Sylvain Guilley, CTO of Secure-IC explains why embedded chip security is vital for protecting the growing fleet of end point devices and tell us more about the recent launch of Secure-IC’s lifecycle management platform for connected devices.
Secure-IC’s Securyzr integrated Security Services Platform (iSSP) serves a string of IoT connected devices from the cloud and can be provided with added-value security services, as well as compliance to standards. We spoke with Sylvain Guilley, CTO of Secure-IC to find out more.
What are the current security challenges affecting connected devices and how can end users look to safeguard themselves against cyber-attacks?
With the EN 303 645 standard, Europe has started to work on establishing some provisions to ensure the security of connected objects and this work is an important step forward to guide consumers with maximum security in their use of IoT: no default password, automatic vulnerability updates (e.g., vulnerabilities detected by independent labs), secure communications, protection of personal data, ease of deleting said data, etc.
We can also advise consumers to be cautious before buying a connected device. Indeed, they can easily find information as security issues become more and more important in tests related to connected objects. Like many products in the industry, connected objects are never 100% produced by a single manufacturer. It is therefore necessary to ensure the origin of the object, as a connected object with little traceability can be potentially dangerous. Moreover, are security updates planned? Are the security parameters customisable? These are indications that the object integrates a security dimension.
Where do you see the greatest device vulnerabilities in regards to connected devices and how can this be addressed?
With the multiplication of digital devices and the connectivity brought to objects that were not previously connected, such as vehicles, smart speakers, and even production lines, data is now everywhere and needs to be secured. The question of data security and integrity is for us at the centre of the challenges of connected devices. As connected objects also represent a colossal attack surface, they are the first elements that need to be secured. We believe that only an integrated and homogeneous level of end-to-end security from connected objects to the depths of the cloud will ensure the security of a world where data is everywhere.
A main framework is critical to the deployment of connected objects and data protection. Indeed, it is the understanding of standards and their strict application, or even reinforcement, during the design phase that will ensure the quality and security of infrastructures and other systems, from the semiconductor to the cloud. Combined with the continued understanding of cybersecurity issues among an increasing number of people, this approach, which is always centered on the end user, makes it possible to limit the risks, and therefore keeps the proven exploitation of vulnerabilities to a minimum.
Where do you see the future of connected devices headed?
Connected objects, which have increased in numbers in recent years, also introduce new cybersecurity threats among which data management and processing and especially personal data is a major challenge.
The Internet of Things implies a very large dissemination of objects, whose lifecycle must be taken into account in order not to add risk to the already inherent risk. Mass deployments of connected objects and wireless networks are bound to fail if they are not supported by a comprehensive security approach that would include sophisticated system management, authentication services for connected objects, commissioning and upgrades, and monitoring of the data exchanged to ensure integrity and confidentiality.
The security challenges are similar across various industries but each market has its own specification based on its usage. Therefore, we see a trend in the need for security certified products in each market (for example combination of safety and security certification schemes in automotive, some lightweight schemes for IoT, etc.).
Please can you explain more about the company’s “Chip to Cloud” vision, and the launch its cybersecurity lifecycle management platform for connected objects?
In the context of the Internet of Things (IoT), we strongly believe that device security is critical and one of the most important assets of the digital world. That is why, we have based our end-to-end embedded cybersecurity solutions around a unique approach called PESC for “Protect, Evaluate, Service & Certify” to effectively support our customers throughout the design lifecycle.
However, after the devices are deployed, they must remain secure. Therefore, it is logical to leverage the chip level (meaning the physical security of electronic chips) to the cloud level and enable customers to “Supply, Deploy and Manage” their device fleets. With this new cybersecurity lifecycle management platform, we cover the entire security lifecycle of connected objects from design to decommissioning.
For example, the platform encompasses the services associated with secret parameters (keys, certificates) provisioning and management, software update capability (deployment of patches, new software versions, etc. which are critical for the lifetime of the products) and security monitoring over the lifetime of the device, based on the device identity service.
Can you tell us more about integrated Secure Elements (iSE) and how this protects System-on-Chips, across the supply chain?
An iSE is a vital security function that is directly integrated into the main chip of the endpoint device, mounted as a subsystem onto the host chip it protects by establishing a silicon root of trust. It typically provides multiple services such as secure boot, isolated processing, asset management, security policy, etc. and thus helps fight against master compromising, malware/Trojan insertion, overbuilding, etc.
For optimised security, Securyzr iSE complies with the most stringent security standards and is suitable for multiple certifications, such as Common Criteria, NIST FIPS 140, and regional schemes whenever required.
What is the platform composed of?
Securyzr integrated Security Services Platform (iSSP) is composed of four different services:
- Key provisioning to securely provision the chip devices with secret key across the supply chain
- Firmware Update (FOTA/FUOTA) to securely provide chips with their software and then update them physically or over the air, to maintain their security level
- Devices monitoring and cyber intelligence to provide a proactive security service, retrieving cyber security logs from the chips, analysing them and sending instructions back to the chip fleet if necessary
- Device identity guarantees trust from the chip to the cloud, from the user and data through device multi-factor authentication that safeguards against hackers, replay, and in the event of an initial compromise
On top of Securyzr iSE, Securyzr iSSP offers additional capabilities. For instance, in the case of the Key Provisioning service, the Securyzr iSSP is able to remotely: generate the assets, securely store the assets to be sent to the cloud, prepare the assets for provisioning, install them in the Secure Element, update and revoke them if necessary.
Can you explain more about the benefits that digital twins provide, what these are and how they can be used within the connected device market?
Digital twins are the virtual counterparts of real IoT devices. Abstracting a fleet of IoT devices into a collection of digital twins allows the operator to see all devices at a glance. This allows a dashboard to:
- See the status of all devices, how they have been provisioned, and their current configuration
- Monitor each and every device, and thus also gain collective information through analytics (e.g., to enable first evidence of attacks before they are even deployed at scale)
- Apply patches to each device accordingly
In this regard, digital twins are central to managing devices seamlessly.
Read the latest edition of PCR’s monthly magazine here: