Securing the Internet of Things

Root of Trust and Technology platform for IoT

Securing the Internet of Things

Technology allows people, objects and machines to connect to one another, creating new opportunities to improve people’s lifes:

  • Optimize processes and resources;
  • Reduce risks;
  • Improve end-user experience;
  • Create or increase business.

IoT success can only happen if data can be trusted

WISeKey provides an end-to-end scalable security framework to be integrated into IoT platforms. Based on PKI Technology, it will protect the device and its data at rest or in transit.

WISeKey delivers cryptographic root keys and solutions to use and manage digital certificates and associated secure assets that protect otherwise vulnerable IoT devices in the field.

IoT:
Internet of Threats?

Distributed Denial of Services (DDoS) attacks are becoming increasingly ubiqutous and dangerous, causing organizations billion dollar losses; Man in the middle attacks on video surveillance cameras are almost common ground. These are just two examples of threats faced by IoT systems.

Hackers have different motivations (fun, money, terrorism…) and resources (material, collusion, expertise) to penetrate a system, but all IoT Systems will face hacking. Consequences can be heavy: disrupted services, intrusion on users’ privacy and safety, theft of intellectual property, damaged brand reputation, loss of revenue, job destruction and more. WISeKey offers proven products and solutions to reduce the risk of IoT attacks.

internet-of-thead

wisekey-iot-framework

The wisekey-iot Certificate Management System (CMS) is a software tool with a user-friendly interface and easy-to-integrate API that manages the life-cycle of devices and their digital certificates. These certificates are signed by WISeKey’s Certificate Authority and optionally the OISTE Root of Trust.

The optional security broker performs the authentication and validation of the messages coming from the different IoT devices and transfers only trusted messages to the IoT platform of our customer. The wisekey-iot framework can easily be integrated into an IoT platform by our customers and no additional security mechanisms need to be implemented.

The wisekey-iot framework also includes secure provisioning solutions to help maintain consistent high system security, even when the IoT device is in an unsecured environment (e.g. during production or in the field). Device configuration and firmware upgrades are made easy and secure at all times.

wisekey-iotCMS can be installed on customer premises, or outsourced to WISeKey and located in one of our secure data centers in Switzerland, USA, India or China. The managed platform can be accesses through a browser and a web-service API. The CMS and the framework are compatible with third party Certificate Authorities (CA), such as the Microsoft PKI or the Enterprise Java Beans Certificate Authority (EJCBA) open source CA.

root-of-key

wisekey-iot Key Points:

  • PKI based security, Swiss Root of Trust
  • Software solution; optional use of tamper resistant chip
  • Easy integration in IoT platform, and in devices
  • Cost effective solution
  • Security for device in operation and for provisioning
  • Certified security
  • WISeKey solid trusted partner

WISeKey Unique Root of Trust Model

A Root of Trust (RoT) is the basis for a global end-to-end security solution. A RoT serves as a common trust anchor, which is recognized by the operating system (OS) and applications, to ensure the authenticity, confidentiality and integrity of on-line transactions. With the certificates signed by this cryptographic RoT, embedded in the device, the IoT product manufacturers can use PKI (Public Key Infrastructure) technologies to secure interaction among objects and between objects and people.

WISeKey is the trusted operator of the International Organization for the Security of Electronic Transaction (OISTE) Global Root, which is widely distributed in commonly used software.

The OISTE Foundation is working with the United Nations and International Organizations. Swiss neutrality, security, and privacy laws allow operations without geo-political or governmental constraints. It Root of Trust is set in a military grade bunker located in the Swiss Alps.

IoT-Oiste-02

Certificate Authority

Based on Trusted Root Keys, WISeKey can be the Certificate Authority (C.A.) generating digital certificates for your application.

Use of Digital Certificates

The digital certificate and associated cryptographic assets are used to identify and authenticate devices during their entire life. Only trusted devices can connect to secure networks.

Digital certificates, for instance SSL certificates, can also be used to secure communication channels from devices to gateways/routers, and from gateways/routers to servers.

WISeKey also offers solutions to control the device’s firmware integrity at initial stage (bootloader) and during upgrades in the field.

Certificate Management System

The WISeKey Certificate Management System (CMS) is a software tool with user friendly interface that allows to manage the life-cycle of subscribers and their digital certificates.

The optional security broker allows to authenticate and validate the messages coming from the different IoT devices and transfer only trusted messages to the IoT platform of our customer. The WISeTrust IoT framework can be easily integrated into customer IoT platform as the customer does not need to implement additional security mechanisms.

The WISeKey CMS also includes secure provisioning solutions to help maintain a consistent high system security, even when the IoT device is in an unsecured environment (contract manufacturers, in the field). Devices configuration and firmware upgrades are made easy and secure at any time.

