Securing the Internet of Things

Root of Trust and Technology platform for IoT

Securing the Internet of Things

Technology allows to connect people-to-machines and machines-to-machines:

  • creating new opportunities to improve people’s life;
  • optimize processes and resources;
  • reduce risk towards end users;
  • improve end-user experience; create or improve businesses.

This can only happen if data can be trusted

WISeKey provides an end-to-end scalable security framework, to be integrated into IoT platforms and objects, based on PKI technology to protect the Data at rest or in transit.

WISeKey is a provider of trusted cryptographic root keys and security solutions and proposes products and services to distribute, use and manage digital certificates and associated secure ssets.

WISeKey proposes and recommends the use of secure hardware (tamper resistant chips) in all IOT devices to avoid creating a weak link (hacker entry point) in the IoT network infrastructure.

Threats in IoT

Distributed Denial of Services (DDoS) attacks have become more widespread and more dangerous and cause organizations billion dollar losses; many of the attacks happened on video surveillance cameras. While hackers have different motivations (have Fun, Get Money, Terrorists…) and different resources (material, collusion, expertise) to penetrate a system, all IoT Systems will face hacking, and in case of success, consequences can be severe and can include: stop or disturb services, negative impact on people’s privacy and safety, theft of intellectual property, damage brand reputation, loss of revenue and job destruction… WISeKey offers products and solutions to overcome those attacks.

theatiniot

White Paper

Security industrial plant

What is an Industrial Programmable Logic Controller (IPLC)?
Industrial Programmable Logic Controllers (IPLCs) are an integral part of Automated Production Systems (APS). They are designed to produce quality products at a cheaper cost and with fewer human operations. IPLCs first appeared at the end of the 1960s to meet demands from the automotive industry for increased adaptability in their control systems.
Reduced electronic costs then made it possible to replace hard-wired logic (electromagnetic relays and pneumatic systems) by programmable logic (microprocessors).
This paved the way for the first Industrial Programmable Logic Controllers, a kind of computer adapted to the relatively constrictive world of industry: dust, humidity, temperature, vibrations, simple programming language required for user-friendly operations (implementation, troubleshooting by non-IT specialists), upgradable hardware.

Read More about WISeKey’ solution by downloading Security industrial plant

DDOS

IoT Security Solutions

The development of Internet of Things (“IoT”), based on the collection and management of large amounts of data, can only happen if data can be trusted. To achieve this, the most important security functions to secure IoT are:

  • Authentication: confirming the identity of the communication peer;
  • Secure communication: Protecting the data in transit;
  • Secure Execution of code: Protecting the data in process;
  • Secure storage: Protecting data at rest

The use of proven technologies coming from Information Technology and the security market, adapted to the IoT, offer the best solutions to secure the IoT infrastructure.
Read More about WISeKey’ solution by downloading White Paper IoT Security Solutions

DDOS

Solutions to prevent IoT devices to be used for DDOS attacks

The 18th of September, OVH, “the number 3 internet hosting company in the world” has been faced the most massive DDOS attack. It has been resolved on the 23rd of September.

DDOS (Distributed Denial of Service) attack is more and more common on the internet, on the 21st of October Dyn experienced a similar attack scenario. The issue was resolved 10 hours later. Dyn is providing web site name to dynamic IP address translation. If you want to access a network from internet, you need to translate the URL into an IP address which may change from time to time. This is what Domain Name System is solving.

These attacks are the largest ones reported so far.

Read More about WISeKey’ solution by downloading White Paper DDOS

DDOS

WISeKey Solutions WISeTrustIoT

WISeKey provides an enhanced security framework that combines our experience in PKI and certificate management solutions with innovative features that address the new needs of the Internet of Things. Open interfaces that allow to integrate the manufacturing process of the objects with the issuance of their identities, and programming interfaces that simplify the usage of the new identities when authenticating the connected objects and the data that is transmitted across the network. The full lifecycle of the objects, their identities and the data can be easily managed with the new IoT platform provided by WISeKey.

Customers have the flexibility to select all or some items of the offering and have multiple choices for operation.

