encryption and authentication still remain base for...
TRANSCRIPT
Thales © 2019 All rights reserved
Encryption and Authentication still Remain Base for Security in the AI Age
Marko Bobinac, PreSales Manager CEE
2 Thales © 2019 All rights reserved
Changes and product evolution are inevitable
3 Thales © 2019 All rights reserved
New products, new technologies
4 Thales © 2019 All rights reserved
Example No.1: something known and advanced
5 Thales © 2019 All rights reserved
Elements of the Internet of Things
5
Devices The things
Gateways Help things communicate
Master of Devices, Cloud and Service Providers Issue, manage, and analyze data from things
Sensors/Actuators Monitor, collect data from, and control
things
Inte
rne
t
Inte
rne
t
WAN/Cellular (e.g. 3G/4G, Sigfox, etc.),
LAN/Mesh (e.g. ZigBee, Z-Wave, LoRa, etc.),
HAN/Internet (e.g. Wi-Fi, NFC, RFID, etc.)
6 Thales © 2019 All rights reserved
Data is the new oil
Masses of data need to be analyzed to be of value:
IoT helps to realize this value
7 Thales © 2019 All rights reserved 7
Automotive in driver’s seat for IoT
82% of automotive leaders are confident
majority of cars will be connected by 2020 (Vodafone)
8 Thales © 2019 All rights reserved
Michelin Tires as a Service
8
Michelin have migrated from being a company that sells tires-as-a-
product to a service that guarantees performance, which has led to:
- higher customer satisfaction,
- loyalty & retention and
- raised profits
9 Thales © 2019 All rights reserved
Kone IoT based Elevators & Escalators
Kone CEO “We are connecting elevators and escalators to the
cloud – over 1 million by 2020.
With IoT and clould, we’re collecting a lot of data,
enabling us to reduce downtime"
11 Thales © 2019 All rights reserved
4%
7%
10%
17%
18%
18%
18%
21%
24%
28%
30%
34%
Don't know
None - we don't have any concerns
We can't find the right supplier(s)
Lack of executive support
Difficulty and risk of migration or installation
We don't think that we have an application or process
Regulatory concerns
Pricing is unclear or complicated
Lack of technology maturity
Integration challenges
Total cost concerns (total cost of ownership)
Security concerns
Security tops the list of IoT concerns
What are your firm’s concerns, if any, with deploying M2M/Internet of Things technologies?
“Over 25% of
cyber attacks
will involve IoT” (Gartner)
Base: 3627 global business and technology decision makers (20 + employees) in 7 online countries only
Source: Forrester’s Global Business Technographics® Networks and Telecommunications Survey, 2015
“$300 BILLION
Losses due to
cyber-attacks” (McAfee)
No trust, no service.
12 Thales © 2019 All rights reserved
Applications (.NET, JAVA,
KMIP, XML)
Databases
3rd party solutions (e.g. Self-encrypting drives via KMIP)
File encryption
**##**
Tokenization
Ethernet
FiberChanel
Hardware Security Modules Appliance
File Shares
Tape Backups
Network Share Encryption Proxy
Virtual Instances
Virtual Storage
Protect V Manager Virtual Appliance
Authentication Management (On-Premise or
Cloud)
Nat. IDs
AMI
Metering
E-Signatures
E-Passports
Certificate Infrastructures
Protect Cloud &
Virtual Infrastructure
Protect
Identities
Protect
Infrastructure
Protect NAS
Storage
ProtectFile Server/Desktop Agent
Key Manager Appliance
Protect
Data Centers
L2 HighSpeed Encryptors
Protect
Data Transfer
Thales provides foundation: Encryption and Authentication
06/10/2019
13 Thales © 2019 All rights reserved
Each use case requires individual infrastructure, management consoles and training
Complex • Inefficient • Expensive
Physical Security
Full Disk
Encryption
PHI
Data
Masking
Cloud Migration
Cloud
Encryption
PCI
Token-
ization
File
Encryption
Big
Data
Customer
Records
Database
Encryption
Privileged User Control
Access
Policies
Customer Reality and Pain Point--Islands of Encryption
Secure
File
Sharing
Storage Encryption
14 Thales © 2019 All rights reserved
Thales IoT Business Enablers
• Future-proof solutions
• Out-of-the-box connectivity
• Multiple form factors
• Quality of Service
• Subscription Management
Monetize • Flexible revenue models
• Licensing and entitlement software
• IoT application development
• OTA upgrades
• Secure the device
• Secure the data
• Secure the cloud
• Secure the network
• Security Audit and lifecycle
management
Connect 01
Secure 02
03
15 Thales © 2019 All rights reserved
