Abstract image of a woman sitting on books and studying on a laptop

The importance of Cybersecurity

B
Benoit Callebaut

The document discusses the significance of cybersecurity in protecting computer systems and data from various threats, including malicious attacks and data breaches. It outlines different types of cybersecurity threats, such as social engineering and ransomware, and emphasizes the importance of safety and reliability in technology, particularly in the context of IoT devices. The conclusion highlights the growing financial and social risks associated with cybersecurity incidents and the need for proactive measures during the design phase of technology.

Software
1 of 36
Downloaded 16 times
1
2
3
Most read
4
5
6
Most read
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Most read
27
28
29
30
31
32
33
34
35
36
THE IMPORTANCE OF CYBERSECURITY 26/05/2021
www.nalys-group.com INTRODUCTION
www.nalys-group.com WHAT IS CYBERSECURITY Protection of computer systems from information disclosure, theft or damage to their hardware, software, or electronic data as well as from disruption or misdirection of the service they provide. ( Wikipedia ) Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com WHAT IS IT NOT • Protection of the personal data privacy ➔ Privacy ➔ GDPR • Data Availability in case of an accident ➔ Business continuity • Make sure your servers are always online ➔ Reliability and redundancy • Make sure your system always behave correctly ➔ Safety Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com IOT PERSPECTIVE Safety Protecting the user of the device. Ex: Your car or plane may not crash even if it experiences issues Security Protecting the device from the malicious user Ex: One try to inject a virus into your phone while clicking on a web page. Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com THE GRAY ZONE The brake control software in your car must be: • Bug free • Not be upgradable by anybody … to avoid breaking its safety features Introduction When it goes wrong Technical side Facts numbers Conclusion Safety Security If there is water in you washing machine, the door must stay locked Your locker may only be opened with your key, so your belongings are safe
www.nalys-group.com CYBERSECURITY AND OTHER CONCERNS Cybersecurity is part of a global set of concerns that at the end aims at making sure that : • Your personal data can only be accessed and modified by you or somebody you trust • The system you use always behaves as specified Introduction When it goes wrong Technical side Facts numbers Conclusion Cybersecurity Reliability Privacy Safety
www.nalys-group.com WHEN IT GOES WRONG
www.nalys-group.com IMPACT OF A CYBERSECURITY ACCIDENT • Low impact : You don’t notice or you are only annoyed o Ex: Viruses, zombie machines (parasitism) • High impact : There is a financial or social damage o Ex: everybody knows you have a mistress/ see you naked o Ex: Ransomware, Bitcoin Heist… • Life threatening : Lives are at stake o Ex : F-35 hack target identification compromised o Ex : Ransomware attack on german hospital caused death
www.nalys-group.com HACKERS : MEN IN BLACK OR MEN IN WHITE White hats or Ethical hackers. They are paid to find the vulnerabilities in your infrastructure Black hats or the « bad guys » They do that for money or to cause damages. Sometimes they even work for the state They both like to party DEFCON and BlackHat convention is the place to be to learn about the hot topics in term of cybersecurity (like how to hack your Tesla)
www.nalys-group.com CERT Computer Emergency Response Team Team in a company responsible to monitor attacks and to respond to them as fast as possible, limiting the damages caused. Examples: o Cert.be for Belgium o CERT-EU : for Europe and NATO has also one o US-CERT Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com ATTACK TYPES Common attacks • Social engineering : trick people into give you information of somebody else • Viruses : Tojan, worms, ransomware... • Denial of Service / Brute force : using Botnet • Targetted attacks : StuxNet…  typically performed by states. Side channel attacks • DPA : Differential Power Attacks • Statistical time analysis • Probing using EM probes or microscopes… Stealing company secrets (blueprints…) Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com SECURITY STANDARDS National Security and Militrary o Common Criteria : Regulates how to develop secure IT products ▪ Ex: RedHaT, MacOSX, TPM 2 chips, MySQL, Oracle DB… o Tempest : regulation about electromagnetic emissions Industry specific standards o Payment : PCI-DSS o CCNA, CompTIA o ANSI Coding rules, o OWASP… Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com THE TECHNICAL SIDE
