Vernetztes Fahren: Nicht ohne Vertrauensanker!€¦ · Our Global Market Leading Position Utimaco is a worldwide leader in highly specialized Cyber Security markets 250+ highly skilled

Utimaco HSM Business Unit · Aachen, Germany · ©2018 hsm.utimaco.com Page 1

Vernetztes Fahren: Nicht ohne Vertrauensanker!

Wie kann man vernetzte Fahrzeuge vor Cyberbedrohungen schützen?


Utimaco - Providing Security creates Trust

1.000+ UtimacoHSM protected infrastructures worldwide

300+ Telecom and ISP networks worldwide

protected by Utimaco

#2 in Hardware Security Modules

Headquarters Aachen, Germany

Campbell (CA), USAWorldwide offices and global partner

landscape

Deep expertise in providing security for Critical Infrastructures

Our Global Market Leading Position

Utimaco is a worldwide leader in highly specialized Cyber Security markets

250+ highly skilled experts

#1 in Telecom

Compliance Solutions

50+ years in IT and

35+ years in IT-Security

50+35+


Utimaco activities with core players in Mobility




So OTA …. But how do we make it really secure?


1. Request Thing (T) requests update from server (S)

2. Build Server (S) generates the update installer

3. Sign Hash update and digitally sign it (S)

4. Deploy S->T Encrypt the update, append the signed hash and send

5. Verify (T): Decrypt, then verify hash against update

6. Use (T) Install update and reboot

Simplified steps for „Pull“ and „Push“ based OTA processes

Steps in the OTA process


Security can‘t be an afterthought

Io(t)T – Internet of (trusted) Things?

Interacting “things” in the Internet of Things (IoT) need to trust each other.

Standards based Key Management

and Cryptography need to be an integral

part of the architecture of every IoT platform.

Management of the lifecycle of any

IoT device is a crucial part.

Manufacturing

Seeding

Device management

Secure update (OTA)

Secure communication

Decommissioning


Sample integrations in secure key lifecycle systems

Slide from silicon to datacenter


Driver for Compliance and Information Security

Markets driving security needs

The number of breaches of

is ever increasing as the

value of the assets at stake

are permanently on the rise.

All industries are impacted:

from Automotive to

banking, from industrial

to governments.

To ensure security of

critical infrastructures

in the light of increase in

cyber criminality

governments issue more

stringent regulations.

Compliance is a driver

for the adoption of

information security

technology & encryption.

Digital transformation

is driven by changing

consumer behavior and

digital transformation

of companies and the

resulting creation of

digital assets and

(sometimes) disruptive

technologies. It certainly

means more cyber

security.

Digital transformation Breaches Regulation


A number of mega trends with long-term growth opportunities

Growths driven by a number of factors

€1,900 billion

in damages caused

by cyber attacks

in 2019

Cost arising from

cyber criminality

are expected to

increase within the

next years, driving

the demand for

HSM solutions

Mandatory

recognition of eIDs

in the EU starting

09/18/2018

To ensure security

of critical

infrastructures in

the light of increase

in cyber criminality

governments issue

more stringent

regulations

IoT: The number of

connected devices

is forecasted to

grow at a CAGR of

17% accelerating

the demand for

protective solutions

Penetration of

Smart Grids and

Smart Meters leads

to privacy and

security concerns.

Smart Grids are

secured best

through hardware

Connected Cars

are a target of

criminal attacks,

therefore, the

security needs to be

guaranteed

10

30

2013 2020

Connected devices in billions

+17% p.a.

44 48 53 57 61 63

2015 2016 2017 2018 2019 2020

Cumulative spending in $ billions

+7% p.a.

31

113

2015 2020

+29% p.a.

Global connected car revenues

in € billions

Other

Telco / ISP

Energy / Utilities

Manufacturing

Health / insurance

Automotive

Government

Enterprise

Payments

2018 2019 2020 2021

Mission 2021

<+20%CAGR

Mission 2021

>+20%CAGR

Mission 2021

<+20%CAGR

HSM market growth

2018 and Mission 2021

Tre

nd

Co

mm

en

t

Source: Strategy&, In the fast lane, 2014; Greentechmedia, 2013; McKinsey & Company, The Internet-of-Things: Sizing up the opportunity, 2014; Identity Theft Resource Center

Digital transformationCyber securityRegulation &

Compliance


C-ITS / SCMS –European / US RegulationsC-ITS European Directive –legal framework at EU level by 2018

(Cooperative Intelligent Transport Systems)

V2V –V2I –I2I –V2X

US DoT –Automotive Industry –Security Experts -CAMP

(Security Credential Mgmt. System)

V2V –V2I –I2I –V2X

PCI DSS V3 –Payment Card Industry WWPCI HSM gains more attraction as FIPS 140-2 disallows widely used algorithms like DES, SHA1 or for key derivations.

