TalkingTrust with Thales and Keyfactor – IoT

TalkingTrust Series – Thales and Keyfactor – IoT

 

00:10 Hello

00:11 my name is David Madden I'm the Senior

00:13 Director of Business Development

00:15 and today we are here with Ellen Bowen

00:18 VP of

00:19 IoT Strategy and Operations at our great

00:21 partner Keyfactor

00:23 to do a TalkingTrust session on IoT.

00:27 During our session today we're going to

00:29 focus on security and how it relates to

00:31 vehicles in their supply chain.

00:33 The promise of IoT, has been

00:35 hyped over the past 10 years and the

00:37 number of connected devices arriving in

00:39 the market

00:40 is growing exponentially. However,

00:43 faster product development and feature

00:45 delivery often take a priority

00:47 to get offerings to market, leading to

00:49 increased security risks

00:50 device hacks and data theft.

00:53 Modern PKI has emerged as an efficient

00:56 and cost effective way to secure

00:57 embedded devices at scale,

00:59 but only when it's done right. We are

01:02 very lucky to have with us an industry

01:03 expert in the IoT and connected vehicle

01:05 space,

01:06 Ellen, to try and help make sense of the

01:08 current state of IoT

01:10 security across the ecosystem. 

01:13 Let's get started with discussing how

01:15 she views the risks in connected

01:16 vehicles

01:17 and how it is so hard to address this in

01:19 a secure

01:20 and scalable way.

01:25 Sounds good, thanks for having me.

01:27 Let's start then

01:28 with how we deal with 

01:32 these risks. Maybe you could

01:35 share a little bit

01:36 on this first slide. 

01:39 As you mentioned Dave there are a ton

01:42 of benefits

01:43 for why we want to connect vehicles

01:46 which is akin to, I think, IoT in

01:48 general. You have a product

01:51 and adding it 

01:54 to the internet to be able to pull data

01:56 from it and run analytics on how it's

01:58 operating

01:59 can help us in a ton of ways as

02:01 manufacturers to be able to do

02:03 more predictive maintenance, to be

02:05 able to anticipate

02:07 recalls and then manage warranty. 

02:10 From a vehicle standpoint there's things

02:11 around

02:12 safety and accident

02:15 avoidance or

02:16 optimizing how it's running, so that we

02:18 can reduce emissions and the carbon

02:20 footprint,

02:22 or just mobility and infotainment as

02:25 people are now

02:26 expecting their car to be 

02:29 this connectivity point to 

02:32 music

02:32 or maybe video when you're on a long

02:34 trip.

02:35 Those are the types of things that we

02:36 just expect to now 

02:38 be within these cars. How to then

02:42 make sure that we secure these points

02:46 of entry into this

02:48 vehicle that now we're

02:50 driving down the road got to

02:53 make sure that it doesn't get hacked

02:54 into.

02:55 There's a lot of complexity.

02:57 That's why if we break it

02:59 down

03:00 into a couple different pieces here.

03:03 Why is it hard because it is 

03:06 attractive. It's interesting to think

03:08 about hacking a car. 

03:10 It's a challenge.

03:13 Can you do it? Why do we climb it – because it’s there.

03:16 Why do we hack it?

03:17 Because we want to.

03:18 We want to be

03:20 the one to say “oh yeah, I was able to

03:23 open up this vehicle and drive

03:25 it away.” 

03:26  That's kind of the first

03:29 type of thing is that that hackers are

03:31 kind of out there

03:32 seeing what they can accomplish, The

03:34 next one is design limitations.

03:36 Within the hardware themselves itself

03:39 within the vehicle

03:41 there can be constraints processing

03:43 power there's

03:44 certain physical things that

03:48 are restrictions in the hardware that we

03:50 have today that we kind of need to work

03:51 within,

03:52 but we have to make sure to have the

03:55 capability to embed the right security

03:58 into that and write software into that

03:59 and the right

04:00 verification in into the framework that

04:02 we have.

04:04 By the way while making sure

04:06 that this lasts a really long time

04:08 because you buy a car you're

04:10 goinga expect it to last for

04:12 five, seven, ten

04:14 years in some cases. Right.

04:17 so a couple other things to 

04:21 bring up here around why it's hard so

04:24 the complexity of the supply chain.

04:26 Think about all of the different vendors

04:29 from

04:30 even just if you

04:32 don't know a lot about

04:33 making vehicles there's everything from

04:35 the rubber that goes into

04:37 the tires and then the wheels but then

04:39 all these little connected parts

04:40 the engine control units, the central

04:42 gateway

04:44 modules, just the brains in the computer

04:46 of the car

04:47 is a result of years and years of

04:50 collaboration between multiple people

04:52 and when you have security

04:54 now as

04:55 as going into that vehicle

04:58 infrastructure as well

05:00 you have multiple people that need to

05:01 all be on the same page with

05:03 how we're going to do this so 

05:05 that could be really challenging.

