vernetztes fahren: nicht ohne vertrauensanker!€¦ · our global market leading position utimaco...
TRANSCRIPT
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 1
Vernetztes Fahren: Nicht ohne Vertrauensanker!
Wie kann man vernetzte Fahrzeuge vor Cyberbedrohungen schützen?
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 2
Utimaco - Providing Security creates Trust
1.000+ UtimacoHSM protected infrastructures worldwide
300+ Telecom and ISP networks worldwide
protected by Utimaco
#2 in Hardware Security Modules
Headquarters Aachen, Germany
Campbell (CA), USAWorldwide offices and global partner
landscape
Deep expertise in providing security for Critical Infrastructures
Our Global Market Leading Position
Utimaco is a worldwide leader in highly specialized Cyber Security markets
250+ highly skilled experts
#1 in Telecom
Compliance Solutions
50+ years in IT and
35+ years in IT-Security
50+35+
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 3
Utimaco activities with core players in Mobility
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 4
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 5
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 6
So OTA …. But how do we make it really secure?
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 7
1. Request Thing (T) requests update from server (S)
2. Build Server (S) generates the update installer
3. Sign Hash update and digitally sign it (S)
4. Deploy S->T Encrypt the update, append the signed hash and send
5. Verify (T): Decrypt, then verify hash against update
6. Use (T) Install update and reboot
Simplified steps for „Pull“ and „Push“ based OTA processes
Steps in the OTA process
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 8
Security can‘t be an afterthought
Io(t)T – Internet of (trusted) Things?
Interacting “things” in the Internet of Things (IoT) need to trust each other.
Standards based Key Management
and Cryptography need to be an integral
part of the architecture of every IoT platform.
Management of the lifecycle of any
IoT device is a crucial part.
Manufacturing
Seeding
Device management
Secure update (OTA)
Secure communication
Decommissioning
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 9
Sample integrations in secure key lifecycle systems
Slide from silicon to datacenter
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 10
Driver for Compliance and Information Security
Markets driving security needs
The number of breaches of
is ever increasing as the
value of the assets at stake
are permanently on the rise.
All industries are impacted:
from Automotive to
banking, from industrial
to governments.
To ensure security of
critical infrastructures
in the light of increase in
cyber criminality
governments issue more
stringent regulations.
Compliance is a driver
for the adoption of
information security
technology & encryption.
Digital transformation
is driven by changing
consumer behavior and
digital transformation
of companies and the
resulting creation of
digital assets and
(sometimes) disruptive
technologies. It certainly
means more cyber
security.
Digital transformation Breaches Regulation
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 11
A number of mega trends with long-term growth opportunities
Growths driven by a number of factors
€1,900 billion
in damages caused
by cyber attacks
in 2019
Cost arising from
cyber criminality
are expected to
increase within the
next years, driving
the demand for
HSM solutions
Mandatory
recognition of eIDs
in the EU starting
09/18/2018
To ensure security
of critical
infrastructures in
the light of increase
in cyber criminality
governments issue
more stringent
regulations
IoT: The number of
connected devices
is forecasted to
grow at a CAGR of
17% accelerating
the demand for
protective solutions
Penetration of
Smart Grids and
Smart Meters leads
to privacy and
security concerns.
Smart Grids are
secured best
through hardware
Connected Cars
are a target of
criminal attacks,
therefore, the
security needs to be
guaranteed
10
30
2013 2020
Connected devices in billions
+17% p.a.
44 48 53 57 61 63
2015 2016 2017 2018 2019 2020
Cumulative spending in $ billions
+7% p.a.
31
113
2015 2020
+29% p.a.
Global connected car revenues
in € billions
Other
Telco / ISP
Energy / Utilities
Manufacturing
Health / insurance
Automotive
Government
Enterprise
Payments
2018 2019 2020 2021
Mission 2021
<+20%CAGR
Mission 2021
>+20%CAGR
Mission 2021
<+20%CAGR
HSM market growth
2018 and Mission 2021
Tre
nd
Co
mm
en
t
Source: Strategy&, In the fast lane, 2014; Greentechmedia, 2013; McKinsey & Company, The Internet-of-Things: Sizing up the opportunity, 2014; Identity Theft Resource Center
Digital transformationCyber securityRegulation &
Compliance
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 12
C-ITS / SCMS –European / US RegulationsC-ITS European Directive –legal framework at EU level by 2018
(Cooperative Intelligent Transport Systems)
V2V –V2I –I2I –V2X
US DoT –Automotive Industry –Security Experts -CAMP
(Security Credential Mgmt. System)
V2V –V2I –I2I –V2X
PCI DSS V3 –Payment Card Industry WWPCI HSM gains more attraction as FIPS 140-2 disallows widely used algorithms like DES, SHA1 or for key derivations.