WISeKey CMS can be installed in customer premises, bur for the ones not willing to deploy their own infrastructure, WISeKey can provide trusted services from any of its local secure datacenters in Switzerland, USA, India or China. The managed platform can be accesses through a browser and a web-service API.

WISeKey Certificate Management System is also compatible with third party C.A. based on Microsoft or Enterprise Java Beans Certificate Authority (EJCBA) open source C.A.

Provisioning

It’s mandatory to protect the data when the devices are in operation, but it is as important to protect the devices and related data when the devices are being manufactured or in maintenance.

WISeKey Provisioning solution allows to securely inject security assets, perform device configuration, upgrade software when the devices are being manufactured or in the field running in a non-secure environment.

Security Certifications

The VaultIC offer the best digital security guaranteed by independent certifications:

  • FIPS 140-2 Level 3
  • Based on state of the art secure microcontrollers certified to Common Criteria EAL4+/5+
  • WebTrust seal for CMS platform (annual audit by third party)

security-cert

Secure Element: VaultIC

VaultIC is a product family, ranging from tamper-resistant Integrated Circuits to software vaults, to be used as a companion to the IoT-device host processor. VaultIC chips feature a configurable cryptographic tool box for authentication, confidentiality and integrity, executed in a secure environment. VaultIC embeds on-chip non-volatile tamper resistant data storage capabilities for keys, certificates and customer data.

The VaultIC chips’ low-power consumption profile make them a viable solution to meet the limited power budgets of IoT devices. VaultIC comes with middleware enabling secure boot, secure firmware update for IoT devices secure communication (SSL/TLS).

vaulic-chip

Summary data sheets

VaultIC 182

VaultIC182 is a Secure microcontroller solution designed to secure various types of systems against counterfeiting, cloning or identity theft. It is a hardware security module that can be used in many applications such as IP protection, access control or hardware protection.

The proven technology used in VaultIC182 security modules is already widespread and used in national ID/health cards, e-passports, bank cards (storing user Personal Identification Number, account numbers and authentication keys among others), pay-TV access control and cell phone SIM cards (allowing the storage of subscribers’ unique ID, PIN code, and authentication to the network), where cloning must definitely be prevented.
Read More about WISeKey’ solution by downloading VaultIC 182

vaulic-182

VaultIC405

The VaultIC405 is an ASSP designed to secure various systems against counterfeiting, cloning or identity theft. It is a hardware security module that can be used in many applications such as IP protection, access control or hardware protection.
Read More about WISeKey’ solution by downloading VaultIC405

vaulic-405

White Paper

Security industrial plant

What is an Industrial Programmable Logic Controller (IPLC)?
Industrial Programmable Logic Controllers (IPLCs) are an integral part of Automated Production Systems (APS). They are designed to produce quality products at a cheaper cost and with fewer human operations. IPLCs first appeared at the end of the 1960s to meet demands from the automotive industry for increased adaptability in their control systems.
Reduced electronic costs then made it possible to replace hard-wired logic (electromagnetic relays and pneumatic systems) by programmable logic (microprocessors).
This paved the way for the first Industrial Programmable Logic Controllers, a kind of computer adapted to the relatively constrictive world of industry: dust, humidity, temperature, vibrations, simple programming language required for user-friendly operations (implementation, troubleshooting by non-IT specialists), upgradable hardware.

Read More about WISeKey’ solution by downloading Security industrial plant

DDOS

IoT Security Solutions

The development of Internet of Things (“IoT”), based on the collection and management of large amounts of data, can only happen if data can be trusted. To achieve this, the most important security functions to secure IoT are:

  • Authentication: confirming the identity of the communication peer;
  • Secure communication: Protecting the data in transit;
  • Secure Execution of code: Protecting the data in process;
  • Secure storage: Protecting data at rest

The use of proven technologies coming from Information Technology and the security market, adapted to the IoT, offer the best solutions to secure the IoT infrastructure.
Read More about WISeKey’ solution by downloading White Paper IoT Security Solutions

DDOS

Solutions to prevent IoT devices to be used for DDOS attacks

The 18th of September, OVH, “the number 3 internet hosting company in the world” has been faced the most massive DDOS attack. It has been resolved on the 23rd of September.

DDOS (Distributed Denial of Service) attack is more and more common on the internet, on the 21st of October Dyn experienced a similar attack scenario. The issue was resolved 10 hours later. Dyn is providing web site name to dynamic IP address translation. If you want to access a network from internet, you need to translate the URL into an IP address which may change from time to time. This is what Domain Name System is solving.

These attacks are the largest ones reported so far.

Read More about WISeKey’ solution by downloading White Paper DDOS

DDOS