SlideShare une entreprise Scribd logo

Java Solutions for Securing Edge-to-Enterprise

Eric Vétillard
Eric Vétillard

A presentation from JavaOne 2013 about the use of various Java dialects, in particular Java Card, to secure IoT and M2M deployments in an enterprise deployment.

Technologie
1  sur  31
Télécharger pour lire hors ligne
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 131 Java Solutions for Securing Edge-to-Enterprise Eric Vétillard Sr. Principal Product Manager, Java Card Oracle
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 132 Program Agenda  Embedded security requirements  Example: Smart Meter use cases  Building trust with Secure Elements  Java Card in embedded devices  Edge-to-enterprise security
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 133 Device Device Device Device DeviceDevice Standard Architecture GatewayBackend Device Device Device Storage Java EE Java Embedded Suite Java ME Embedded (optional)
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 134  There are many of them  They are the heart of business  They are you  You may have limited control The devices are new What’s New? Device Device Device Device DeviceDevice Device Device Device Backend Cloud Server
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 135  Attacking the device – Tampering with the device – Fake device  Attacking the device link – Stealing information – Modifying information New system entry point What New Risks are Introduced? DeviceDeviceDevice Backend Cloud Server 
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 136 Security is About Resistance to Attacks  Attacks are intended to abuse the system for the benefit of the attacker  Think about attackers, not only about users – Possibly a user trying to abuse the system – Possibly a terrorist trying to destroy the whole ecosystem  Think about vulnerabilities, not bugs – Vulnerabilities often start from features – Bad specification is harder to fix than bad implementation
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 137 Main Security Requirements  Safety: Do what you are supposed to do  Privacy: Restrict access to user data  Regulation: Abide to national/vertical rules  Access control: Restrict access to authorized persons  Accountability: Guarantee some traceability of other properties High-level requirements Even under attack
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 138 Main Security Functions Data protection Confidentiality Encryption Integrity Signature Authentication Authorization Authentication Password Biometry - Token Authorization Access rights Logging & Auditing Security log Remember actions Auditor access Log interpretation Provisioning Code Update System upgrade App upgrade Bug fixing Software protection Code Integrity Code signature Code verification Runtime integrity
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 139 Smart metering: High-level View Why move to smart meters?  Better data collection  Less manpower  Accurate information  Enable Smart Grid and Big Data  Better grid control  Feedback to users (optional)
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1310 Smart metering: High-level View Why move to smart meters?  Better data collection  Less manpower  Acurate information  Enable Smart Grid and Big Data  Better grid control  Feedback to users What consequences?  Less human control  Fraud detection is difficult  More data flowing  Injection of wrong data  Private consumer data leaks (optional)
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1311 Smart metering: Environment and Details (optional) Main characteristics  Owned/controlled by utility company  Lifetime > 10 years  No human intervention  Tamper-resistant meter  Limited price sensitivity  Raw data is privacy-sensitive
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1312 Smart metering: Environment and Details (optional) Main characteristics  Owned/controlled by utility company  Lifetime > 10 years  No human intervention  Tamper-resistant meter  Limited price sensitivity  Raw data is privacy-sensitive Threat analysis  On the device  Tampering with data collection  Tampering with collected data  Between the device and the backend  Insert fake device  Modify transferred data  Steal transferred data
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1313 Smart Metering: Security Update  Data collection Before Tamper-evidence After Tamper-resistance  Data storage New issue Data integrity Data confidentiality  Fake device New issue Authentication  Fake server New issue Authentication  Man-in-the middle New issue Secure channel
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1314  Tamper-proofing the device  Securing the protocol  Using a good software stack  Adding a secure element – Tamper-resistant hardware – Small, isolated, certifiable Many Levels of Security Smart Meter: Designing Security In
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1315 3 Ways to Build Trust from Secure Elements  Secure element as secure store – Storing and handling important secrets – Example: the satellite TV card  Secure element as backend proxy – Representing the service provider in the device – Example: the SIM card  Secure element as device root of trust – Build trust in the device from a Secure Element – Example: the Trusted Platform Module (TPM)
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1316  Satellite TV good for hackers – Content is broadcast  Content is encrypted – Using a single key – This key needs protection Satellite TV Secure Element as Secure Store 
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1317  Tamper resistance is key – Device is “in the wild” – Secrets have value  Not just a store – Secure elements have a CPU – Core secrets never get out Satellite TV Cards Secure Element as Secure Store 