Defines audit schemes like PCI DSS, PCI P2PE which mandate the use of HSMs
eIDASeIDASis an EU regulation providing a set of standards for electronic identification and trust services for electronic transactions in the European Single Market.
Regulation starting to impact also the mobility industry
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 13
Tasks for the HSM:
Securing root key
Key generation (with TRNG)
Key storage
Key management
Authentication service
Flexible rights and role management
The challenge: Securing connected devices in the IoT
For Industry 4.0 as for Vehicle-to-x communication
A typical attack scenario: tampering, hijacking, identity theft, interception of private, take over control
The solution: Secure communication between devices with strong key management
Prevent of tampering and spy
Signature checks, revocation of certificates
Register and differentiate between true and false devices
Securing Applications and Communications in IoT & V2x – ESCRYPT
Case Studies
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 14
Tasks for the HSM:
Key generation, storage & injection
Certificate storage
Stored in a central repository
Providing revocation if needed
The challenge: Highly available public key infrastructure, issuing certificates for cars, clients & code signing
Meet requirements for security network communications between cars & broad ranges of services
Minimize costs & risks
Accelerate IT’s speed and business impact
Protect against product counterfeits (e.g. batteries)
A typical attack scenario: Access via the ECUs over the internet (over the air / OTA)
Car manipulating or hijack
The solution: Code, firmware signing & Key injection
Securing the Automotive Industry – C2 Company
Case Studies
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 15
Tasks for the HSM:
Managing security infrastructure
Development systems service
Tamper protecting HSM is used in or next to toll bridges as FIPS 140-2 Level 4 model
The challenge: Protect stored private information of citizens & prevention of tamper attempts
- A typical attack scenario: Attackers try to break into the toll bridges to manipulate or steal stored information, try to connect into their systems
The solution: Database encryption of toll information, as well of accounting services, email encryption,…
Protecting Governments and IoTs – Toll Collect
Case Studies
CryptoServerToll Collect
Data Center
- Confidential Information -
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 16
Tasks for the HSM:
Key generation
Via True Random Number Generator (TRNG)
Key storage, key management
Authorization service
Authentication service
The challenge: Solving the authentication dilemma
Increasing connectivity of devices, cars, in-cloud systems requires to raise up security
Searching for an easy to implement, manage and use solution for dual authentication
A typical attack scenario: Hackers try to break authentication methods
The solution: Special inWebo developed user (dual-/multi-factor) authentication
Securing customer, member & employee access to VPN, IAM, web, cloud and IoT applications
Protecting digital / electronic Identities – inWebo
Case Studies
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 17
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 18
MAIN BENEFITS
Utimaco 1-U appliance
(CryptoServer LAN V5)
• Total cost of ownership
for HSMs
• Power consumption
reduced by 40%
on average
• Suitable for cloud
and large HSM arrays
• Easy to maintain
• Field-replaceable fans
and power supply modules,
allow you to reduce
downtime and returns
to manufacturer
The central server needs a root-of-trust
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 19
Unified Platform
HSM (PaaS)
Compliance
• FIPS 140-2 L3
w/ Phys. Security L4
• Common Criteria EAL
4+, PP EN 419 221-5
• PCI-HSM
• “DK” Approval
Utimaco Product Portfolio
Supporting our customers every step of the way
Sim
ple
Lic
ensi
ng
Mo
del
Onl
y pe
rfor
man
ce b
ased
prod
uct p
rice
met
er
HSM Customization
• Multiple programming
interfaces
– C language
– LUA Scripting
• Options
– Professional
Services
– Self-development
SDKCertification
and Assistance
Compliance
• PCI-HSM
• TR-39
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 20
Architecture
Multi-Cloud not Mono-Cloud!
Data center
Data center
Customer’s
collocation
Customer’s public cloud applications
MAIN BENEFITS
Utimaco Cloud HSM
• Multi-Cloud,
• Programmability,
• Own-your-key
and applicationMegaport
routing
infrastructure
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 21
Credits: MS research Copenhagen.
And what´s next ….
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 22
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 23
Industry leaders in post-quantum crypto work with Utimaco HSMs
Thought leadership on cryptography trends
Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 24
Utimaco Management GmbH
Germanusstraße 4
52080 Aachen
Germany
Tel +49 241 1696 200
Fax +49 241 1696 199
eMail [email protected]
Thank you / vielen Dank!
Malte Pollmann