Scribd Logo
Upload

Welcome to Scribd!

  • Sridhar Ramachandran

    Uploaded by

    Marco Antonio Segura Mariño
    18 views21 pages
    pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    pdf

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    18 views21 pages

    Sridhar Ramachandran

    Uploaded by

    Marco Antonio Segura Mariño
    pdf

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    Industrial IoT Security

    Sri Ramachandran
    Vice President – IoT Solutions
    G+D Mobile Security
    Industry 1.0 to 4.0

    12 February 2018 2
    Paradigm shift

    12 February 2018 3
    Smart manufacturing - use case
    Asset tracking
    → Easily locate and monitor key assets, prevent quality
    issues and detect theft
    → Versatile
    → Cost efficient
    → Maximum logistical efficiency
    → Security

    12
    Febru
    4
    ary
    Smart manufacturing - use case
    Predictive maintenance
    → Resolve problems before they occur
    Remote diagnostic
    → Use sensors, cameras and data analytics to
    determine when equipment will fail before it does
    → Resulting in automated parts ordering
    • Versatile
    • Cost efficient
    • Maximum logistical efficiency

    12 February 2018 5
    Predictive maintenance

    Spare parts supplier


    Predictive maintenance
    Remote diagnostic identifies Ref #
    failing components resulting in
    automated parts ordering

    OEM Manufacturer

     Embedded sensors
     Real time, conditioned based
    monitoring
     Part identification and direct
    ordering
     Classical or additive
    manufacturing 3D Printing factory

    12 February 2018 6
    Smart manufacturing - use case
    Semi-autonomous robots
    → Help send products to customers
    → Locate the right stack of shelves
    → Pick up and deliver to human operators
    → Versatile
    → Cost efficient
    → Time efficient
    → Maximum logistical efficiency

    12
    Febru
    7
    ary
    Industrial IoT- use case
    Self driving tractor
    → Drives itself to the field
    → Completes task(s)
    → Drives itself back to the base
    → Monitored by farmer
    → Versatile
    → Cost efficient
    → Maximum logistical efficiency

    https://newatlas.com/self-driving-tractor/45169/

    12
    Febru
    8
    ary
    What we know: IoT is complex
    Connected Network OEM & Cloud Partners Enterprise
    Devices Customers
    OEM
    MNO 2G/3G/4G
    Cat1, CatM, NB-
    IoT OEM

    OEM

    WiFi/
    Broadband

    LPWA (LoRa
    etc)

    12 February 2018 9
    Challenges of IoT security
    Connected Network OEM & Cloud Partners Enterprise
    Devices Customers
    OEM
    MNO 2G/3G/4G
    Cat1, CatM, NB-
    IoT OEM
    DEVICE
    SECURITY
    OEM

    WiFi/
    Broadband

    DEVICE  CLOUD SECURITY

    LPWA (LoRa
    etc)
    IMPLEMENTATION AND OPERATIONAL HURDLES

    12 February 2018 10
    Challenges of IoT Device security…
    → Identify every Device in the system
    • Unique Identity
    • Independent of network access
    → Device integrity
    • Ensure Device is operating as planned
    → Data protection
    • Data gathering as well as secure transport of
    data
    → Secure management and monitoring
    throughout life cycle
    • Device is protected at all times - including
    secure firmware and configuration updates
    → Differential access control
    • Differentiate among privileged and regular
    operations

    12
    Febru 1
    ary 1
    Unique identity
    → Current Device identities are:
    • Incomplete
    - IMEIs are duplicated
    - MAC addresses can be changed
    • Incompatible
    • Insecure

    → How do we get an immutable


    and unique Device ID that can
    be put into the device?
    12
    Febru 1
    ary 2
    Device integrity
    How to ensure the Device is operating
    as planned
    → Secure Boot:
    verifying the authenticity and
    integrity of a software/firmware
    image before allowing its runtime
    execution
    → Trusted execution environments:
    secure enclave for execution

    12
    Febru 1
    ary 3
    Data protection

    Secure data Secure


    Secure storage
    collection communications

    12 February 2018 14
    Monitoring
    and
    management

    Secure
    Life
    Secure
    configuration
    cycle Secure
    firmware
    updates updates

    12
    Febru 1
    ary 5
    Differential access control

    Role based access Attribute based Application based


    control access control access control

    Traditional
    Network
    Equipment
    Web Applications

    12 February 2018 16
    Essentials of Device security
    → Physical security
    → Secure Boot
    → Trusted execution enclaves
    → Access control and authentication
    → Encrypted storage
    → Firewalling
    → Regular and secure firmware and
    configuration updates

    12
    Febru 1
    ary 7
    What we really need…
    ROOT OF TRUST
    providing irrefutable identity management
    ALL DATA ENCRYPTED
    between device and cloud
    PREVENTION
    of malware and rogue configurations
    RECOVERY
    of stranded devices

    12
    Febru 1
    ary 8
    Separation of functions in an IoT Device
    Lifecycle Management
    Activation / Deactivation / Replacement
    IoT Device
    Device Security

    Device Credentials CONTROL PLANE


    Diagnostics

    Device Recovery

    Secure Firmware / Software Updates

    Secure Configuration Updates

    Sensor
    APPLICATION PLANE
    Data Reporter

    Actuator

    12 February 2018 19
    Challenges of IoT security
    Connected Network OEM & Cloud Partners Enterprise
    Devices Customers
    Secure element Secure OEM
    storage
    MNO 2G/3G/4G
    Secure execution
    Cat1, CatM, NB-
    IoT OEM
    DEVICE
    SECURITY
    OEM PKI based mutual
    authentication and
    WiFi/ encryption
    Broadband

    DEVICE  CLOUD SECURITY

    Secure control plane


    for configuration and
    LPWA (LoRa firmware updates
    etc)
    IMPLEMENTATION AND OPERATIONAL HURDLES

    12 February 2018 20
    Thank you for your
    attention!
    Contact:
    Sri.ramachandran@gi-de.com
    @sri_ramach

    You might also like