安全任務小組

安全任務小組由來自 STMicroelectronics 的 Olivier Van Nieuwenhuyze 擔任主席。 所有 GlobalPlatform 成員均有資格參加此小組,獲批准的非成員政府機構同樣有此資格。

安全任務小組定義了協會的安全理念及其對安全領域的貢獻

目標

安全任務小組致力於:

  • 參與外部安全性組織並進行協作,以確保將廣泛的用例和市場部門的安全要求納入 GlobalPlatform。
  • 向 GlobalPlatform 技術委員會提供安全理念、密碼學、認證和適用性方面的建議。
  • 推進與政府機構及其安全專家的合作,以確定市場需求。

目前優先事項

  • 繼續確定和分類面向物聯網 (IoT) 的安全技術。
  • 為物聯網中的 SCP 開發用例。
  • 遠端連線有限制時,確定物聯網密碼學約束。
  • 推進加密靈活性和後量子密碼學方面的工作。
  • 維護和更新加密演算法建議表。
  • 定義如何結合使用 GlobalPlatform 技術和 TPM 技術(或其他等效庫)。
  • 完成安全級別定義和更新的認證計畫。
  • 支援 TEE 委員會制定 MCU 保護框架。
  • 透過建立由如下方面組成的評估方法論,支援認證機構和實驗室將物聯網平台安全評估標準 (SESIP) 方法與其現有計畫相結合,並確保評估的一致性:
    • 面向廠商的範本
    • 虛擬 SFR 資料庫
    • 指向攻擊活動方法的連結。
相關內容

RoT 要求

透過定義和要求檔案,原始裝置製造商 (OEM) 和服務提供者 (SP) 能夠建立、實作和使用信任根 (RoT) 來保護其裝置和服務。

下載

GlobalPlatform RoT 簡介(英語)

GlobalPlatform 的 RoT 定義和要求視訊簡介解釋了 RoT 的定義以及 GlobalPlatform 建立技術文件的原因。

觀看英文版

使用信任鏈部署和保護數位服務

該商業出版物由 GlobalPlatform 的安全任務小組編撰,其中解釋了以安全為核心設計裝置和服務的重要性。

下載
Crypto Sub-Task Force

GlobalPlatform promotes cross industry discussion to identify and address market requirements

Crypto Sub-Task Force

GlobalPlatform promotes cross industry discussion to identify and address market requirements

Mission

The purpose of the Crypto sub-task force is to evaluate and provide recommendations on the cryptographic mechanisms used in GlobalPlatform technology, to ensure high levels of security as cryptography trends and technologies evolve.

Objectives

  • Analyze and report on relevant trends in cryptographic development for new markets and new use cases, as well as trends in cryptographic standardization and policies.
  • Evaluate cryptographic algorithms and protocols, and suggest improvements/modifications to GlobalPlatform when appropriate
  • Identify new cryptographic algorithms and protocols to be considered by GlobalPlatform
  • Provide analysis and recommendations on specific cryptography topics.
  • Collaborate with external industry groups and organizations, through the GP liaison process, in order to better understand and gather functional and technical requirements.

Current Priorities

  • Examine hybrid crypto approaches starting with TLS, to be able to recommend a version in the near future that is acceptable with SE (and TEE) constraints, including collaboration with the GlobalPlatform IoTopia Task Force to understand impact for size-constrained embedded devices.
  • Progress work on hybrid post-quantum cryptography (PQC), including a plan for the integration of new algorithms published security standards bodies including National Institute of Standards and Technology (NIST).
SESIP Sub-Task Force

GlobalPlatform promotes cross industry discussion to identify and address market requirements

SESIP Sub-Task Force

The SESIP sub-task force is chaired by Eve Atallah of NXP Semiconductors. All GlobalPlatform members are eligible to participate in this group.

Mission

The objective of the SESIP Sub-Task Force is to develop and drive global adoption and recognition of the Security Evaluation for IoT Standard (SESIP) methodology across markets, to address the unique complexities and challenges of the evolving IoT ecosystem and promote consistency across IoT certification schemes.

Objectives

  • Develop and maintain GlobalPlatform’s SESIP methodology, expand applicability to a global audience and grow awareness of GlobalPlatform’s role in IoT security certification.
  • Collaboration with Government agencies including ENISA and NIST, SOG-IS Certification Bodies, and global Standardization groups such as ISO and ETSI, to increase recognition of SESIP certificates, and create Protection Profiles that map SESIP to other standards requirements.
  • Establishing SESIP governance within GlobalPlatform.

Current Priorities

  • Establish SESIP as an international standard by contributing the methodology to CEN CENELEC.
  • Support Certification Bodies and laboratories to integrate the Security Evaluation Standard for IoT Platforms (SESIP) methodology alongside their existing schemes and ensure consistency of evaluations, by creating an Evaluation Methodology composed of:
    • Templates for vendors
    • Database of pseudo SFRs
    • Link with Attack Methodologies.
  • Define how the automotive industry can use standardized security technologies and the SESIP methodology to drive innovation, security and operational efficiency.
Chairs

Olivier Van Nieuwenhuyze

GlobalPlatform Vice Chair
Security Task Force Chair

STMicroelectronics

Olivier currently serves as Senior R&D Engineer at STMicroelectronics. Within this role he has software architecture responsibilities for the NFC ecosystem and secure elements.

He joined STMicroelectronics in 2003 and since 1999 Olivier has been active in several smart card projects for banking, transport and near field communication.

Olivier joined the GlobalPlatform Board of Directors in 2017 and was appointed as GlobalPlatform Secretary / Treasurer from 2021 – 2022. He now serves as GlobalPlatform’s Vice Chair and Security Task Force Chair.

Carlos Serratos

SGS Brightsight

Carlos Serratos, Senior Director Strategy, Policy and Advocacy at SGS Brightsight, is a specialist in IoT security and compliance. On this role, he engages with policy makers, regulators and industry across verticals and regions, addressing trust enablement issues for compliance, risk management and accountability purposes. He’s a board member of Eurosmart, as well co-chairing IoT security WG5 at the Global Silicon Alliance and the SESIP sub-task force at GlobalPlatform.

Béatrice Peirani

Thales

Beatrice Peirani joined Thales in 2006 and serves as the Standardization Manager, with expertise in security. She has participated in various standardization activities, including deployment of eIDAS through ETSI and CEN, ISO SC27 and FIDO where she is chair of the Security & Privacy Working Group. In 2019, Beatrice was appointed to chair GlobalPlatform’s Crypto Sub Task Force where she is responsible for overseeing and inputting to the Security Task Force’s work on cryptographic agility and post-quantum cryptography.

Eve Atallah

NXP Semiconductors

Eve Atallah, Security Certification Expert in NXP Semiconductor, is a specialist in security evaluation and certification of IT products. In NXP, she is in the IoT Certification Team working on topics related to IoT security. She is the chair of the SESIP sub-Task Force at GlobalPlatform.

有興趣加入安全任務小組?

GlobalPlatform
Hey There!

It seems you are using an outdated browser, unfortunately this means that our website will not render properly for you. Update your browser to view this website correctly.

GOOGLE CHROME
FIREFOX
MICROSOFT EDGE