SESIP’s Role in the IoT Ecosystem
As connected devices continue to expand into all industries, the attack surface for criminals increases. Today, the average time it takes for an IoT device to be attacked, once connected to the internet, is just five minutes. Although security guidelines and certification schemes are helping address the IoT security challenge, connected products comprise many parts from different actors. This creates a complicated ecosystem in which device makers and vendors must be able to demonstrate the robustness of their services.
GlobalPlatform has published the SESIP (Security Evaluation Standard for IoT Platforms) Methodology to address the scale and complexity of security evaluation in the IoT ecosystem by offering an optimized approach, specifically designed for IoT platforms and their parts. The methodology also allows for the ’composition and reuse’ of certified components, so that they can be used to meet the requirements of multiple markets.
GlobalPlatform is now working to provide device makers and Certification Bodies with the guidelines they need to adopt SESIP. The goal is to create a network of SESIP laboratories, SESIP Certification Bodies and device makers, and facilitate collaboration between them, to ensure the methodology is accessible, maintained and consistently applied. Bringing Certification Bodies together puts the architecture in place to enable cross recognition of their respective certificates to simplify ‘certification by parts’.
Positioned conveniently alongside GlobalPlatform’s all member Spring Meetings in Austin, Texas, GlobalPlatform is hosting a workshop comprising experts from leading IoT organizations to demonstrate to delegates how SESIP helps to deliver flexible and efficient security evaluation and how product developers and issuers can benefit from the methodology.
The workshop will showcase real life examples and will offer insights into how SESIP…
We look forward to hosting both members and non-members for this unique opportunity. The workshop will also be available virtually for those unable to travel to Austin
At GlobalPlatform’s Fall Meetings in Athens, SGS Brightsight’s Carlos Serratos spoke about the latest security and regulatory trends impacting IoT markets, and how SESIP can support various stakeholders in addressing an evolving ecosystem. He also outlines how the methodology has progressed since its publication in 2020, and the roadmap for the year ahead.
SESIP’s Role in the IoT Ecosystem | Agenda
Date: Thursday, 14 April 2022
Time: 9:00 am–5:00 pm CST
Location: Courtyard & Residence Inn Austin Downtown Center | Virtual: Engagez
|9:00–9:15||Welcome and Opening Keynote—Stéphanie El Rhomri, GlobalPlatform Chair|
|9:15–9:45||Keynote: What is SESIP—Methodology, Security Labeling, Applicability—Carlos Serratos, SGS Brighsight|
|9:45–10:15||Keynote: Overview of Secure Storage and SESIP Secure Memory Protection Profile—Winbond|
|10:15–10:45||Keynote: Mapping of SESIP to Security Standards—Olivier Van Nieuwenhuyze, STMicroelectronics|
|11:10–11:40||Case Study 1: SESIP: Journey towards Powerful Methodology— Eve Atallah, NXP|
|11:40–12:10||Case Study 2: Why SESIP™ Certification for FreeRTOS Matters—Richard Elberger, Amazon|
|12:10–12:40||Case Study 3: The microcontroller journey from basic security to ARM PSA L3 & SESIP3 Security Certification—Bruno Mussard, ST Microelectronics|
|2:00–2:30||Case Study 4: The practical complementarity of ECN PP and SESIP for secured and compliant IoT solutions—Eustace Asanghanwa, Microsoft|
|2:30–3:00||Panel discussion: The value of SESIP to different Stakeholders—Microsoft, Amazon, ST Microelectronics, Silicon Labs—Moderator: Carlos Serratos, SGS|
|3:00–3:30||Presentation: Re-usability of SESIP Certificates—Wouter Slegers, TrustCB|
|3:50–4:20||Keynote: Overview of current US IOT Legislation and outlook for the future—Paul Watrobski, NIST|
|4:20–4:55||Panel discussion: Applicability of SESIP and Mapping to Security Standards—NIST, PSA Certified, IoXT, Connectivity Standards Alliance—Moderator: Gil Bernabeu, GP, Paul Watrobski, NIST, Rob Coombs, Arm, Craig Miller, IoXT|
|4:55–5:00||Closing Remarks—Global Platform|
Ilia has over 30 years of experience in various management, technology, and engineering positions. He led the security products of Winbond from an idea stage to a fully functional operational unit. Ilia holds over 10 US patents in various fields of system and software design. Mr. Stolov has a Master degree in Computer Science.