Defines audit schemes like PCI DSS, PCI P2PE which mandate the use of HSMs

eIDASeIDASis an EU regulation providing a set of standards for electronic identification and trust services for electronic transactions in the European Single Market.

Regulation starting to impact also the mobility industry


Tasks for the HSM:

Securing root key

Key generation (with TRNG)

Key storage

Key management

Authentication service

Flexible rights and role management

The challenge: Securing connected devices in the IoT

For Industry 4.0 as for Vehicle-to-x communication

A typical attack scenario: tampering, hijacking, identity theft, interception of private, take over control

The solution: Secure communication between devices with strong key management

Prevent of tampering and spy

Signature checks, revocation of certificates

Register and differentiate between true and false devices

Securing Applications and Communications in IoT & V2x – ESCRYPT

Case Studies


Tasks for the HSM:

Key generation, storage & injection

Certificate storage

Stored in a central repository

Providing revocation if needed

The challenge: Highly available public key infrastructure, issuing certificates for cars, clients & code signing

Meet requirements for security network communications between cars & broad ranges of services

Minimize costs & risks

Accelerate IT’s speed and business impact

Protect against product counterfeits (e.g. batteries)

A typical attack scenario: Access via the ECUs over the internet (over the air / OTA)

Car manipulating or hijack

The solution: Code, firmware signing & Key injection

Securing the Automotive Industry – C2 Company

Case Studies


Tasks for the HSM:

Managing security infrastructure

Development systems service

Tamper protecting HSM is used in or next to toll bridges as FIPS 140-2 Level 4 model

The challenge: Protect stored private information of citizens & prevention of tamper attempts

- A typical attack scenario: Attackers try to break into the toll bridges to manipulate or steal stored information, try to connect into their systems

The solution: Database encryption of toll information, as well of accounting services, email encryption,…

Protecting Governments and IoTs – Toll Collect

Case Studies

CryptoServerToll Collect

Data Center

- Confidential Information -


Tasks for the HSM:

Key generation

Via True Random Number Generator (TRNG)

Key storage, key management

Authorization service

Authentication service

The challenge: Solving the authentication dilemma

Increasing connectivity of devices, cars, in-cloud systems requires to raise up security

Searching for an easy to implement, manage and use solution for dual authentication

A typical attack scenario: Hackers try to break authentication methods

The solution: Special inWebo developed user (dual-/multi-factor) authentication

Securing customer, member & employee access to VPN, IAM, web, cloud and IoT applications

Protecting digital / electronic Identities – inWebo

Case Studies



MAIN BENEFITS

Utimaco 1-U appliance

(CryptoServer LAN V5)

• Total cost of ownership

for HSMs

• Power consumption

reduced by 40%

on average

• Suitable for cloud

and large HSM arrays

• Easy to maintain

• Field-replaceable fans

and power supply modules,

allow you to reduce

downtime and returns

to manufacturer

The central server needs a root-of-trust


Unified Platform

HSM (PaaS)

Compliance

• FIPS 140-2 L3

w/ Phys. Security L4

• Common Criteria EAL

4+, PP EN 419 221-5

• PCI-HSM

• “DK” Approval

Utimaco Product Portfolio

Supporting our customers every step of the way

Sim

ple

Lic

ensi

ng

Mo

del

Onl

y pe

rfor

man

ce b

ased

prod

uct p

rice

met

er

HSM Customization

• Multiple programming

interfaces

– C language

– LUA Scripting

• Options

– Professional

Services

– Self-development

SDKCertification

and Assistance

Compliance

• PCI-HSM

• TR-39


Architecture

Multi-Cloud not Mono-Cloud!

Data center

Data center

Customer’s

collocation

Customer’s public cloud applications

MAIN BENEFITS

Utimaco Cloud HSM

• Multi-Cloud,

• Programmability,

• Own-your-key

and applicationMegaport

routing

infrastructure


Credits: MS research Copenhagen.

And what´s next ….



Industry leaders in post-quantum crypto work with Utimaco HSMs

Thought leadership on cryptography trends


Utimaco Management GmbH

Germanusstraße 4

52080 Aachen

Germany

Tel +49 241 1696 200

Fax +49 241 1696 199

eMail [email protected]

[email protected]

Thank you / vielen Dank!

Malte Pollmann

Documents

Vernetztes Fahren: Nicht ohne Vertrauensanker!€¦ · Our Global Market Leading Position Utimaco is a worldwide leader in highly specialized Cyber Security markets 250+ highly skilled