Hello everyone my name is ash Tosh and I am part of the open source software group with naam and today I’m going to talk about some basic concepts about device security for connected devices I’ll start with some common use cases which are applicable to all of the connected devices and the security challenges they face some of the basic.
Principles security principles which can be applied to all the use cases and then if you talk about the PS a program the platform security architecture firm program for Mom and a brief introduction to adjust it from.
There EMM project at the end and in the end we’ll have some time for questions and answers in character devices space every device is unique and every use case is unique however there are some common usage patterns if you look deep enough there is a underlying theme across all the different use cases all.
The devices they need some form of connectivity it could be device to device communication or it will be communication between a device and a server or it could be a communication between device to a node in the in a mesh network there is some form of data processing involved in all the use cases the data could be sensor data being collected on a device and securely transmitted to a remote entity.
It could be DRM data if you talk about the multimedia content it could be biometric data in case of medical devices and the usage patterns of this data is very complex and the ownership of.
This data becomes extremely complex to manage device management the devices that gets deployed are meant to be in the field for many years and the scale of default deployment is quite large and it’s going to be even larger in the future they cannot be.
Managed individually and they cannot be managed on management basis they need to be managed remotely somehow and in a more automated fashion when this might want to control certain features based on a licensing model for a particular use case when this might want to revoke or invoke certificates.
On a device based on the subscription that the user has paid for their before mat updates because again devices are going to be in the field for a very long time there will be security.
Fixes at the feature updates and the buff fixes on the device and finally the incident management there will be security incidents there will be cases where devices become vulnerable the.
Software become broken down by security researchers or hackers and they need to be fixed by firmware update and finally the vendor management the ecosystem is going to be.
Very complex where different.
Silicon vendors different operating system vendors and the audience they try to collaborate with each other.
And they would want to limit the trust they need to put in each other so it’s a very complex supply chain where we want to make sure.
That the amount of trust each vendor need to put in each other has has is contained and it’s limited and all of these uses scenarios have some underlying common security challenges all of the communicating entities before they start any communication they won’t want to establish a trust they would want to make sure that they are talking to the right entity on the other end if a server is talking to a device there are.