With a massive and rising number of connected devices, the IoT ecosystem is changing and the cyber-attack surface is increasing. To solve these challenges, Gemalto developped the Trusted Key Manager solution, to strongly authenticate IoT devices and secure data exchanges on both cellular and non-cellular networks. The Gemalto solution enables strong digital security for all IoT ecosystem players, through a simple and trustful mechanism of secure key provisioning, remote credential activation and security lifecycle management.
As a majority of IoT devices are deployed in hard-to-service locations for many years, the Trusted Key Manager solution offers future-proof security for their long lifecycles. It prevents unauthorized devices from joining a network, accessing global applications or cloud platforms. It ensures the integrity of IoT devices and data, and protects global IoT deployments including many stakeholders.
The example of smart grids protection
In the burgeoning age of the Internet of Things, the energy infrastructure has become increasingly complex. New players and private citizens are joining the ecosystem, deploying assets that tie into evolving grid infrastructures. As the smart energy ecosystem expands, so does the opportunity for cyber attacks and there has never been a more urgent need to secure Advanced Metering Infrastructure.
Unprotected meters, implemented for long periods exceeding 10 years, can easily be hacked to alter consumption data, to gain access to sensitive data, or even to cause physical damage to energy assets. The consequences of such attacks, such as the recent Stuxnet attack, can be devastating: black outs across entire countries, access to nuclear plants and personal data breeches. For device makers and utilities, loss of customers, reputation and revenue can be difficult to recover.
Uninterrupted security is paramount to the success of smart energy systems.
Governments led by Germany, are launching initiatives that mandate specific protection protocols for smart grid deployments. In addition, the
National Institute of Standards and Technology (NIST) recommends a policy whereby keys and certificates stored in connected devices should be renewed every 5 years or sooner.
As smart meters have a lifecycle of 10 to 15 years, an advanced security mechanism to replace aging keys and to enable remote credential management is paramount. Strong encryption and authentication tools must be considered and implemented before meters are deployed. Without built-in security architecture that is reliable for the entire device lifetime, ecosystem partners are exposed to unnecessary and costly risk.
Ensuring End-to-end Security for the Smart Energy ecosystem
Leveraging decades of digital security expertise and the Trusted Key Manager solution, Gemalto offers an advanced security solution, specifically developped and dedicated to smart grids and utilities. The Gemalto smart metering security solutions protects massive smart metering deployments and ensures integrity and reliability for the entire lifecycle of devices.
The solution is comprised of hardened cryptographic hardware products (Hardware Security Modules and Secure Elements), which protect the smart metering ecosystem. It also leverages leading-edge authentication and encryption technology with digital code signing certificates. This ensures metering data is received from a legitimate source while safeguarding against data tampering and fraud at all points.
The solution facilitates dynamic key and credential updates and authorizations, without costly service in the field.
The solution provides 3 pillars of security to ensure smart metering protection:
> Smart Meter Key Provisioning
The Gemalto solution expertly manages key provisioning, allowing device makers and utilities to focus on their core competencies. It securely provisions encrypted keys in smart meters at the time of manufacturing, which eliminates the need to send keys over the air and reduces the ecosystem´s cyber attack surface.
> Strong Authentication
Before a device or application is allowed to send or access data, the Gemalto solution remotely authenticates and activates key credentials for authorized meters and applications that can prove their legitimacy. The process leverages standardized cryptographic algorithms and a highly reliable digital authentication handshake, between data sender and data receiver.
> Security Lifecycle Management
The smart energy ecosystem is dynamic: new players come and go, algorithms depreciate, new cyber threats emerge. Gemalto provides continuous protection through remote credential management enabling secure updates and revocation of crypto keys when needed.
Content updated in April 2018