05:08 Makes sense. We want to talk a little

05:11 specifically about some of the risks

05:13 related to vehicle compromises and

05:15 some of the areas we should really think

05:17 about.

05:19 A couple things here I think a

05:22 lot of them when you start to think

05:23 about it are kind of logical.

05:25 What if I have a car and

05:29 it has a capability to have a digital

05:32 key fob right and it's on my phone I've

05:35 recently read

05:36 it was end of last year there was a

05:39 story about an 

05:41 electric vehicle manufacturer and a

05:43 security researcher that was able to

05:46 actually get into the car by

05:49 exploiting some vulnerabilities

05:51 around lack of validation

05:54 of firmware to be able to

05:57 basically spoof that key fob and use

06:00 their phone to open the door and get inside

06:03  and then use that to pair it

06:07 to the car and then start it up.

06:10 That it was now again they I think

06:14 bringing that to the attention of the

06:15 manufacturer they quickly

06:17 had patches and things like

06:18 that and that's the kind of stuff that i

06:20 think we as a security world need to be aware

06:22 of, need to be looking for,

06:24 need to figure out how to do better 

06:26 and then share those stories so that

06:28 everyone is aware

06:29 that these threats are real 

06:32 that

06:33 we're doing our best with trying to

06:35 build in security

06:36 but there's always going to be

06:38 somebody trying to knock that

06:40 down and

06:41 and try to get around it. I guess,

06:43 Ellen, that the neat thing here is when

06:45 you mention that

06:46 is they found about this

06:47 vulnerability and they could quickly as

06:49 you say patch it because it sounds like

06:50 a software update could address

06:52 that, whereas in the old days you had to come

06:54 up with a new safety recall

06:57 build a new part is that right like was

06:59 it fair to implement.

07:01 Exactly yes and so 

07:04 with over-the-air firmware updates which

07:07 is very commonplace in IoT

07:11 solutions it's

07:14 always recommended that before you push

07:16 code you sign that firmware

07:18 and you use a code signing certificate

07:21 and you store the private key

07:23 for that in an HSM

07:26 such as it comes with Thales solutions

07:28 and Keyfactor solutions

07:30 so there's I think best practices that

07:32 it's a starting point

07:34 do that such that when you push out the

07:36 firmware with

07:37 via your normal OTA process and then the

07:40 end point

07:41 accepts that it will validate that

07:43 firmware

07:44 with a signature verification before

07:47 installing it

07:48 and knowing who has

07:51 this arrived to me from an authorized

07:53 party and should I actually

07:57 install it so I can run the

07:59 next feature or fix a bug

08:01  and that's where we talk about

08:05 making sure that you're keeping hold of

08:07 that certificate and key because if anybody

08:12 can get access to that they can sign

08:15 code as if they were you as a

08:16 manufacturer and 

08:18 that can be a little bit scary.

08:21 Right it's a true Trojan horse!

08:23 True Trojan Horse, exactly! Because then the

08:26 device would say oh

08:27 it was signed by who I thought it was

08:30 supposed to be coming from.

08:32 But it's malware so

08:35 there's again like I said couple

08:36 different layers that we have to

08:39 cover here and make sure that we're

08:40 really secure. So how do we address this

08:43 then how would you suggest

08:44 perhaps an architecture to address these

08:46 different risk vectors that we're seeing?

08:50 If we take a look at this page

08:53 it's kind of

08:54 a high-level architecture of setting up

08:58 a different layers of security within

09:02 the IoT stack

09:03 okay so if we start at the bottom of

09:05 this page and you think about

09:08 the edge devices so typically you have

09:11 some IoT sensors or in this case you

09:13 have a vehicle engine control unit

09:15  in some cases there's a gateway

09:18 that's aggregating data from these

09:20 these different edge sensors the key is

09:23 at that layer to understand what you

09:25 need to do

09:26 in terms of device identity and

09:30 we recommend using asymmetric

09:33 certificates to be that 

09:36 it's not it's not duplicated

09:39 across any

09:40 any other device out there in the world

09:42 certificate based

09:43 a piece piece of information

09:46 that is tagged to that device that can

09:48 be

09:49 where it can be embedded in into the

09:51 device

09:52 and light and ideally generated from a

09:54 private key

09:55 that is generated on that piece of

09:57 hardware and

09:58 doesn't ever leave the hardware

10:02 it implements secure boot so

10:04 you can do this

10:05 in conjunction with firmware

10:08 verification like we talked about on

10:10 the last page and

10:12 and making sure that you start

10:14 up the device

10:15 only after you've validated

10:18 that it's secure

10:20 or validated the the

10:22 origin

10:23 so what you're talking about is a

10:25 layered model of security which

10:27 as you probably are very well

10:29 aware it's been an industry

10:30 best practice for well over 

10:32 several decades now.