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1318  Access only for subscribers – Bidirectional communication – Authentication required  System can be hacked – Duplicating phone identity Mobile telephony Secure Element as Backend Proxy 
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1319  End-to-end security – SIM interacts with backend – Security is in the SIM – Device is just a dumb pipe  Limits trust requirements – Untrusted device is OK – BYOD is ultimate use case Mobile telephony SIM Secure Element as Backend Proxy 
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1320  Device can be compromised – End user changing software – External network attack  Very dangerous on devices – Consequences unknown – Hard to fix directly on device – Remote access can be disabled by attacker Protecting Device Integrity Secure Element as Device Root of Trust Device 
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1321  Provides good guarantees – Tamper evidence – Hardware integration  Building from these properties – TPM verifies the kernel – Kernel starts, verifies OS, … – Remote attestation possible Using a TPM as root of trust Secure Element as Device Root of Trust Kernel Apps OS
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1322 3 Ways to Build Trust from Secure Elements  Secure element as secure store – Storing and handling important secrets – Example: the satellite TV card  Secure element as backend proxy – Representing the service provider in the device – Example: the SIM card  Secure element as device root of trust – Build trust in the device from a Secure Element – Example: the Trusted Platform Module (TPM) Recap and value
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1323 3 Ways to Build Trust from Secure Elements  Secure element as secure store – Storing and handling important secrets – Example: the satellite TV card  Secure element as backend proxy – Representing the service provider in the device – Example: the SIM card  Secure element as device root of trust – Build trust in the device from a Secure Element – Example: the Trusted Platform Module (TPM) Recap and value Value for service provider For unconnected models Focus on local security Value for service provider For connected models End-to-end security Value for device provider For all application models Improves device security
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1324  Mostly a backend proxy – Authentication, secure channel – Managing data for the provider  Also a secure store – If there is a local interface  Could be a root of trust – Protecting device integrity Many Levels of Security Smart Meter: What Secure Element Model?
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1325 Embedded Systems with Security Subsystems A few examples available today Smart cards Mobile phones SIM POS terminals EMV payment Media players DRM Trusted Execution Environment (TEE) Mobile devices DRM Device integrity Secure Elements Wireless Modules SIM / Authentication NFC Phones Mobile payment Smart meters Regulation, prepaid TPM ATM System integrity Media players DRM
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1326 Java Card and Java in the Embedded Space  Java Card is used to program secure elements – Subset of Java, complemented with specific APIs – Multi-tenant architecture with firewalled applications – Dynamic application management – Now available on embeddable secure microcontrollers  Java APIs exist to communicate with secure elements on devices – JSR-177 provides access to secure elements – JSR-257 for using a contactless interface Many links available
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1327 Edge-to-Enterprise Security  First, identify the security requirements – What security features are/will be required on edge devices? – What kind of attacks need to be considered? – What kind of assurance level is/will be required?  Then, separate the security functions – Think of it as a separate Security Subsystem Including security in the process
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1328 Edge-to-Enterprise Security  Embedded in the main code – Providing a minimal assurance level – Already much, much better than if not identified  Using a dedicated secure element – Improved traceability and highest assurance levels – Improved asset protection and tamper resistance  More options will become available – From Trusted Computing to Trusted Execution Environments – The Java Card team follows closely these initiatives On-device implementation options
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1329 Don’t Forget Security Engineering!  Compliance issues – PCI compliance can be lost, and this is very bad publicity – HIPAA compliance will not be easier  Many embedded devices will need to be integrated  Attacks happen, and devices will be targeted – Attacks moving from desktop to mobile – Hackers are realizing that many devices are poorly secured Breaches are costly
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1330 Any questions? Eric Vétillard eric.vetillard@oracle.com
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1331

Recommandé

Jrsys secure mobile solutions 2014
Jrsys secure mobile solutions 2014 Jrsys secure mobile solutions 2014
Jrsys secure mobile solutions 2014
James Wu
 
Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoT
Paul Madsen
 
Connected Silicon Security Challenges and Framework - Tyfone - Siva Narendra
Connected Silicon Security Challenges and Framework - Tyfone - Siva NarendraConnected Silicon Security Challenges and Framework - Tyfone - Siva Narendra
Connected Silicon Security Challenges and Framework - Tyfone - Siva Narendra
Tyfone, Inc.
 
