This website uses cookies to make the content more user-friendly and effective. By using this website, you agree to the use of cookies. You can find additonal information about the use of cookies and the possibility of objecting to the use of cookies here.

26 - 28 February 2019 // Nuremberg, Germany

Conferences and supporting programme

back to day overview
Session 11 I - Securing Embedded Devices I

IoT-Security and Product Piracy: Smart Key Management Versus Secure Hardware Vortragssprache Englisch

In the time of digitalization and the fear to lose against competitors, manufacturers of physical products are urgently searching for solution to “smartify” and digitalize their products, to establish new digital business models, and to offer new services. To them, digitalization means mainly the establishment of (Internet-) connectivity between their products and some digital service platform enabling data sharing and artificial intelligence. However, many business models build on top of digitalization might lose its competitive advantage for the manufacturer if the data are not secured (available, confidential, and integer). Simultaneously, for the consumer and society at large, it is important that the technology is privacy preserving. We present a detailed overview what is arguably the most difficult part in the majority of security systems, namely device authentication and key establishment. Today key establishment solutions for securing the IoT ecosystem are mainly dividable into three categories: - Master secrets (e.g., hard-coded, factory default keys, easy to guess passwords). - Device individual credentials integrated within the production (e.g., client certificates, symmetric token etc.). - Ad-hoc based key establishment (e.g., using the resurrecting duckling principal). Each approach has its advantages (e.g., a cheap production, solid security, or flexible production) as well as disadvantages (e.g., a serious undermining in the case of a hack, new complexities and expenses within the supply chain, or manual provisioning) and works with standard MCUs, secure-MCUs (e.g., with read-out protection), or even secure hardware. A common example of a secure elements are Trusted Platform Modules (TPMs). They usually contain a co-processor for energy-efficient computation of cryptographic primitives as well as a protected storage for keys). A major question of decision makers is: Which key establishment method and which (security) hardware solution reduces product piracy risk as well as cyber security risks sufficiently, is capable to start today with small charges and end up with a flexible long-term capable serial production, as well as provides a good cost-benefit ratio for new IoT products? In the present paper we focus on details to find a individual answer, while potential lock-in effects of suppliers and platform providers are out of scope.

--- Date: 28.02.2018 Time: 10:30 AM - 11:00 AM Location: Conference Counter NCC Ost



Dr. Christian Zenger

Ruhr University Bochum


The selected entry has been placed in your favourites!

If you register you can save your favourites permanently and access all entries even when underway – via laptop or tablet.

You can register an account here to save your settings in the Exhibitors and Products Database and as well as in the Supporting Programme.The registration is not for the TicketShop and ExhibitorShop.

Register now

Your advantages at a glance:

  • Advantage Save your favourites permanently. Use the instant access – mobile too, anytime and anywhere – incl. memo function.
  • Advantage The optional newsletter gives you regular up-to-date information about new exhibitors and products – matched to your interests.
  • Advantage Call up your favourites mobile too! Simply log in and access them at anytime.