Building trust takes time. Or just cryptography and secure execution? (E11c)
Driven by digitalisation of “everything”the trust in digital devices of all types and their authenticity and integrity becomes a critical factor for the success of new offerings and business models. Regardless if we are talking about smart bulbs, harvest machinery, connected cars or kitchen appliances there is the growing need to create and maintain a trust relationship between the vendor and a certain device as well as the device and the end user. For example it is critical for the business model of a car manufacturer who is selling additional features for the cars that can be activated over-the-air that those are only available when a subscription of those have been purchased and payed. On the other side an end user who owns a smart home assistant (smart speakers etc) wants to feels safe that the firmware running on the device hasn’t been manipulated and the device hasn’t become a spy tool.
To establish this multi-directional trust cryptography and trusted execution in the devices as well as in the production processes play a key role. This presentation will give an overview over techniques for securing connected devices, their production and after-sales process by the usage of cryptography and hardware platforms assuring secure execution. We will go through some real-world cases and best practices of involving code signing, PKI and secure execution environments already early in the production processes of digital devices and discuss how those assure their security over their whole life cycle.