Gemalto Safenet Solution for IOT Security
Securing The Internet Of Things (IOT)
Providing greater insight and control over elements in our increasingly connected lives, the Internet of Things (IoT) emerges at a time when threats to our data and systems have never been greater. There is an average of thirteen enterprise security breaches every day, resulting in roughly 10 million records lost a day—or 420,000 every hour. As new connected devices come to market, security researchers have taken up the cause to expose their vulnerabilities, and make the world aware of the potential harm of connecting devices without properly securing the Internet of Things.
Examples of Real IoT Threats
Manipulation of Connected Cars
Security experts Chris Valasek and Charlie Miller grabbed headlines with their research on the vulnerability of connected cars when they hacked into a Toyota Prius and a Ford Escape using a laptop plugged into the vehicle’s diagnostic port. This allowed the team to manipulate the cars headlights, steering, and breaking.
Threats to Medical Devices
In April 2014, Scott Erven and his team of security researchers released the results of a two-year study on the vulnerability of medical devices. The study revealed major security flaws that could pose serious threats to the health and safety of patients. They found that they could remotely manipulate devices, including those that controlled dosage levels for drug infusion pumps and connected defibrillators.
The Dangers of the Smart Grid
In 2012, the Department of Homeland Security discovered a flaw in hardened grid and router provider RuggedCom’s devices. By decrypting the traffic between an end user and the RuggedCom device, an attacker could launch attacks to compromise the energy grid.
Threats to the Internet of Things Security
We can sort potential attacks against the Internet of Things into three primary categories based on the target of the attack—attacks against a device, attacks against the communication between devices and masters, and attacks against the masters. To protect end users and their connected devices, we need to address all three of these IoT attacks.
Attacks Against IoT Devices
To a potential attacker, a device presents an interesting target for several reasons. First, many of the devices will have an inherent value by the simple nature of their function. A connected security camera, for example, could provide valuable information about the security posture of a given location when compromised.
Best Practice: Securing the Internet of Things requires device ID certificates to be issued to each device at the point of manufacturing to establish identity and facilitate authentication to service and other devices.
Attacks Against Communications
A common method of attack involves monitoring and altering messages as they are communicated. The volume and sensitivity of data traversing the IoT environment makes these types of attacks especially dangerous, as messages and data could be intercepted, captured, or manipulated while in transit. All of these threats jeopardize the trust in the information and data being transmitted, and the ultimate confidence in the overall infrastructure.
Best Practice: As sensitive data travels through the cloud and IoT environment, it should be encrypted to prevent interception. Likewise, stored data should be transparently and seamlessly encrypted to prevent theft.
Attacks Against the Master of Devices
For every device or service in the Internet of Things, there must be a master. The master’s role is to issue and manage devices, as well as facilitate data analysis. Attacks against the masters – including manufacturers, cloud service providers, and IoT solution providers – have the potential to inflict the most amount of harm. These parties will be entrusted with large amounts of data, some of it highly sensitive in nature. This data also has value to the IoT providers because of the analytics, which represent a core, strategic business asset—and a significant competitive vulnerability if exposed.
Best Practice: Code signing of firmware/software updates using code signed with digital certificates. Additionally, all communication with devices in the field should use SSL certificates.
Smart Grid & AMI Security Solutions
At a time where energy utilities play an increasingly important part of our everyday lives, smart grid technologies, including those leveraging the Internet of Things (IoT), introduce new smart grid security challenges that must be addressed.
Implementing a smart grid without proper advanced metering infrastructure (AMI) security could result in grid instability, loss of private information, utility fraud, and unauthorized access to energy consumption data. Without the proper security, the benefits of IoT-based energy such as trusted by-directional communication between applications and devices, as well as secure collection of information for accurate big data analytics, would not be realized. Effective security arms manufacturers, consumers and utility providers with the confidence to leverage the power of the IoT.
