electronica 2018 Cyber Security Forum
Security is the key feature in any electronics system or product, whether it is embedded in the hardware or implemented using software. Hosted by Electronic Specifier, the Cyber Security Forum at electronica will offer a range of solutions from four key industry sectors. The forum will take place on 14th-15th November, hall C3, stand 534.
The pervasiveness of electronics in every walk of life opens a myriad of possibilities across a wide range of connected products. This pervasiveness however, increases vulnerability and a greater demand for secure systems in for example, automotive systems, medical equipment, mobile devices, and wearables.
AUTOMOTIVE SECURITY FORUM - 14TH NOVEMBER, 10.00am
Easy to integrate semiconductor solutions for trusted mobility
Martin Brunner - Principal for Automotive Security, Infineon Technologies
Bio: Brunner joined Infineon Technologies as Principal for Automotive Security in April 2017. Prior to that, he was working on automotive security topics as security consultant and penetration tester at Secunet Security Networks AG and has been a security researcher at the Fraunhofer-Institutes SIT and AISEC.He has a strong cyber security background with emphasis on automotive cyber security for more than five years.
Synopsis: Modern interconnected vehicles incorporate a wide range of sophisticated technology driven by advanced safety features and new services enhancing road safety, driver comfort and mobility. On the one hand, this growing symbiosis between a vehicle and its environment offers plenty of opportunities for cross-vehicle improvements. On the other hand, the opened up attack surface exposes vehicles to a vast amount of potential security and privacy threats. This introduces the need for hardware assisted security measures to prevent both kinds of attacks and form the basis to enable trusted mobility. This talk outlines how to apply hardware security in practice to address real world security topics.
Cyber security considerations for automotive sensors
Giri Venkat - Technical Marketing and Solutions Architecture, ON Semiconductor
Bio: Venkat has been responsible for defining and delivering video security solutions across a range of markets from consumer to automotive. He is currently responsible for Image sensor technical marketing and solutions architecture for the Automotive Solutions Division of ON Semiconductor. He has been involved with machine vision, graphics and imaging for over 20 years.
Synopsis: As Advanced Driver Assistance Systems (ADAS) become more advanced, we, as drivers, are being challenged to hand over more and more control and decision making to the car itself. The fusing of various sensor technologies will provide the real-time data and coverage to support full autonomy, but also increasingly the spectre of cyber attacks must become an additional focal point of the designer’s attention. This presentation will discuss the range of cyber attacks that can be mounted against an autonomous vehicle’s sensor network. This will be followed by a brief overview of the main categories of threats. A few selected threats will then receive a more detailed analysis including impact, ease of attack and severity of those selected threats.
An architecture for certified autonomous driving
Chris Tubbs - Business Development Director, EMEA, Greenhills Software
Bio: Tubbs is an industry veteran with 40 years experience in the avionics, simulation, medical, automotive, and software industries. After 15 years in the aerospace industry managing safety critical systems he co-founded companies in the simulation and medical imaging markets in the roles of commercial and managing director. He then spent eight years in the automotive industry in Germany and Holland as a development and business development manager after which he joined Green Hills Software in 2008.
Synopsis: Autonomous driving technology is advancing at a phenomenal rate and outpacing the needed changes in the safety certification standards. The sheer complexity of these systems, the number of lines of code, the non-deterministic behaviour, and the lack of standards all make these AI-based systems either impossible or costly to certify. However, there is an alternative approach, and this talk explores the problems and looks at an alternative architecture that can be certified within the scope of ISO 26262 ASIL D while still employing all the AI, cognitive networks and deep learning demanded for next-generation autonomous driving.
