iiot endpoint security
TRANSCRIPT
IIoT Endpoint Security –
The Model in Practice
February 22, 2017
Industrial Internet Security Framework
#IICSeries
Guest Speakers
2
MARCELLUS BUCHHEITPresident and CEO, Wibu-Systems USAEditor, Industrial Internet Consortium Security Framework@WibuSystems
TERRENCE BARRHead of Solutions Engineering, Electric Imp, Inc.@electricimp
Motivation
Unprotected devices in internet are dangerous!
They can be used to:
• Intrude into local networks: stealing or deleting private data
• Block or alter websites or internet communication
• Upload viruses and start Denial-of-Service (DoS) attacks
Additional for IIoT:
• Shut down public or private services (electricity, water, sewer etc.)
• Prevent commercial usage (production, hospitals, hotels, PoS etc.),
• Damage or destroy industrial installations or produced parts
3
Motivation
Unprotected devices problematic for component manufacturer
• Example: FTC charges D-Link for unsecure routers and IP cameras• https://www.ftc.gov/news-events/press-releases/2017/01/ftc-charges-d-link-put-consumers-privacy-risk-
due-inadequate
Unprotected devices problematic for users/operators
• Example: Point-of-Sale (POS) attack at Target end of 2013
• 40 million credit cards and 70 million addresses stolen
• Target paid $50M+ for settlements• http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/
4
A few words about Wibu-Systems
• Wibu-Systems was founded in 1989 in Germany
• Global company targeting secure software licensing
• Offer security and licensing solutions for IIoT systems and devices
• More about the company: www.wibu.com
• More about the key product: http://www.wibu.com/codemeter
• More about IIoT security: http://www.wibu.com/embedded-software-security
• And since 2015 member of the Industrial Internet Consortium (IIC)
5
About the IIC
Industrial Internet Consortium
Security Webinar
February 22, 2017Kathy Walsh, [email protected] of Marketing
The Industrial Internet is Leading the Next Economic Revolution
7GDP data extracted from the Futurist 2007
Bring Together the Players to Accelerate Adoption
8
Connectivity
Standards
Technology
Research Academia
Systems
Integration
Security
Government
Big Data Industries
The Industrial Internet:
A $32 trillion opportunity
The IIC: Things are Coming Together
9
Things are coming together.
AcademiaStandards
Research Systems Integration
Government
IndustriesConnectivity
Technology
Big Data
Security
The Industrial Internet Consortium is a global, member supported organization that promotes the accelerated growth of the Industrial Internet of Things by coordinating ecosystem initiatives to securely connect, control and integrate assets and systems of assets with people, processes and data using common architectures, interoperability and open standards to deliver transformational business and societal outcomes across industries and public infrastructure.
Launched in March 2014 by five founding members:
AT&T, Cisco, General Electric, IBM & Intel.
The IIC is an open, neutral “sandbox” where industry, academia and government meet to collaborate, innovate and enable.
Industrial Internet Consortium Mission
Over 250 Member OrganizationsSpanning 30 Countries
Securing IIoT Endpoints --
The Model
Industrial Internet Consortium
Security Webinar
February 22, 2017Marcellus Buchheit, [email protected] USA Inc.
Overview
What is an endpoint?
Why endpoint security?
Security functions of an endpoint
Implementing endpoint security
12
What is an Endpoint?
13
The IIoT Landscape: Where are Endpoints?
E
P
E
PE
P
E
P
E
PE
P
E
P
What is an Endpoint (II)?
IISF and IIC defines endpoints similar as ISO/IEC 24791-1:2010 standard does:
• An endpoint is one of two components that either implements and exposes an interface to other components or uses the interface of another component.
14
IIC simplified this definition (see IIC Vocabulary, version 2.0):
• An endpoint is a component that has an interface for network communication. … but added a note for clarification:
• An endpoint can be of various types including device endpoint or an endpoint that provides cloud connectivity.
Endpoint 1 Endpoint 2Communication
What is an Endpoint (III)?
15
The IIoT Landscape: Endpoints are everywhere!
E
P
E
PE
P
E
P
E
PE
P
E
P
What is an Endpoint (IV)?
Summary:
• Endpoints are everywhere in an IIoT System (including edge and cloud)
• One single (security) model for all locations
• A single computer, even a device, can have several endpoints
• Example Router: One LAN endpoint, one WAN endpoint
• Frequently shared code/data between multiple endpoints
• Endpoint and its communication is another model
16
Why endpoint security?
Endpoints are the only location in an IIoT system where:
• Execution code is stored, started and updated
• Data is stored, modified or applied (“Data at Rest” / “Data in Use“)
• Communication to another endpoint is initiated and protected
• Network security is analyzed, configured, monitored and managed
17
Result: An attack to an IIoT system typically starts in attacking one or more endpoints:
• Try to access the execution code and analyze to find weak security implementation
• Attack weak communication protection via network
• Modify or replace (“hijack”) the execution code in a malicious way
• ...
IISF Endpoint Protection Model
18
Threats and Vulnerabilities to an IIoT Endpoint
19
1. Hardware components2/3. Boot process4. Operating System5. Hypervisor/Sep. Kernel6. Non-OS Applications7. Applications and their API8. Runtime Environment9. Containers10. Deployment11. Data at Rest, Data in Use12. Monitoring/Analysis13. Configuration/Management14. Security Model/Policy15. Development Environment
Endpoint security: Solutions
• Start with a clean design of the security model and policies
• Define endpoint identity, authorization, authentication• How other endpoints see me? What can they do with me?