www.nalys-group.com INTRODUCTION • Requirements :Target of Evaluation in Common Criteria… • Cryptography : algorithms and procedures • Concepts : need to know, layered security, access control… • Technologies : TLS, TPM 2.0, TrustZone… Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com COMMON CRITERIA • Target of Evaluation (ToE) : What are ou protecting • Protection Profile (PP) : Defines threats, roles, security objectives, SFR,SAR… • Security Target : describe the security problem and “how” to address it. • Security functional requirement : requirements about security • Security Assurance requirements : number : how strict are you ➔ Define an Evaluation Assurance Level Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com CONCEPTS – LAYERED PROTECTION Introduction When it goes wrong Technical side Facts numbers Conclusion Hardware Chips. Ex:TPM 2 Board Mechanics Detect physical intrusion DPA, probing Operating System Libraries Filesystem/Data Access rights Network Application
www.nalys-group.com CONCEPTS – LAYERED PROTECTION Introduction When it goes wrong Technical side Facts numbers Conclusion Each security layer protects against the flaws of the previous layer
www.nalys-group.com TPM 2.0 – THE SECURITY CHIP INSIDE YOUR PC • X86 processors have no HW security features • UEFI starts without any security • The TPM 2.0 is unable to verify if a request is made by a trusted party. • The TPM 2.0 sees only « The Processor » • UEFI + TPM 2.0 security can be fooled o Managment engine o Malicious code in other HW subsystems Introduction When it goes wrong Technical side Facts numbers Conclusion TPM 2.0 Chip Secure VAULT Crypto Engine X86 Processor  Unencrypted link  No string authentication UEFI Settings
www.nalys-group.com TPM 2.0 – THE SECURITY CHIP INSIDE YOUR PC • System is vulnerable before and during UEFI boot process • Prevent installation of SW not signed by Microsoft (or Apple if you have a Mac) Consequence • It doesn’t protect your privacy • It doesn’t protect you from any malicious program It has nothing to do with cybersecurity Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com TRUSTZONE Hardware and Software Solution • Hardware o Virtual second core with segregation of memory accesses o HW vendor specific additions to provide end to end solution • Software o OP-Tee : secure firmware o TF-A : secure pre-bootloader that initialize the TrustZone Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com
www.nalys-group.com TRUSTZONE - SOFTWARE
www.nalys-group.com TRUSTZONE -SOFTWARE
www.nalys-group.com CRYPTOGRAPHY • Confidentiality : encryption/decryption using a key o Key length is a measure of the algorithm strength • Authenticity: Use of certificates to authenticatethe user o Need a « Root of Trust » : Something/somebody that can tell you if the data are real • Integrity : Use of secure hashes. Impossible for a Man in the Middle to rebuild a correct hash without the correct key Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com SYMETRIC ENCRYPTION (DES – AES) Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com ASYMETRIC ENCRYPTION ( RSA - ECDA) Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com ASYMETRIC ENCRYPTION - PKI Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com FACT NUMBERS
www.nalys-group.com AN EXPLOSION OF POSSIBILITIES
www.nalys-group.com IOT FACTS AND NUMBERS • Revenue is $212 billion worldwide • 2020 : 20.4 billion IoT devices online – 2025 : 75 billion devices • 1 trillion dollar spent on IoT this year • 847 zettabytes (1021) of data generated Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com CYBERSECURITY FACTS AND NUMBERS • 10.5 trillion $ damage by 2025 • 1 trillion dollars spent on Cybersecurity this year • More than 400 Million user records stolen in 2020 • 50m$ -70m$ in ransomware • Bitcoins worth 530m$ stolen in 2019 Introduction When it goes wrong Technical side Facts numbers Conclusion
www.nalys-group.com CONCLUSION
www.nalys-group.com • Cybersecurity carries a huge financial/social risk • Risk is growing exponentially – Follows the IoT trend • Must be taken into account during design phase • It will never be perfect – You will be hacked someday • Challenging technological problem • Even more challenging procedural problem Introduction When it goes wrong Technical side Facts numbers Conclusion
THANK YOU FOR YOUR ATTENTION 35
www.nalys-group.com CONTACT • Benoit Callebaut : bcallebaut@nalys-group.com • Ntech : ntech@nalys-group.com www.ntech-events.com

More Related Content

PDF
Cybersecurity PowerPoint Presentation Slides
SlideTeam
 
PPTX
Cyber security for small businesses
B2BPlanner Ltd.
 
