securing the software of connected...
TRANSCRIPT
Prove & Run 1
77, avenue Niel, 75017 Paris, France
Securing the Software of Connected Devices
Christophe Pagezy – CEO
Prove & Run 2
Founded in 2009: • Fully Independent • Growing fast • Worldwide reach Main Competencies: • Security & Architecture • Operating systems • Formal methods • Security certification
Contact • [email protected] • www.provenrun.com
Prove & Run – Proven Security for the IoT
Software editor of proven COTS to secure IoT architectures • ProvenCore: microkernel proven for security to
secure smartphone, tablets, gateways and connected devices (things)
• ProvenVisor: proven secure hypervisor for mobile devices and IoT virtualization solutions
Management with > 45 years of combined experienced in digital security: • Dominique Bolignano, previously Founder &
CEO of Trusted Logic • First EAL7 JavaCard OS, introduced TEE (now a
worldwide standard for Mobile security …) • Christophe Pagezy, previously EVP of Gemalto,
closely associated to Gemalto’s success as a world leader
Prove & Run 3
Recent vulnerabilities - IoT@Home • 04/21/2014 - DSL router patch merely hides backdoor instead of
closing it • http://bit.ly/1jC5AAu
• 10/23/2014 - All VeraLite Home Gateways share a single SSH private key stored in ROM • http://bit.ly/1uUXmb2
• 04/07/2015 - 6 common home gateways suffer from significant or very significant security issues • http://bit.ly/1NRy4V5
• 04/18/2015 - An OTA software update bricks Wink Hubs • http://hubfix.wink.com
• 05/20/2015 - At least 700 000 routers given by customers to ISPs are vulnerable to remote hacking • http://bit.ly/1Gw0wcO
Prove & Run 4
Recent vulnerabilities - Industrial & Smart City • 05/08/2014 – Vulnerability in traffic-lights management systems
leaves them wide open to modifications by hackers • http://bit.ly/QyPK0G
• 12/23/2014 – Cyber-attack on German steel mill inflicts serious damage • http://bit.ly/1t1nWF1
• 03/12/2015 - US industrial control systems attacked 245 times in 12 months • http://1.usa.gov/1DfWPdd
• 05/11/2015 – The Open Smart Grid crypto protocol used by 4 millions smart meters revealed as “extremely weak” • http://bit.ly/1bJ62ic
Prove & Run 5
Recent vulnerabilities - Avionics • 04/15/2015 – Security researcher Chris Roberts arrested on
suspicion of hacking flying planes • http://bit.ly/1ILeoCT
• 05/01/2015 - Boeing 787 software bug can shut down planes' generators IN FLIGHT • http://bit.ly/1DGP4HM
Prove & Run 6
Recent vulnerabilities - Mobile • 05/22/2015 - Factory reset memory wipe FAILS in 500 million Android
smartphones • http://bit.ly/1JH28Eg
• 04/22/2015 – "Evil" WiFi signal crashes iPhones and iPads in range, even with WiFi turned off • http://bit.ly/1G54eZ9
Prove & Run 7
Recent vulnerabilities - Automotive • 07/21/2014 - Students hack Tesla Model S, make all its doors pop
open IN MOTION • http://bit.ly/1rE7OEJ
• 02/16/2015 - 2.2M BMW cars can be unlocked with a simple smartphone • http://on.ft.com/1evJuUb
• 20/05/2015 – Thief use jammer to prevent entire car owners to lock their car over an entire car park • http://bit.ly/1JH28Eg
Prove & Run 8
The Challenge
Enable the Internet of Tomorrow = Internet of Things + Security
Without security: • Impossible to deploy a network of connected devices • Impossible to scale the Internet of Things • Impossible to trust a system to keep data private & confidenJal
Connected Cars Industry 4.0
SmartHome SmartGrid
SmartCity
eHealth
Prove & Run 9
Security is a serious matter
• Many claim to achieve security • Just because they :
