SESIP’s Role in the IoT Ecosystem
As connected devices continue to expand into all industries, the attack surface for criminals increases. Today, the average time it takes for an IoT device to be attacked, once connected to the internet, is just five minutes. Although security guidelines and certification schemes are helping address the IoT security challenge, connected products comprise many parts from different actors. This creates a complicated ecosystem in which device makers and vendors must be able to demonstrate the robustness of their services.
GlobalPlatform has published the SESIP (Security Evaluation Standard for IoT Platforms) Methodology to address the scale and complexity of security evaluation in the IoT ecosystem by offering an optimized approach, specifically designed for IoT platforms and their parts. The methodology also allows for the ’composition and reuse’ of certified components, so that they can be used to meet the requirements of multiple markets.
GlobalPlatform is now working to provide device makers and Certification Bodies with the guidelines they need to adopt SESIP. The goal is to create a network of SESIP laboratories, SESIP Certification Bodies and device makers, and facilitate collaboration between them, to ensure the methodology is accessible, maintained and consistently applied. Bringing Certification Bodies together puts the architecture in place to enable cross recognition of their respective certificates to simplify ‘certification by parts’.
Positioned conveniently alongside its technical meetings, for members, GlobalPlatform is hosting a public seminar comprising security experts from leading organizations to demonstrate how SESIP helps deliver flexible and efficient security evaluation and how product developers and issuers can benefit from the methodology.
The seminar will showcase real life examples and will offer insights into how SESIP…
We look forward to hosting both members and non-members for this unique opportunity. The seminar will also be available virtually for those unable to travel to Barcelona.
SESIP’s Role in the IoT Ecosystem | Agenda
Time: 9:00 am – 7:00 pm CET
Location: Gran Hotel Havana Barcelona | Virtual: GotoWebinar
|9:00–9:15||Welcome and Opening Keynote — Stéphanie El Rhomri, GlobalPlatform Chair|
|9:15–9:40||Presentation: What is SESIP — Methodology, Security Labeling, Applicability – Eve Atallah, NXP|
|9:40–10:10||Keynote: Status of SESIP publication within CEN/CENELEC — Miguel Bañón, CEN/CENELEC|
|10:10–10:40||Keynote: Overview of current European Cybersecurity Legislation and outlook for the future – Sławomir Górniak, ENISA|
|11:00–11:30||Keynote: Cybersecurity regulations made easy with SESIP — Nir Tasher, Winbond|
|11:30–11:50||Keynote: Benefits of Product Certification Composition – Roberto Cascella, European Cyber Security Organisation (ECSO)|
|11:50–12:20||Panel discussion: Opportunities for SESIP within the European Cybersecurity — Miguel Bañón (CEN/CENELEC), Samim Amhadi (ETSI TC Cyber), Roberto Cascella (ECSO), John Boggie (EUROSMART) — Moderator: Gil Bernabeu, GlobalPlatform Technical Director|
|12:20–12:45||Case Study 1: PSA Certified using SESIP – The microcontroller journey from basic security to ARM PSA L3 & SESIP3 Security Certification — Bruno Mussard, STMicroelectronics|
|2:00–2:30||Keynote: Mapping of SESIP to Security Standards — Olivier Van Nieuwenhuyze, STMicroelectronics|
|2:30–3:00||Case Study 2: PSA Certified’s use of SESIP — Rob Coombs, Arm – PSA Certified|
|3:00–3:30||Case Study 3: Approach to Security applications running from different HW platforms — Daniel Gross, Amazon Web Services|
|3:50–4:20||Case Study 4: Drivers and expected benefits of composition — Eustace Asanghanwa, Microsoft|
|4:20–4:55||Panel discussion: The value of SESIP to different Stakeholders — Bernie Rietkerken (Riscure), Wouter Slegers (TrustCB), Bruno Mussard (STMicroelectronics), Eustace Asanghanwa (Microsoft), Rob Coombs (Arm – PSA Certified) — Moderator: Xavier Vilarrubla, SGS Brightsight|
|4:55–5:00||Closing Remarks — GlobalPlatform|
|5:00–7:00||Networking Reception — GlobalPlatform|
Ms. El Rhomri is Chair of the TEE Compliance Group, and has served on the GlobalPlatform Board since 2015. In 2017 she was appointed to GlobalPlatform Secretary and in 2021, she was appointed as GlobalPlatform Chair.
As Vice President, Services at FIME, Ms. El Rhomri is responsible for developing new services, understanding international technology trends and ensuring alignment of FIME’s NFC and payments offering.