Thales IoT security approach
Gateway Enterprise Cloud Things
HTTPS
ZigBee BLE
Sigfox LORA HTTPS
HTTPS
HTTPS
Connect
Secure
Monetize
Device Identity &
Integrity
Secure
Communication
Device, User &
Application
Authentication
Data in
use & rest
Protection
Provision Identities
with HSM Root of Trust & Key
Management
Secure elements
and embedded
MIMs
Machine to
Machine modules
and terminals
Application
enablement
and delivery
On-demand
connectivity
Trusted Service Hub &
TKM Credential
Provisioning
Data encryption and
user/application
authentication
Data encryption
and device
authentication
Thales Products
Software Monetization:
Feature based licensing &
APIs for Enterprises
Code Sign &
Field Updates
16 Thales © 2019 All rights reserved
IoT security architecture: Device, User & App Identity Issuance
Credential Issuance PKI or Symmetric keys
loaded on SE, gateway & devices
Gateway Enterprise Cloud Things
HTTPS
ZigBee BLE
Sigfox LORA HTTPS
HTTPS
HSM
eSE
MIMs
SafeNet Luna
HSMs
PKI
Gemalto User
Authentication
HTTPS
Gemalto Secure
Elements
Web & Cloud
Applications
17 Thales © 2019 All rights reserved
Authentication Device authentication
User authentication via: VPN, web
portal, SaaS & cloud, virtual & local
networks
Gateway Enterprise Cloud Things
HTTPS
ZigBee BLE
Sigfox LORA HTTPS
HTTPS
HSM
eSE
MIMs
SafeNet Luna
HSMs
IoT Data &
Analytics
Gemalto User
Authentication
HTTPS
Gemalto Secure
Elements
Web & Cloud
Applications
IoT security architecture: Device, User & App Authentication
18 Thales © 2019 All rights reserved
IoT security architecture: File encryption
Gateway Enterprise Cloud Things
HTTPS
ZigBee BLE
Sigfox LORA HTTPS
HTTPS
SafeNet
ProtectFile
eSE
MIMs
File Server
(On-Premises / Virtual Cloud
Applications
SafeNet KeySecure
HTTPS
Gemalto Secure
Elements Sensitive Information
via IoT Devices
BIG DATA ENCRYPTION CLOUD ENCRYPTION
IoT Data &
Analytics
19 Thales © 2019 All rights reserved
IoT security architecture: Database encryption
Gateway Enterprise Cloud Things
HTTPS
ZigBee BLE
Sigfox LORA HTTPS
HTTPS
SafeNet
ProtectDB
eSE
MIMs
Database Server
(On-Premises / Virtual Cloud)
Applications
SafeNet KeySecure
HTTPS
Gemalto Secure
Elements Sensitive Information
via IoT Devices
DATABASE ENCRYPTION
IoT Data &
Analytics
20 Thales © 2019 All rights reserved
IoT security architecture: Volume encryption
Cloud and Virtual Infrastructures • Amazon EC2 & VPC & GovCloud • Microsoft Azure
• VMware vSphere • IBM SoftLayer Bare Metal Cloud
Gateway Enterprise Cloud Things
HTTPS
ZigBee BLE
Sigfox LORA HTTPS
HTTPS HTTPS
eSE
MIMs
SafeNet KeySecure
SafeNet ProtectV
Manager
SafeNet ProtectV Client (Alternative: ProtectFile & ProtectApp)
Gemalto Secure
Elements Sensitive Information
via IoT Devices
IoT Data &
Analytics
21 Thales © 2019 All rights reserved
IoT security architecture: Code Signing & Software Updates
Code Signing PKI or Symmetric keys to sign
software loaded on
SE, gateway & devices
Gateway Enterprise Cloud Things
HTTPS
ZigBee BLE
Sigfox LORA
HTTPS
HTTPS
HSM
eSE
MIMs
SafeNet Luna
HSMs
PKI
HTTPS
Gemalto Secure
Elements
Build Servers with
Code Signing
Secure Software
Updates to
Devices
22 Thales © 2019 All rights reserved
Thales Use Cases for IoT: 1. Identity infrastructure (PKI) & Key Management services for IoT
devices, applications & users 2. Device SIM, MIM, Secure & Trusted Elements 3. Identity issuance to IoT chips, devices, applications & users
4. Code signing Software/firmware/Updates for IoT devices 5. Authentication of IoT devices, users and applications 6. Secure Communications for IoT devices and applications (Data in
motion) 7. Protection of IoT Data at rest for device, users, applications, Edge
Compute & service providers 8. Protect data exchanges between IoT data centres (Data in motion)
9. Secure IoT payment transactions
Device
ID PKI
Development
Code Signing
Identity
Provisioning PKI
Secure
Communications
Across
Networks
Production Code
Signing
Device Manufacturing
plants
Research & Development
Retailers / Offices
Secure
Devices
Data
in Motion
Protection
Employees
User Authentication
& Licensing
Software
Upgrades / Updates
OTA Provisioning
HSMs
HSMs
HSMs
HSMs
Issue & manage keys, encrypt data, authenticate users &
devices
Thales provides Security foundation for IoT
23 Thales © 2019 All rights reserved
Example No.2: Artificial Inteligence
▌Deep fake ?