• encrypt, • sign, • use TLS, • a secure element, • or even just use a Java architecture, …
• But security is much more than that,
Prove & Run 10
Security is as strong as its weakest link • Security chain:
• Cryptographic algorithms • Cryptographic protocols • Secure elements
• Ex: Smartcards • Robustness of systems to logical attacks
• è Issues with errors and vulnerabilities, particularly in operating systems:
Prove & Run 11
The main challenge is to secure the software • For security, every default/bug in either of the architecture, design,
configuration or implementation is a potential source of attack • It is thus not possible to directly protect against attacks OSes such as
iOS, Android, Linux, large RTOS ... There are issues with: • Size of the software stack to secure • “Trusted Computing Base” (TCB) includes kernel whose size and complexity are too
big to build trust (and correctness of security properties)
The Global answer • Defining security architectures with well defined and reduced-in-
scope TCB • Applying formal methods to this TCB • Requires specific software development tools
• Ability to get as close as possible to “Zero Bug” • Ability to demonstrate security (proof and certification) • At cost/skills compatible with industrial constraints
Prove & Run 12
Prove & Run answer’s to the challenge
• Critical secure COTS ready for integration • ProvenCore : microkernel proven for security to secure
smartphone, tablets, gateways and connected devices (things)
• ProvenVisor: proven secure hypervisor for mobile devices and IoT virtualization solutions (in development) • Built with ProvenTools: a patented software development tool that
makes it possible to formally prove the correctness of the software
• Security Professional Services • Help our customers to design/build/develop secure software
and/or integrate our COTS
Prove & Run 13
With ProvenCore and ProvenVisor, secure any IOT architecture
ProvenVisor
OS 1
TrustZoneTM
ProvenVisor
ProvenCore
App 1 App 2 App N
OS 1 OS N OS 1 OS 2 OS N ProvenCore
A1 A2 AN
ProvenCore
App1 App2 AppN
Hw Platform Formally Proven Security
and CC cerJfiable (EAL7)
Hw Platform Hw Platform
The 2 missing bricks needed to create the Internet of Tomorrow
Prove & Run 14
Use Case #1
Android (or any rich OS) with its applicaJons
Hardware
Prove & Run 15
Use Case #1
Android (or any rich OS) with its applicaJons
Hardware
S Monitoring Smartgrid GTW Infotainement
Prove & Run 16
Use Case #1
Secure World Android with its applicaJons
TrustZoneTM
Linux
Prove & Run 17
Use Case #1
Secure World Android with its applicaJons
TrustZoneTM
Linux FW/
NetFilter
Prove & Run 18
Use Case #1
Android with its applicaJons
TrustZoneTM
ProvenCore
Linux FW/
NetFilter
Prove & Run 19
Use Case #1
Android with its applicaJons
TrustZoneTM
ProvenCore
Linux FW/
NetFilter
FW
Prove & Run 20
Use Case #1
Android with its applicaJons
TrustZoneTM
ProvenCore
Linux
FW
Prove & Run 21
Use Case #1
Android with its applicaJons
TrustZoneTM
ProvenCore
Linux
Firmware update
FW
Prove & Run 22
Use Case #1
Android with its applicaJons
TrustZoneTM
ProvenCore
Linux
FW FU
Prove & Run 23
Use Case #1
Android with its applicaJons
TrustZoneTM
ProvenCore
Linux
FW FU AM
Prove & Run 24
Android with its applicaJons
TrustZoneTM
ProvenCore
Linux
FW FU AM
Use Case #1
Auth
Prove & Run 25
Use Case #1
Android with its applicaJons
TrustZoneTM
ProvenCore
Linux
FW A1 Ak
Trusted Computing Base
Prove & Run 26
Use Case #2
Android (or any rich OS) with its applicaJons
HW
RTOS with its applicaJons
HW
Prove & Run 27
Use Case #2
ApplicaJons
ProvenVisor
ProvenCore
RTOS
FW A1
Android with its applicaJons
Linux
HW