10:34 Is that what you have in these

10:35 different 

10:37 layers if you will in the stack exactly?

10:40 After you figure out how you want to

10:43 then layer in at the edge right it's what do

10:46 you need to layer in at that management

10:48 level and then what do you need to do at

10:50 the operations level

10:52 and the key point on the right hand side

10:55 is if you do this

10:56 correctly then and you're encrypting

10:59 your data at those edge points

11:01 and you're using certificates and you're

11:03 establishing secure

11:04 connections you can send that data

11:07 across

11:08 wi-fi or bluetooth or whatever

11:11 network you have

11:12 within a vehicle right and then that

11:15 data can be decrypted

11:17 at by an authorized endpoint in

11:20 the cloud

11:20 whatever application is looking at

11:22 the data right

11:24 and to your point that data i'm hearing

11:26 is the new goal from

11:28 IoT it's the data that drives all these

11:31 different

11:31 new business case and service models is

11:34 that right yes

11:35 that is a hundred percent the case and i

11:38 think we've known that for a while we've

11:39 we've talked about

11:41 the value of that it opens so many

11:44 different business models

11:46 especially when it comes to more

11:49 traditional

11:50 hardware based industries that that

11:52 provide an asset

11:53 a very expensive asset that that

11:57 we're looking to optimize

11:59 whether that's a power turbine

12:01 whether that's some sort of

12:02 industrial control system

12:04 there's a ton of things that can

12:07 be monitored that can be collected that

12:10 can be

12:11 then analyzed and then used

12:14 to then optimize the overall system and

12:17 that's where

12:18 you open up different business

12:20 opportunities different services

12:22 for your core business or on top of

12:25 your core business I should say

12:26 which is super interesting.

12:30 very interesting point Ellen so 

12:31 let's talk about that a little more

12:33 can you share some details on some of

12:35 these use cases that

12:36 you're starting to see?

12:40 Let's talk about so we kind of talked

12:44 about connected vehicle

12:46 a bit I also want to touch on medical

12:49 devices because that's another

12:50 space where we have some customers

12:54 that are employing

12:56 firmware signing and certificate based

12:58 authentication

12:59 so in this case here let's

13:02 just talk about

13:03 an insulin pump right so you have

13:07 a device that is attached to

13:10 a patient and needs to deliver

13:13 insulin and so you have a

13:18 identity that then is

13:21 built into that device when it's

13:23 produced so that device has some sort of

13:26 PCB it has some electronics it has a

13:29 microprocessor it has maybe a secure

13:32 element to place to store

13:34 keys and certificates and so when the

13:36 device is produced we have to figure out

13:38 what's that identity

13:40 and how do we provision that identity in

13:42 the factory such that you can

13:44 get that onto that board right and then

13:46 it can get assembled into its end device

13:48 it can get packaged up and it can get

13:50 shipped off in into the world so that's

13:53 one thing that we talk about is like

13:54 what is the birth

13:55 certificate and birth identity part

13:58 of that is also 

14:00 creating that key and how do you

14:02 want to inject that key

14:04 which creates the

14:06 search certificate

14:08 for the device identity certificate

14:10 how do you do that where do you store

14:12 that there's different ways you can do

14:13 that you Keyfactor’s intel can help

14:16 you

14:17 with establishing

14:19 an infrastructure to then be able to

14:21 create that

14:22 uniquely very interesting and

14:25 in the interest in both cases 

14:27 you're dealing with public safety

14:29 whether it's a health care or

14:31 connected vehicle

14:33 it's safety as well as the power of the

14:34 data it's protecting

14:36 people and keeping them safe

14:38 on one side but also enabling new

14:40 business models on the other

14:42 right how to impact this as part of all

14:45 all these different use cases

14:47 how can we recreate how would the cloud

14:51 impact this ah yes yeah

14:54 definitely so

14:57 I think there's a lot more

15:01 talk around do we analyze

15:04 data at the edge because it's faster or

15:07 can we leverage different cloud

15:09 platforms to do

15:10 similar analysis I think in in

15:14 in many cases we are looking to the

15:16 cloud to be able to be more flexible

15:19 to in some cases

15:22 be to stand things up more quickly

15:25 to be flexible in if back to the

15:28 manufacturing

15:29 use case right so let's say you want to

15:31 you switch where you're producing

15:34 your a bunch of your connected devices

15:36 okay and

15:38 you want to go to a different contract

15:39 manufacturer you want to outsource

15:41 something of a new product line until

15:42 you have capacity

15:43 so those types of things you have to

15:46 think about how are you then going to

15:48 stand up a new product make

15:49 sure that you're creating keys and

15:51 certificates for it

15:52 quickly the cloud I think is a

15:55 when implemented securely is an

15:57 excellent option to be able to help us

15:59 stand things up in a faster way makes

16:02 sense

16:02 so now what might if you put all these

16:04 pieces together if you will

16:06 what might a high-level IoT architecture

16:09 look like in the automotive

16:10 and healthcare market?

