Title: Cybersecurity and the Internet of Things
The stakes with IoT devices are a lot higher than with average smart phone or notebook. While they are mostly in the possession of the owner, IoT devices will be deployed and almost exclusively operated in potential hostile environments and will have to defend itself against physical online or offline attacks. This means that their design, manufacturing and operation has a lot more in common with locked down gaming consoles where security, integrity and attestation has to be build into the core of the device. Microsoft is working in the Trusted Computing Group (TCG) to define a new security foundation called Device Identity Composition Engine (DICE) that can be bound in hardware to give even tiny 32bit MCUs strong attestable cryptographic identities. This talk will focus on how these devices are manufactured, provisioned, deployed, operated and serviced in the real world and how the underlying security becomes a key differentiator for the entire solution.
Beyond that we will take a look at how it will also enable Trusted Execution in IoT devices that not only guarantee proper execution of compute tasks, but also includes IO operations aka. Trusted Cyber Physical Systems (TCPS). Microsoft is currently prototyping devices and services to showcase how integrity down to the physical level gives the operator the power to determine his policies independent of the device and software manufacturer and cloud operator.
Bio
As a Microsoft employee of 15