GlobalPlatform, together with Winbond Electronics Corporation, Arm and Industrial Technology Research Institute (ITRI), hosted the first technology forum in Taiwan. With a mix of local on-site speakers in Taiwan and GlobalPlatform virtual on-line presenters, this event also shows the new normal in the pandemic era.
Kevin Gillick, Executive Director of GlobalPlatform, offers two thoughts on IoT Cybersecurity. First of all, information security should not be an afterthought. The Internet of Things (IoT) is greatly expanding the size and scale of electronics devices and use-case scenarios. Security matters and must be taken very seriously. Secondly, to establish trust, independent third-party certification of IoT devices is needed. Performing thorough test procedures to grant certification will protect the brand image in the long run and keep customers satisfied with products.
Arm promotes leading use cases of iSIM
Samuel Chiang, Senior Business Development Director of IoT BU at Arm, presented the leading use cases of iSIM in the IoT sector. A great amount of NB-IoT devices levering LPWA technologies play an important role in smart city and smart grid applications. These devices, equipped with SIM cards to connect to a carrier's network, enable secure authentication. The physical hardware element, like SIM card, presents and adds an indispensable layer of security. However, SIM card technology has lasted for 25-years. It is starting to transform into a smaller and slimmer form factor of eSIM, which will directly mount to a printed circuit board to have further advantages compared to traditional SIM technology.
But Arm takes another approach to introduce eSIM architecture, which is the new design concept leveraging tight integration with communication SoC chips to deliver the same security level as today's SIM technology. The advantages of eSIM technology are more compact, lower cost, and requires less power. Market research indicates that over 40% of IoT devices leverage eSIM technology, creating immense IoT business opportunities in the next decade. The iSIM technology will also unlock IoT hyper-scale opportunities.
Arm offers the full silicon IPs and software solutions to build iSIM to meet fast time-to-market demands. This includes Arm core IPs and Kigen operating systems as core architecture. The iSIM Cybersecurity certification is using a composite scheme. The firmware and underlying IC will need to be certified based on the BSI-CC-PP-0084 standard. Then, combined with the operating system, the entire system will need to pass the BSI-CC-PP-0089 standards as a whole for future-proofing in telecom security. And ecosystem partners are ready to deliver the new design.
ITRI highlighted whitelisting and VMI technology for blocking cyber attacks
Tzi-cker Chiueh, ITRI's Vice President and General Director of Information and Communications Research Laboratories, showed recent cybersecurity incidents that revealed a huge increase in hacked and breached data from public organizations. On this serious issue, there are two important lessons to be highlighted. They are (1) BYOD security, and (2) Software Vulnerability.
Additionally, recent security research suggests that most companies have unprotected data and poor cybersecurity practices in place, making them vulnerable to data loss. The BYOD policy sometimes becomes one of the major leaks enabling malware, or malicious software to attack corporate internal networks. Chiueh provides a solution by introducing VMI (Virtual Mobile Infrastructure) technology for isolating the problems. The VMI makes smartphone a lower priority (the default policy being the lowest priority) to perform tasks such as making phone calls, running customized APPs and playing context and video audio streaming via cloud services. To reduce cybersecurity threats all internal IT resources, served on various virtual machines, are tightly managed and fully monitored.
The basic strategy to prevent malware attacks is to install whitelisting in all products or equipment. Especially the fixed featuring equipment, things like ATM, machinery or equipment will use VMI to protect devices to be attacked. Most important thing for enterprise cybersecurity is draw a clear line of secure zone boundary. Then set the secure policy by consolidating management of multiple security layers, control policy to reduce the attack surface.
Winbond presented its secure and certifiable non-volatile memory product portfolio
There are an estimated 5.8 billion connected IoT devices deployed today. And over 57% of these devices have been evaluated as having high security concerns facing software of security-critical backdoors. The system designer implements data security by introducing secure elements into secure storage devices to protect the integrity and confidentiality of code and data, and to avoid further attacks from hackers and malware. And security data payloads are continually on the rise as device manufacturers implement an increasing range of data-heavy functions such as biometric authentication and more complex forms of encryption which are harder for hackers to crack. And Winbond introduces its TrustME Secure Flash Solution.
The TrustME Secure Flash devices also feature certified and proven Winbond security features such as cryptography, authentication, key storage, anti-tamper functions and protection against replay attacks. Winbond's TrustME Secure Flash product is the first external Flash memory device to gain a Common Criteria EAL5+ with VAN.5 security grade and PSA Certified Level 2 ready, as required for systems used in payments applications.
Meanwhile, security by design is essential to address the security concerns in diverse IoT landscapes. The technology of secure booting and firmware updates will strengthen the robustness of Platform Security Architecture (PSA). To protect the confidentiality and integrity of code and data in IoT devices, Winbond provides series of secure memory product lines and solutions. For example, TrustME security products are the certified secure storage featuring security by design, immutable root of trust, secure boot, firmware confidentiality and integrity, trusted factory initialization of devices, and secure firmware updates. These flexible solutions will fit the requirements and growing demand of IoT security and Cybersecurity certification.
