Enhance Production control with the Secure Desktop Provisioner

Agenda

Problem statementThreatsThreat Defense Technologies IAR Systems SolutionsSummary

Problem Statement

Supply Chains are complex

enterprise iot insights, 2017

All the news is about attacks here i.e.IoT devices in

service

But attacks can also occur here …

… and here

IoT Supply Chains are even more complex

SoftwareApplicationDeveloper

IoTDeviceOEM

End User

Contract Manufacturer

SiliconPlatformVendor

ProvisioningCentre

ProgrammingCentre

Threats

Attacks targeting IoT devices

Top countries being targeted, and from which other countries, for the first half of 2019 (Source: F-Secure)

What is driving attacks?

Surge in IoT device attacks

Visual summary of IoT topics discussed in five underground hacking communities (Source: Trend Micro)

https://www.bankinfosecurity.com/attacks-targeting-iot-devices-windows-smb-surge-a-13082

The need for security has never been higher

0 5000 10000 15000 20000 25000 30000

Jewellery (71)

Pharmaceuticals (30)

Toys (95)

Perfumery and cosmetics (33)

Clothing, non knitted or crocheted (62)

Instruments, optical, medical etc. (90)

Watches (91)

Electrical machinery and equipment (85)

Articles of leather (42)

Clothing, knitted or crocheted (61)

Footwear (64)

Counterfeit Goods Seizures by Units **

* : OECD, April 2016. Trade in Counterfeit &Pirated Goods Mapping The Economic Impact**: OECD, April 2015. http://dx.doi.org/10.1787/888933345913

$500B+ per year• Intellectual property theft• Counterfeiting• Cloning and over-production

• Combined GDP of Ireland & Netherlands• Electronic devices Rank #4 & #6 by volume; #1 by

value• Overproduction & Counterfeiting Rampant• Offshoring has led to massive rise in issues• Transition of value moving to IP & Software

*

Threat Defence Technologies

Available security technologies

HSM

Root Certificate Authority

Self-signedRoot

Certificate

Root Private Key

Device

Device Private Key

Root Certificate Authority

DeviceCertificate

Digital Certificates

Public Key Infrastructures

Cryptography

Hash Algorithms

Hardware TechnologiesHardware Security Modules (HSM)

Trusted computers with the following features:o Perform cryptographic operations

• Key generation• Certificate generation/signing• HASHing functions• True random number generation (with good entropy)

o Manufactured with specialised hardware• Tamperproof

‒ Shrouded by conductive mesh‒ Encased in epoxy resin

o Runs on security oriented OSo Limited network accesso Management access controlled by strict processeso Actively hides and protects cryptographic material

Our solutions

Security Development Tools

Embedded Trust• Integrates identity and certificate

management• Implements a Secure Boot Manager• Protects your IP by inhibiting

unauthorized manufacturing• Provides secure deployment with

integrated manufacturing mastering• Enables release management with

versioning and update infrastructure

C-Trust

• Implements a Secure Boot Manager• Protects your IP by inhibiting

unauthorized manufacturing• Provides secure deployment with

integrated manufacturing mastering• Enables release management with

versioning and update infrastructure• Plug-in to IAR Embedded Workbench• C-STAT static analysis tool

Secure Desktop ProvisionerKey benefits

– Easy import of Secure Production Packages from C-Trust

– No additional security measures required, such as secure rooms

– Supports multiple products from multiple designers/OEMs

– Runs on a modern desktop or laptop– Example application to provision “out-of-the-box”– Full integration into IAR Embedded Workbench and

C-Trust development tools

Export Options

Create new versionand Master

Generate Encrypted User Application

Create secure Production Package for manufacture

Sign & authorisemanufacturing

Cloud Service

Secure Desktop Provisioner softwareSimple to use application allows:

o Selection of product to provisiono Selection of number of boards to provisiono Multiple target boards to be connected and

provisioned simultaneously (up to max of 4)o Semi-automated operationo Provisioning of authorised quantities only

Summary

• We make security simple• We provide software and hardware

tools that ensure secure provisioning