Trusted Computing for IoTand Industrial Systems

September 26, 2017

Agenda

• IoT Security

• Industrial Security

• Trusted Computing– IoT Applications– Industrial Applications

• Call to Action

2Copyright 2017 Trusted Computing Group

IoT Security

3Copyright 2017 Trusted Computing Group

Definition

Internet of Things (IoT) is:

a world where physical objects are seamlessly integrated into the information network

4Copyright 2017 Trusted Computing Group

Why IoT?Smart Home Automotive Industrial ICT

Greater efficiency2

Increased flexibility and customization3

New capabilities and services1

Source: Infineon Technologies | graphics are courtesy of Infineon

5Copyright 2017 Trusted Computing Group

IoT Trend Affects All Markets

Factory automation› Industrial automation

- Motor & motion controller- Power quality- Power tools

› Industrial robotics

Smart vehicles

Smart cars› ADAS / autonom. driving› Connected car› Car security› (H)EV

Commercial, agriculture & construction vehiclesincl. Trucks & Busses› ADAS / autonom. driving› Secured connectivity› (H)EV

Smart city & energy Smart industry & business

Smartphones, tablets & PCs

Consumer Electronics & wearables› Media players, smart glasses,

smart watches› Well-being (health & fitness,

assisted living› Gaming

Smart home› Home automation incl. home

appliances› Home energy management› Home security & safety› Lighting

Smart home & consumer devices

Other businesses› e. g. Banking & securities,

education, mining, retail and wholesale, transportation and logistics

Other forms of transport › Commercial aircraft› Connected trains› Ships (ferry & container)› Light electric vehicles

Energy & infrastructure› Generation (renewables)› Advanced transmission

& distribution / storage› Utilities (water), traffic (electr.

toll collection), outdoors, government

› Environmental sensors

Building automation› Automation› Access control› Air conditioning› Elevators/escalators

Professional lighting- Building lighting - Street lighting- etc.

Data Center / Server FarmsCommunication Networks

ICT

Medical equipment› Health sensors

Diagnostics› Rehabilitation systems

Source: Infineon Technologies | graphics are courtesy of Infineon

6Copyright 2017 Trusted Computing Group

IoT ArchitectureGather data

AnalyzeSend commands

Reliably convey data and commands

Send and receive data and commands

Source: Infineon Technologies | graphics are courtesy of Infineon

7Copyright 2017 Trusted Computing Group

IoT Attacks Growing

8Copyright 2017 Trusted Computing Group

Each Layer can be Attacked

An Eavesdropper listening in on data or commands can reveal confidential information about the operation of the infrastructure. A Bad Device injecting

fake measurements can disrupt the control processes and cause them to react inappropriately or dangerously, or can be used to mask physical attacks.

A Bad Server sending incorrect commands can be used to trigger unplanned events, to send some physical resource (water, oil, electricity, etc.) to an unplanned destination, and so forth.

Bad Server

Bad Device

Source: Infineon Technologies | graphics are courtesy of Infineon

9Copyright 2017 Trusted Computing Group

IoT Defenses

Source: Infineon Technologies | graphics are courtesy of Infineon

10Copyright 2017 Trusted Computing Group

Industrial Security

11Copyright 2017 Trusted Computing Group

Industrial Automation Architecture

Copyright 2017 Trusted Computing Group 12

Industrial IoT Brings Changes

› "Lot size 1": Ability to produce highly individualized products› Cloud analysis: Enabling data mining, deep learning and cost reduction› Predictive maintenance: Based on sensor data gathered and analyzed as big data

Implications

› Greater communication within the plant and beyond› Reconfigurable, smart manufacturing equipment› New business models and opportunities› New security risks

Smart Factories / Industrial IoT / Industry 4.0

13

Security Effects of Industrial IoT

› "Closed shop floor" paradigm not applicable anymore› Security risks touch all machines with greater potential impact› Industrial security is becoming part of corporate strategies

Implications

› Strong protection required› Availability has higher priority than Confidential or Integrity› System-wide security approach required

New security paradigms

14

Industrial IoT Countermeasures

Copyright 2017 Trusted Computing Group 15

Source: Industrial Internet Security Frameworkhttps://www.iiconsortium.org/IISF.htm

graphics are courtesy of Industrial Internet Consortium

Trusted Computing

16Copyright 2017 Trusted Computing Group

A trusted system is…predictable, even under stresstrusted based on experience and/or evidencebased on fundamental properties (identity, integrity)

What is a Trusted System?