GlobalPlatform IoTopia Secure Framework
In this forum, GlobalPlatform invited each of its technical committee Chairs to introduce key technology developments from their group. The following paragraphs are short summaries. The first speaker was Russ Gyurek, Chair of the IoTopia committee, which is developing a comprehensive framework for IoT security across industries. IoTopia proposes a common framework for standardizing the design, certification, deployment, and management of IoT devices with four foundational pillars: Secure by Design, Secure Onboarding, Device Intent, and Device Lifecycle Management. IoTopia is bringing together global and regional guidelines and requirements to help device manufacturers build products and services that satisfy regulatory mandates.
GlobalPlatform sets the standard for Secure Element (SE)
GlobalPlatform defines the SE as a core element to protect confidential and cryptographic data. There are three software execution layers to block the attack sequence. The SE is a physical layer to store and protect important data, such as signal frequency and cryptographic keys, so that hackers cannot exploit system vulnerabilities to attack valuable assets. SE Committee Chair, Karl Eglof-Hartel, presented SE hardware architectures and talked about iSIM technology simultaneously for connecting to Telecom networks.
GlobalPlatform Trusted Execution Environment (TEE) standards
TEE Committee Chair, Christophe Colas, provided an update on the TEE TEE for IoT. TEE is an environment for executing code, in which those executing the code can have high levels of trust for accessing and protecting sensitive data against the programs to be run in the REE layers. The TEE is used to ensure a higher level of trust invalidity, isolation, and access control, when compared to more general purpose software environments. There is a specific Application Programmable Interface (API) and clear specification in the TEE Management Framework and Open Trust Protocol (OTrP) Profile for enabling management mechanisms. Global certification agencies use Common Criteria and ISO standards based on ISO/IEC 15408 to certify IoT device security functions. During the Q&A session, the audience asked about the status of the TEE specification for RISC-V platforms. Colas indicated that the work will be completed in 2021.
GlobalPlatform Trusted Platform Services (TPS) standards
The TPS topic was presented by TPS Committee Chair, Jeremy O'Donoghue. TPS provides mechanisms enabling access to platform services, such as Root of Trust (RoT), offered by standardized secure components such as the SE and TEE. And it serves to establish a Chain of Trust extending from the secure component within a device to a secure service. The service makes it easier for service providers and application developers in different market sectors to link together strong security technology offered by secure components in their products.
Product Certification
Cybersecurity certification is an important role in trust and security irrespective of products, services, and processes in the IoT value chain and ecosystem. GlobalPlatform develops and maintains a Certification Program related to the specifications it manages, to facilitate and assure interoperability within the marketplace. This includes the topic of GlobalPlatform Vice Chairman, Rob Coombs, who presented Platform Security Architecture (PSA), which is a security certification system aiming to build trust through an independent security assessment.
GlobalPlatform Technical Director, Gil Bernabeu, highlighted security concerns as cyberattacks now cross between IT and OT networks. Also, governments are proactively and more frequently setting cybersecurity regulations which establish the need for cybersecurity certification schemes to keep up. Moreover, the volume and complexity of IoT products combined with varying regulations and certification frameworks make it challenging for IoT device manufacturers and service providers to validate the security of their products in a cost-efficient way and fit the requirement of Time to Market.
Today, about 80% of global cybersecurity regulations are already addressed by GlobalPlatform standards. GlobalPlatform technical specifications are regarded as the industry standard for achieving interoperable, sustainable, and flexible IoT device deployments that support multi-application and multi-business model implementations. It ensures that secure components meet the required levels of security defined for a particular service, enabling service providers to confidently and effectively manage risk and comply with industry requirements. GlobalPlatform will support certification bodies in setting up certification schemes based on the Security Evaluation Standard for IoT Platforms (SESIP) methodology.
Member of GlobalPlatform's SESIP sub-Task Force, Mr. Carlos Serratos, talked about SESIP in the last session of the afternoon. SESIP addresses the scale and complexity of the IoT ecosystem with an optimized approach to security evaluation that is designed specifically for IoT platforms and services. GlobalPlatform committees are working to bring consistency and trust to the IoT device security certification process and Cybersecurity standards, and align them with laboratories to drive consistency in product evaluations and certifications across the world. The GlobalPlatform cybersecurity standards are engaging quickly with the global IoT ecosystem.
GlobalPlatform, together with Winbond, Arm and ITRI hosted the first technology forum in Taiwan
DIGITIMES' editorial team was not involved in the creation or production of this content. Companies looking to contribute commercial news or press releases are welcome to contact us.
