X-Gateway as a Modular Part of IoT
How high-secure Technologies support IoT devices on level “basic“ and “substantial.“ The question of how to secure the Internet-of-Things in a simple way is not easy to answer. It is as complex as the question how to assess the level of trust for these IoT devices and their smart services in the cloud. Looking back in the younger history there are some examples how this was solved for (office) IT software and security technologies that everyone carries in his purse – worldwide: ID cards, credit cards and prepaid-cards for public transportation, cell phone and PC OS’s as well as network security products as well as databases: Any of those technologies were evaluated and certified by using the so-called Common Criteria (ISO 15408) that are officially accepted in 28 nations. More than 3000 certificates were issued the last 20 years, but hundred of billions instances of this certified soft- and hardware have been issued—everywhere in the world.
The approach is modular: Based on IT security functionalities that are implemented in modules, strong identities & authentication, access & information flow control, encryption and audit trails could be used by any IoT application. These security modules (soft- and/hardware) could be assessed by the costly Common Criteria certification scheme for mass production—the right usage of the individual use case in an IoT device by an easier scheme. To follow this approach IoT PPs (Protection Profiles acc. to the Common Criteria) were specified and are in certification at the BSI now. The presentation shows how high-secure technologies could support even IoT devices on level “basic” and “substantial” in a preferably cost- and time- effective way.