Luna HSM: TalkingTrust Video Series

Luna HSM: TalkingTrust Video Series

Secure your devices, identities and transactions with
Thales Luna HSMs and ecosystem partners – the foundation of digital trust

TalkingTrust with Thales and Keyfactor – IoT

TalkingTrust with Thales and Keyfactor – IoTIn this brief video, you’ll hear from Ellen Boehm, VP of IoT Strategy at Keyfactor, and Dave Madden, Sr. Director of Business Development at Thales, as they discuss the current state of IoT security and share their joint solution for securing the entire IoT ecosystem using Keyfactor Control and Thales Luna HSMs.




In this video, join Thales and Keyfactor as they discuss the current state of IoT security, and share their joint solution for securing the entire IoT ecosystem.

Dave Madden, Director of Business Development at Thales
Ellen Boehm, VP of IoT Strategy at Keyfactor

Review all integrations and supporting documents for Thales with Keyfactor.
Thales Technology Partner:

Partner website:


Video Transcript

TalkingTrust Series – Thales and Keyfactor – IoT


00:10 Hello

00:11 my name is David Madden I'm the Senior

00:13 Director of Business Development

00:15 and today we are here with Ellen Bowen

00:18 VP of

00:19 IoT Strategy and Operations at our great

00:21 partner Keyfactor

00:23 to do a TalkingTrust session on IoT.

00:27 During our session today we're going to

00:29 focus on security and how it relates to

00:31 vehicles in their supply chain.

00:33 The promise of IoT, has been

00:35 hyped over the past 10 years and the

00:37 number of connected devices arriving in

00:39 the market

00:40 is growing exponentially. However,

00:43 faster product development and feature

00:45 delivery often take a priority

00:47 to get offerings to market, leading to

00:49 increased security risks

00:50 device hacks and data theft.

00:53 Modern PKI has emerged as an efficient

00:56 and cost effective way to secure

00:57 embedded devices at scale,

00:59 but only when it's done right. We are

01:02 very lucky to have with us an industry

01:03 expert in the IoT and connected vehicle

01:05 space,

01:06 Ellen, to try and help make sense of the

01:08 current state of IoT

01:10 security across the ecosystem. 

01:13 Let's get started with discussing how

01:15 she views the risks in connected

01:16 vehicles

01:17 and how it is so hard to address this in

01:19 a secure

01:20 and scalable way.

01:25 Sounds good, thanks for having me.

01:27 Let's start then

01:28 with how we deal with 

01:32 these risks. Maybe you could

01:35 share a little bit

01:36 on this first slide. 

01:39 As you mentioned Dave there are a ton

01:42 of benefits

01:43 for why we want to connect vehicles

01:46 which is akin to, I think, IoT in

01:48 general. You have a product

01:51 and adding it 

01:54 to the internet to be able to pull data

01:56 from it and run analytics on how it's

01:58 operating

01:59 can help us in a ton of ways as

02:01 manufacturers to be able to do

02:03 more predictive maintenance, to be

02:05 able to anticipate

02:07 recalls and then manage warranty. 

02:10 From a vehicle standpoint there's things

02:11 around

02:12 safety and accident

02:15 avoidance or

02:16 optimizing how it's running, so that we

02:18 can reduce emissions and the carbon

02:20 footprint,

02:22 or just mobility and infotainment as

02:25 people are now

02:26 expecting their car to be 

02:29 this connectivity point to 

02:32 music

02:32 or maybe video when you're on a long

02:34 trip.

02:35 Those are the types of things that we

02:36 just expect to now 

02:38 be within these cars. How to then

02:42 make sure that we secure these points

02:46 of entry into this

02:48 vehicle that now we're

02:50 driving down the road got to

02:53 make sure that it doesn't get hacked

02:54 into.

02:55 There's a lot of complexity.

02:57 That's why if we break it

02:59 down

03:00 into a couple different pieces here.

03:03 Why is it hard because it is 

03:06 attractive. It's interesting to think

03:08 about hacking a car. 

03:10 It's a challenge.

03:13 Can you do it? Why do we climb it – because it’s there.

03:16 Why do we hack it?

03:17 Because we want to.

03:18 We want to be

03:20 the one to say “oh yeah, I was able to

03:23 open up this vehicle and drive

03:25 it away.” 

03:26  That's kind of the first

03:29 type of thing is that that hackers are

03:31 kind of out there

03:32 seeing what they can accomplish, The

03:34 next one is design limitations.

03:36 Within the hardware themselves itself

03:39 within the vehicle

03:41 there can be constraints processing

03:43 power there's

03:44 certain physical things that

03:48 are restrictions in the hardware that we

03:50 have today that we kind of need to work

03:51 within,

03:52 but we have to make sure to have the

03:55 capability to embed the right security

03:58 into that and write software into that

03:59 and the right

04:00 verification in into the framework that

04:02 we have.

04:04 By the way while making sure

04:06 that this lasts a really long time

04:08 because you buy a car you're

04:10 goinga expect it to last for

04:12 five, seven, ten

04:14 years in some cases. Right.

04:17 so a couple other things to 

04:21 bring up here around why it's hard so

04:24 the complexity of the supply chain.

04:26 Think about all of the different vendors

04:29 from

04:30 even just if you

04:32 don't know a lot about

04:33 making vehicles there's everything from

04:35 the rubber that goes into

04:37 the tires and then the wheels but then

04:39 all these little connected parts

04:40 the engine control units, the central

04:42 gateway

04:44 modules, just the brains in the computer

04:46 of the car

04:47 is a result of years and years of

04:50 collaboration between multiple people

04:52 and when you have security

04:54 now as

04:55 as going into that vehicle

04:58 infrastructure as well

05:00 you have multiple people that need to

05:01 all be on the same page with

05:03 how we're going to do this so 

05:05 that could be really challenging.

05:08 Makes sense. We want to talk a little

05:11 specifically about some of the risks

05:13 related to vehicle compromises and

05:15 some of the areas we should really think

05:17 about.

05:19 A couple things here I think a

05:22 lot of them when you start to think

05:23 about it are kind of logical.

05:25 What if I have a car and

05:29 it has a capability to have a digital

05:32 key fob right and it's on my phone I've

05:35 recently read

05:36 it was end of last year there was a

05:39 story about an 

05:41 electric vehicle manufacturer and a

05:43 security researcher that was able to

05:46 actually get into the car by

05:49 exploiting some vulnerabilities

05:51 around lack of validation

05:54 of firmware to be able to

05:57 basically spoof that key fob and use

06:00 their phone to open the door and get inside

06:03  and then use that to pair it

06:07 to the car and then start it up.

06:10 That it was now again they I think

06:14 bringing that to the attention of the

06:15 manufacturer they quickly

06:17 had patches and things like

06:18 that and that's the kind of stuff that i

06:20 think we as a security world need to be aware

06:22 of, need to be looking for,

06:24 need to figure out how to do better 

06:26 and then share those stories so that

06:28 everyone is aware

06:29 that these threats are real 

06:32 that

06:33 we're doing our best with trying to

06:35 build in security

06:36 but there's always going to be

06:38 somebody trying to knock that

06:40 down and

06:41 and try to get around it. I guess,

06:43 Ellen, that the neat thing here is when

06:45 you mention that

06:46 is they found about this

06:47 vulnerability and they could quickly as

06:49 you say patch it because it sounds like

06:50 a software update could address

06:52 that, whereas in the old days you had to come

06:54 up with a new safety recall

06:57 build a new part is that right like was

06:59 it fair to implement.

07:01 Exactly yes and so 

07:04 with over-the-air firmware updates which

07:07 is very commonplace in IoT

07:11 solutions it's

07:14 always recommended that before you push

07:16 code you sign that firmware

07:18 and you use a code signing certificate

07:21 and you store the private key

07:23 for that in an HSM

07:26 such as it comes with Thales solutions

07:28 and Keyfactor solutions

07:30 so there's I think best practices that

07:32 it's a starting point

07:34 do that such that when you push out the

07:36 firmware with

07:37 via your normal OTA process and then the

07:40 end point

07:41 accepts that it will validate that

07:43 firmware

07:44 with a signature verification before

07:47 installing it

07:48 and knowing who has

07:51 this arrived to me from an authorized

07:53 party and should I actually

07:57 install it so I can run the

07:59 next feature or fix a bug

08:01  and that's where we talk about

08:05 making sure that you're keeping hold of

08:07 that certificate and key because if anybody

08:12 can get access to that they can sign

08:15 code as if they were you as a

08:16 manufacturer and 

08:18 that can be a little bit scary.

08:21 Right it's a true Trojan horse!

08:23 True Trojan Horse, exactly! Because then the

08:26 device would say oh

08:27 it was signed by who I thought it was

08:30 supposed to be coming from.

08:32 But it's malware so

08:35 there's again like I said couple

08:36 different layers that we have to

08:39 cover here and make sure that we're

08:40 really secure. So how do we address this

08:43 then how would you suggest

08:44 perhaps an architecture to address these

08:46 different risk vectors that we're seeing?

08:50 If we take a look at this page

08:53 it's kind of

08:54 a high-level architecture of setting up

08:58 a different layers of security within

09:02 the IoT stack

09:03 okay so if we start at the bottom of

09:05 this page and you think about

09:08 the edge devices so typically you have

09:11 some IoT sensors or in this case you

09:13 have a vehicle engine control unit

09:15  in some cases there's a gateway

09:18 that's aggregating data from these

09:20 these different edge sensors the key is

09:23 at that layer to understand what you

09:25 need to do

09:26 in terms of device identity and

09:30 we recommend using asymmetric

09:33 certificates to be that 

09:36 it's not it's not duplicated

09:39 across any

09:40 any other device out there in the world

09:42 certificate based

09:43 a piece piece of information

09:46 that is tagged to that device that can

09:48 be

09:49 where it can be embedded in into the

09:51 device

09:52 and light and ideally generated from a

09:54 private key

09:55 that is generated on that piece of

09:57 hardware and

09:58 doesn't ever leave the hardware

10:02 it implements secure boot so

10:04 you can do this

10:05 in conjunction with firmware

10:08 verification like we talked about on

10:10 the last page and

10:12 and making sure that you start

10:14 up the device

10:15 only after you've validated

10:18 that it's secure

10:20 or validated the the

10:22 origin

10:23 so what you're talking about is a

10:25 layered model of security which

10:27 as you probably are very well

10:29 aware it's been an industry

10:30 best practice for well over 

10:32 several decades now.

10:34 Is that what you have in these

10:35 different 

10:37 layers if you will in the stack exactly?

10:40 After you figure out how you want to

10:43 then layer in at the edge right it's what do

10:46 you need to layer in at that management

10:48 level and then what do you need to do at

10:50 the operations level

10:52 and the key point on the right hand side

10:55 is if you do this

10:56 correctly then and you're encrypting

10:59 your data at those edge points

11:01 and you're using certificates and you're

11:03 establishing secure

11:04 connections you can send that data

11:07 across

11:08 wi-fi or bluetooth or whatever

11:11 network you have

11:12 within a vehicle right and then that

11:15 data can be decrypted

11:17 at by an authorized endpoint in

11:20 the cloud

11:20 whatever application is looking at

11:22 the data right

11:24 and to your point that data i'm hearing

11:26 is the new goal from

11:28 IoT it's the data that drives all these

11:31 different

11:31 new business case and service models is

11:34 that right yes

11:35 that is a hundred percent the case and i

11:38 think we've known that for a while we've

11:39 we've talked about

11:41 the value of that it opens so many

11:44 different business models

11:46 especially when it comes to more

11:49 traditional

11:50 hardware based industries that that

11:52 provide an asset

11:53 a very expensive asset that that

11:57 we're looking to optimize

11:59 whether that's a power turbine

12:01 whether that's some sort of

12:02 industrial control system

12:04 there's a ton of things that can

12:07 be monitored that can be collected that

12:10 can be

12:11 then analyzed and then used

12:14 to then optimize the overall system and

12:17 that's where

12:18 you open up different business

12:20 opportunities different services

12:22 for your core business or on top of

12:25 your core business I should say

12:26 which is super interesting.

12:30 very interesting point Ellen so 

12:31 let's talk about that a little more

12:33 can you share some details on some of

12:35 these use cases that

12:36 you're starting to see?

