embedded award 2023: Safety & security nominees
Increasingly intensive networking of embedded systems increases the demands on the functional safety of hardware and software and on protection against external attacks (security). The general security situation leads to an increased threat potential. Legal requirements derived from the EU Cybersecurity Act and the EU Resilience Act increase the need to be proactive. The solutions of the nominees in the safety & security award category help with this.
A security tool focused on connected products, a modular secure XDR system written in Rust and TPMs that offer a PQC-protected firmware update
The Product Security Platform
Vehicles, medical devices, and industrial machinery have become increasingly software defined, making these once mechanical machines into ultra-modern web-connected devices – putting user safety and security at risk.
Cybellum’s Product Security platform perfectly integrates into the existing manufacturing workflow, allowing them to manage security and compliance across all teams and use cases. From managing a product's Software Bills of Materials (SBOM) process from creation to approval, to automatically surfacing your product's cyber risk in context and validating compliance with regulatory requirements for your specific industry, this is cybersecurity designed for connected products.
But don't just take our word for it – the world's largest manufacturers are already on board, making their product security process more automated, governed, and efficient. Because the truth is, every software-driven asset on earth has its own dedicated cybersecurity platform, from IT to networks, clouds, and online applications. It's about time connected products have their own dedicated platform as well.
Cybellum is the only security tool focused on today’s connected products. While others offer generic scanners or specific capabilities, the Product Security Platform understands the needs of managers and teams who are tasked with new security protocols alongside growing regulations, and greater productivity. By focusing on only connected products in specific industries we are helping automate, streamline, and scale the full security and regulatory reporting process.
Exhibitor: Exein S.p.A.
Exein Runtime is a state-of-the-art runtime threat detection and incident response solution (XDR) for Linux- and RTOS-based IoT systems. Exein Runtime allows our clients to monitor and protect their IoT devices from any type of external cybersecurity threat, and enables them to proactively detect and respond to both known and unknown attacks in real time.
At the heart of the Exein Runtime system, there is the Exein Pulsar security agent. Pulsar is an open source, eBPF-based kernel observability framework developed by Exein. It is written entirely in Rust, a modern and secure language that allows for extreme performance even in constrained embedded environments.
Exein Runtime targets all companies that need to protect systems, networks, and data from a broad spectrum of IoT security attacks. A large slice of our customers segment is represented by OEMs (Original Equipment Manufacturers) and OEM Providers, followed by Information & Technology companies and Cyber-security consultancy firms.
Exein Runtime is a modern, modular and secure XDR system written in Rust. By design, it offers high performance, low computational cost and strong security features for IoT and edge computing applications.
Built on open foundations, Exein Runtime is proven to be scalable, highly secure and fast. The combination of Edge AI-based anomaly detection capabilities and a heuristic policy engine allows Exein Runtime to protect embedded devices from both known and unknown threats.
The extreme modularity of the core architecture enables it to run on different hardware profiles ranging from ultra-low-end devices to smartphones, server environments and containers, with minimal overhead costs. Competing solutions are usually implemented in C++, a language proven as unsafe for critical applications – and are monolithic. This has a significant cost in terms of performance, as well as maintenance and security.
Moreover, by leveraging state of the art kernel tracing technologies like eBPF, Exein Runtime is able to obtain a much more granular visibility into single processes activity, without compromising the safety and stability of the underlying host.
OPTIGA TPM SLB 9673
Exhibitor: Infineon Technologies
More and more devices are connected to the Internet. And every one of those devices can serve as a potential entry point for attackers. Once in, the attackers can gain full unauthorized access to any unprotected areas of the platform, run malicious code, or perform other nefarious actions. Such attacks on connected devices then often spread to other connected components and potentially cripple an entire system, building, or even industrial plant.
The IoT needs solution that provide protection and trust – individual and secured IDs serve as a robust foundation. That´s why there is a need for a solution that is able to identify and authenticate any kind of connected device or system – e.g. network infrastructure devices and equipment as well as industrial machines such as factory robots. In addition, the protection of data integrity and confidentiality must be covered as well.
OPTIGA™ TPM SLB 9673 gives IoT “things” a unique identification number so they can connect to the IoT or the network. This number can be used to track IoT devices and equipment on the networks, and to validate their access rights. To avoid the risk of counterfeit, this number is protected from being be modified.
Infineon´s latest TPMs are the first in the market that offer a PQC-protected firmware update mechanism using XMSS signatures. OPTIGA™ TPM SLB 9673 is the latest addition to the OPTIGA™ TPM family targeted at connected devices that require enhanced security features. Infineon´s OPTIGA™ TPM SLB 9673 is an ideal building block to increase the security level of complex systems, it provides enhanced classical cryptographic capabilities, and marks a new milestone in the push towards PQC with a quantum-resistant firmware update mechanism.
The firmware update mechanism is the important feature that allows security architects to reduce the risk of aforementioned large-scale attacks. The firmware update is not only signed using elliptic curves (here NIST-P521) but also by so-called XMSS signatures. XMSS is a digital signature scheme, which is quantum resistant and already standardized by NIST and other organizations.
The Infineon update authority manages the ECC and XMSS keys and keeps firmware updates authentic. And while the PQC-protected firmware update mechanism marks only the beginning of a huge transition of the whole IT security industry towards PQC, it already closes an important attack vector. Infineon’s OPTIGA™ TPM SLB 9673 is feature-rich and ready for current and future security challenges.