EMBEDDED SECURITY FORUM - 14TH NOVEMBER, 11.30am
Securing edge IoT devices with hardware-based security
Josef Haid - Lead Principal Technical Marketing Embedded Security Solutions at Infineon Technologies
Bio: Dr. Josef Haid studied electrical engineering and received his doctorate in engineering in 2003 from Graz University of Technology in Austria. He started his professional career at Austria Microsystems and joined Infineon in 2004 as a concept engineer for security controllers. At Infineon, Haid held different positions in concept engineering and technical marketing for contactless security controllers used in payment and government ID applications. In 2015 Haid assumed responsibility for the technical marketing group of the embedded security business line, focusing on hardware security and embedded devices for IoT, industrial and consumer electronics.
Synopsis: More and more devices are connected to the internet with one of the major providers for this connectivity to a server and cloud services being Amazon Web Services (AWS). However with this increased connectivity, the number of attacks on these devices is rising constantly, one notable recent example was the Mirai botnet in 2016.
This virus used malware that ‘enslaved’ IoT devices and used the resulting botnet to take down parts of a domain name system (DNS) via a distributed denial-of-service (DDoS) attack and cause massive disruption to internet services. These type of attacks were enabled by infected IoT devices. It is thus the fundamental duty and responsibility of IoT device manufacturers to properly protect their devices and services so that they are not vulnerable to such attacks and cannot be targeted in this way.
Security should always start with analysis. How threat modelling can help make your product secure
Erik Jacobson - Director Architecture, Marketing, ARM
Bio: Erik Jacobson leads technology marketing for the ARM architecture - helping to secure the IoT from the bottom-up. He has over 25 years technology experience including 15 years in mobile product development across the full product lifecycle, from ideation, business case creation, concepting and requirements definition to roadmap creation, development (agile and waterfall), branding and launch to in-market support and product retirement.
Synopsis: Are you designing an exciting new IoT product? Have you assessed the security risks your product may face in the real world? ARM’s Platform Security Architecture instructs that when designing a new product, you should always start with a security analysis phase. This phase allows you to assess the potential risks your product will face, allowing you to pick the right mix of counter-measures to mitigate the threat. If you’re new to security, this process may feel quite daunting. This is why ARM released a set of example threat models, available completely free of charge. Chip designers can use these models for similar products, or as a template for something completely different. This session will take a look at threat modelling and how, together with Platform Security Architecture, it can help you to make your next product more secure.
Security should not be an afterthought. Security for an embedded system needs to be planned at design
Anand Rangarajan - Product Marketing Manager, Microchip Technology
Bio: Anand Rangarajan is a product marketing manager responsible for the embedded security mjarket segment in 32-bit Microcontroller division for Microchip Technology. He has over 18+ years of experience in the semiconductor industry with technical and business roles in high tech companies and enjoys portfolio management and business development. He has an MS degree in computer engineering from University of Houston and an MBA in marketing/supply chain from Arizona State University, W.P.Carey School of Business.
Synopsis: With the explosive growth of connected nodes, the slogans are getting more mainstream. There are a lot of interpretations on the level of security required. There are questions on how much security is needed for an application, and what aspects of security can be achieved with hardware or software?
This presentation focuses on how to approach designing scalable security for an embedded application and the foundations of security in application. It starts with proposing a framework that designers can adopt to focus on the security level that is at the right cost for the application with an option to scale. The framework will then be used with a few real world application use cases to illustrate some ideas on designing scalable security.
Is TPM the best option for embedded security?
Christophe Tremlet - Executive Business Manager, Micros & Security, Maxim Integrated
Bio: Christophe Tremlet has been involved with security IC development for more than 20 years and holds several patents in this field. After being a product engineering manager and application manager for smartcard ICs at STMicrolectronics, he joined Innova Card, a French startup, as CTO.
After the acquisition of Innova Card by Maxim Integrated, Christophe became design centre manager of the office in La Ciotat, France. For some time, he was leading the marketing activities for security ICs, and in the meantime is working as executive business manager for secure microcontrollers. Christophe holds a masters degree in electrical engineering from INSA Lyon, France.