12:40 Let's talk about so we kind of talked

12:44 about connected vehicle

12:46 a bit I also want to touch on medical

12:49 devices because that's another

12:50 space where we have some customers

12:54 that are employing

12:56 firmware signing and certificate based

12:58 authentication

12:59 so in this case here let's

13:02 just talk about

13:03 an insulin pump right so you have

13:07 a device that is attached to

13:10 a patient and needs to deliver

13:13 insulin and so you have a

13:18 identity that then is

13:21 built into that device when it's

13:23 produced so that device has some sort of

13:26 PCB it has some electronics it has a

13:29 microprocessor it has maybe a secure

13:32 element to place to store

13:34 keys and certificates and so when the

13:36 device is produced we have to figure out

13:38 what's that identity

13:40 and how do we provision that identity in

13:42 the factory such that you can

13:44 get that onto that board right and then

13:46 it can get assembled into its end device

13:48 it can get packaged up and it can get

13:50 shipped off in into the world so that's

13:53 one thing that we talk about is like

13:54 what is the birth

13:55 certificate and birth identity part

13:58 of that is also 

14:00 creating that key and how do you

14:02 want to inject that key

14:04 which creates the

14:06 search certificate

14:08 for the device identity certificate

14:10 how do you do that where do you store

14:12 that there's different ways you can do

14:13 that you Keyfactor’s intel can help

14:16 you

14:17 with establishing

14:19 an infrastructure to then be able to

14:21 create that

14:22 uniquely very interesting and

14:25 in the interest in both cases 

14:27 you're dealing with public safety

14:29 whether it's a health care or

14:31 connected vehicle

14:33 it's safety as well as the power of the

14:34 data it's protecting

14:36 people and keeping them safe

14:38 on one side but also enabling new

14:40 business models on the other

14:42 right how to impact this as part of all

14:45 all these different use cases

14:47 how can we recreate how would the cloud

14:51 impact this ah yes yeah

14:54 definitely so

14:57 I think there's a lot more

15:01 talk around do we analyze

15:04 data at the edge because it's faster or

15:07 can we leverage different cloud

15:09 platforms to do

15:10 similar analysis I think in in

15:14 in many cases we are looking to the

15:16 cloud to be able to be more flexible

15:19 to in some cases

15:22 be to stand things up more quickly

15:25 to be flexible in if back to the

15:28 manufacturing

15:29 use case right so let's say you want to

15:31 you switch where you're producing

15:34 your a bunch of your connected devices

15:36 okay and

15:38 you want to go to a different contract

15:39 manufacturer you want to outsource

15:41 something of a new product line until

15:42 you have capacity

15:43 so those types of things you have to

15:46 think about how are you then going to

15:48 stand up a new product make

15:49 sure that you're creating keys and

15:51 certificates for it

15:52 quickly the cloud I think is a

15:55 when implemented securely is an

15:57 excellent option to be able to help us

15:59 stand things up in a faster way makes

16:02 sense

16:02 so now what might if you put all these

16:04 pieces together if you will

16:06 what might a high-level IoT architecture

16:09 look like in the automotive

16:10 and healthcare market?

16:14 I think when we are looking at designing

16:17 an

16:18 overall architecture it's

16:22 starting with what are those

16:25 identities that you want to create

16:28 and you know what type of

16:31 underlying public key infrastructure

16:35 root CAs, issuing CAs when I say CA

16:39 certificate authority

16:40 you can see on the screen here how do

16:42 I design

16:44 and create policies around all that

16:46 infrastructure to be able to generate

16:49 certificates for the devices the

16:52 groups the products within my business

16:55  once that's kind of

16:57 designed out

16:59 and think about where and who i

17:01 need to access

17:02 these pieces to create the

17:05 proper authentication

17:07 within the factory, within the operations,

17:10 within development so item you

17:14 know here one

17:14 and and two here are what what is the

17:17 system

17:18 that you're going to use to create 

17:20 these identities

17:22 and where does it need to live. you

17:23 probably need to have some access

17:26 on the factory floor perhaps you would

17:28 need to have access

17:30 in step number two for your

17:32 firmware developers to be able to

17:34 present

17:34 code to be signed with that code signing

17:36 certificate so that then you can release

17:39 firmware updates to be installed

17:42 when they're initially produced or 

17:46 sent into the normal firmware

17:48 over there update 

17:50 life cycle you also have to consider

17:54 what cloud IoT platforms that you might

17:58 be using for

17:59 overall device management in some cases

18:03 there's that to take into

18:04 consideration in conjunction

18:06 with your own dedicated single tenant PKI

18:10 and root from which all your

18:12  certificates come from.

