iot secure gateway (kasperskyos edition) by kaspersky and … · of iot intelligent systems and...
TRANSCRIPT
IoT Secure Gateway (KasperskyOS edition) by Kaspersky and Advantech
www.kaspersky.comos.kaspersky.comwww.advantech.com
2
The internet of things (IoT) is a single network in which it is potentially possible to exchange data between any nodes. A distinctive feature of the IoT is its ability to interact with the real, physical world. That’s why successful attacks on any IoT element can lead to catastrophic consequences.
Challenge
The diversity of IoT devices and ecosystems makes it impossible to create and implement a single universal tool to secure the entire internet of things. Security is a process. Ensuring its efficacy and continuity requires effort from the manufacturers of devices and software as well as users and security developers. For the IoT world to become truly secure, it’s not only individual devices that need to be made secure but all ecosystems and their interactions. As a first step in protecting the IoT ecosystem, we suggest using a gateway based on trusted technology.
The solution
An IoT gateway is one of the central and most important devices on the IoT network and simultaneously the most vulnerable to security threats. A connection to external networks, ample computational resources and, frequently, firmware based on an outdated version of an operating system make the gateway a prime target for attacks and malware interventions. Therefore, it is the gateway, first and foremost, that requires reliable protection.
Cloud Services(Azure, AWS, Watson, etc.)
Enterprisenetwork
Vulnerabledevices
FW (opt)
Engineeringworkstations
Ethernet
(TCP/IP)
Ethernet
Malware, device attacks, data theft
Malware
Unauthorized devices
Lack of visibility
Bac
kdoo
rs
DD
oS a
ttac
ks
Gat
eway
att
acks
(ModBus, TCP, OPC UA, etc.)
RS232/485(ModBusRTU)
INTERNET
C
Smart sensors& actuators
3
Kaspersky IoT Secure Gateway is a solution designed to build secure IoT systems. At the core of its software lies KasperskyOS, Kaspersky’s proprietary technology. This is a microkernel operating system with extra security tools that renders most types of cyberattacks on the device fundamentally impossible.
Cloud Services(Azure, AWS,Watson, etc.)
Enterprisenetwork
Vulnerabilityassesment
FW (opt)
Engineeringworkstations
Ethernet
(TCP/IP)
Ethernet
IoT network protection
Asset detectionand management
IoT visibility
Anomaly detection
(ModBus, TCP,OPC UA, etc.)
INTERNET
C
Smart sensors& actuators
Anomaly detection
Secure OSApp isolation
SandboxingAnomaly detection & prevention
Kaspersky IoT Secure Gateway is based on the hardware platform Advantech UTX-3117 and the secure-by-design operating system KasperskyOS.
KasperskyOS. Based on a reliable microkernel that only permits a specific way of communicating. This compact microkernel can be used on various platforms. The application architecture is based on the component model, making solution development easier and more convenient. KasperskyOS was conceived and built with security in mind. It remains secure throughout its entire lifecycle.
Secure Boot verifies the integrity and authenticity of firmware by using cryptographic methods on IoT devices before loading an image. Firmware that has been altered without authorization or damaged will not be downloaded. Can be used with hardware key storage.
Hardware platform Connectivity Visibility Security Usability
• Advantech UTX-3117
• Ethernet• MQTT broker• OpenSSL/TLS
• IoT device detection• Device classification• Reports & alerts
• KasperskyOS• Secure Boot
• Web GUI• Mobile application• Push-notifications
4
Device detection and classification detects and classifies IoT devices based on their network activities. All devices connected to the network can be seen in the user interface. A new device will be detected within 60 seconds of connecting to the network and a notification will be sent to the administrator.
MQTT broker based on Mosquitto allows data collection and control of connected IoT devices (sensors and actuators, smart relay switches, etc.).
MQTT over TLS enables secure connection and secure data transfer between the gateway and a cloud platform.
