INTEGRITY Security Services: Embedded Iot Security and Management

David Sequino, Co-Founder and CEO

Established to provide best practice embedded security products and services for the protection of smart devices in all industries from cybersecurity attacks, INTEGRITY Security Services (ISS) is a wholly owned subsidiary of Green Hills Software. ISS's cryptographic engineering and embedded development experience have enabled them to assemble an exceptional team of experienced resources to meet the product needs of clients. "If you have a problem, if no one can help and if you can find us, you can hire…ISS!" smiles David Sequino, Co-Founder and CEO of INTEGRITY Security Services, quoting the famous dialogue from the yesteryears NBC television series, the A-Team. Sequino's dialogue also brings to light an essential mantra that ISS believes in, or in this case doesn't believe in, marketing themselves or providing press releases of their customer design wins; “We don’t believe in ‘security by obscurity’, but we are not going to self promote at the detriment of our Clients’ security posture.”

"Our dedication to partner with clients is driven by our mission and passion to secure their futures as if they were our own"

Market View

From internet vandalism to criminal and physical damage, the threat landscape encompasses everything, escalating at unprecedented scale and velocity. The digital world has opened doors to massive benefits and at the same time numerous vulnerabilities and malicious attacks. Also, with IoT devices increasing in numbers by leaps and bounds, enterprises’ networks run the risk of becoming access points for hackers. Witnessing the ever-increasing cyber security incidents, accidental or intentional, ISS was conceptualized by Sequino, along with his CTO, Greg Powell and CSO, Bill Lattin with the aim “to change the world for better.” “Our parent company’s founder, Dan O’Dowd calls ‘IoT’ as ‘The Internet of Dangerous Things’ and that is why our solutions include the most secure operating system (INTEGRITY IoT) from our parent company and FIPS 140-2 certified cryptographic toolkits. Our software development process is designed to build the highest reliability software and services and is laser-focused on safety and security-critical IoT devices” mentions Sequino.

With a mission to deliver end-to-end, layered, embedded security solutions to protect intelligent devices and their supply chains, ISS provides a complete secure IoT provisioning and management service from the enterprise network to the Cloud to the IoT devices with their flagship product, Device Lifecycle Management (DLM). “Our DLM Platform as a service has been deployed globally to handle the end-to-end management of any embedded IoT devices from their birth to their decommissioning,” states Sequino. A complete device security and management platform that is delivered on-premise or in the cloud as a platform as a service, DLM has been deployed globally to bridge the gap between enterprise IT organizations and embedded IoT device/system developers for the protection of sensitive digital assets, such as licensed content, gold firmware images, bit streams and cryptographic keys, over their lifecycle from engineering to manufacturing to the aftermarket. DLM secures, provisions and manages virtually any digital asset across any IoT network.

The methodology incorporated by the firm for its embedded software to run on devices and to create secure endpoints includes a thorough analysis of the devices by the team’s expert embedded security engineers and cryptographers. After which, a report on all the use cases– from connecting devices to the cloud to the enterprise’s network—is generated. “As connected devices grow, they must be managed from design to manufacturing to the decommissioning stage. Hence, a complete end-to-end security assessment requires a security expert,” asserts Sequino.

Our DLM Platform as a service has been deployed globally to handle the end-to-end management of any embedded IoT devices from its birth to its decommissioning

Laser focused on embedded IoT critical safety and security devices such as medical, industrial infrastructure, automotive, aerospace and defense, and consumer and semi-conductors, ISS ensures stringent security controls by building the most advanced supply chain security management services. Further, the DLM system generates certificates to protect the assets of enterprises from networks that are not trusted. It is also used to manage complete software configurations on remote (aftermarket) products such as on vehicles utilizing electronic control units (ECU), hence, providing secure and timely updates across the automotive supply chain.

