Konferenzen und Rahmenprogramm
You've Been Hacked! Now What?
You've seen the headlines. Whether it';s bots infecting home networks, the destruction of industrial systems, or the ability to take remote control of automobiles, the horror stories around Internet of Things security are starting to mount, like bodies in a bad movie. The bad guys will keep coming with malicious intent. The attacks on connected devices will only get worse and more sophisticated. Hardware, software, communications and communications protocol, device commissioning, applications layers and other systems considerations are just some of the many entry points that could impact security of a device, fall victim to malware, and lead to data breaches or weaponization. Boundary protection can be too porous. Systems that may seem secure today may have weaknesses that will lead to future failure, which is almost an inevitability. Privacy, corporate reputations...and even lives can depend on the ability to ensure a device's security. So it's time to face reality: There's a good chance your device will get hacked. What are you going to do about it? How will you recover? What can you do to prepare? This presentation focuses on what you need to do in the aftermath of an IoT compromise and how you get back to a trusted system. Key points to understand: Identifying a breach -- Your device may seem to be functioning properly, but that doesn't mean it hasn't been hacked. Often there isn't even awareness that a device has been attacked or it is being used for a malicious purpose. How do you spot if something nefarious is present in the memory system? How do you ensure every piece of the core is encrypted? What are the steps to identify security concerns with a device? Recovering from a breach -- The best chance of recovery starts with a Secure Boot Manager (SBM), which is injected into microcontrollers, alongside the provisioning of secure keys and certificates, to provide a robust root-of-trust. Having this in place in critical to an effective recovery. Remediating a breach -- How do you develop a patching strategy? This involves downloading a known, good component and patching it in. Restarting -- The Secure Boot Manager also enables a secure software update process. The customer application will download the software update to a separate memory location and will make a software update API call to the SBM. The SBM will reset the MCU, and after reset, it will process the requested update by verifying it and programming the flash with the software update. Managing the lifecycle of a device -- Increasingly, the ability to securely update a product's firmware in the field over the lifecycle of the product is crucial. If devices need updating and patching, how do you ensure your device has that secure functionality? The best defense enables a cradle-to-grave solution for compromises. This presentation will look at everything you need to know to create a root-of-trust and secure framework, identify a breach, and prepare for and recover from an attack.
--- Datum: 27.02.2018 Uhrzeit: 16:30 Uhr - 17:00 Uhr Ort: Conference Counter NCC Ost