This presentation will cover:
Modern MCU and SoC devices need to move the storage outside of a die or package due to process and cost considerations, yet this makes it much more vulnerable to hacking attacks. A new class of storage mechanisms is needed to protect memory content and meet strong security requirements. These devices must meet certification requirements and certifications, such as SESIP.
Eve Atallah, Security Certification Expert in NXP Semiconductor, is a specialist in security evaluation and certification of IT products. In NXP, she is in the IoT Certification Team working on topics related to IoT security. She is the chair of the SESIP sub-Task Force at GlobalPlatform.
Wouter Slegers is the CEO and founder of TrustCB, the high-assurance predictable-timeline Certification Body (CB) for SESIP, MIFARE, FeliCa, GSMA eSA, as well the commercial operator for the Dutch CC scheme (NSCIB) and PSA Certified. Wouter is contributor and author to several schemes, standards and methodologies, including SESIP, developed in collaboration with Dirk-Jan Out, Brightsight’s CEO.
This presentation will cover:
The value of any certification, and especially SESIP certification, is in the (re-)use of the certificates of the products; to show that market requirements are met, to reduce risks and costs of compliance, and to show the added value of the product.
This talk will shows how we as the SESIP Certification Body make such re-use possible in various ways, and demonstrate what the low costs and the great benefits are, in technical and business ways.
Bruno is responsible for defining the security features of STM32 devices to simplify and accelerate the development of trusted embedded solutions by our customers. This definition is done in conformance to the GlobalPlatform SESIP certification program as an enabler to demonstrate security evidence and build customer trust.
This presentation will cover:
STMicroelectronics’s journey from general-purpose microcontrollers and basic security features, to state-of-the-art secure MCUs reaching ARM PSA L3 & SESIP3 level with physical attack resistance. It introduces the early phase of secure product development next to recent products with a focus on the test strategy and the benefits brought to the OEM customers.
Eustace Asanghanwa is Principal Program Manager at Microsoft where he is solving emerging challenges in securing the Internet of Things (IoT). He joins Microsoft after two decades in the semiconductor industry where he held engineer roles in manufacturing process engineering, integrated chip design, applications engineering, as well as product marketing and business development responsibilities. He primarily focused on security throughout his semiconductor tenure. Eustace holds a BSEE in Electrical and Computer Engineering and an MBA in Finance and International Business.
This presentation covers how Edge Compute Node Protection Profile (ECN PP) and SESIP together stands to save cost and years in time to market on IoT security and compliance.
Mr. Van Nieuwenhuyze currently serves as Senior R&D Architect at STMicroelectronics. Within this role he has software architecture responsibilities for the NFC ecosystem and secure elements. He joined STMicroelectronics in 2003 and since 1999 he has been active in several smart card projects for banking, transport and near field communication.
This presentation will cover:
How SESIP certifications provide evidence of security guarantees decreasing the cost of the evaluation, and how GlobalPlatform is mapping SESIP to other schemes, standards and regulations including ETSI EN 303 645.
Before devoting his work fulltime into managing a large international Intellectual Property portfolio and security standards for IOXT, Craig was founder and creator of several start-ups including Eyecon Lock where he co-invented a new security protocol for electronic lockboxes enabling Picture Key technology. Additionally, Craig has filled both board seats and executive management positions for publicly traded companies (Flux Power; ticker FLUX and BakBone Software, ticker now QSFT) and now specializes and drives both security standards and Intellectual Property for ioXt.
As a prolific speaker, periodic writer, and tireless embedded technology addict, Richard creates content and builds community for IoT and Cloud practitioners globally. He maintains and contributes to multiple IoT-related open source projects (FreeRTOS, meta-aws, ThingPress) which helps customers build and deliver amazing IoT solutions on AWS.