PPTX
Cybersecurity
Sanjana Agarwal
 
PPTX
Cybersecurity - Overview
Thanuja Seneviratne
 
PPT
Security tools
arfan shahzad
 
PPTX
Introduction to cyber security
AliyuMuhammadButu
 
PPTX
Cyber security
Akdu095
 
PPTX
Introduction to Cyber Security
Priyanshu Ratnakar
 
Cybersecurity PowerPoint Presentation Slides
SlideTeam
 
Cyber security for small businesses
B2BPlanner Ltd.
 
Cybersecurity
Sanjana Agarwal
 
Cybersecurity - Overview
Thanuja Seneviratne
 
Security tools
arfan shahzad
 
Introduction to cyber security
AliyuMuhammadButu
 
Cyber security
Akdu095
 
Introduction to Cyber Security
Priyanshu Ratnakar
 

What's hot (20)

PDF
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
PPT
Building An Information Security Awareness Program
Bill Gardner
 
PPTX
Cybersecurity
A. Shamel
 
PPTX
CYBER SECURITY
Vaishak Chandran
 
PDF
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
Edureka!
 
PPTX
CYBER SECURITY
PranjalShah18
 
PPTX
Introduction to cyber security
RaviPrashant5
 
PPTX
cyber security PPT
Nitesh Dubey
 
PPTX
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
PPTX
Cyber-Security-Unit-1.pptx
TikdiPatel
 
PPTX
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
PDF
Cybersecurity Employee Training
Paige Rasid
 
PDF
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
Edureka!
 
PPTX
Cyber Security A Challenges For Mankind
Saurabh Kheni
 
PPTX
Information security
AlaaMahmoud108
 
PPTX
CYBER SECURITY
Mohammad Shakirul islam
 
PPTX
Cyber Security Seminar.pptx
DESTROYER39
 
PPT
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
PPSX
Security Awareness Training
William Mann
 
PPTX
Cybersecurity Training
WindstoneHealth
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Building An Information Security Awareness Program
Bill Gardner
 
Cybersecurity
A. Shamel
 
CYBER SECURITY
Vaishak Chandran
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
Edureka!
 
CYBER SECURITY
PranjalShah18
 
Introduction to cyber security
RaviPrashant5
 
cyber security PPT
Nitesh Dubey
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Cyber-Security-Unit-1.pptx
TikdiPatel
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Cybersecurity Employee Training
Paige Rasid
 
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
Edureka!
 
Cyber Security A Challenges For Mankind
Saurabh Kheni
 
Information security
AlaaMahmoud108
 
CYBER SECURITY
Mohammad Shakirul islam
 
Cyber Security Seminar.pptx
DESTROYER39
 
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
Security Awareness Training
William Mann
 
Cybersecurity Training
WindstoneHealth
 
Ad

Similar to The importance of Cybersecurity (20)

PPTX
So You Want a Job in Cybersecurity
2nd Sight Lab
 
PDF
cybersecurity-careers.pdf
RakeshKumar442494
 
PDF
Cyber Security in Manufacturing
CentraComm
 
PDF
Track 5 session 1 - st dev con 2016 - need for security for iot
ST_World
 
PPTX
Cyber Security Case Studies
Moksha Kalyan Ram Abhiramula
 
PPTX
Art Hathaway - Artificial Intelligence - Real Threat Prevention
centralohioissa
 
PPTX
U nit 4
Integral university, India
 
PPTX
March cybersecurity powerpoint
Courtney King
 
PDF
MT 117 Key Innovations in Cybersecurity
Dell EMC World
 
PDF
2015 whats old is new again
Daren Dunkel
 
PDF
Introduction to Cybersecurity.pdf
ssuserf98dd4
 
PPTX
First line of defense for cybersecurity : AI
Ahmed Banafa
 
PDF
Why Corporate Security Professionals Should Care About Information Security
Resolver Inc.
 
PPTX
ppt on cybersecurity and why its necessary
vaanimunjal2005
 
PPTX
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
Ángel Gómez Romero
 
PPTX
Cyber Security
BryCunal
 
PDF
2014 the future evolution of cybersecurity
Matthew Rosenquist
 
PDF
ALMUERZO DE TRABAJO CHECKPOINT - SECURE SOFT
Cristian Garcia G.
 