WISeTrustIoT Key Points:

  • WISeKey solid trusted partner
  • Scalable Security
    • PKI based security, Swiss Root of Trust
    • Software Solution; optional use of tamper resistant chip
  • Easy Integration in IoT platform, and in devices
  • Cost effective solution
  • Security for device in operation and for provisioning
  • Certified Security
wisetrustkey

WISeKey Unique Root of Trust Model

A Root of Trust (RoT) is the basis for a global end-to-end security solution. A RoT serves as a common trust anchor, which is recognized by the operating system (OS) and applications, and ensures the authenticity, confidentiality and integrity of on-line transactions. With the cryptographic RoT embedded in the device, the IoT product manufacturers can use PKI (Public Key Infrastructure) technologies to secure interaction among objects and between objects and people.

WISeKey has a unique positioning to offer… a consistent security system from the RoT to back-office. WISeKey is the trusted operator of the International Organization for the Security of Electronic Transaction (OISTE) Global Root. The OISTE Foundation is working with the United Nation and many international organizations in this area.  Swiss neutrality, security, and privacy laws allow operations without geo-political or governmental constraints. The WISeKey RoT is the only one available outside NATO and it is located in a military grade bunker located in the Swiss Alps.

IoT-Oiste-02

Certificate Authority

Based on Trusted Root Keys, WISeKey can be the Certificate Authority (C.A.) generating digital certificates for your application.

Use of Digital Certificates

The digital certificate and associated cryptographic assets are used to identify and authenticate devices during their entire life. Only trusted devices can connect to secure networks.

Digital certificates, for instance SSL certificates, can also be used to secure communication channels from devices to gateways/routers, and from gateways/routers to servers.

WISeKey also offers solutions to control the device’s firmware integrity at initial stage (bootloader) and during upgrades in the field.

Certificate Management System

The WISeKey Certificate Management System (CMS) is a software tool with user friendly interface that allows to manage the life-cycle of subscribers and their digital certificates.

The optional security broker allows to authenticate and validate the messages coming from the different IoT devices and transfer only trusted messages to the IoT platform of our customer. The WISeTrust IoT framework can be easily integrated into customer IoT platform as the customer does not need to implement additional security mechanisms.

The WISeKey CMS also includes secure provisioning solutions to help maintain a consistent high system security, even when the IoT device is in an unsecured environment (contract manufacturers, in the field). Devices configuration and firmware upgrades are made easy and secure at any time.

WISeKey CMS can be installed in customer premises, bur for the ones not willing to deploy their own infrastructure, WISeKey can provide trusted services from any of its local secure datacenters in Switzerland, USA, India or China. The managed platform can be accesses through a browser and a web-service API.

WISeKey Certificate Management System is also compatible with third party C.A. based on Microsoft or Enterprise Java Beans Certificate Authority (EJCBA) open source C.A.

Provisioning

It’s mandatory to protect the data when the devices are in operation, but it is as important to protect the devices and related data when the devices are being manufactured or in maintenance.

WISeKey Provisioning solution allows to securely inject security assets, perform device configuration, upgrade software when the devices are being manufactured or in the field running in a non-secure environment.

Secure Chip- VaultIC

VaultIC is a product family of tamper resistant chips to be used as a companion chip to the IoT-device host processor. VaultIC embeds configurable cryptographic tool boxes for Authentication, Confidentiality and Integrity executed in a secure environment as well as  on-chip tamper resistant data storage capabilities (NVM) for keys, certificates and customer data.

The VaultIC low-power consumption profile makes it a viable solution to meet the limited power budgets of the embedded IoT nodes.

VaultIC comes with middleware including secure boot, secure firmware update for IoT devices and a secure communication (SSL/TLS) stack.

The use of secure hardware is recommended to avoid creating a weak link (entry point) in the IoT network infrastructure.

Summary data sheets

VaultIC 182

VaultIC405

Security Certifications

The VaultIC offer the best digital security guaranteed by independent certifications:

  • FIPS 140-2 Level 3
  • Based on state of the art secure microcontrollers certified to Common Criteria EAL4+/5+
  • WebTrust seal for CMS platform (annual audit by third party)

security-cert