Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GSMA Mobile 360 Series - IoT Security: Safeguar...

Arduino
May 29, 2019
Technology
1
280

GSMA Mobile 360 Series - IoT Security: Safeguarding the Network

Arduino

May 29, 2019
Tweet

More Decks by Arduino

See All by Arduino
Control your Embedded Linux remotely by using WebSockets
arduino
1
460
Many LoRaWAN Sensors, One Arduino IoT Cloud to Rule Them All
arduino
0
300
Arduino is Hardware, Software, IoT and Community
arduino
0
330
Control your Embedded Linux remotely by using MQTT and a web interface
arduino
2
1k

Other Decks in Technology

See All in Technology
DynamoDB でスロットリングが発生したとき/when_throttling_occurs_in_dynamodb_short
emiki
0
250
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
3.9k
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
130
【Startup CTO of the Year 2024 / Audience Award】アセンド取締役CTO 丹羽健
niwatakeru
0
1.3k
リンクアンドモチベーション ソフトウェアエンジニア向け紹介資料 / Introduction to Link and Motivation for Software Engineers
lmi
4
300k
Application Development WG Intro at AppDeveloperCon
salaboy
0
190
【Pycon mini 東海 2024】Google Colaboratoryで試すVLM
kazuhitotakahashi
2
530
Flutterによる 効率的なAndroid・iOS・Webアプリケーション開発の事例
recruitengineers
PRO
0
110
Platform Engineering for Software Developers and Architects
syntasso
1
520
複雑なState管理からの脱却
sansantech
PRO
1
150
Terraform未経験の御様に対してどの ように導⼊を進めていったか
tkikuchi
2
450
Can We Measure Developer Productivity?
ewolff
1
150

Featured

See All Featured
What's in a price? How to price your products and services
michaelherold
243
12k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
Building Applications with DynamoDB
mza
90
6.1k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
Building Your Own Lightsaber
phodgson
103
6.1k
The Art of Programming - Codeland 2020
erikaheidi
52
13k
Testing 201, or: Great Expectations
jmmastey
38
7.1k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
31
2.7k
Measuring & Analyzing Core Web Vitals
bluesmoon
4
130
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
6.9k
Intergalactic Javascript Robots from Outer Space
tanoku
269
27k

Transcript

  1. Gianluca Varisco, CISO Arduino GSMA Mobile 360 Series, 29/05/2019 IoT

    Security: Safeguarding the Network @gvarisco

  2. Developing secure and reliable IoT applications can be hard

  3. Hardware Nodes (Devices, Sensors) Constrained devices Require C/C++ firmware skills

    Effective Power Management depends on Firmware Gateways Remote connections, SSH Device management Radio / Networks Long range / Low Power Source: https://makezine.com/2017/06/27/state-boards- platforms-products-purposes-current-crop-microcontrollers- vies-attention/

  4. Cloud Software Many different languages, protocols, libraries, security standards, etc.

  5. Data & persistence Different data formats make data manipulation and

    interpretation difficult

  6. 6 The IoT Landscape is quite fragmented

  7. “Enable anyone to develop secure IoT applications by making complex

    technology simple to use” ARDUINO MISSION for IoT

  8. 8 The “PANINI” Concept:

  9. 9

  10. 10 WHAT ARDUINO PROVIDES Sensors Data + Device Interaction Automatic

    Code Generation Arduino Hardware Secure Cloud Connection Device Management OTA Updates Firmware Changes Business Logic Firmware Upload Certificate or Password Provisioning Dashboards Third Parties IoT SaaS Arduino IoT Cloud

  11. 11 Security Secure in every layer Hardware Software Data

  12. 12 Core to the future and success of IoT is

    the “security of things” Device Identity Anti-tampering Key Management Encrypted Transport and Data Confidentiality

  13. 13 SECURE ELEMENT

  14. 14 Hardware Security ATECC508A/ATECC608A Cryptographic Co-Processor from Microchip Technology What

    we use it for? – Secure Hardware-Based Key Storage up to 16 keys, certificates or data – Hardware Support for Asymmetric Sign, Verify, Key Agreement ECDSA, ECDH, NIST P256 Elliptic Curve Support – Internal high-quality FIPS Random Number Generator (RNG)

  15. 15 Data encryption and secure authentication – All traffic to/from

    Arduino IoT Cloud is encrypted using Transport Layer Security (TLS) – Device authentication using X.509 certificates – Initial support for JSON Web Tokens (ECDSA P-256 SHA-256) in ArduinoECCX08 library – AES-128 (for LoRaWAN™), AES-CMAC for messages exchange, which includes encryption and integrity.

  16. 16 SECURITY RECAP – Hardware-based security – Devices’ provisioning –

    TLS certificates for authentication – Encrypted data transfer

  17. 17 https://www.arduino.cc/sim

  18. THAT’S A WRAP, THANK YOU! Gianluca Varisco <[email protected]> @gvarisco