PPTX
Critical Infrastructure Security by Subodh Belgi
ClubHack
 
PPTX
Iurii Garasym. The future crimes and predestination of cyber security. Though...
IT Arena
 
So You Want a Job in Cybersecurity
2nd Sight Lab
 
cybersecurity-careers.pdf
RakeshKumar442494
 
Cyber Security in Manufacturing
CentraComm
 
Track 5 session 1 - st dev con 2016 - need for security for iot
ST_World
 
Cyber Security Case Studies
Moksha Kalyan Ram Abhiramula
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
centralohioissa
 
U nit 4
Integral university, India
 
March cybersecurity powerpoint
Courtney King
 
MT 117 Key Innovations in Cybersecurity
Dell EMC World
 
2015 whats old is new again
Daren Dunkel
 
Introduction to Cybersecurity.pdf
ssuserf98dd4
 
First line of defense for cybersecurity : AI
Ahmed Banafa
 
Why Corporate Security Professionals Should Care About Information Security
Resolver Inc.
 
ppt on cybersecurity and why its necessary
vaanimunjal2005
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
Ángel Gómez Romero
 
Cyber Security
BryCunal
 
2014 the future evolution of cybersecurity
Matthew Rosenquist
 
ALMUERZO DE TRABAJO CHECKPOINT - SECURE SOFT
Cristian Garcia G.
 
Critical Infrastructure Security by Subodh Belgi
ClubHack
 
Iurii Garasym. The future crimes and predestination of cyber security. Though...
IT Arena
 
Ad

Recently uploaded (20)

PPTX
Plex Media Server 1.28.2.6151 With Crac5 2022 Free .
cariaelif911
 
PDF
AI-Powered Fuzz Testing: The Future of QA
Shubham Joshi
 
PDF
PDF-XChange Editor Plus 10.7.0.398.0 Crack Free Download Latest 2025
imang66g
 
PPTX
ERP Manufacturing Modules & Consulting Solutions : Contetra Pvt Ltd
jayjani123
 
PPTX
Folder Lock 10.1.9 Crack With Serial Key
alishamir792
 
PPT
3.Software Design for software engineering
anant5150ca6
 
PDF
SOFTWARE ENGINEERING Software Engineering (3rd Edition) by K.K. Aggarwal & Yo...
yaderyeka
 
PDF
infoteam HELLAS company profile 2025 presentation
alexispapadimitriou
 
PPTX
DevOpsDays Halifax 2025 - Building 10x Organizations Using Modern Productivit...
Justin Reock
 
PDF
Sun and Bloombase Spitfire StoreSafe End-to-end Storage Security Solution
Bloombase
 
PPTX
Odoo ERP for Injection Molding Industry – Optimize Production & Reduce Scrap
SatishKumar2651
 
PPTX
MLforCyber_MLDataSetsandFeatures_Presentation.pptx
AaryaNaik8
 
PDF
Internet Download Manager IDM Crack powerful download accelerator New Version...
imang66g
 
PPTX
How to Odoo 19 Installation on Ubuntu - CandidRoot
CandidRoot Solutions Private Limited
 
PPTX
ROI from Efficient Content & Campaign Management in the Digital Media Industry
SatishKumar2651
 
PPTX
4Seller: The All-in-One Multi-Channel E-Commerce Management Platform for Glob...
4Seller Multi-channel Ecommerce Tool
 
PDF
IDM Crack 6.42 Build 42 Patch Serial Key 2025 Free New Version
abidkhan77g77
 
PPTX
HackYourBrain__UtrechtJUG__11092025.pptx
SimonedeGijt
 
PDF
CapCut PRO for PC Crack New Download (Fully Activated 2025)
imang66g
 
PPTX
ROI Analysis for Newspaper Industry with Odoo ERP
SatishKumar2651
 
Plex Media Server 1.28.2.6151 With Crac5 2022 Free .
cariaelif911
 
AI-Powered Fuzz Testing: The Future of QA
Shubham Joshi
 
PDF-XChange Editor Plus 10.7.0.398.0 Crack Free Download Latest 2025
imang66g
 
ERP Manufacturing Modules & Consulting Solutions : Contetra Pvt Ltd
jayjani123
 
Folder Lock 10.1.9 Crack With Serial Key
alishamir792
 
3.Software Design for software engineering
anant5150ca6
 
SOFTWARE ENGINEERING Software Engineering (3rd Edition) by K.K. Aggarwal & Yo...
yaderyeka
 
infoteam HELLAS company profile 2025 presentation
alexispapadimitriou
 
DevOpsDays Halifax 2025 - Building 10x Organizations Using Modern Productivit...
Justin Reock
 