Eve Atallah, Security Certification Expert in NXP Semiconductor, is a specialist in security evaluation and certification of IT products. In NXP, she is in the IoT Certification Team working on topics related to IoT security. She is the chair of the SESIP sub-Task Force at GlobalPlatform.
Mr. Nir Tasher serves as Technology Executive for Winbond and has been with the Winbond group since 2005 serving in various technology related positions. In his current position, Mr Tasher is in charge of the technology and architecture group of Winbond’s security products. Mr Tasher has over 25 years of experience in the technology industry. He holds over 30 US patents in various fields of security and system design. Mr. Tasher hold a MSc. EE. Cum Laude from Tel Aviv University.
Security regulations are becoming effective across geographies. The market, however, is struggling to keep up with the requirements. We will overview the recent development in cybersecurity regulations in the EU and US. We will then see how emerging SESIP certification scheme assists in market alignment with regulations and examine the specific case of secure storage devices under the SESIP protection profile.
With over 28 years of experience in leading-edge technology, Dan has held developer and lead roles at various companies in Silicon Valley. He has been with AWS for over 3 years working in the IoT space to help reduce friction and accelerate time to market for builders. Focused on FreeRTOS and embedded devices interacting with cloud services, Dan is passionate about delivering a great developer experience for IoT.
Mr. Coombs has worked at Arm for 18 years and is currently Director, Architecture Technology Group working in the security ecosystem team. He has previously led the mobile and segment marketing functions at Arm and was part of the original management team of the open source engineering organization called Linaro. His current focus is IoT and helping the electronics industry improve the security of connected devices through a framework called PSA Certified.
Mr. Coombs is GlobalPlatform’s Vice Chair and has been a Board member since 2014.
Mr. Van Nieuwenhuyze currently serves as Senior R&D Architect at STMicroelectronics. Within this role he has software architecture responsibilities for the NFC ecosystem and secure elements. He joined STMicroelectronics in 2003 and since 1999 he has been active in several smart card projects for banking, transport and near field communication.
Eustace Asanghanwa is Principal Program Manager at Microsoft where he is solving emerging challenges in securing the Internet of Things (IoT). He joins Microsoft after two decades in the semiconductor industry where he held engineer roles in manufacturing process engineering, integrated chip design, applications engineering, as well as product marketing and business development responsibilities. He primarily focused on security throughout his semiconductor tenure. Eustace holds a BSEE in Electrical and Computer Engineering and an MBA in Finance and International Business.
Ilia has over 30 years of experience in various management, technology, and engineering positions. He led the security products of Winbond from an idea stage to a fully functional operational unit. Ilia holds over 10 US patents in various fields of system and software design. Mr. Stolov has a Master degree in Computer Science.
Dr. Samim Ahmadi worked in the telecommunications and manufacturing industry mainly in research and development with a focus on secure and reliable automation and communications. After completing his PhD in communication and information theory, he started working as a cybersecurity consultant. His activities include cybersecurity consulting, especially in telecommunications and IoT, contributing to standards within ETSI, monitoring the cybersecurity standardization landscape internationally, performing network and threat analyses, and AI-based pattern recognition. He is currently Vice-Chair of ETSI TC CYBER and is primarily involved in the development of consumer IoT security standards. In addition, he works on the upcoming harmonized standards for RED articles 3(3)(d,e,f) in CEN/CLC JTC 13 WG 8. He is rapporteur of the ETSI TR 103 621 v1.2.1 and developed the templates for vertical consumer IoT security standards, which help to create vertical standards based on ETSI EN 303 645 and vertical standards based on ETSI TS 103 701.
Wouter is a long time, vital member of the formal certification community from Common Criteria evaluator in 1997 to certifier in 2010 and CEO and founder of TrustCB, one of the biggest CC CBs in 2018. In all these roles Wouter creates convincing proofs why disruptive technology still meets traditional requirements in predictably short time to certification. Not only with the development of various schemes (NSCIB, MIFARE, GSMA eSA and more), but also improving the state of the art in various workgroups (JHAS, JIL WG1, EUCC, EU5G, Matter, …) and the specialised IoT evaluation methodology SESIP of which Wouter is one of the two original authors.
Bernie joined Riscure early 2020 to create focus in business development activities in the IoT domain. In this role he manages the relationships with IoT security certification schemes and leads Riscure’s efforts to shape and grow its business of providing evaluation services to IoT product developers. His affinity with security comes from more than 25 years of background in the world of digital television, and more specifically conditional access and digital content protection. He held positions varying from Systems Architect and Director of Product Management to Director of Marketing and Sales in companies such as Philips, Irdeto, SeaChange and DekTec.