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Ping Identity
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity Chalktalk
Craig Wu
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication market
OKsystem
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA
Ping Identity
 
Dancing pigs are real. Aigars Jaundālders. DPA Konference 2014.
Dancing pigs are real. Aigars Jaundālders. DPA Konference 2014. Dancing pigs are real. Aigars Jaundālders. DPA Konference 2014.
Dancing pigs are real. Aigars Jaundālders. DPA Konference 2014.
ebuc
 

Recommandé

Jrsys secure mobile solutions 2014
Jrsys secure mobile solutions 2014 Jrsys secure mobile solutions 2014
Jrsys secure mobile solutions 2014
James Wu
 
Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoT
Paul Madsen
 
Connected Silicon Security Challenges and Framework - Tyfone - Siva Narendra
Connected Silicon Security Challenges and Framework - Tyfone - Siva NarendraConnected Silicon Security Challenges and Framework - Tyfone - Siva Narendra
Connected Silicon Security Challenges and Framework - Tyfone - Siva Narendra
Tyfone, Inc.
 
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Ping Identity
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity Chalktalk
Craig Wu
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication market
OKsystem
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA
Ping Identity
 
Dancing pigs are real. Aigars Jaundālders. DPA Konference 2014.
Dancing pigs are real. Aigars Jaundālders. DPA Konference 2014. Dancing pigs are real. Aigars Jaundālders. DPA Konference 2014.
Dancing pigs are real. Aigars Jaundālders. DPA Konference 2014.
ebuc
 
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA
 
SYPHERSAFE
SYPHERSAFESYPHERSAFE
SYPHERSAFE
Mustafa Kuğu
 
The Industrial Immune System
The Industrial Immune SystemThe Industrial Immune System
The Industrial Immune System
Justin Hayward
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of Things
Ping Identity
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
ForgeRock
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoT
FIDO Alliance
 
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint TechnologyQualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
FIDO Alliance
 
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
OKsystem
 
Secur Digital Presentation 22jul10 Frm Show
Secur Digital Presentation 22jul10 Frm ShowSecur Digital Presentation 22jul10 Frm Show
Secur Digital Presentation 22jul10 Frm Show
fmitchell
 
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPasswords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Priyanka Aash
 
IoT Security Challenges
IoT Security ChallengesIoT Security Challenges
IoT Security Challenges
Forest Interactive
 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case Study
FIDO Alliance
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
Ulf Mattsson
 
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingProtect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Ivanti
 
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile World
LINE Corporation
 
Maloney slides
Maloney slidesMaloney slides
Maloney slides
Onkar Sule
 
Drawing the Line Correctly: Enough Security, Everywhere
Drawing the Line Correctly: Enough Security, EverywhereDrawing the Line Correctly: Enough Security, Everywhere
Drawing the Line Correctly: Enough Security, Everywhere
LINE Corporation
 
“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication
LINE Corporation
 
FIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming WebinarFIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming Webinar
FIDO Alliance
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
Symantec
 
First Steps with Java Card
First Steps with Java CardFirst Steps with Java Card
First Steps with Java Card
Eric Vétillard
 
Safend General Presentation 2010
Safend General Presentation 2010Safend General Presentation 2010
Safend General Presentation 2010
Joseph Mark Heinzen
 

Contenu connexe

Tendances

Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoT
FIDO Alliance
 
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
OKsystem
 
Secur Digital Presentation 22jul10 Frm Show
Secur Digital Presentation 22jul10 Frm ShowSecur Digital Presentation 22jul10 Frm Show
Secur Digital Presentation 22jul10 Frm Show
fmitchell
 
