IoT MasterClass – PKI and how to use a private certificate authority for device authentication and data integrity

Abstract:

In 2021, so far there has been a 500% increase in IoT attacks compared to 2020. IBM Security X-Force research has revealed that this spike is driven by Mozi botnets. In 2020, this malware has accounted for 89% of the total IoT attacks of all types detected for the year. Mozi has been active in the last 18 months and continues to rank as the number one most active Mirai-type variant. The Mozi Botnet currently controls approximately 438,000 hosts [1] 

How do device makers, IoT platforms and service providers protect themselves? 

The National Institute of Standards and Technology (NIST) is well known for it’s standards for cybersecurity with its CyberSecurity Framework likely the most influential. NIST  has released its IoT Device Cybersecurity Capability Core Baseline (NISTIR 8259A) in May 2020. It provides details what is expected in an IoT cybersecurity baseline. It includes such imperatives as device identification and configuration, data protection, logical access to interfaces, and the ability to have awareness of its cybersecurity state. 

In this presentation, we shall explore best practices for meeting this baseline and extending it to include appropriate protection brownfield devices in the field that do not have inherent defenses against cyber-attack. We will go into great detail on:

  1. How to protect device identities and provide additional authorization capabilities at the edge using PKI
  2. How to protect data from generation to consumption in Zero Trust Network Architectures

[1] https://securityintelligence.com/posts/internet-of-threats-iot-botnets-network-attacks/

Presenter Bio:

Julian Durand is Intertrust’s vice president of product management and chief information security officer where he is responsible for owning the IoT product leading the PKI team and overseeing security practices for the company. He brings over 30 years of experience in bringing breakthrough products to market at a massive scale and is a named inventor in Digital Rights Management (DRM), Internet of Things (IoT) and virtual SIM technologies. Before joining Intertrust, Julian brought SaaS and PaaS products to market for construction telematics and real time cyber risk analysis at TeMeDa and CyberLucent respectively, taking both companies to profitability from initial seed funding startups. At Qualcomm Julian led product security; virtual SIM development; child tracking sold as Best Buy’s “Little Buddy”; and the company’s first efforts in IoT doubling revenue year on year for the first three years and catalyzing what is now a billion-dollar business. Prior to that, he was the technical lead for Nokia’s first music phone. Julian holds a B.Eng from Carleton University in Ottawa, Canada, an MBA from the University of Southern California (USC) and is a Certified Information System Security Professional (CISSP).