Bruno Mussard is Security Marketing Manager for general purpose STM32 microcontrollers at STMicroelectronics. This role is about defining the security features of the STM32 devices in order to simplify and accelerate the development of trusted embedded solutions by our customers. This definition is done in conformance to the GlobalPlatform SESIP certification program as an enabler to demonstrate security evidence and to build customer trust.
Sławomir Górniak, CISSP, CISM, is a telecommunications engineer focused on network security. Since 2008 he works at ENISA (EU Agency for Cybersecurity), where he has been involved in the areas of standardization, certification and electronic identification. He is a coordinator and co-author of multiple ENISA reports covering various aspects of information security. Currently he is responsible for the Agency’s actions in the area of standardization and assures its liaisons with Standards Developing Organizations.
Mr. Cascella coordinates the two technical ECSO WGs with a high impact on the European cybersecurity strategy: WG6 defines the cybersecurity R&I roadmap for trusted and resilient technologies, and WG1 focuses on standardisation and certification in cybersecurity with the mission to establish trusted supply chains at EU level. He also represents ECSO in different committees, including the SCCG established under the Cybersecurity Act.
Before joining ECSO, he worked as Innovation and Research Project Manager and Research Scientist contributing to several EU projects. Roberto holds a Ph.D. (2007) in ICT from University of Trento, an M.Sc. in Telecommunication engineering from Politecnico di Torino and KTH Stockholm (2003).
Xavier Vilarrubla is Chief Operating Officer of Europe and North America at SGS Brightsight. He is a former GlobalPlaform Security Task Force Vice-chair and an experienced security professional, working in the information security business for close to 25 years. He has gained his experience in projects and initiatives revolving around the security of products as smart cards, HSM’s and payment terminals with clients from a variety of domains, including banking, defence, automotive, medical and governments.
Winbond Electronics Corporation is a total memory solution provider. The Company provides customer-driven memory solutions backed by the expert capabilities of product design, R&D, manufacturing, and sales services.
Winbond’s product portfolio, consisting of Specialty DRAM, Mobile DRAM, Code Storage Flash, and TrustME® Secure Flash, is widely used by tier-1 customers in communication, consumer electronics, automotive and industrial, and computer peripheral markets.
Winbond is headquartered in Central Taiwan Science Park (CTSP) and it has subsidiaries in the USA, Japan, Israel, China and Hong Kong, and Germany.
Based on Taichung and new Kaohsiung 12-inch fabs in Taiwan, Winbond keeps pace to develop in-house technologies to provide high-quality memory IC products.
STMicroelectronics first came to market in 1987 under the name SGS-THOMSON Microelectronics before becoming STMicroelectronics in 1998. The company is headquartered in Geneva and now operates in over 35 countries, with 11 main manufacturing sites and over 7,500 employees committed to R&D.
The company develops and delivers semiconductor solutions that span the spectrum of microelectronics applications and is now one of the largest semiconductor companies in the world. Its product portfolio includes discrete and standard commodity components, ASICs, full custom devices and semi-custom devices, and application-specific standard products that are today powering the IoT and smart driving markets.
A combination of silicon and system expertise, manufacturing strength, intellectual property (IP) portfolio and strategic partners positions the company at the forefront of system-on-chip (SoC) technology and its products play a key role in enabling today’s convergence markets.
SGS Brightsight offers security evaluations to developers and manufacturers of security products, such as terminals, smartcards, hardware and software solutions. It has over 30 years of experience in evaluating products against a variety of requirements.
SGS Brightsight offers consultancy services, training and unique analysis tools to ensure a precise preparation for a comprehensive product approval process. Close collaboration during the development phase enables SGS Brightsight to understand each customer’s individual security needs.
Its customers include international financial institutions, governments, and IT and automotive industries. The results of SGS Brightsight’s evaluations are used by major international organizations such as EMVCo, Mastercard, PCI-PTS and Visa. It is also the only lab in the world certified by five Common Criteria Schemes.
Travel & Venue
Time/Date: 19th October 2022 9am – 5pm
Venue: Gran Hotel Havana Barcelona | Virtual: GotoWebinar
To book: Contact the hotel through email at firstname.lastname@example.org using group code 687. The hotel doesn’t use a booking link.
To register for the Seminar