18:14 so those are kind of the different

18:16 different pieces and then finally step

18:17 four there is just

18:19 how you're actually getting this

18:22 technology and this capability into your

18:25 devices so that when they are

18:27 in the field and offline that you can be

18:30 able to do

18:31 life cycle management on

18:34 these high-value pieces of

18:37 equipment

18:38 because we're putting in certificates

18:41 and keys right now

18:42 we're using the best crypto algorithms

18:45 that we have today

18:47 we also should know that things are

18:49 going to change and

18:50 those algorithms are going to become

18:52 outdated and weaker

18:53 over time so if you're making an asset

18:55 and 

18:56 it's 15 years lifetime you as an OEM is

19:00 responsible for

19:01 maintaining that you're going to have to

19:03 make sure that your security is also up

19:05 to date

19:06 to last just as long as the pieces of

19:08 hardware within that system

19:10 last and so I think those are things

19:12 that we want to think about

19:13 just from a whole overall start to

19:16 finish how do you build it,

19:17 how do you maintain it, how you do the

19:19 whole life cycle.

19:21 Very interesting and I think

19:24 this is a great way to show a turnkey

19:25 solution that Keyfactor and Thales are

19:27 providing for automating

19:29 the management of IoT lifecycle and

19:31 complex manufacturing supply

19:33 chains like

19:34 healthcare and connected vehicles as you

19:36 describe Ellen and really to put this in

19:38 the context of the

19:39 the global pandemic our friends

19:42 at IDC have found that teams practicing

19:44 this accelerated application delivery

19:47 for new services using the cloud and IoT

19:50 are in a much better position to

19:53 respond to the crisis they're able to

19:55 roll out new services based on IoT in a

19:57 much shorter time

19:58 to help drive the shift in their 

20:00 classic business to a digital business

20:03 and I think automotive

20:04 companies are really looking to IoT

20:06 and to leverage cloud and services for

20:08 their 

20:10 traditional car business. So thank you

20:12 very much Ellen for taking the time

20:13 today to share your insights into

20:15 threats

20:16 impacting IoT connected vehicles and

20:18 healthcare and how we all really need to

20:20 rethink

20:21 how we're approaching PKI identities

20:23 security policies and their impact

20:25 on enterprises as they digitally

20:27 transform their business.

20:29 Please see below for the links and get

20:31 more details on how Keyfactor and

20:32 Thales can help you secure

20:34 automate and scale your IoT deployments.

20:39 Thanks Dave stay safe and have a great day.

20:50 Thank you

Code Signing for DevOps with Keyfactor Code Assure - Solution Brief

Code Signing for DevOps with Keyfactor Code Assure - Solution Brief

Software developers and IoT manufacturers rely on code signing to protect end users and their company’s reputation. But the integrity of code signing hinges entirely on the security of your private keys. As attackers become more adept at compromising these keys to spread...

Securing Identities Where and When Needed with Keyfactor and Thales - Solution Brief

Securing Identities Where and When Needed with Keyfactor and Thales - Solution Brief

The Internet of Things (IoT) presents a huge business opportunity across almost every industry. But IoT also brings with it large scale, complex deployments that can cause security management challenges. As the scale of IoT deployments increase, the complexity of certificate...

Securing Emerging Technologies with Thales Luna HSMs - Solution Brief

Securing Emerging Technologies with Thales Luna HSMs - Solution Brief

In today's digital world, enterprise and government are in a state of flux. Organizations are optimizing by taking workloads to the cloud, or forging ahead transforming, taking advantage of a wide variety of emerging technologies. They are revisiting their strategies due to...

Luna Network HSM

Luna Network HSM - Product Brief

Secure your sensitive data and critical applications by storing, protecting and managing your cryptographic keys in Thales Luna Network Hardware Security Modules (HSMs) - high-assurance, tamper-resistant, network-attached appliances offering market-leading performance and...