SGS Brightsight offers security evaluations to developers and manufacturers of security products, such as terminals, smartcards, hardware and software solutions. It has over 30 years of experience in evaluating products against a variety of requirements.
SGS Brightsight offers consultancy services, training and unique analysis tools to ensure a precise preparation for a comprehensive product approval process. Close collaboration during the development phase enables SGS Brightsight to understand each customer’s individual security needs.
Its customers include international financial institutions, governments, and IT and automotive industries. The results of SGS Brightsight’s evaluations are used by major international organizations such as EMVCo, Mastercard, PCI-PTS and Visa. It is also the only lab in the world certified by five Common Criteria Schemes.
Winbond Electronics Corporation is a total memory solution provider. The Company provides customer-driven memory solutions backed by the expert capabilities of product design, R&D, manufacturing, and sales services.
Winbond’s product portfolio, consisting of Specialty DRAM, Mobile DRAM, Code Storage Flash, and TrustME® Secure Flash, is widely used by tier-1 customers in communication, consumer electronics, automotive and industrial, and computer peripheral markets.
Winbond is headquartered in Central Taiwan Science Park (CTSP) and it has subsidiaries in the USA, Japan, Israel, China and Hong Kong, and Germany.
Based on Taichung and new Kaohsiung 12-inch fabs in Taiwan, Winbond keeps pace to develop in-house technologies to provide high-quality memory IC products.
STMicroelectronics first came to market in 1987 under the name SGS-THOMSON Microelectronics before becoming STMicroelectronics in 1998. The company is headquartered in Geneva and now operates in over 35 countries, with 11 main manufacturing sites and over 7,500 employees committed to R&D.
The company develops and delivers semiconductor solutions that span the spectrum of microelectronics applications and is now one of the largest semiconductor companies in the world. Its product portfolio includes discrete and standard commodity components, ASICs, full custom devices and semi-custom devices, and application-specific standard products that are today powering the IoT and smart driving markets.
A combination of silicon and system expertise, manufacturing strength, intellectual property (IP) portfolio and strategic partners positions the company at the forefront of system-on-chip (SoC) technology and its products play a key role in enabling today’s convergence markets.
ABI Research helps organizations–and visionaries within those organizations–successfully conquer digital transformation. Since 1990, we have partnered with hundreds of leading technology brands, cutting-edge companies, forward-thinking government agencies, and innovative trade groups around the globe. Through our leading-edge research and worldwide team of analysts, we deliver actionable insight and strategic guidance on the transformative technologies that are reshaping industries, economies, and workforces today.
We not only provide an unparalleled, holistic view of the technology landscape; we help our clients generate real business results, including:
For more information visit www.abiresearch.com.
Trusted Connectivity Alliance (TCA) is a global, non-profit industry association working to enable trust in a connected future. The organisation’s vision is to drive the sustained growth of a connected society through trusted connectivity which protects assets, end user privacy and networks.
TCA members are leaders within the global Tamper Resistant Element (TRE) ecosystem and work collectively to define requirements and provide deliverables of a strategic, technical and marketing nature. This enables all stakeholders in our connected society to benefit from the most stringent secure connectivity solutions that leverage TCA members’ expertise in tamper proof end-to-end-security.
TCA members are: Card Centric, COMPRION, Eastcompeace, Giesecke+Devrient, IDEMIA, KONA I, Kigen, Linxens, NXP Semiconductors, Oasis Smart SIM, Qualcomm, STMicroelectronics, Thales, Valid, Workz Group and Wuhan Tianyu.
The Secure Technology Alliance is the digital security industry’s premier association. The Alliance exists as a neutral forum that brings together leading providers and adopters of end-to-end security solutions designed to protect privacy and digital assets in a variety of vertical markets. The Alliance has been instrumental in driving the need for security to be built into every device, product and service throughout their lifecycle within payments, identity and access markets.
Travel & Venue
Hotel: Courtyard & Residence Inn Austin Downtown Center
Hotel Address: 300 East 4th St, Austin, Texas 78701, United States
To register for the Workshop