• Define proper data protection model• Integrity and confidentiality, especially of shared data-in-rest but also data-in-
use
• Define secure hardware, BIOS, roots of trust• Includes lifetime of hardware, BIOS update, consistent root of trust
• Select secure OS, hypervisor, programming language• Consider lifetime of (open source?), dynamic of programming language
• Consider isolation principles (4 different models explained in IISF)
• Plan remote code update and provide code integrity• Security has an unspecific expiration date: needs update
• Code integrity prevents malicious remote code-hijacking
20
Endpoint security: Solutions (II)
• Plan “beyond the basics” security instantly
• Plan security configuration and management• For example: defining, replacing and updating of keys and certificates
• User-friendly setting of access rights and authorization
• Plan endpoint monitoring and analysis• For example: log all security configuration changes
• Log all unexpected remote activity
• Provide user-friendly analysis, alerts etc.
• Implement “state of the art”:
• Have a team of experienced security implementers
• Use latest versions of development tools, OS, hypervisors, libraries
• Test a lot, including malicious attacks
• Prepare and test your first remote update
21
Endpoint Security in Practice
Example which implements this endpoint security model in practice:
Terrence Barr, Electric Imp
22
Securing IIoT Endpoints --
In Practice
Industrial Internet Consortium
Security Webinar
February 22, 2017Terrence Barr, [email protected] of Solutions Engineering
Endpoint Security
Electric Imp Introduction
Electric ImpIndustrial-strength IoT starts here
Secure IoT Connectivity Platform
Authorized Hardwarefor connected devices
impOS™ and hardware
impCloud™
imp Enterprise API’s
BlinkUp™ & impFactory™
imp
Secu
re™
Proven IoT Deployments at Scale• 2016: surpassed 1 Million WiFi/Ethernet devices
• 18B+ data messages per month
• 100+ customers; 105+ countries
Full Lifecycle, Trusted Security• Passed security review
and pen-testing:
• In process: UL 2900-2-2: Cybersecurity Certification for Industrial Controls plus first Affiliate program
• Aligned with IIC Security Framework
Fastest Prototype-to-Production• 5 months for GE connected air conditioner
Endpoint Security
Implementation Approach
Endpoint Security: Part of Integrated and Managed SecuritySilicon-to-Cloud Security – Defense in Depth & Defense in Time
7. Full Lifecycle Managed Services
1. Edge Device Security incl. Secure Silicon & Managed Software
4. Secure Communication via Managed Tunnel
3. Trusted Manufacture & Commissioning
6. Secure Cloud and Application Integration
2. Data Privacy, Integrity & Confidentiality
5. Protected Public &Private Cloud
IISF Endpoint Protection
Techniques
Electric Imp Implementation
Protecting Endpoints: General Endpoint protection from the silicon upwards, every level tightly
integrated and tested for full coverage of security objective and no weak
links
Architectural Considerations for
Protecting Endpoints
Designed from the ground up for resource-constrained IoT devices and
real-world use cases and proven in large-scale customer deployments
Endpoint Physical Security Disabled hardware interfaces, tampering destroys individual module
Establish Roots of Trust Unique per-device keys, secure provisioning via cloud device
management
Endpoint Identity One-Time-Programming at module manufacturing time
Endpoint Access Control Mutual authentication with RSA certificates and ECC challenge-
response
Endpoint Integrity Protection HSM protected keys, secure boot, non-execution barriers with cloud
alerts
Endpoint Data Protection All processing on-die, all off-die storage with device-unique encryption.
TLS 1.2, AES-128, EDH forward secrecy.
Endpoint Monitoring and Analysis Extensive monitoring of security-sensitive operations
Endpoint Configuration and
Management
Endpoints managed, configured, and provisioned from the impCloud, all
updates signed, encrypted, and logged
Cryptography Techniques for AES-128 GCM+AEAD with device-unique keys, hardware accelerator
© Property of Electric Imp, Inc.CONFIDENTIAL – NOT FOR DISTRIBUTION
Endpoint Security
Real-World Case Study
• Replace analogue lines• Customer delight exceeds
expectations• Recognized as Business
Transformation success story
1.5M Customers worldwide
Securityfor regulated
markets
Reduce service calls by
20%
© Property of Electric Imp, Inc.CONFIDENTIAL – NOT FOR DISTRIBUTION
ROI –Payback in 45 days on connectivity costs alone
impSecureTM: Integrated Silicon-to-Cloud Security and Connectivity managed by Electric Imp
‘Drop-In’ Postage Meter Retrofit: Device-to-Cloud Security and Connectivity
imp ApplicationModule
impOSTM
Meter Integration
Code Virtual Machine
paired Virtual Machine
CloudMeterCode
CloudIntegration
Code
Operations & Device Lifecycle Management
Cloud Services
Electric ImpManaged Cloud
USB
Commerce Cloud
Device-paired Virtual Machines
Scalable to millions of
devices
No changes to meter
No changes to cloud
Audited and TestedMeets Postal and Government
Security Requirements
WiFiEthernet
IP tunnel
&imp
Endpoint Security
Conclusion
Integrated Security Platform: Customer Benefits
Leverage Proven Solution• Build on tested and trusted security at a platform level
Isolation of Security Concerns• Minimize time-to-market and risk of security mistakes
Integrated, Silicon to Cloud Security• No weak links, even devices exposed in the field for many years
Managed Security as a Service• Offload headache of ongoing security monitoring and maintenance
Qualify once, reuse many times• Enable rapid, low-risk multi-product IoT strategy
®
Transforming the worldthrough the power
of secure connectivity
Thank you!
35
Things are coming together.Community. Collaboration. Convergence.
www.iiconsortium.org
Additional Resources available as attachments
• Industrial Internet Security Framework
• Security Claims Evaluation Testbeds
• White Paper: Business Viewpoint of Securing the Industrial Internet
• Upcoming Webinars:
• March 30, 2017 Building Blocks for Securing the Smart Factory
• April, 2017 TBD