understanding the tizen tv / signage ... - amazon web the importance of security in smart devices...
TRANSCRIPT
1
Copyright © 2017 Samsung. All Rights Reserved.
Understanding
the Tizen TV / Signage
Security Platform Jongoh Hur
Principal Engineer
Samsung Electronics
Timothy Rule
Microsoft
2
• The Importance of Security in Smart Devices
• Tizen TV / Signage Security Platform
• Creating Innovative Services
• Collaborating with Samsung
Overview
3
The Importance of Security in Smart Devices
4
• Secure Development
• Penetration Testing
• Bug Bounty
Samsung strengthened SW Security
5
• image
- Zero-Day Attack 0-Days of attack should be minimized
Time
Risk
Time
Vulnerability Introduced
Exploit Code Released
Patch Released
Zero-Days
6
All smart devices are connected on IoT
7
Security Solution can prevent attacks
Security Solution in Tizen Platform Old Platform
Service
Platform
System Media Player
3-Layers Security Solution
Application
Platform
Hardware
8
The Security Solution got evolved
Tizen Security Platform
2017
9
The Importance of Security on IoT
Tizen Security Platform For TV and Signage
10
Goals
• Provide 3-Layers Security Solution
• Support Secure APIs for Secure Services
11
3-Layers Security Solution
Application
System on Chip
Secure Boot Secure OS
Trusted Boot
Real-Time Kernel
Monitor Access Control
Secure Zone
Anti-Phishing Anti-Malware
Secure Keyboard
Secure
Channel
Secure
Number Pad
Platform
Hardware
3 Layers Security Functions
12
The world first security solution for TV
• Common Criteria
– Global Security Standard Certification(ISO/IEC15408)
• TV Security Solution Certified by Common Criteria
– 2015(Tizen2.3), 2016(Tizen2.4) were certified
– 2017(Tizen3.0) is progressing
13
Tizen Security platform provides Secure APIs
Secure Zone
DM* Secure
IME Payment
Secure
Storage RDP*
Tizen TV / Signage Security Solution
DRM
Hardware Security
Application Security
Platform Security
Smart Signage
* Remote Desktop Protocol
* Device Management
Security Functions
For Services
Secure API
14
The Importance of Security on IoT
Creating Innovative Services
15
5.0
Secure Zone
Payment Service Workplace Service
DM* Secure
IME Payment
Secure
Storage RDP*
Secure API Secure API
Payment
Contents Service
Tizen Security Solution
DRM
What Services you can create?
Security Functions
For Services
* Remote Desktop Protocol
* Device Management
16
5.0
Secure Zone
Payment Service Workplace Service
DM* Secure
IME Payment
Secure
Storage RDP*
Secure API Secure API
Tizen Security Solution
DRM
What Services you can create?
Payment
Contents Service
Security Functions
For Services
* Remote Desktop Protocol
* Device Management
17
Create Premium Contents Services
Digital Right Management
18
PlayReady DRM( [email protected] )
REACH
• Deployed on 4.6 billion devices
• Supported by all major encoders
• Rich ecosystem of partners
CAPABILITIES
• Rich set of features for live and VOD
• Supports and drives Standards
• Highly portable source code
LEADERSHIP
• Widely accepted by major studios
• Hundreds of premium services deployed
TRUSTWORTHY
• Comprehensive breach response
• Analytical data controlled by the service not the DRM
19
PlayReady DRM Basics
License Request
License Response
Device Public Key
Device Public Key
Client Private Key
Client Public Key
Content Request
20
PlayReady on Tizen
Broadly accessible across Samsung Tizen TV
INTEGRATION • PlayReady in Tizen is secured in the
hardware to support high value content
• Web & Native applications can both leverage PlayReady DRM from a high level API
• The app authenticates the user, PlayReady authenticates the device and secures the playback
Video App
PlayReady Secure Service Secure Service
Tizen OS
Tizen TV Security Platform
21
Getting Started
github.com/SamsungDForum/PlayerAVPlayDRM
test.playready.microsoft.com
EXPLORE
TEST
DEPLOY
• Support DRM content thru AVPlayer
• Mpeg-Dash, Smooth, & HLS
• Reactive & Proactive license acquisition
• webapis.avplay.setDrm
• Override license URL
• CustomData Support
• Full coverage of license policies
• Output protections
• Time base policies
• Adaptive Streaming test vectors
• Keyseed to package test content
22
5.0
Secure Zone
Workplace Service
SDM* Secure
IME Payment
Secure
Storage RDP*
Secure API Secure API
Tizen Security Solution
DRM
What Services you can create?
