Upload
m2m-alliance-ev
View
20
Download
0
Embed Size (px)
Citation preview
TACKLING DATA SECURITY AND PRIVACY CHALLENGES OF THE IOT
Björn Peters
Head of Segment M2M/IoT – Exceet Secure Solutions
06-10-2016
2
The digitization of the economy, also known as machine-to-machine (M2M), the Internet of Things
(IoT) or Industry 4.0, is happening as we speak. In an age when objects, people and organizations
exchange data automatically, security becomes the decisive success factor. This means that for
professional applications, it is vital to create a digital sphere of trust.
In this context, exceet Secure Solutions speaks of the digital identification and authentication of all
participants and objects, as well as secure end-to-end encryption of all communication.
How? With the aid of Trusted Ecosystems.
“
“
MOTIVATION
3
„Automation pyramid“
First step:
Continous integration &
digitalization
Vision Industrie 4.0:
Decentralized
controlled modules (no
conventional hirarchy)
ERP
MES
Automation technics
(SPS, Sensoren,
Aktoren)
MES as an
information hub
Different
planning and
control Applications
production processes
with different
control components
Internet of Services
Internet of Things („Cyber-
Physical“ Systems)
IT ARCHITECTURE IS CHANGING
4
COLLECTION OF DATA IN THE PAST
5
COLLECTION OF DATA TODAY
6
Datenerfassung in Zukunft COLLECTION OF DATA IN THE FUTURE
7
AGENDA • Firma XY
Security Is A
Barrier In Each
IoT Project
Security Is A
Barrier In Each
IoT Project
>50% of our IoT projects have middle or high security needs
Today enterprises are forced to realize individual security solutions
For data driven business models trust is vital
Authorities drive stronger regulation to enable trust in markets
An easy adoptable secure IOT solution helps the market to develop
1
2
3
4
5
8
Approach:
Systematic derivation and formulation of all relevant
categories for attack scenarios.
Allocation of attack potentials.
Attack scenarios result from a threat to a specific object due
to an exploitation of vulnerability by an attacker.
Objective & Result:
Specific, clearly formulated attack scenarios and associated
attack potentials as basis for security analysis.
INITIAL CONSIDERATIONS Asset – Protected Object – Development Phase –
Environmental Assumptions
Threat Attacker Vulnerability
Attack Scenario and Attack Potential
Threat and Vulnerability Analysis
IoT and Security / Smart & Secure: The Secure Approach To Digital Transformation
THREAT AN VULNERABILITY ANALYSIS
9
TRUSTED IDENTITY-LIFECYCLE-MANAGEMENT FOR INDUSTRIALIZED IOT SOLUTIONS
10 10 10/14/2016 I exceet Secure Solutions I Slide
VALUE CHAIN • Closed trusted ecosystem
Established solution
in Germany.
Reduced complexity due
to unique exceet portfolio.
100% Vendor agnostic.
11 11 10/14/2016 I exceet Secure Solutions I Slide
THE TRUSTED INDUSTRIALIZED IOT SOLUTION • Fully integrated
Trusted Management
• Unique identification
• Mutual authentication
• End-2-End encryption
• Secure software &
configuration management
• Rights & rules management
Trusted Platform
• Full support of
the IoT Platform
• Fully integrated
• Business process
• support
• Business logic aligned
Secure Element
• Hardware-based
and tamper resistant
storage
• Form factor agnostic
• Lifecycle management
of the Secure Element
12
SENSORS GATEWAY
+ Secure Element IOT PLATFORM
Trusted Ecosystem
Driver
Insurance
Workshop
Supplier
Fleet Operator
INTERFACE
EXAMPLE – SECURE FLEET MANAGEMENT
13
ORGANIZATIONS
PEOPLE
THINGS/COMPONENTS
Secure, closed user systems thanks to digital identities for:
End-to-end encryption
Unambiguous identification
Mutual authentication
BENEFITS OF A TRUSTED ECOSYSTEM
14
AGENDA • Firma XY
Security Is No
Question Of
Willingness.
It’s A Question
Of Readiness.
Security Is No
Question Of
Willingness.
It’s A Question
Of Readiness.
exceet Secure Solutions AG
Rethelstraße 47
40237 Düsseldorf
Germany
Björn Peters
Head of Segment M2M/IoT
Phone: +49 211 436989 35
Email: [email protected]
Web: www.exceet-secure-solutions.de