trusting the connected car - nmi – connected communities · trusting the connected car identities...

14
Trusting the Connected Car Nick Cook, Chief Innovations Officer

Upload: others

Post on 09-Jul-2020

16 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –

Trusting the Connected Car

Nick Cook, Chief Innovations Officer

Page 2: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –

What is Digital Trust?

People, machines and organisations need to be able to digitally trust each other.

• Trust is built using layers of controls within an ecosystem• Secure hardware execution and trusted applications• Data flow and reaction security• Physical security

• Strong identity is a key component of trust• If you can’t determine someone or something is who or what they say

they are, you cannot trust it

• Trust isn’t one time; it needs ongoing, sustainable management

Page 3: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –

What is Digital Trust in the ‘connected car’?

Page 4: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –

Connected Cars

Cars are no longer simply a means of getting from A to B

Vehicles loaded with technology, autonomy and hyper-connectivity come with high risk of compromise:

• Individual risk• National Security risk• Insurance risk

Page 5: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –

Need for Digital Trust in the Internet of Things

IoT is in its infancy. Global adoption requires digital trust to be baked into its fabric.

• Inherent vulnerability of IoT• Consumer demand outpacing cybersecurity technology and

expertise• Lack of standards-based approach to digital trust• Fragmented perspectives on definition of digital trust

• Password protection is inadequate• Mobile devices proliferate IoT• Headline-grabbing cyber-attacks are becoming commonplace

leading to consumer mistrust and enterprise risk• New approach to IoT cybersecurity urgently required

Page 6: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –

Trusting the Connected Car

Identities need to be verified throughout

• Security must be embedded at manufacture – new or retro fit

• Only authentic components allowed to connect with trust that genuine communication between them is taking place

• Secure software upgrades are critical – only authentic software accepted by the system

• Only authorised people/computers should perform maintenance

• Only authorised people should enter and start the vehicle

Page 7: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –

So how do we achieve digital trust?

Page 8: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –

Trusting the Connected Car

Cybercriminals are super-sophisticated at exploiting vulnerability. Weakly protecting key material is unacceptable.

• Hardware backed crypto material• Smart chips• TPM• UICC• TEE

• Execute in protected environments• Managed apps and outlets

• Create and maintain digital identities

Page 9: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –

Identity and Credentials Management

The key to achieving trust

• Establish the person or device is who or what it claims to be• Delivery of identities locally or over the air• Locking down credentials• Ongoing lifecycle management

• Transfer ownership securely – temporarily or permanently• Revoke permissions

• Secure processes and policy must be applied

Page 10: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –

Digital Trust from Silicon to ServicesA complex ecosystem made simple

Page 11: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –

Digital Trust from Silicon to ServicesA complex ecosystem made simple

Page 12: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –

To conclude…

Page 13: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –

Summary

If connected cars are to become trustworthy, a new ’normal’ needs to be established

• A three-tier approach must be applied as appropriate (trust the device, trust the person, trust the application)

• Robust, standards-based, security framework• Strong authentication that protects data communication• Consumer-grade ease of use• Enterprise-grade security• Lifecycle management is critical• Collaboration is required

Page 14: Trusting the Connected Car - NMI – Connected Communities · Trusting the Connected Car Identities need to be verified throughout • Security must be embedded at manufacture –

Thank youFurther information:

Nick Cook+44 (0)1455 558 [email protected]

www.intercede.com