Trusted products and services for embedded security. Join-us on Linkedin

Trusted products and services
for embedded security

Challenges

Pizza IoT

Cybersecurity Act, quels impacts sur mon projet IoT ?

Le Comptoir de Bpifrance, 6pm : 24 rue Drouot, 75009 Paris

Don’t miss the opportunity to discover the latest trends and best practices in IoT security.

Register now!

ST and ProvenRun partner on a turnkey solution to secure applications and AI models on IoT devices

more details

A connected world

With the advent of low cost – high bandwidth- low latency connectivity, the increased use of digitization techniques to deliver end-to-end intelligence, many industrial sectors are combining microelectronics and embedded software to deliver real time interactions between the physical and the digital worlds leveraging on complex IT infrastructures of interconnected devices, systems, systems-of-systems, edge and cloud services.

This creates attractive business opportunities for hackers that could exploit the large surface of attacks exposed by those complex infrastructures to extort money, potentially threatening to cause remotely physical damage to users or surrounding equipment.

The cybersecurity issues

In effect, the deployment of those complex IT infrastructure of inter-connected devices and services creates a new set of security challenges:

Different security model

While Traditional IT entreprise network and IT system are operated by people and employees in a controlled environment, connected devices are in the wild, with little to no user interaction.

Potential damage

Connected devices may either be deployed at large scale or embark multi-purpose and generic processors that are used to replace electronic functions. When reprogrammed by hackers, they may cause a lot of harm.

Infinite window of opportunity

At least, one sample device will get into the hands of the hackers and will be reverse engineered. Flaws and weaknesses will be found.

Security-by-design

Security shall be integrated at every stage of product’s development, covering the entire product life-cycle. Traditional methods like detection and surveillance are important, but may be too late and/or not scalable.

Remote scalable attacks

Are the main vector that will used by hackers sooner or later, as it offers attractive business models for them: the cost of deployment is negligible even if their investment for designing the attacks may be high (>1M$).

Regulations

Cybersecurity is a growing concern, and government are investing in new regulations to ensure that security is included at the design stage of the product. Those that do not meet the requirements will not go to the market.

Challenges associated to the cybersecurity issues

Security Assessment

Security Assessment

It is critical to clearly understand what is at stake, identify the threats and assets to be protected and define the security requirements for the overall technical infrastructure being deployed. A Risk Analysis needs to be conducted end-to-end, from chip to cloud and at all levels of the technical infrastructure e.g at the chip, device, systems, edge and cloud levels.

More details
Security-by-design

Security-by-design

Security needs to be integrated at the design stage (security-by-design) and embedded in the most effective way wherever it is required in the technical infrastructure. There are many ways to embed security in systems and devices and the selected solution will be the result of a trade-off between cost, security level and performance.

More details
Security Life-cycle

Security Life-cycle

Security needs to be insured along the full life-cycle of the infrastructure. For connected devices, this means that security requirements need to consider the device commissioning, de-commissioning and that the device software must be updated while in operation.

More details
Trusted Computing Base

Trusted Computing Base

Security engineers define the Trusted Computing Base (TCB) as the set of hardware, firmware and software components that are critical to the security of a system. In order to limit the risk of vulnerabilities, the TCB need to be well identified, as small as possible and made-up of components that can be really trusted.

More details

How we can help

At ProvenRun, we provide to our customers the Trusted Products and Services that will help them Embed Security within their infrastructure of connected devices and services wherever this is required, e.g at the chip, device, systems, edge and cloud levels with our:

Services

At ProvenRun, we have industry-recognized experts backed up by years of experience in the digital security market, with world-class expertise in security and architecture, operating systems, formal methods and security certification. Our experts are available to work side-by-side with you on your project to help you secure your existing or new architectures.

Our services

Products

ProvenRun can help you address the security challenges in your industry with products designed to help you protect connected devices, up to the highest level of security while keeping the cost and time-to-market compatible with the constraints of your industry.

Our products