Security Task Force
The Security Task Force is chaired by Olivier Van Nieuwenhuyze from STMicroelectronics. All GlobalPlatform members are eligible to participate in this group, as well as approved non-member government agencies.
Mission
The Security Task Force defines GlobalPlatform’s security philosophy and its contribution to the security landscape.
It works closely with the Crypto Sub-Task Force to monitor new trends in cryptography and examine new algorithm proposals, providing a list of algorithms and protocols based on academic publications and known organizations. This is in addition to supporting the SESIP Sub-Task Force on its mission to drive adoption and recognition of the Security Evaluation Standard for IoT Platforms (SESIP) methodology across markets.
Objectives
- Engage and collaborate with external security organizations to ensure that security requirements from a broad range of use cases and market sector are brought into GlobalPlatform.
- Advise the GlobalPlatform technical committees in security philosophies, cryptography, certification and applicability.
- Facilitate collaboration with government agencies and their security experts to define market requirements.
- Identify and classify secure technologies for the Internet of things (IoT).
- Maintain and update GlobalPlatform’s cryptographic algorithm recommendations table, through the crypto sub-task force.
Current Priorities
- Engage ENISA on the alignment of security levels and cybersecurity certification frameworks.
- Define how to combine GlobalPlatform technology and TPM technology (or other equivalent library).
RoT Requirements
The definitions and requirements paper enables original equipment manufacturers (OEMs) and service providers (SPs) to create, implement and use a Root of Trust (RoT) to protect their devices and services.
Introduction to GlobalPlatform RoT (English)
An introduction to GlobalPlatform's RoT Definitions and Requirements video explain what RoT is and why GlobalPlatform created the technical document.
Deploying and Protecting Digital Services with Chains of Trust
Created by GlobalPlatform’s Security Task Force, this business publication explains the importance of designing devices and services with security at the core.
GlobalPlatform promotes cross industry discussion to identify and address market requirements
Crypto Sub-Task Force
GlobalPlatform promotes cross industry discussion to identify and address market requirements
Mission
The purpose of the Crypto sub-task force is to evaluate and provide recommendations on the cryptographic mechanisms used in GlobalPlatform technology, to ensure high levels of security as cryptography trends and technologies evolve.
Objectives
- Analyze and report on relevant trends in cryptographic development for new markets and new use cases, as well as trends in cryptographic standardization and policies.
- Evaluate cryptographic algorithms and protocols, and suggest improvements/modifications to GlobalPlatform when appropriate
- Identify new cryptographic algorithms and protocols to be considered by GlobalPlatform
- Provide analysis and recommendations on specific cryptography topics.
- Collaborate with external industry groups and organizations, through the GP liaison process, in order to better understand and gather functional and technical requirements.
Current Priorities
- Examine hybrid crypto approaches starting with TLS, to be able to recommend a version in the near future that is acceptable with SE (and TEE) constraints, including collaboration with the GlobalPlatform IoTopia Task Force to understand impact for size-constrained embedded devices.
- Progress work on hybrid post-quantum cryptography (PQC), including a plan for the integration of new algorithms published security standards bodies including National Institute of Standards and Technology (NIST).
GlobalPlatform promotes cross industry discussion to identify and address market requirements
SESIP Sub-Task Force
The SESIP sub-task force is chaired by Eve Atallah of NXP Semiconductors. All GlobalPlatform members are eligible to participate in this group.
Mission
The objective of the SESIP Sub-Task Force is to develop and drive global adoption and recognition of the Security Evaluation for IoT Standard (SESIP) methodology across markets, to address the unique complexities and challenges of the evolving IoT ecosystem and promote consistency across IoT certification schemes.
Objectives
- Develop and maintain GlobalPlatform’s SESIP methodology, expand applicability to a global audience and grow awareness of GlobalPlatform’s role in IoT security certification.
- Collaboration with Government agencies including ENISA and NIST, SOG-IS Certification Bodies, and global Standardization groups such as ISO and ETSI, to increase recognition of SESIP certificates, and create Protection Profiles that map SESIP to other standards requirements.
- Establishing SESIP governance within GlobalPlatform.
Current Priorities
- Establish SESIP as an international standard by contributing the methodology to CEN CENELEC.
- Support Certification Bodies and laboratories to integrate the Security Evaluation Standard for IoT Platforms (SESIP) methodology alongside their existing schemes and ensure consistency of evaluations, by creating an Evaluation Methodology composed of:
- Templates for vendors
- Database of pseudo SFRs
- Link with Attack Methodologies.
- Define how the automotive industry can use standardized security technologies and the SESIP methodology to drive innovation, security and operational efficiency.
Interested in joining the Security Task Force?
