IoT summit - Building flexible & secure IoT solutions

1. Building flexible and secure IoT
solutions
IoT summit
December 2016
Nicolas Bacca
@btchip

2. A trust layer between the blockchain
and the physical world
For industrials, enterprises and consumers
Securing the first and last mile
LEDGER TECHNOLOGY

3. Without trust, data has no actionable value
node
node
node
node
nodeCloud servers
User on a PC or a
smartphone Industrial
sensor / IoT
node
node node
Connected
object
Blockchain/IT
trusted zone
Physical world
absence of trust
Is this really you?
Am I allowed to executethis transaction?
Critical temperature data
Did the driver got switched?

4. Security issues : development and deployment
Trust and low cost production chain are conflicting issues
How to provision secrets
How to verify that a device is genuine

5. Security issues : runtime
Protect against invalid data fed to the solution (bug or fraud, Dieselgate)
Protect against software hacks and exploits
Protect against physical attacks

6. Security issues : firmware upgrades
How to deploy the firmware
How to verify the firmware integrity
How to avoid compromising a whole batch (see http://iotworm.eyalro.net/)

7. The ubiquitous Safe
Best technical solution for at scale (CHEAP) secure deployment
Best technical solution against physical attacks (theft, evil maid)

8. A configurable Safe
Lot of resources invested in secure remote management
Great portability of Java Card, at least on paper

9. Sweet spot yet to be found
More security
More flexiblity
Generic
MCU
MPU
Crypto
accel.
Enclaves
16 bits
smartcard
ARM
SecureCore
Additional
I/Os

10. In the meantime
Build a flexible platform to accommodate different design choices
Build on top of the smartcard security & ecosystem whenever (cost) possible
Create Plug and Play security upgrades for existing projects

11. Default IoT object architecture
Software, hardware vulnerabilities
Trust the environment
MCU
Sensors

12. More secure IoT object architecture
Software, (less) hardware vulnerabilities
Can be leveraged as an oracle
MCU (master)
Sensors
Security chip
(slave)
Stateless security operations

13. Ledger BOLOS architecture
Security built in on the most secure component
MCU (slave)
Sensors
Security chip
(master)
Stateless I/O requests
Tamper evident logic
(shield, MEMS)
Tamper notification

14. Ledger first Hardware Oracle
Cryptographically attestable
anti-tampering sensors
￭ Secure chip ST31G480 (CC EAL6+)
￭ Sensor
￭ 3 axis anti-tampering MEMS
￭ USB interface for blockchain computer

15. Ledger platform architecture
Trusted / Secure component
(Secure Element or enclave)
with limited I/O options
Non trusted component
with more I/O options
Screen
Direct control from the Trusted component, proxied
Pairing at boot
time
User app 1
User app 2
Button
Sensor
USB

16. Native ARM implementation
Native application 1
Native application 2
Native application 3
Microkernel
Secret
data
MMU lock
User modeSupervisor mode
System call
UI application

17. BOLOS platform APIs summary
Remote Applications (or scriptlets) Management
Sound cryptographic APIs (acceleration / power analysis / side channel resistance)
Auditable (Open Source SDK, non secure kernel)
Portability (Secure Element, Enclave, Enclave OS app, MCU)

18. Comparison of different BOLOS implementations
Security Cost Efficient Flexibility
Secure Element ++ - ++
Enclave + + +
Enclave OS app + - -
MCU - ++ +

19. Getting started with development
IoT development board to be announced
Nano-S resources : compiler and SDK - https://github.com/ledgerhq/ledger-nano-s
Sample applications : https://github.com/LedgerHQ/blue-sample-apps
Documentation in progress : http://ledger.readthedocs.io/
Developer Slack : http://slack.ledger.co
Documentation is getting put together, so don’t hesitate to ask on Slack

20. Thank you
@btchip