Building a trusted secure smart grid will require robust smart grid security solutions that can be easily deployed at the communication and application layers of the smart grid infrastructure.
Areas where smart grid protection is critical include:
- Device manufacturing
- Secure communications
- Internet of Things (IoT) devices and applications
- In-field firmware updates and provisioning
- Device authentication
- Secure meter management
- Protection of the integrity and privacy of data
The Importance of Smart Grid Security with PKI and HSMs
Smart grid security solutions must be able to deploy on a large scale, with minimal effect on applications. Securing the smart grid at the communication layer will require a system to identify connected meters, to verify that these meters are configured correctly, and to validate these meters for network access.
The recommended solution for this authentication process is an identity based model, often a Public Key Infrastructure (PKI). PKIs are ideal for large-scale AMI security deployments that require a high level of security with minimal impact on performance.
In a PKI environment, it is essential that private keys and certificates are guarded with a reliable key management solution that protects against ever-evolving data threats, such as hardware security modules (HSMs).
Applications Leveraging HSMs for Trusted Smart Grid Security:
- Device Identities
- Device Provisioning
- Secure Message Processing
- Device Authentication
- Infrastructure Integrity with PKI Services
- Secure Management
Bringing Trust to the Connected Car
While connected cars offer huge opportunities for drivers and associated businesses, the full measure of these gains won’t be realized without effective security.
Benefits of Connected Cars
The Internet of Things (IoT) paradigm has been having a profound impact on the automotive industry and the long-term prospects. As the power of the IoT comes to automotive vehicles, it presents opportunities for consumers, manufacturers, and service providers in a range of areas including: unprecedented data collection; convenient communication; geography-based services; tailored insurance incentives; intelligent diagnostics; and assisted driving.
Secure, Trusted Identities
While all of these opportunities are significant in one way or another, they are only as strong as their weakest link when it comes to security. As the connected car’s intelligence, services, and ecosystem expands, so do the potential risks and exposures. It is critical to have strong assurances about the legitimacy of the various elements that need to communicate with each other. If an unknown device can gain access to data or services, or a compromised device can impersonate a trusted device, the efficacy of any defenses in place starts to collapse. Consequently, it’s a critical requirement to establish fool-proof identities of each of the elements within the connected car ecosystem.
Organizations need to employ robust, hardened security mechanisms for the IoT. To establish the control and visibility required, your organization needs to institute secure identities, strong authentication, strong encryption, and robust key management.
Tips to Building a Trusted Foundation for IoT Connected Cars:
- Trusted Identities - leverage digital certificates to establish trusted identities of connected cars, providing reliable identification with the original manufacturer or service provider
- Secure Communication Between Devices - both with one another and with the master of devices
- Authentication - issue certificates at the time of manufacturing, which can then be used to facilitate strong authentication when deployed
- Data Integrity - securely generate and store critical cryptographic keys in hardware security modules (HSMs) to prevent unauthorized access, theft, and tampering
- Code Signing - create and establish trust and address potential IoT vulnerabilities
- High Availability and Disaster Recovery – ensure easy recovery from failures, and minimize downtime from any single platform so it won’t lead to a catastrophic loss of keys
- Monitoring and Management – rely on strong authentication to make sure that only authorized drivers and service personnel can access sensitive systems
IoT Secure Manufacturing
There is a recent push to implement an Internet of Things (IoT) infrastructure into manufacturing environments in order to protect intellectual property (IP), reduce manufacturing costs, improve supply chain efficiencies, and proficiently manage device lifecycles. But studies reveal that in past IoT implementations the secure component was often an afterthought, posing risks to manufacturers’ proprietary software and IP. Additionally, manufacturers were also missing out on the secure collection of invaluable data from potentially thousands of endpoints that could be analysed to lower costs, improve productivity, and basically work smarter.