Sun and Bloombase Spitfire StoreSafe End-to-end Storage Security Solution
Bloombase
 
Odoo ERP for Injection Molding Industry – Optimize Production & Reduce Scrap
SatishKumar2651
 
MLforCyber_MLDataSetsandFeatures_Presentation.pptx
AaryaNaik8
 
Internet Download Manager IDM Crack powerful download accelerator New Version...
imang66g
 
How to Odoo 19 Installation on Ubuntu - CandidRoot
CandidRoot Solutions Private Limited
 
ROI from Efficient Content & Campaign Management in the Digital Media Industry
SatishKumar2651
 
4Seller: The All-in-One Multi-Channel E-Commerce Management Platform for Glob...
4Seller Multi-channel Ecommerce Tool
 
IDM Crack 6.42 Build 42 Patch Serial Key 2025 Free New Version
abidkhan77g77
 
HackYourBrain__UtrechtJUG__11092025.pptx
SimonedeGijt
 
CapCut PRO for PC Crack New Download (Fully Activated 2025)
imang66g
 
ROI Analysis for Newspaper Industry with Odoo ERP
SatishKumar2651
 

The importance of Cybersecurity

  • 3. www.nalys-group.com WHAT IS CYBERSECURITY Protection of computer systems from information disclosure, theft or damage to their hardware, software, or electronic data as well as from disruption or misdirection of the service they provide. ( Wikipedia ) Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 4. www.nalys-group.com WHAT IS IT NOT • Protection of the personal data privacy ➔ Privacy ➔ GDPR • Data Availability in case of an accident ➔ Business continuity • Make sure your servers are always online ➔ Reliability and redundancy • Make sure your system always behave correctly ➔ Safety Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 5. www.nalys-group.com IOT PERSPECTIVE Safety Protecting the user of the device. Ex: Your car or plane may not crash even if it experiences issues Security Protecting the device from the malicious user Ex: One try to inject a virus into your phone while clicking on a web page. Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 6. www.nalys-group.com THE GRAY ZONE The brake control software in your car must be: • Bug free • Not be upgradable by anybody … to avoid breaking its safety features Introduction When it goes wrong Technical side Facts numbers Conclusion Safety Security If there is water in you washing machine, the door must stay locked Your locker may only be opened with your key, so your belongings are safe
  • 7. www.nalys-group.com CYBERSECURITY AND OTHER CONCERNS Cybersecurity is part of a global set of concerns that at the end aims at making sure that : • Your personal data can only be accessed and modified by you or somebody you trust • The system you use always behaves as specified Introduction When it goes wrong Technical side Facts numbers Conclusion Cybersecurity Reliability Privacy Safety
  • 9. www.nalys-group.com IMPACT OF A CYBERSECURITY ACCIDENT • Low impact : You don’t notice or you are only annoyed o Ex: Viruses, zombie machines (parasitism) • High impact : There is a financial or social damage o Ex: everybody knows you have a mistress/ see you naked o Ex: Ransomware, Bitcoin Heist… • Life threatening : Lives are at stake o Ex : F-35 hack target identification compromised o Ex : Ransomware attack on german hospital caused death
  • 10. www.nalys-group.com HACKERS : MEN IN BLACK OR MEN IN WHITE White hats or Ethical hackers. They are paid to find the vulnerabilities in your infrastructure Black hats or the « bad guys » They do that for money or to cause damages. Sometimes they even work for the state They both like to party DEFCON and BlackHat convention is the place to be to learn about the hot topics in term of cybersecurity (like how to hack your Tesla)
  • 11. www.nalys-group.com CERT Computer Emergency Response Team Team in a company responsible to monitor attacks and to respond to them as fast as possible, limiting the damages caused. Examples: o Cert.be for Belgium o CERT-EU : for Europe and NATO has also one o US-CERT Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 12. www.nalys-group.com ATTACK TYPES Common attacks • Social engineering : trick people into give you information of somebody else • Viruses : Tojan, worms, ransomware... • Denial of Service / Brute force : using Botnet • Targetted attacks : StuxNet…  typically performed by states. Side channel attacks • DPA : Differential Power Attacks • Statistical time analysis • Probing using EM probes or microscopes… Stealing company secrets (blueprints…) Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 13. www.nalys-group.com SECURITY STANDARDS National Security and Militrary o Common Criteria : Regulates how to develop secure IT products ▪ Ex: RedHaT, MacOSX, TPM 2 chips, MySQL, Oracle DB… o Tempest : regulation about electromagnetic emissions Industry specific standards o Payment : PCI-DSS o CCNA, CompTIA o ANSI Coding rules, o OWASP… Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 15. www.nalys-group.com INTRODUCTION • Requirements :Target of Evaluation in Common Criteria… • Cryptography : algorithms and procedures • Concepts : need to know, layered security, access control… • Technologies : TLS, TPM 2.0, TrustZone… Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 16. www.nalys-group.com COMMON CRITERIA • Target of Evaluation (ToE) : What are ou protecting • Protection Profile (PP) : Defines threats, roles, security objectives, SFR,SAR… • Security Target : describe the security problem and “how” to address it. • Security functional requirement : requirements about security • Security Assurance requirements : number : how strict are you ➔ Define an Evaluation Assurance Level Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 17. www.nalys-group.com CONCEPTS – LAYERED PROTECTION Introduction When it goes wrong Technical side Facts numbers Conclusion Hardware Chips. Ex:TPM 2 Board Mechanics Detect physical intrusion DPA, probing Operating System Libraries Filesystem/Data Access rights Network Application
  • 18. www.nalys-group.com CONCEPTS – LAYERED PROTECTION Introduction When it goes wrong Technical side Facts numbers Conclusion Each security layer protects against the flaws of the previous layer
  • 19. www.nalys-group.com TPM 2.0 – THE SECURITY CHIP INSIDE YOUR PC • X86 processors have no HW security features • UEFI starts without any security • The TPM 2.0 is unable to verify if a request is made by a trusted party. • The TPM 2.0 sees only « The Processor » • UEFI + TPM 2.0 security can be fooled o Managment engine o Malicious code in other HW subsystems Introduction When it goes wrong Technical side Facts numbers Conclusion TPM 2.0 Chip Secure VAULT Crypto Engine X86 Processor  Unencrypted link  No string authentication UEFI Settings
  • 20. www.nalys-group.com TPM 2.0 – THE SECURITY CHIP INSIDE YOUR PC • System is vulnerable before and during UEFI boot process • Prevent installation of SW not signed by Microsoft (or Apple if you have a Mac) Consequence • It doesn’t protect your privacy • It doesn’t protect you from any malicious program It has nothing to do with cybersecurity Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 21. www.nalys-group.com TRUSTZONE Hardware and Software Solution • Hardware o Virtual second core with segregation of memory accesses o HW vendor specific additions to provide end to end solution • Software o OP-Tee : secure firmware o TF-A : secure pre-bootloader that initialize the TrustZone Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 25. www.nalys-group.com CRYPTOGRAPHY • Confidentiality : encryption/decryption using a key o Key length is a measure of the algorithm strength • Authenticity: Use of certificates to authenticatethe user o Need a « Root of Trust » : Something/somebody that can tell you if the data are real • Integrity : Use of secure hashes. Impossible for a Man in the Middle to rebuild a correct hash without the correct key Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 26. www.nalys-group.com SYMETRIC ENCRYPTION (DES – AES) Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 27. www.nalys-group.com ASYMETRIC ENCRYPTION ( RSA - ECDA) Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 28. www.nalys-group.com ASYMETRIC ENCRYPTION - PKI Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 31. www.nalys-group.com IOT FACTS AND NUMBERS • Revenue is $212 billion worldwide • 2020 : 20.4 billion IoT devices online – 2025 : 75 billion devices • 1 trillion dollar spent on IoT this year • 847 zettabytes (1021) of data generated Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 32. www.nalys-group.com CYBERSECURITY FACTS AND NUMBERS • 10.5 trillion $ damage by 2025 • 1 trillion dollars spent on Cybersecurity this year • More than 400 Million user records stolen in 2020 • 50m$ -70m$ in ransomware • Bitcoins worth 530m$ stolen in 2019 Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 34. www.nalys-group.com • Cybersecurity carries a huge financial/social risk • Risk is growing exponentially – Follows the IoT trend • Must be taken into account during design phase • It will never be perfect – You will be hacked someday • Challenging technological problem • Even more challenging procedural problem Introduction When it goes wrong Technical side Facts numbers Conclusion
  • 35. THANK YOU FOR YOUR ATTENTION 35