Maloney slides
Maloney slidesMaloney slides
Maloney slides
Onkar Sule
 
FIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming WebinarFIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming Webinar
FIDO Alliance
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
Symantec
 

Tendances (20)

Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
 
SYPHERSAFE
SYPHERSAFESYPHERSAFE
SYPHERSAFE
 
The Industrial Immune System
The Industrial Immune SystemThe Industrial Immune System
The Industrial Immune System
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of Things
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoT
 
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint TechnologyQualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
Qualcomm ® Snapdragon Sense ™ ID 3D Fingerprint Technology
 
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
 
Secur Digital Presentation 22jul10 Frm Show
Secur Digital Presentation 22jul10 Frm ShowSecur Digital Presentation 22jul10 Frm Show
Secur Digital Presentation 22jul10 Frm Show
 
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPasswords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
 
IoT Security Challenges
IoT Security ChallengesIoT Security Challenges
IoT Security Challenges
 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case Study
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
 
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingProtect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
 
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile World
 
Maloney slides
Maloney slidesMaloney slides
Maloney slides
 
Drawing the Line Correctly: Enough Security, Everywhere
Drawing the Line Correctly: Enough Security, EverywhereDrawing the Line Correctly: Enough Security, Everywhere
Drawing the Line Correctly: Enough Security, Everywhere
 
“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication
 
FIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming WebinarFIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming Webinar
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
 

Similaire à Java Solutions for Securing Edge-to-Enterprise

Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?
EMC
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
Rodrigo Piovesana
 
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Matthew Rosenquist
 
Oracle-Security_Executive-Presentation
Oracle-Security_Executive-PresentationOracle-Security_Executive-Presentation
Oracle-Security_Executive-Presentation
stefanjung
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
IBM Security
 

Similaire à Java Solutions for Securing Edge-to-Enterprise (20)

First Steps with Java Card
First Steps with Java CardFirst Steps with Java Card
First Steps with Java Card
 
Safend General Presentation 2010
Safend General Presentation 2010Safend General Presentation 2010
Safend General Presentation 2010
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of Things
 
CSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxCSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptx
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
 
Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...
 
Security hardening and drown attack prevention for mobile backend developers
Security hardening and drown attack prevention for mobile backend developersSecurity hardening and drown attack prevention for mobile backend developers
Security hardening and drown attack prevention for mobile backend developers
 
Oracle-Security_Executive-Presentation
Oracle-Security_Executive-PresentationOracle-Security_Executive-Presentation
Oracle-Security_Executive-Presentation
 
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
 
Securing Java in the Server Room
Securing Java in the Server RoomSecuring Java in the Server Room
Securing Java in the Server Room
 
JavaOne2013: Securing Java in the Server Room - Tim Ellison
JavaOne2013: Securing Java in the Server Room - Tim EllisonJavaOne2013: Securing Java in the Server Room - Tim Ellison
JavaOne2013: Securing Java in the Server Room - Tim Ellison
 
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
Dell Solutions Tour 2015 - Reduce IT admin work load and reduce complexity an...
 
iPhone and iPad Security
iPhone and iPad SecurityiPhone and iPad Security
iPhone and iPad Security
 
Java Card, 15 years later
Java Card, 15 years laterJava Card, 15 years later
Java Card, 15 years later
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planet
 
UplinQ - the future of mobile security
UplinQ - the future of mobile securityUplinQ - the future of mobile security
UplinQ - the future of mobile security
 

Plus de Eric Vétillard

Plus de Eric Vétillard (6)

New Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web ServersNew Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web Servers
 
Step-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected Platform
 
Java Card Technology: The Foundations of NFC
Java Card Technology: The Foundations of NFCJava Card Technology: The Foundations of NFC
Java Card Technology: The Foundations of NFC
 
Java Card Platform Security and Performance
Java Card Platform Security and PerformanceJava Card Platform Security and Performance
Java Card Platform Security and Performance
 
Java Card in Banking and NFC
Java Card in Banking and NFCJava Card in Banking and NFC
Java Card in Banking and NFC
 
Eric java card-basics-140314
Eric java card-basics-140314Eric java card-basics-140314
Eric java card-basics-140314
 

