introductionof ccdsfinal).pdfguideline wg iotvuln. r&d unit no1, no2 ccds secretariat office car...

Copyright 2016 Connected Consumer Device Security Council Proprietary 1

Introduction of CCDS

- Toward Trustful IoT Life -

Connected Consumer Device Security Council (CCDS）

Tsukasa Ogino, Representative Director


Contents

• Recognition of Current issues

• CCDS Overview

• CCDS R&D

• CCDS Security Guideline Development

• CCDS IoT Vulnerability Testing PF Development

• CCDS other activities


ISSUE: Threats from Cooperated Devices

If even Single App is safe, but may be vulnerable in cooperated situation

3

AV, HomeAppliance Apps

OtherConsumerDevices

Energy, HEMSApps

ITS, VehicleApps Medical,

HealthcareApps

Server Cooperation

AppsCooperation

Intrusion via vulnerable app,Crack to cooperative app

A consumer device infected malware spread to other device and apps

Malware

Intrusion

Difference of security levelsbetween each apps domains


Trust(safety and security)Level Difference

安心・安全

安心・安全

Domain ＡProduct

Domain ＣProduct

Domain ＢProduct

①Different Level of RequirementFor Safety and Security Level

by product domains

安心・安全

連携連携

②Total Security Level will be leveled

at the lowest productWhen connected

Required or Demanding Level

Actual Product Level


Value and Cost Balance

IoT service value

＞Security

Protection Cost

Countermeasure

Also countermeasure by architecture and Usability

Quality

Keep Higher Quality

Function and Architecture

Cost Up by complex architecture

Comply Important Requirement

such as Safety

SafetyISO/IEC 61508 SIL 1～4

ISO 26262 ASIL QM, A～D, etc

SecurityISO/IEC 15408/CC EAL 1～7

FIPS 140-2 Level 1～4ETIS ITS/C2C-CC TAL 1～4, etc

Different Priority and Judgement levelProduct domain by domain


CCDS Overview

• Name: General Incorporated Association: Connected Consumer Device Security Council

• Establishment: October 6, 2014• Chairman: Hideyuki Tokuda (Professor of Keio University, Cabinet Security Advisor)• Representative Director: Tsukasa Ogino (Specially Appointed Professor, Kyoto University)

• Managing Director: Kosuke Ito (Zero-one Laboratory)• Directors: Atsuhiro Goto (Professor, Institute of Information Security, SIP: PD)

Katsutoshi Hasegawa (President, eSOL Co., Ltd.)Hiroyuki Hattori (President, Witz Co., Ltd.)

• Number of members: 129(Official members or higher: 43, General members: 62, Academic members: 14, Liaison members: 10)

• Main businesses:1. Internal/external trend investigation on security in various field of consumer devices, and

interchange/cooperation with internal/external organizations2. Development of security technology which satisfies safety and security of consumer devices3. Development of security design process, development/preparation of verification method

guidelines and promotion of international standardization4. Preparation/control of consumer device verification environment, verification business and

human resource development on security, public relations/dissemination activity, etc.


SCOPE:

AV Network Medical/HealthcareNetwork

Home Gateway

HEMS Network

Power, Utility

HomeAppliance

EV/HV

SmartMeter

PV

HEMSConsole

WearableDevices

Healthcareserver

Care Robots

ITS＆Vechile Safety

Telematics, Eco,Drive Recorder, etc.

New Services

AfterDevices

ECU

V2X Communication

PotableDevices

Road SideUNIT

Automated Driving

4K・8KContents

HomeServer

HEMScompany

ContentsProvider

Medical, Healthcare

Cloud

Vehicle andTraffic Control

Convenienceお弁当セール

Public AreaDevices

ATM Remote Monitor/ Maintenance

Office AreaNetwork

MFPMedical, Healthcare

Devices

BatteryNetwork

Appliance

Embedded/IoT/M2M in general, Connected Consumer Deviceswhich are not operated (monitored and controlled) by professionals


R&D Center

Review Committee

IoT Security Guideline WG

IoT Vuln. R&D UnitNo1, No2

CCDSSecretariat Office

CarSub WG

ATMSub WG

POSSub WG

Home NWSub WG

Vulnerability Testing Center

Car-A: Vuln. Testing Tool for Com Unit (Navigation)

ATM: ①Tool for ATM,②Tool for USB Test PF

POS: Vuln. Testing tool for Open POS (Tablet type)

Home GW: Vuln. Testing Tool for Home NW Devices

Car-B: Vuln. Testing Tool for Body control ECUs

Platform for Vuln. Testing operation for IoT system

Administration

CCDS Organization

Usability WG SecurityTech. WG

Device Security

TechnologyWG


R&D Units activities

• Unit 1 (stationed in Okinawa):

– Unit Leader: Dr. Inoue, Assoc. Prof. of Hiroshima City Univ.

– R&D in Car Hacking (CAN) hacking, USB Hacking, Feedback fuzz data processing function on fuzzing tool, etc.

• Unit 2:

– Unit Leader: Dr. Ogino, Kyoto Univ.