24 Thales © 2019 All rights reserved
AI Powered data manipulation
▌Deepfake (a portmanteau of "deep learning" and "fake") is a
technique for human image synthesis based on artificial intelligence.
25 Thales © 2019 All rights reserved
Deepfake process #1
▌Feeding multiple audio, video or static samples into Neural network
26 Thales © 2019 All rights reserved
Deepfake process #2
▌Neural network processes samples 1 by 1 and tries to learn specific
characteristics
27 Thales © 2019 All rights reserved
Deepfake process #3
▌Neural network models shape of mouth and other areas
28 Thales © 2019 All rights reserved
Deepfake process #4
▌Deep fake mimics Source „person“ by combining Target „person“
behaviour (characteristics)
29 Thales © 2019 All rights reserved
Deepfake example 1
▌Deep fake is capable of real-time processing by following speech
and mimics of an impersonator
30 Thales © 2019 All rights reserved
Deepfake example 2
▌More samples provide better results, but even single picture is
enough
31 Thales © 2019 All rights reserved
Threat evolution
▌Deep fake is visible and only one example of AI threat
▌Artificial Intellience, Quantum computing and other technological
advances break basic elements of Information Security theory: CIA
model
32 Thales © 2019 All rights reserved
New threats, proven security technologies
▌So what we can do…
▌What we have to do…
▌Back to the basics of Information Security:
Encryption and Authentication
Signed videos and websites (SSL & media)
Block-chaining video editing so it stays related to
original source
Encryption of data at rest to prevent stealing and
manipulation
User authetnication
- Contributors
- Content editors
Signed
Encrypted
Authenticated
Trusted
33 Thales © 2019 All rights reserved
Multicloud Key Management
Multicloud Lifecycle Key Management
enables your team to efficiently control
and report on BYOK and hybrid cloud
key usage.
Prevent breaches, move securely
to the cloud and simplify
compliance with Thales Access
Management and Authentication
solutions
Access Management
The Vormetric Data Security Manager
(DSM) provisions and manages keys
for the Vormetric Data Security
Platform and also manages keys and
certificates for third-party devices
Key Management
Thales CPL Comprehensive Data Security Products and Solutions
Multicloud Key
Management
PKI Big Data
Security
Application
Crypto
Payment
Security
WAN
Encryption
Hardware
Security
Modules
(HSM)
Transparent
Encryption
Access
Management
Key
Management
Cloud
Security
Data
Security
USE CASES
PRODUCTS
Protecting a world powered by the cloud, data and software
Application Crypto
Streamline secure development
through APIs for tokenization,
encryption and other cryptographic
functions.
Proven high-assurance network
security for your sensitive data,
real-time video and voice, on the
move between data centers and
sites.
WAN Encryption
Hardware Security Modules
A hardware security module (HSM) is a
high-assurance crypto processor that
provides a root of trust. Thales leads
the industry in General Purpose,
Payment and Cloud HSM solutions.
Encrypts, controls access to data and
provides data access audit logging
without impacting applications,
databases or infrastructure – wherever
servers are deployed.
Transparent Encryption
PKI
Create a Public Key Infrastructure to
secure access to apps, protect your
software from tampering, prevent
unauthorized manufactured devices,
and sign code & documents.
Big Data Security
Create isolation in your data lakes,
mask sensitive data, and control admin
users for security and compliance. Payment Security
Enabling compliance, reduced risks,
and increased operational efficiency for
payment transactions across the globe.
Data Security
Thales provides data security through
encryption, key management, access
control and security intelligence
across devices, processes, platforms
and environments.
Cloud Security
Secure your digital transformation
with industry-leading encryption, key
management, HSM and access
management solutions from Thales.
34 Thales © 2019 All rights reserved
Thales CPL: Unrivalled Data Protection Portfolio
The Market Leading Data Encryption Platforms The Most Use Cases to Secure Data in the Cloud, Data Centers and Across Networks
payShield HSM
SafeNet Luna
Network HSM
SafeNet
Cloud HSM
On Demand
#1
#1
#1
Payment HSMs
General Purpose HSMs
Cloud HSMs
Vormetric Data
Security Platform
CipherTrust
Cloud Key Manager
#1 Key Management
#1 Data Encryption
SafeNet
High-Speed
Network
Encryptors
#1 Network Encryption
KeySecure
35 Thales © 2019 All rights reserved
Conclusion
▌Hope is not a Strategy
▌Start with the basics of Security foundation: Encryption and Authentication
▌Think about today‘s threats and prepare for tomorrow‘s AI and Quantum
security challenges (Thales is already active in such protection)
▌Choose the right partner for Today and Tomorrow.
Thales © 2019 All rights reserved Thales Confidential
Thank you.