Dernier

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Dernier (20)

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Java Solutions for Securing Edge-to-Enterprise

  • 1. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 131 Java Solutions for Securing Edge-to-Enterprise Eric Vétillard Sr. Principal Product Manager, Java Card Oracle
  • 2. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 132 Program Agenda  Embedded security requirements  Example: Smart Meter use cases  Building trust with Secure Elements  Java Card in embedded devices  Edge-to-enterprise security
  • 3. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 133 Device Device Device Device DeviceDevice Standard Architecture GatewayBackend Device Device Device Storage Java EE Java Embedded Suite Java ME Embedded (optional)
  • 4. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 134  There are many of them  They are the heart of business  They are you  You may have limited control The devices are new What’s New? Device Device Device Device DeviceDevice Device Device Device Backend Cloud Server
  • 5. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 135  Attacking the device – Tampering with the device – Fake device  Attacking the device link – Stealing information – Modifying information New system entry point What New Risks are Introduced? DeviceDeviceDevice Backend Cloud Server 
  • 6. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 136 Security is About Resistance to Attacks  Attacks are intended to abuse the system for the benefit of the attacker  Think about attackers, not only about users – Possibly a user trying to abuse the system – Possibly a terrorist trying to destroy the whole ecosystem  Think about vulnerabilities, not bugs – Vulnerabilities often start from features – Bad specification is harder to fix than bad implementation
  • 7. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 137 Main Security Requirements  Safety: Do what you are supposed to do  Privacy: Restrict access to user data  Regulation: Abide to national/vertical rules  Access control: Restrict access to authorized persons  Accountability: Guarantee some traceability of other properties High-level requirements Even under attack
  • 8. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 138 Main Security Functions Data protection Confidentiality Encryption Integrity Signature Authentication Authorization Authentication Password Biometry - Token Authorization Access rights Logging & Auditing Security log Remember actions Auditor access Log interpretation Provisioning Code Update System upgrade App upgrade Bug fixing Software protection Code Integrity Code signature Code verification Runtime integrity
  • 9. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 139 Smart metering: High-level View Why move to smart meters?  Better data collection  Less manpower  Accurate information  Enable Smart Grid and Big Data  Better grid control  Feedback to users (optional)
  • 10. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1310 Smart metering: High-level View Why move to smart meters?  Better data collection  Less manpower  Acurate information  Enable Smart Grid and Big Data  Better grid control  Feedback to users What consequences?  Less human control  Fraud detection is difficult  More data flowing  Injection of wrong data  Private consumer data leaks (optional)
  • 11. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1311 Smart metering: Environment and Details (optional) Main characteristics  Owned/controlled by utility company  Lifetime > 10 years  No human intervention  Tamper-resistant meter  Limited price sensitivity  Raw data is privacy-sensitive
  • 12. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1312 Smart metering: Environment and Details (optional) Main characteristics  Owned/controlled by utility company  Lifetime > 10 years  No human intervention  Tamper-resistant meter  Limited price sensitivity  Raw data is privacy-sensitive Threat analysis  On the device  Tampering with data collection  Tampering with collected data  Between the device and the backend  Insert fake device  Modify transferred data  Steal transferred data
  • 13. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1313 Smart Metering: Security Update  Data collection Before Tamper-evidence After Tamper-resistance  Data storage New issue Data integrity Data confidentiality  Fake device New issue Authentication  Fake server New issue Authentication  Man-in-the middle New issue Secure channel
  • 14. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1314  Tamper-proofing the device  Securing the protocol  Using a good software stack  Adding a secure element – Tamper-resistant hardware – Small, isolated, certifiable Many Levels of Security Smart Meter: Designing Security In
  • 15. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1315 3 Ways to Build Trust from Secure Elements  Secure element as secure store – Storing and handling important secrets – Example: the satellite TV card  Secure element as backend proxy – Representing the service provider in the device – Example: the SIM card  Secure element as device root of trust – Build trust in the device from a Secure Element – Example: the Trusted Platform Module (TPM)
  • 16. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1316  Satellite TV good for hackers – Content is broadcast  Content is encrypted – Using a single key – This key needs protection Satellite TV Secure Element as Secure Store 