Synopsis: Some security ICs are designed to be used as companion ICs of application processors. The Trusted Computing Group-defined Trusted Platform Modules (TPM) are such companion chips. Security goals in IoT relate to device and server authentication, sensitive data protection, confidentiality and integrity of communications (e.g., TLS protocol), device integrity, and intellectual property protection.
In a more concrete example, an IoT node device needs to have a secure bootloader and secure firmware update, to send sensor data to a server over a TLS connection, and to store sensitive data in flash memory. In this presentation we will explore TPMs capability and their alternatives.
IoT SECURITY FORUM - 15TH NOVEMBER, 10.00am
The importance of designed-in security
Chris Loreskär - Business Development Director, IoT & Innovation Technologies, Trustonic
Bio: Loreskär is Business Development Director - IoT & Innovation Technologies at Trustonic focused on innovations in IoT security. Loreskär has been working in the tech industry for 15 years, starting his career at Ericsson where he worked on securing mobile platforms, before joining Arm Holdings and then Trustonic.
Loreskär was responsible for Trustonic’s IoT R&D strategy development and now the company’s IoT solutions in-market. He has business responsibility for engaging with the IoT ecosystem and evangelising the growing need for advanced security in even the smallest of chips. Loreskär graduated with a Master of Science from Luleå University of Technology, Sweden, and holds several patents.
Synopsis: The world is talking a lot about AI and machine learning, but if you can’t trust the source of the data then everything you learn or act on is flawed. Trustonic think it’s essential for security to be baked in at the silicon level, and also ensuring that the lifecycle of the devices both during and after manufacture is trusted.
Extending the secure edge in industrial control systems
Erik Halthen - Security Systems Manager, Industrial Solutions, Analog Devices
Bio: Erik Halthen, part of ADI’s acquisition of Sypris Electronics in 2016, brings extensive background in cyber security solutions. As part of ADI’s cyber security centre of excellence, Halthen has taken on the role of security systems manager for industrial solutions. Leveraging his experience as a cyber security program manager in the defence industry, Halthen is focused on developing leading security solutions to meet key market demands in Industrial IoT.
Synopsis: The cyber security challenge is changing with Industry 4.0, by the very nature of increasing access and availability of sensors and actuators at the edge. Traditional methods for securing the factory rely heavily on IT security solutions that limit access and availability of data through managing and monitoring network traffic.
Enabling a new industrial revolution of real time, autonomous decisions, requires increased connectivity and edge computing that fundamentally changes the required approach to cyber security. Establishing device level security at the edge allows for smart devices to be connected, leading to more autonomy that will usher in the adoption of Industry 4.0 solutions.
Securing complex IoT systems – security in depth is the way forward
Chris Tubbs - Business Development Director, EMEA, Green Hills Software
Bio: Tubbs is an industry veteran with 40 years experience in the avionics, simulation, medical, automotive and software industries. After 15 years in the aerospace industry managing safety critical systems, he co-founded companies in the simulation and medical imaging markets in the roles of commercial and managing director. He then spent eight years in the automotive industry in Germany and Holland as a development and business development manager after which he joined Green Hills Software in 2008. Tubbs was promoted to director of business development EMEA in 2012, since when he has specialised in safety and security.
Synopsis: IoT devices are becoming exponentially more complicated and connected. For example, a device with pushbuttons and an LED indicator panel has become a connected IoT device with multi-core processors providing sophisticated control options and feature-rich user interfaces. This complexity presents a fertile environment for the hacker to exploit. Since there are classes of IoT devices with safety critical functionality, an exploit can compromise device safety. Many cyber security techniques focus on securing the perimeter of critical computer systems and fast recovery in the event of failure. In this talk, Tubbs will take a new perspective on building safe and secure devices including a holistic view of cyber security from the bottom up, putting a new spin on ‘defence in depth’ and establishing security as the top priority driving the design of critical systems.