Services and Products

The firm is the first to offer V2X/C2X certificate management services; a turnkey managed service in production to securely generate and distribute vehicle-to-vehicle and vehicle-to-infrastructure certificates direct to the vehicle and roadside communication devices. Besides, to protect data and reliability in most critical systems, the firm ensures that product developers are supported with superior quality cryptographic libraries. The ISS Embedded Cryptographic Toolkit offered by the firm is used by developers to protect data, reliability and intellectual property from malicious cyber attacks. The Embedded Cryptographic Toolkit (ECT), with the latest algorithms, ensures authentication, confidentiality, and integrity of IoT devices.

Also, ISS ensures advanced security through its Embedded Cryptographic Module (ECM) which incorporates latest algorithms, crucial encrypted storage, and certificate management integrated with hardware of highest assurance. The ECM encrypts digital assets, allowing developers to evolve hardware platforms without redesigning software. This approach makes it ideal for usage in low-cost devices. ECM is a more complete service designed to run on the smallest CPUs providing the root of trust to any IoT Device throughout a complex supply chain, unlike a cryptographic library.

To authenticate software and protect devices from vulnerable attacks, the firm delivers secure boot solutions with the help of its Secure Boot Toolkit. The ISS secure boot authentication is paramount in combating cybersecurity attacks. Additionally, the firm’s FIPS 140 Certification expertise assists an organization’s integration and certification process supporting its engineers with best-practice designs streamlined with cryptographic modules.

In addition, ISS provides expert consulting services, helping clients with questions related to design and manufacturing. Clients are provided with accurate and cost-efficient suggestions for implementing best practice architecture to protect data, software, and reliability. Also, the firm delivers infrastructure solutions for the distribution of trust assets across the most complex supply chains globally.

Potential Clients

ISS offers its services to enterprises concerned with generating revenue from IoT devices and/or their associated data, or who are concerned with Intellectual Property (IP) protection or who must ensure safe and reliable product operation over the full lifecycle of the IoT device. Those looking to update their software securely, and are concerned that their brand may be in jeopardy if software, data, developers, and/or users are comprised in the lifecycle of their devices, are potential clients of the firm.

The DLM Platform as a service works effortlessly with numerous IoT platforms; hence, when clients connect their IoT devices to the DLM system, they avoid providing a malware distribution system to an endpoint in their network. This approach enables them to build a secure, scalable, efficient embedded IoT software system with good and well-thought out software architecture while locking down their entire supply chain.

Numerous organizations don’t have the expertise and knowledge to support and solve embedded IoT problems. “The ISS way” of doing things keeps them connected and closely associated with real-world clients’ issues and needs. Senior developers and architects of the firm engage with clients to help mitigate significant security and business problems, via custom and standard solutions based on the DLM system.

Successful Deployments

ISS has many deployments, one particular DLM system was deployed for an automotive firm last year. It created a secure DLM network across six data centers to manage the global auto Original Equipment Manufacturers’ (OEM’s) Supply Chain, including IP, Users, Software, Devices and Content. The automotive firm has over 30 vehicle assembly plans. ISS stepped in to deploy DLM appliances across the whole network, ensuring safety critical ECUs in vehicles were secure. This deployment is an ongoing program with ISS’s DLM system generating and injecting device identity certificates into the ECUs, as well as signs all the software digitally. The certificates and digital signatures authenticate the devices and ensure that the software comes from the authorized source and that it hasn’t changed. Moreover, ISS has also implemented the same application across multiple verticals such as medical, industrial and consumer devices securing each client’s supply chains via a private, secure DLM network.

Evolution of ISS

With quantum computers coming into the limelight, cryptography will face the biggest threat as some algorithms can become obsolete. So, the firm is working towards post-quantum algorithms to ensure secure solutions. ISS will also be embedding software across a multitude of CPUs as all IoT devices and IP are different. Since ISS is the only end-to-end solutions provider to secure any embedded IoT device from the device to the cloud; the firm has witnessed significant customer traction and provides the key ingredient for any Enterprise to securely unlock the revenue potential that is the Internet of Things. “Without our customers, we are alone. Our dedication to partner with clients is driven by our mission and passion for securing their futures as if they were our own. We treat their brand as our brand, and we protect it as such,” concludes Sequino.

- Jasmine Mchardy
April 04, 2018