– R&D in Home GW vulnerability research, Auto Vulnerability checker for Android apps, etc.


Cyber Security Policy for Vitalizing Society and its sustainable development by NISC

出典：NISC:サイバーセキュリティ戦略（案）より

Security By Design (SBD)System Design with Security Consideration from planning and design stage

Preparation of the general guidelinesto affect security on IoT system

Enforcement of the technology development and proof trialin consideration of the characteristic (long life cycle, limit of the processing capacity) of the IoT system, importance of the hardware genuine nature


CCDS External Cooperation

IoT Security Guideline Dev.

IoT Vuln. Evaluation PF Dev.

・Design Process Guide = Security by Design・Security Testing Guide ->International Std.

toward the safe and secure IoT service/product development!

・Vulnerability Testing Tool Development・Testing Scenario DevelopmentDeveloping the Security Testing Platform

WG on the Development Guideline for the Smart-society


PLAN: Security Development Guideline Definition

EmbeddedDomain

Cyber System Domain

V2X, Probe

Remote Access,Control

for Automated Drv.

Vehiclecommon part

Health Data

Wearable Comm.

HealthcareDevices

common part

Remote Access,Control

HEMS Cooperation

Home Appliance

common part

Public Space Devices(ATM, etc.)

EmbeddedSystems

common part(Base) Cooperated

Servicescommon part

Arrange basicitems for

embed devices

Discuss Integratedsituation includes

cyber space

Office Devices (MFP, etc.)

Arrange each common partAs a beginning,

Discuss for each Apps

Security Development Guideline

Per Domains Common


CCDS consumer device security guideline for each field v1.0

Since threats for each product field vary, security actions are summarized in view of each field based on IPA "Development guideline of connecting world" to easily

disseminate the security-by-design concept in the industry.

Purpose

Target field

Onboard unitIoT gateway

Major contents of guideline・ Target system configuration

・ Anticipated security threat

・ Security action in each phase of product life cycle

(Relationship with IPA "Development guideline of connecting world")

・Threat analysis/risk evaluation method

・ 3rd party security evaluation for entire product and security measure function

Financial terminal(ATM)Accounting terminal(POS)

Onboard system configuration POS system configurationATM system configurationIoT-GW: Home GW case

English Version are coming soon!


Position of guideline for each CCDS field (private opinion)

CCDSOnboard

unit

CCDSIoT-GW

CCDSATM

CCDSOpen POS

IoT security guideline

IoT Promotion Consortium

MIC and METI

IoT service provider

IoT platform/network provider

IoT system vendor

IoT security general

frameworkNISC

Safe and secure IoT system development guidelinewhich can be used across product fields

(checklist)

Specific threat or risk point in view of each product field

Summary of security review points from design stage

Cooperation for

industry deployment

Security guideline for all layers of IoT service relevant persons

Cyber security strategy

NISCClarification of general basic requirements related to

design, building and operation of the IoT system

International deployment of Japanese idea

Proposal of IoT system development by Security-by-

design concept

Refer to review

for cooperation.

Proposal

Reference

Development guideline of connecting

world


Founding the 3rd Party Security V&V Evaluation Center

Okinawa Pref.

ＣＣＤＳ重要生活機器連携セキュリティ協議会

IoT Vuln. Testing Ctr. R&D Center

IoT Security Guideline Development WG

Testing Tool Dev.

Testing DBDev. & Ope

Vuln. EvaluationPlatform

Testing Process Dev.

Trial Testing（Training)

3rd Party Testing Service

ＩＰＡ

Venders in Okinawa

Automotives

Home

Financial TerminalsATM/POS

Evaluation Testing Platform System

On-Board Head Units, Body Control ECUs

Home GW, IoT GWfor sensor network

ATM/POS

IoT Evaluation Test ScenarioAnd Test result Integration

Participants from Major Brands

Certification Authority(Future)

FY2015～FY2017

Working Group on Development Guideline

for Smart-Society

3rd Party Security V&V Evaluation Ctr

(Future)

V&V: Verification and ValidationVuln: Vulnerability


CCDS IoT Vulnerability Testing Units

BBTower

Omron SW

JVC Kenwood

Hitachi Omron

IoT Vuln. Testing Platform System

Automotives

Home HITACHI

ATM

POS(Point of Sales)

Aisin CC

Review Committee

Test Tool Development TeamProduct Testing Team







Other CCDS activities

• Usability WG

– Objective: Discussing UI design as a part of security countermeasures to keep the IoT devices in secured

• Collaboration with HCD-net（人間中心設計推進機構）– Leader: Ueyes’ Design

– Kicked off in Aug., 2016., participating about 20 members

• Device Security Technology SWG

– Objective:

• Building comprehensive security countermeasure technologies MAP (categorizing) for IoT devices

• Envisioning to develop the Implementation Guideline for IoTsecurity countermeasures in future

– Leader: SELTECH, Deputy Leader: DNP (Dai-Nippon-Printing)

– Kicked off in Jun., 2016., participating about 35 members

introductionof ccdsfinal).pdfguideline wg iotvuln. r&d unit no1, no2 ccds secretariat office car...

Documents