embedded computing through memory...
Documents
enabling connectivity for the industrial internet of...
Documents