16:14 I think when we are looking at designing

16:17 an

16:18 overall architecture it's

16:22 starting with what are those

16:25 identities that you want to create

16:28 and you know what type of

16:31 underlying public key infrastructure

16:35 root CAs, issuing CAs when I say CA

16:39 certificate authority

16:40 you can see on the screen here how do

16:42 I design

16:44 and create policies around all that

16:46 infrastructure to be able to generate

16:49 certificates for the devices the

16:52 groups the products within my business

16:55  once that's kind of

16:57 designed out

16:59 and think about where and who i

17:01 need to access

17:02 these pieces to create the

17:05 proper authentication

17:07 within the factory, within the operations,

17:10 within development so item you

17:14 know here one

17:14 and and two here are what what is the

17:17 system

17:18 that you're going to use to create 

17:20 these identities

17:22 and where does it need to live. you

17:23 probably need to have some access

17:26 on the factory floor perhaps you would

17:28 need to have access

17:30 in step number two for your

17:32 firmware developers to be able to

17:34 present

17:34 code to be signed with that code signing

17:36 certificate so that then you can release

17:39 firmware updates to be installed

17:42 when they're initially produced or 

17:46 sent into the normal firmware

17:48 over there update 

17:50 life cycle you also have to consider

17:54 what cloud IoT platforms that you might

17:58 be using for

17:59 overall device management in some cases

18:03 there's that to take into

18:04 consideration in conjunction

18:06 with your own dedicated single tenant PKI

18:10 and root from which all your

18:12  certificates come from.

18:14 so those are kind of the different

18:16 different pieces and then finally step

18:17 four there is just

18:19 how you're actually getting this

18:22 technology and this capability into your

18:25 devices so that when they are

18:27 in the field and offline that you can be

18:30 able to do

18:31 life cycle management on

18:34 these high-value pieces of

18:37 equipment

18:38 because we're putting in certificates

18:41 and keys right now

18:42 we're using the best crypto algorithms

18:45 that we have today

18:47 we also should know that things are

18:49 going to change and

18:50 those algorithms are going to become

18:52 outdated and weaker

18:53 over time so if you're making an asset

18:55 and 

18:56 it's 15 years lifetime you as an OEM is

19:00 responsible for

19:01 maintaining that you're going to have to

19:03 make sure that your security is also up

19:05 to date

19:06 to last just as long as the pieces of

19:08 hardware within that system

19:10 last and so I think those are things

19:12 that we want to think about

19:13 just from a whole overall start to

19:16 finish how do you build it,

19:17 how do you maintain it, how you do the

19:19 whole life cycle.

19:21 Very interesting and I think

19:24 this is a great way to show a turnkey

19:25 solution that Keyfactor and Thales are

19:27 providing for automating

19:29 the management of IoT lifecycle and

19:31 complex manufacturing supply

19:33 chains like

19:34 healthcare and connected vehicles as you

19:36 describe Ellen and really to put this in

19:38 the context of the

19:39 the global pandemic our friends

19:42 at IDC have found that teams practicing

19:44 this accelerated application delivery

19:47 for new services using the cloud and IoT

19:50 are in a much better position to

19:53 respond to the crisis they're able to

19:55 roll out new services based on IoT in a

19:57 much shorter time

19:58 to help drive the shift in their 

20:00 classic business to a digital business

20:03 and I think automotive

20:04 companies are really looking to IoT

20:06 and to leverage cloud and services for

20:08 their 

20:10 traditional car business. So thank you

20:12 very much Ellen for taking the time

20:13 today to share your insights into

20:15 threats

20:16 impacting IoT connected vehicles and

20:18 healthcare and how we all really need to

20:20 rethink

20:21 how we're approaching PKI identities

20:23 security policies and their impact

20:25 on enterprises as they digitally

20:27 transform their business.

20:29 Please see below for the links and get

20:31 more details on how Keyfactor and

20:32 Thales can help you secure

20:34 automate and scale your IoT deployments.

20:39 Thanks Dave stay safe and have a great day.

20:50 Thank you