Payment
Contents Service Payment Service
Security Functions
For Services
* Remote Desktop Protocol
* Device Management
23
Create Secure Payment Services
NFC Printer Card Reader
Tizen Solutions
→ Lower TCO & Global Supply
Self Ordering Kiosk
- More and more people prefer self-ordering instead of
standing in line and encountering with strangers.
- Tizen can replace traditional kiosk(PC+Display) for Self
Ordering Kiosk by partnership with kiosk solution partners.
Self Check-In Kiosk
- Tizen can replace traditional Self Check-In Kiosk like
airplane ticketing
- Use ATM screens for cross-selling and upselling financial
products, or even for displaying advertising messages.
24
Self Ordering Kiosk for Offline Store
25
Self Check-In Kiosk for airplane ticketing
26
How does it work?
*
Payment Approval
Consumer
1 Purchase
Secure Zone
Secure IME Secure Payment Secure Storage
VAN/PG
2 Read Card Info 4 Print Receipt
3 Payment Request
Security Functions
For Services
Secure API
CCID compatible* CUPS compatible*
* Chip Card Interface Device
* Common Unix Printing System
27
5.0
Secure Zone
SDM* Secure
IME Payment
Secure
Storage RDP*
Secure API Secure API
Tizen Security Solution
DRM
What Services you can create?
Payment
Contents Service Payment Service Workplace Service
Security Functions
For Services
* Remote Desktop Protocol
* Device Management
28
Create Secure Workplace Services
Secure, Monitor & Control
Policy Server Dashboard
Device Management
Meeting Room Solution
With PC-Less
Group-working Solution with
PC-Less
29
Remote Desktop Solution
30
How does it work?
Presentation
Secure, Monitor
& Control DM Policy
Server
[ Meeting Room ]
Secure
Support Remote Access from TV and Signage to your PC
without connecting an external PC to TV and Signage
(only need to keyboard or mouse to control your PC remotely)
[ Office ]
< Kate’s PC >
< Sam’s PC>
< Jo’s Server >
31
• B2B Partner Candidate : 2nd quarter.
• PoC with Partner : 3rd quarter.
• Open Tizen Security Platform API : 4th quarter.
Plan
32
The Importance of Security on IoT
Collaborating with Samsung
33
B2B Collaboration
Partner Registration (NDA)
Develop Using Partner API(SDK)
Partner App Launching Process
34
Partner App Launching Process
- Samsung supports the security reviews and guides for B2B Partners’ Business
- B2B Wep Apps, need to use Partner APIs, should be verified and signed in security.
B2B Partner
SDK Download
Dev Guide
App Development
Samsung
Security Group
App Submit (API?)
Manual Verification
Automate Analysis
No security Issue?
No
Yes
Singed B2B web app
. Used Partner API
. Vulnerability
. Malicious Factor
App Submit (/w Testing
Guide)
SDF
Doc Submit A
(System and Data Flow)
Legal Review
B2B Team
Security Review
B2B Partner App Signing
PM Developer
Security Guide
Security Measure
Test and Release
Doc Submit B
(Legal Agreement)
Version Up
35
• Samsung
• Microsoft
Contact Information
36
• The Importance of Security in Smart Devices
• Tizen TV / Signage Security Platform
• Creating Innovative Services
• Collaborating with Samsung
Review
37
Let’s go together
38
Copyright © 2017 Samsung. All Rights Reserved.
Understanding
the Tizen TV / Signage
Security Platform Jongoh Hur
Principal Engineer
Samsung Electronics
Timothy Rule
Microsoft