MEDICAL SECURITY FORUM - 15TH NOVEMBER, 11.30am
Software security in the fast-changing world of medical devices
Dave Hughes - CEO, HCC Embedded
Bio: Hughes founded HCC Embedded, a developer of re-usable embedded software components, in 2000. In that time the company has grown substantially, supplying many of the industry’s major technology providers. Hughes is a ‘hands-on’ embedded specialist, who still actively contributes to the strategy and direction of HCC’s core technologies. His extensive experience has made him one of the industry’s leading authorities on fail-safe embedded systems, flash memory and process-driven software methodologies.
Synopsis: Medical devices have traditionally had a very restricted use case, but not anymore. Driven by both cost and convenience, many medical devices are now networked or remotely accessed, raising a host of new software security risks. That’s the challenge facing medical device developers who didn’t have to worry about these issues in the past. Why should a specialist in understanding how to measure blood glucose levels know anything about network security?
Even the standards relating to developing medical products have been slow to respond to the needs of the modern age. Hughes will present some of the experiences and failings of developing secure devices and put them in the context of medical product development and standards. He will also examine known failures and stress the importance of rigour in creating security.
Enabling a healthier world and keeping data secure with clinical-grade sensor solutions
Andrew Baker - Executive Director, Industrial & Healthcare, Maxim Integrated
Bio: Andrew Baker joined Maxim Integrated in 2009. He has more than 20 years of experience in the electronics industry in roles ranging from development engineering to sales as well as business/product management. In his current role, he is responsible for leading Maxim’s wearable solutions initiatives for sensors and power management, as well as multiple other product lines. Baker holds a Bachelor’s degree with honours in electronic engineering from the University of Portsmouth, UK.
Synopsis: When acquiring and measuring personal health data, it can be challenging to keep it secure and resistant to accidental or malicious cyber attacks. Government regulatory requirements are driving the need to ensure medical devices can protect acquired user data and provide secure transmission to a network.
The integrity of data starts at the point of measurement with acquisition of the signal of interest (e.g. pulse oximetry and heart rate) which is stored and securely transmitted to the clinical network. Secure point of measurement is now a reality with Maxim’s secure authenticators and preventative digital health and clinical-grade sensors to enable a healthier world.
Ensuring medical IoT devices remain secure, safe and protected
Nicolas Schieli - Manager Strategic/Product Marketing, Secure Products Group, Microchip Technology
Bio: Schieli has nearly 20 years of high-tech embedded experience. He is currently responsible for the product strategy, marketing and application engineering for the Secure Products Group at Microchip Technology. Formerly, he was the marketing director for the microcontroller business line in the Automotive Business Unit at Atmel. He’s also led the Automotive RF product marketing team.
Synopsis: IoT medical devices are proliferating across the industry in applications such as home care medical devices and hospital patient monitoring services connected to hospital networks. Patient data sensitivity is generally at the forefront of designers’ minds but there are many considerations to keep in mind given recent cyber security breaches. Hospital environments are not known to have the most secure networks when it comes to IoT security yet they are paradoxically subject to stringent regulations depending on their location. Microchip will analyse the problems associated with developing secure medical IoT devices and expound upon the solutions available.
Securing medical devices for IoT
Steven Dean - Business Marketing Manager, Signal Processing, Wireless, and Medical Division, ON Semiconductor
Bio: Dean has over 25 years of experience in the semiconductor and medical device fields, now leading ON Semiconductor in business marketing in their Signal Processing, Wireless, and Medical Division. Past appointments have included, director of business development at Medtronic Corporation, director of marketing at Texas Instruments, and director of segment marketing of Freescale Semiconductor. Dean obtained his degree in electrical engineering from Purdue University, with postgraduate work in business.
Synopsis: Wireless connectivity is opening up a new realm of possibilities and exciting new features for medical devices. As these emerge, ensuring that patients and their data are protected, will be a primary concern in making these new features a reality. This presentation will explore industry trends, as well as the system level technology helping to secure connected medical devices.