Tweet
Tweet

Slide 1

Slide 1 text

Gianluca Varisco, CISO Arduino GSMA Mobile 360 Series, 29/05/2019 IoT Security: Safeguarding the Network @gvarisco

Slide 2

Slide 2 text

Developing secure and reliable IoT applications can be hard

Slide 3

Slide 3 text

Hardware Nodes (Devices, Sensors) Constrained devices Require C/C++ firmware skills Effective Power Management depends on Firmware Gateways Remote connections, SSH Device management Radio / Networks Long range / Low Power Source: https://makezine.com/2017/06/27/state-boards- platforms-products-purposes-current-crop-microcontrollers- vies-attention/

Slide 4

Slide 4 text

Cloud Software Many different languages, protocols, libraries, security standards, etc.

Slide 5

Slide 5 text

Data & persistence Different data formats make data manipulation and interpretation difficult

Slide 6

Slide 6 text

6 The IoT Landscape is quite fragmented

Slide 7

Slide 7 text

“Enable anyone to develop secure IoT applications by making complex technology simple to use” ARDUINO MISSION for IoT

Slide 8

Slide 8 text

8 The “PANINI” Concept:

Slide 9

Slide 9 text

9

Slide 10

Slide 10 text

10 WHAT ARDUINO PROVIDES Sensors Data + Device Interaction Automatic Code Generation Arduino Hardware Secure Cloud Connection Device Management OTA Updates Firmware Changes Business Logic Firmware Upload Certificate or Password Provisioning Dashboards Third Parties IoT SaaS Arduino IoT Cloud

Slide 11

Slide 11 text

11 Security Secure in every layer Hardware Software Data

Slide 12

Slide 12 text

12 Core to the future and success of IoT is the “security of things” Device Identity Anti-tampering Key Management Encrypted Transport and Data Confidentiality

Slide 13

Slide 13 text

13 SECURE ELEMENT

Slide 14

Slide 14 text

14 Hardware Security ATECC508A/ATECC608A Cryptographic Co-Processor from Microchip Technology What we use it for? – Secure Hardware-Based Key Storage up to 16 keys, certificates or data – Hardware Support for Asymmetric Sign, Verify, Key Agreement ECDSA, ECDH, NIST P256 Elliptic Curve Support – Internal high-quality FIPS Random Number Generator (RNG)

Slide 15

Slide 15 text

15 Data encryption and secure authentication – All traffic to/from Arduino IoT Cloud is encrypted using Transport Layer Security (TLS) – Device authentication using X.509 certificates – Initial support for JSON Web Tokens (ECDSA P-256 SHA-256) in ArduinoECCX08 library – AES-128 (for LoRaWAN™), AES-CMAC for messages exchange, which includes encryption and integrity.

Slide 16

Slide 16 text

16 SECURITY RECAP – Hardware-based security – Devices’ provisioning – TLS certificates for authentication – Encrypted data transfer

Slide 17

Slide 17 text

17 https://www.arduino.cc/sim

Slide 18

Slide 18 text

THAT’S A WRAP, THANK YOU! Gianluca Varisco @gvarisco