Hardware Security Modules (HSMs)
SafeNet Luna Hardware Security Modules (HSMs) secure encryption keys in a FIPS 140-validated root of trust so that manufacturers can securely benefit from IoT and big data analytics. In addition, SafeNet Luna HSMs offer high availability, load balancing, and ECC key limit size constraints for smaller crypto footprints, to ensure production uptimes and efficient performance rates that will not bog down systems.
Gemalto can help
Guard yourself against forgery, protect yourself against lost revenue, and become more vigilant in your secure manufacturing environment, including system risks that accompany the IoT.
IoT Security Threats Include
- Issuance of identities
- Privacy of IoT data
- Secure code signing
- Insecure communication between devices and the backend
- Breach of data resulting in incorrect data analysis
- Authentication of software updates
- Control of manufacturing licenses
- Authentication of manufactured components once deployed
- Enforcement of policy and procedures
Healthcare Data Security Solutions
From medical records to insurance forms to prescription services, the healthcare business is a networked environment – allowing patient information to be shared and managed by a variety of parties and from a number of endpoints, each with their own level of security for protecting that information.
Networking is magnified tenfold by the introduction of the Internet of Things (IoT) to Healthcare, as the number of connected devices and the tremendous amount of data they collect increases substantially. Numerous IoT applications in healthcare, from remote monitoring to smart sensors and medical device integration, have the potential to not only keep patients safe and healthy, but to improve how physicians deliver care as well. But there is the question of how to keep all of that data secure, especially if it is being exchanged with other devices.
Maintaining the security of patient data is a complex proposition that affects:
- Every employee of a healthcare facility
- Every area of its IT system
- Every participant in the healthcare IoT ecosystem
- All vendors, partners, and insurers that work with the healthcare provider
It's no surprise cyber criminals see medical data as particularly valuable as it enables them to illegally obtain medical goods and services or sell the sensitive information. As is the case with the IoT, major security flaws can pose serious threats to the health and safety of patients. For example, criminals can remotely manipulate devices, including those that controlled dosage levels for drug infusion pumps and connected defibrillators.
As a result, it is crucial that organizations implement healthcare data security solutions that will improve patient care while protecting important assets and satisfying healthcare compliance mandates.
SafeNet Healthcare Data Security Benefits
- Comply with applicable regulations and standards, including:
- State Data Breach Laws
- EU's General Data Protection Regulation (GDPR)
- Many more
- Protect the integrity of your medical applications
- Optimize workflows, allow doctors to receive real-time patient updates anywhere, and improve doctor/patient care with a secure IoT infrastructure
- Secure patient records and information, claim activity, and other medical transactions to ensure high efficiency, and security
- Identify and control the employees, customers, suppliers, patients, and partners accessing your applications and system
- Reduce implementation time and cost to ensure deadlines are met and fines avoided
- Eliminate the need for investing in disparate systems from different vendors
- Secure the exchange of records and information, claim activity, and other transactions amongst healthcare providers and insurers
Our Healthcare Data Security Solutions:
Control access to a range of medical systems, and become compliant with the DEA’s EPCS and other regulations. Our authentication solutions can be used not only to re-authenticate to EHR systems when issuing eRx’s for controlled substances, but also to secure remote access to EHRs for practitioners working off premises.
Hardware Security Modules (HSMs)
SafeNet Luna HSMs, combined with IAM solutions, provide high assurance protection of identities used to grant physical and logical access to users. HSMs also help protect transactions and applications, ensure data integrity, secure the IoT, and maintain an audit trail.
Data Encryption and Key Management
Data encryption and key management solutions protect and maintain ownership of data throughout its lifecycle — from the data center to the endpoint (including mobile devices used by physicians, clinicians, and administrators) and into the cloud.
High Speed Network Encryption
High-performance data in motion encryption solutions persistently protect information, ensure control beyond location or boundary, streamline operations, facilitate disaster recovery, and reduce compliance costs.
- Pricing and product availability subject to change without notice.