Copyright 2017 Trusted Computing Group 17

Principle of Least Privilege Leads toRoot of Trust (RoT) Concept

• RoT = Minimized, strongly protected security function

• RoT used for highly security-sensitive functions– Generate random numbers– Store and use long-term keys– Verify system integrity

• Benefits– Reduce risks

• Compromise of long-term keys• Undetected system compromise

Copyright 2017 Trusted Computing Group 18

Trusted Platform Module (TPM)

• Standard Hardware Root of Trust• TPM = ISO/IEC 11889

• Benefits• Foundation for secure software• Resistant to attacks/hacks• Built-in virtual smart card

• Features• Authentication• Encryption• Attestation

Identity

Integrity

19Copyright 2017 Trusted Computing Group

Why Hardware?

Graph used withpermission ofCapers Jones.

Software Security is Not Enough

20Copyright 2017 Trusted Computing Group

Who Uses TPM?

• Desktops, Laptops, Tablets, Phones• Financial Services

– ATMs– Cash registers– Slot machines

• Industrial Control Systems• Cars• Network routers• Gateways• Printers

21Copyright 2017 Trusted Computing Group

• TCG standards are used in many IoT devices

• Based on this experience, TCG has developed– Common use cases– Framework showing how to use TCG tech– Implementation guidance– Demonstrations of Trusted Computing in IoT

Trusted Computing for IoT

Copyright 2017 Trusted Computing Group 22

• Who are you?

• Can I trust you?

• Can you protect yourself against malware infection?

• Can you protect yourself against hardware tampering?

• Can you protect data at rest?

• Can you prepare a device for resale or decommissioning?

• Can you safely engage in cryptographic protocols?

• Can you support common models of provisioning?

• Can you securely maintain evidence?

• Can you be managed easily?

• Can you secure legacy hardware?

Top Questions in IoT Security

Copyright 2017 Trusted Computing Group 23

TCG IoT Use Cases

• Device Identity• Secure Software and Firmware Updates• Secure Communications• Secure Data Storage• Device Resale and Decommissioning• Device Provisioning• Protecting Against Malware Infection• Maintaining Audit Logs• Remote Device Management• Securing Legacy Hardware

Copyright 2017 Trusted Computing Group 24

TCG Collaborating with IoT Industry• Formal liaison relationship with ETSI, international telecoms

standards body, for work on secure networking protocols• Formal liaison relationship with Mobey Forum to help enable

trusted mobile transactions, etc.• Working with SAE Vehicle Electrical Hardware Security Task

Force, a sub-committee of the SAE Vehicle Electrical System Security Committee re auto security requirements and solutions

• Regular input to NIST, NHTSA and other agencies and government groups

• Relationships with information assurance agencies worldwide

Copyright 2017 Trusted Computing Group 25

IoT Security Resources• TCG IoT Architect’s Guide:

https://trustedcomputinggroup.org/tcg-architects-guides

• TCG Guidance for Securing the IoT: https://trustedcomputinggroup.org/guidance-securing-iot-using-tcg-technology-reference-document

• 6 ways to Boost IoT Security article: http://ubm.io/1LahjI4

• IoT Security Groundswell article: http://ubm.io/1K7MOPW

• Practical Tips to Securing the IoT article: http://bit.ly/1K7WUTH

26Copyright 2017 Trusted Computing Group

Industrial Security Resources• TNC IF-MAP Metadata for ICS Security

https://trustedcomputinggroup.org/tnc-if-map-metadata-ics-security/

• Architects Guide: ICS Security Using TNC Technologyhttps://trustedcomputinggroup.org/architects-guide-ics-security-using-tnc-technology/

• Industrial Internet Security Framework: https://www.iiconsortium.org/IISF.htm

• ISA/IEC 62443https://www.isa.org/isa99/

Copyright 2017 Trusted Computing Group

IISF References TPM

Copyright 2017 Trusted Computing Group 28

Source: Industrial Internet Security Frameworkhttps://www.iiconsortium.org/IISF.htm

graphics are courtesy of Industrial Internet Consortium

IEC/ISA 62443 References TPM

Copyright 2017 Trusted Computing Group 29

Call to Action

30Copyright 2017 Trusted Computing Group

Call to Action

1. Use Trusted Computing to Secure IoT and Industrial Systems

2. Join TCG and then Industrial Sub Group– https://trustedcomputinggroup.org/membership

3. Help Create Deliverables– Guidance for Securing Industrial Equipment– Platform Firmware Profile

For more information, emailadmin@trustedcomputinggroup.org

Copyright 2017 Trusted Computing Group 31

Copyright 2017 Trusted Computing Group 32

Thanks

Q&A？