PROGRAMME EMBEDDED-SEC 2021
Initiatives to help the IoT ecosystem build, certify and deploy trustworthy devices.
9H15 – 9H55
Gil Bernabeu
GlobalPlatform Technical Director and Technical Advisor for the Standardization and Technology Department at Thales. In this role, he supports Gemalto’s marketing and product groups to deploy trusted and convenient digital services.
Société/organisme : GlobalPlatform
Within this presentation, GlobalPlatform will explain how standardized secure component technologies and certifications can be used to develop, deploy and securely manage digital services and devices that meet specific business, security, regulatory and data protection needs. It will introduce the following initiatives:
The IoTopia Framework – a practical implementation guide for the secure, remote lifecycle management of connected devices, from initial design through to decommissioning.
The SESIP Methodology – a common and optimized approach for evaluating the security of connected products, by composition of certified parts and reuse of certification across different evaluations.
Trusted Platform Service APIs – a standardized way to access secure services and attestation mechanisms within a device, making it easier to leverage security technology offered by secure components.
GlobalPlatform and RISC-V – how the two organizations are collaborating, how to build a successful TEE based on RISC-V architecture, and the value it delivers for IoT devices.
The European Standardization series on consumer IoT security ETSI EN 303645
10H00 – 10H40
Dr. Gisela Meister
Senior Consultant Eurosmart, rapporteur pour le comité technique ETSI TC Cyber sur l’évaluation de la cybersécurité pour l’IoT grand public. Elle préside le groupe de normalisation DIN sur les « Exigences de sécurité for pour les équipements IoT »
Société/organisme : ETSI
ETSI EN 303 645 is designed to prevent large-scale, prevalent attacks against smart devices that cybersecurity experts see every day, by establishing a security baseline for connected consumer products and provides a basis for future IoT certification schemes.
ETSI EN 303 645 supports a good security baseline for connected consumer products, provisioning a set of 13 recommendations, with the top three being: no default passwords, implement a vulnerability disclosure policy, and keep software updated. There are also specific data protection provisions for consumer IoT devices.
The assessment specification TS 103701 specifies baseline conformance assessments for assessing consumer IoT products against the provisions of ETSI EN 303 645. It sets out mandatory and recommended assessments, intended to be used by testing labs and certifying bodies that provide assurance on the security of relevant products, as well as manufacturers that wish to carry out a self-assessment. The proposed document is intended as input to a future EU common cybersecurity certification scheme as proposed in the Cybersecurity Act.
The implementation guide draft TR 103621, gives easy-to-use guidance to help manufacturers and other stakeholders to meet the provisions defined for Consumer IoT devices in ETSI EN 303 645. It includes a non-exhaustive set of example implementations that meet the provisions in the EN.
Platform Security Architecture for Automotive
10H45 – 11H25
Nicolas Devillard
Security Architect at Arm
Société/organisme : Arm
Les processeurs sont présents partout dans le monde de l’automobile, depuis le tableau de bord jusqu’aux plus petits capteurs dans les véhicules actuels, et au cœur de la conduite automatique pour les véhicules autonomes demain.
Avec cette augmentation de la quantité de calcul disponible à bord arrivent les considérations sur la sécurité numérique : qui sont les attaquants de ces nouvelles plateformes, comment se protéger en profondeur, et que propose Arm sur ce sujet ?
Cette présentation propose une mise en contexte des nouveaux besoins en matière de sécurité numérique automobile et survolera les points principaux mis en œuvre par la Platform Security Architecture.
Hardware security module in automotive : a solution which covers algorithmic complexity and hardware flexibility
11H30 – 11H55
Eric Sema
Eric Sema a travaillé en tant que développeur/intégrateur logiciel embarqué dans le cadre de l’automobile (Segula Automotive, puis PSA), puis a évolué vers le monde de la cybersécurité notamment chez Neopost (Postal Security Device) puis Ingenico (Lecteur de carte à puce). Après un passage de 6 ans chez Valeo il travaille depuis 2019 chez Vector France afin d’aider les utilisateurs à construire leur solutions logicielles embarquées AUTOSAR, autour de la cybersécurité (HSM Firmware).
Société/organisme : Vector
La cybersécurité dans nos véhicules est devenue un enjeu crucial qui s’accroit d’autant que nos véhicules sont de plus en plus connectés et accessibles. Les solutions pour répondre à ce besoin se complexifient dans le même sens et l’on est passé en quelques années de modules de cryptographie tout matériel à des modules combinant solutions logicielles et matérielles. Avec ces solutions logicielles, une complexité algorithmique grandissante s’installe également.
Comment donc proposer à la fois une complexité algorithmique croissante et une flexibilité liée à la diversité matérielle ?