  • 17. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1317  Tamper resistance is key – Device is “in the wild” – Secrets have value  Not just a store – Secure elements have a CPU – Core secrets never get out Satellite TV Cards Secure Element as Secure Store 
  • 18. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1318  Access only for subscribers – Bidirectional communication – Authentication required  System can be hacked – Duplicating phone identity Mobile telephony Secure Element as Backend Proxy 
  • 19. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1319  End-to-end security – SIM interacts with backend – Security is in the SIM – Device is just a dumb pipe  Limits trust requirements – Untrusted device is OK – BYOD is ultimate use case Mobile telephony SIM Secure Element as Backend Proxy 
  • 20. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1320  Device can be compromised – End user changing software – External network attack  Very dangerous on devices – Consequences unknown – Hard to fix directly on device – Remote access can be disabled by attacker Protecting Device Integrity Secure Element as Device Root of Trust Device 
  • 21. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1321  Provides good guarantees – Tamper evidence – Hardware integration  Building from these properties – TPM verifies the kernel – Kernel starts, verifies OS, … – Remote attestation possible Using a TPM as root of trust Secure Element as Device Root of Trust Kernel Apps OS
  • 22. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1322 3 Ways to Build Trust from Secure Elements  Secure element as secure store – Storing and handling important secrets – Example: the satellite TV card  Secure element as backend proxy – Representing the service provider in the device – Example: the SIM card  Secure element as device root of trust – Build trust in the device from a Secure Element – Example: the Trusted Platform Module (TPM) Recap and value
  • 23. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1323 3 Ways to Build Trust from Secure Elements  Secure element as secure store – Storing and handling important secrets – Example: the satellite TV card  Secure element as backend proxy – Representing the service provider in the device – Example: the SIM card  Secure element as device root of trust – Build trust in the device from a Secure Element – Example: the Trusted Platform Module (TPM) Recap and value Value for service provider For unconnected models Focus on local security Value for service provider For connected models End-to-end security Value for device provider For all application models Improves device security
  • 24. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1324  Mostly a backend proxy – Authentication, secure channel – Managing data for the provider  Also a secure store – If there is a local interface  Could be a root of trust – Protecting device integrity Many Levels of Security Smart Meter: What Secure Element Model?
  • 25. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1325 Embedded Systems with Security Subsystems A few examples available today Smart cards Mobile phones SIM POS terminals EMV payment Media players DRM Trusted Execution Environment (TEE) Mobile devices DRM Device integrity Secure Elements Wireless Modules SIM / Authentication NFC Phones Mobile payment Smart meters Regulation, prepaid TPM ATM System integrity Media players DRM
  • 26. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1326 Java Card and Java in the Embedded Space  Java Card is used to program secure elements – Subset of Java, complemented with specific APIs – Multi-tenant architecture with firewalled applications – Dynamic application management – Now available on embeddable secure microcontrollers  Java APIs exist to communicate with secure elements on devices – JSR-177 provides access to secure elements – JSR-257 for using a contactless interface Many links available
  • 27. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1327 Edge-to-Enterprise Security  First, identify the security requirements – What security features are/will be required on edge devices? – What kind of attacks need to be considered? – What kind of assurance level is/will be required?  Then, separate the security functions – Think of it as a separate Security Subsystem Including security in the process
  • 28. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1328 Edge-to-Enterprise Security  Embedded in the main code – Providing a minimal assurance level – Already much, much better than if not identified  Using a dedicated secure element – Improved traceability and highest assurance levels – Improved asset protection and tamper resistance  More options will become available – From Trusted Computing to Trusted Execution Environments – The Java Card team follows closely these initiatives On-device implementation options
  • 29. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1329 Don’t Forget Security Engineering!  Compliance issues – PCI compliance can be lost, and this is very bad publicity – HIPAA compliance will not be easier  Many embedded devices will need to be integrated  Attacks happen, and devices will be targeted – Attacks moving from desktop to mobile – Hackers are realizing that many devices are poorly secured Breaches are costly
  • 30. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1330 Any questions? Eric Vétillard eric.vetillard@oracle.com
  • 31. Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 1331