UTX-3117 Hardware Specification
Processor System Intel Apollo Lake E3900 & N series Processor, 2MB L2 Cache
Memory Dual channel DDR3L 1867MHz, up to 8GB
Graphics Intel Apollo Lake E3900 Series SoC Intel Apollo Lake N series SoC Interface HDMI: 1, max resolution up to 3840 x 2160 @ 30HzDP1.2: 1, max resolution up to 4096 x 2160 @ 60Hz
Ethernet Support Dual 10/100/1000Mbps LAN LAN1: Intel I210ATLAN2: Realtek RTL8111G
I/O Interface 1 x RS-232 with 5v/12v1 x RS-422/485 full duplex with Phoenix connector 2 x USB3.0 port 1 x SATA interface, support SSD TPM Infineon SLB9665 chip onboard.Support TPM2.0
Storage 1 x SATA II SSD bay mSATA 1, co-lay with H/S miniPCIE slot
Expansion 1 x Half-Size Mini PCIe support Sub1G module (i.e.: Zigbee ) or mSATA 1 x Full-Size Mini PCIe support 3G/LTE module with SIM holder 1 x M.2 E key support Wi-Fi module
5
Result
The proposed solution can be used as a central element for a variety of verticals.
1. «Smart warehouse» based on Kaspersky IoT Secure Gateway
The warehouse has climate control systems with the option of cloud-based control, which allows continuous support and climate control from any location. The use of RFID sensors and tags makes it possible to keep automated inventory records that are controlled both locally from network users’ workplaces and centrally. Remotely accessed video surveillance systems, volume and door opener sensors are responsible for physical security, while Kaspersky IoT Secure Gateway technologies provide information security by blocking attacks on local workstations, detecting network intruders and protecting the network perimeter and cloud communications.
MQTTUpdates
INTERNET
KasperskySecurity
Network (KSN)
Cloudservices
Secure �rmware updateDevice protection hardeningAttack and anomaly detection
Videosurveillance
Secure �rmware update
Kaspersky IoT Secure GWLaptops / PCs
Endpoint solution
Smart sensorsand actuators
Updates Vulnerability management
6
2. «Smart city» based on Kaspersky IoT Secure Gateway
Resource consumption control systems, electricity and water supply management systems are installed in the apartment building. Indoor meters are connected via the wireless protocol LoRaWAN. Remotely accessed video surveillance systems, volume and door opener sensors are responsible for physical security, while Kaspersky IoT Secure Gateway technologies provide information security by blocking attacks on internal network nodes, detecting intruders and protecting the network perimeter and cloud communications.
PLC
MQTTUpdates
INTERNET
KasperskySecurity
Network (KSN)
Cloudservices
Secure �rmware updateDevice protection hardeningAttack and anomaly detection
Videosurveillance
Secure �rmware update
LoRa BaseStation
UpdatesVulnerability management
UpdatesVulnerability management
7
3. «Smart farming» based on Kaspersky IoT Secure Gateway
Systems for monitoring soil parameters are installed in the field, with an option for cloud-based management that allows control and сontinuous support of soil conditions from any location. Remotely accessed video surveillance systems are responsible for physical security, while Kaspersky IoT Secure Gateway technologies provide information security by blocking attacks on internal network nodes, detecting intruders and protecting the network perimeter and cloud communications.
MQTTUpdates
INTERNET
KasperskySecurity
Network (KSN)
Cloudservices
Secure �rmware updateDevice protection hardeningAttack and anomaly detection
Videosurveillance
Secure �rmware update
LoRa BaseStation
UpdatesVulnerability management
Kaspersky IoT Secure GW
Smart sensorsand actuators
UpdatesVulnerability management
Read more at os.kaspersky.com
www.kaspersky.com
© 2019 AO Kaspersky Lab. All rights reserved. Registered trademarks and service marks are the property
About Kaspersky
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them.
About Advantech
Advantech’s corporate vision is to enable an intelligent planet. The company is a global leader in the fields of IoT intelligent systems and embedded platforms. To embrace the trends of IoT, big data, and artificial intelligence, Advantech promotes IoT hardware and software solutions with the Edge Intelligence WISE-PaaS core to assist business partners and clients in connecting their industrial chains. Advantech is also working with business partners to co-create business ecosystems that accelerate the goal of industrial intelligence.