Allier sureté de fonctionnement et cybersécurité : une solution par l’architecture et la séparation des domaines
12H00 – 12H25
Frédéric Maraval
Product Manager
Société/organisme : ISIT
L’avènement de la connectivité fait qu’aujourd’hui des mondes séparés tels que l’IT et l’OT se retrouvent entremêlés et que par conséquence des systèmes critiques autrefois isolés se retrouvent sous la menace d’attaques extérieures. Sureté de fonctionnement et cybersécurité sont aujourd’hui indissociables lorsqu’on doit concevoir un équipement.
Mais comment répondre aux exigences, parfois antagonistes, de ces deux domaines surtout lorsque l’écosystème dans lequel va évoluer le système que l’on doit concevoir n’est pas entièrement maitrisé ? Une solution est la séparation et l’isolation des applicatifs au sein de l’équipement.
Dans cette présentation seront couvertes les notions d’origine et principe de la séparation, la notion de “least privilege”, la virtualisation matérielle et la séparation de noyaux, hyperviseur monolithique vs. séparateur de noyaux, principes du séparateur LynxSecure, avantages et bénéfices des séparateurs de noyaux.
Integrated secure element : what’s next ?
12H30 – 12H55
Sebastine Riou
Application Manager at Tiempo Secure.
Previously he worked over a decade in the smart card industry and submitted several patents related to secure IC implementation. As a freelance penetration tester, he helped finding vulnerabilities in consumer products and a “whitebox cryptography” product.
Société/organisme : Tiempo Secure
Recently the trend in IoT is to move from traditional secure element to “integrated secure element” (iSE). “integrated” here means that the secure element is no longer a stand-alone chip, it is an hardware block integrated on the same die as the application processor (other popular names for that concept include “secure enclave”, “eHSM”, “root of trust”…). As a leading provider of iSE, Tiempo-Secure teamed up with CEA to think ahead and define the “iMRC”, a new concept which fully leverage the strengths of integrated secure element to achieve security in an IoT application, from edge nodes to cloud servers. The talk will present this concept and its benefits for SOC manufacturers, IoT solution providers and IoT application users.
Security from chip to edge to cloud
13H30 – 13H55
Yan-Tarō Clochard
Directeur commercial pour la région de l’Asie du Nord et en charge de Secure-IC au Japon (Secure-IC K.K.) dont il est le fondateur. Il est également directeur du corporate marketing de l’entreprise.
Société/organisme : Secure-IC
De nombreux objets connectés et systèmes embarqués sont conçus pour être opérationnels pendant de nombreuses années. Cela implique de la part des fabricants et des fournisseurs de services de maintenir la sécurité de ces objets et systèmes tout au long de leur cycle de vie.
Quelles sont les possibilités offertes aux fabricants de composants et d’appareils, ainsi qu’aux fournisseurs de services, pour qu’ils maintiennent la sécurité de leurs dispositifs face à des attaques cyber de plus en plus perfectionnées ? Comment gérer les évolutions au cours du cycle de vie des appareils ? Comment garantir la protection des communications et des données entre eux mais aussi via des services hébergés de type cloud ? Et révoquer des accès si besoin ?
Secure-IC illustrera au travers de cas d’exemples certains de ces challenges et donnera des éléments de réponse quant aux problématiques mentionnées.
Sécurité et Certification IoT, état des lieux
14H00 – 14H25
Claire Loiseaux
Société/organisme : Internet-of-Trust
Nous nous concentrerons ici sur les niveaux de sécurité et les certifications adaptés à la grande majorité des produits et systèmes IoT. L’objectif est de mieux comprendre quels mécanismes de sécurité sont accessibles et disponibles au niveau matériel et logiciel. Nous examinerons les exigences de sécurité disponibles, sous forme de normes, de listes de contrôle ou de profils de protection sur les différentes méthodes d’évaluation disponibles et sur des labels de sécurité pouvant être obtenus auprès d’entités privées ou étatiques.
Dans le cadre de cette présentation nous nous intéresserons essentiellement aux niveaux de sécurité et aux certifications adaptés à la grande majorité des produits et systèmes IoT, à savoir : Platform Security Architecture (PSA) Certified, Security Evaluation Standard for IoT Platforms (SESIP), schémas de type CSPN, etc.
L’objectif étant de mieux comprendre quels sont les mécanismes de sécurité accessibles et disponible au niveau des composants matériels – Security Element (SE), System-on-Chip (SOC), mécanismes d’isolation hardware – et des couches logicielles basses – firmware et couches cryptographiques, OS sécurisé, hyperviseur, containers et des services de sécurité: filtrage, stockage sécurisé, monitoring.
What Do IoT Device Developers Need to Know About the Emerging IoT Security Regulations
14H30 – 14H55
Alan Grau
VP of IoT/Embedded Solutions
Société/organisme : Sectigo
IoT Cybersecurity Act of 2020 and other IoT cybersecurity legislation and industry standards; Recent attacks against IoT Devices (show how critical vertical are getting hit); How OEMs can ensure their IoT devices are compliant with cybersecurity legislation.
Some other items will be treated : Security requirements for IoT devices, Penetration testing: finding security flaws in IoT devices, Firmware scanning: how security tools detect known vulnerabilities, out-of-date open source components, hard-code encryption keys, expired certificates, and potential zero-day vulnerabilities.
Software IP Protection for IoT devices
15H00 – 15H25
Jean-Pierre Delesse
Société/organisme : Trusted Objects
IoT markets are getting mature and there is a growing number of IoT devices deployed all over the world. As volumes are growing, corporation are also considering outsourcing their manufacturing operations. For IoT devices that embed a programmable MCU, a high value lies in the embedded software with for instance artificial intelligence IPs being more and more ported at the edge devices.
As result there are growing concerns about software IP protection for IoT devices at the different stages of the lifecycle.
The purpose of the presentation is to review the different ways to protect software IP in IoT devices during the whole lifecycle. We will look at the gaps that still exist on integration easiness, cost effectiveness or interoperability.
We also introduce a new concept of IP protection product and services based on a digital security technology. Considering the specific IP protection during the manufacturing operation, we will show some uses cases where state of the art technologies are filling the gap.
Software IP Protection for IoT devices
15H30 – 15H55
Walter Capitani
Director of Technical Product Management from GrammaTech
Société/organisme : GrammaTech
IoT markets are getting mature and there is a growing number of IoT devices deployed all over the world. As volumes are growing, corporation are also considering outsourcing their manufacturing operations. For IoT devices that embed a programmable MCU, a high value lies in the embedded software with for instance artificial intelligence IPs being more and more ported at the edge devices.
As result there are growing concerns about software IP protection for IoT devices at the different stages of the lifecycle.
The purpose of the presentation is to review the different ways to protect software IP in IoT devices during the whole lifecycle. We will look at the gaps that still exist on integration easiness, cost effectiveness or interoperability.
We also introduce a new concept of IP protection product and services based on a digital security technology. Considering the specific IP protection during the manufacturing operation, we will show some uses cases where state of the art technologies are filling the gap.
SSP: The New Smart Secure Platform
16H00 – 16H25
Denis Praca
Standardization manager at Thales DIS ans (in the context of that presentation )ETSI TC SCP vice chairman
Société/organisme : Thales and ETSI TC SCP
ETSI SCP has developed a new range of specifications for a family of versatile and powerful secure element definition called SSP. This presentation will focus of the features offered by the SSP specifications and the different options that will make it suitable for securing a wide range of devices and provide services for securing transactions and access control.”
Bridging the scaling gap: how IoT security can be scaled at speed
16H30 – 16H55
Dr Shahram Mossayebi
Co-founder and CEO of Crypto Quantique
Before founding Crypto Quantique, Shahram worked as a self-employed cybersecurity consultant and as a security solutions architect at CyNation, a risk management company. Recognizing the need for a holistic solution that is easy-to-use at scale, yet delivers robust and reliable security for everything from connected cars to high-end consumer goods, he founded Crypto Quantique
Société/organisme : Crypto Quantique
Crypto Quantique has developed Q: Architecture – a scalable architecture for quickly and securely connecting IoT devices to the cloud. Q :Architecture has two complementary elements, which will be described in this presentation.
- QDID is hardware IP that generates random, unforgeable cryptographic keys on-demand in silicon. It does this by measuring quantum effects in chips produced using standard CMOS processes. Keys do not need to be stored and can be reconstructed on-demand, and It eliminates the need for key injection and its associated cost, complexity, and security compromise.
- QuarkLink is a universal IoT security platform for connecting devices to in-house or cloud servers. Originally designed to work with QDID, it is also available as a standalone product to be used with other Roots-of-Trust. Its unique feature is its breadth of capability in one tool. It provides a secure provisioning, including cryptographic keys and firmware, automated secure onboarding to any platform and simultaneously to multiple platforms, and security monitoring, including firmware encryption, signing and secure updates over-the-air, and certificate and key renewal and revocation.
Other device authentication methods using asymmetric crypto in IoT. One example for BLE devices
17H00 – 17H30
Gweltas Radenac
IoT Business Line Director . He supports Wisekey Product roadmap and Marketing activites around Embedded Security and Trusted Servcies like Digital Certificates / PKI platform
Société/organisme : WISeKey
Security is essential to enable the Internet of Things (IoT). Key security measures that work well on the traditional Internet, however, do not necessarily adapt well to the IoT. And widely used encryption technologies for the Internet require too much energy for resource-constrained devices.
Within this presentation, WISEKEY Semiconductors will briefly describe how the combination of a physical Root of Trust, namely Secure Elements can help device makers to implement authentication mechanisms taking into account IoT constraints like payload and computing power. One example is given based on BLE connectivity.