Alan Grau

Sectigo, a provider of automated digital identity management and web security solutions, announced a video series on Sectigo’s YouTube Channel. The IoT video series offers security engineers, developers, product managers, and anyone using or developing connected components and devices valuable guidance, ranging from fundamental to advanced level, for securing IoT devices. Hosted by Alan Grau, Sectigo VP of IoT/Embedded Solutions, the initial “explainer” videos in the series include: IoT Security Challenges The first in the series, the IoT Security Challenges video encompasses a wide range of fundamental security topics including embedded security, secure boot, embedded firewall, secure firmware updates, secure key storage, IoT device identity, and PKI for IoT. Alan Grau addresses several specific issues, including: Common vulnerabilities found in IoT devices What security actually means for IoT devices, and which solutions actually work Which types of IoT security solutions actually work, and why Security claims vs. security realities for IoT devices Challenges of building security into IoT devices Secure Boot for IoT Devices The Secure Boot for IoT video covers IoT security, embedded security, secure Boot, and secure firmware updates. Grau provides both an overview and a deep dive into Secure Boot and how the functionality can greatly help secure IoT devices by ensuring that they are always running unmodified code from the OEM. He also discusses the various ways that hackers attack embedded devices, Root of Trust, code signing, and code validation. Embedded Firewall for IoT Devices In the video about Embedded Firewalls, Grau covers what embedded firewalls are and how they are different from other network and endpoint firewalls. He discusses the challenges of building security into IoT devices, why embedded firewalls are important (and essential features), as well as embedded use cases for automobile (ADAS) and aircraft control systems.

Sectigo, a provider of automated digital identity management and web security solutions, announces a partnership with Infineon Technologies AG to provide automated certificate provisioning for Infineon’s OPTIGA™ Trusted Platform Module (TPM) 2.0 using Sectigo IoT Identity Manager. The integration provides manufacturers with a complete certificate management solution, including issuance and renewal, starting right on the factory floor, with secure certificate creation and insertion using the OPTIGA™ TPM for private key storage. Strong authentication and secure communication “Including a TPM chip in an IoT device design is the first step in enabling strong authentication and secure communication for IoT devices,” explained Alan Grau, VP of IoT/Embedded Solutions at Sectigo. “Together, Sectigo and Infineon are enabling device manufactures to leverage strong authentication and secure communication for IoT devices during the manufacturing of the device itself. This integration not only automates the process of provisioning certificates for IoT devices, but also delivers a complete PKI solution leveraging Sectigo’s highly secure cloud infrastructure.” Device manufacturers across industries recognise the need to strengthen the security of their devices Device manufacturers across industries increasingly recognise the need to strengthen the security of their devices. The Sectigo-Infineon joint solution enables manufacturers to provide the enhanced levels of security required to protect their devices and to ensure compliance with ever-emerging and evolving IoT security standards and regulations across the globe. Device identity certificates For example, manufacturers are able to provision certificates into devices before they leave the factory, so that their connected IoT and IIoT products comply with the authentication requirements of the California IoT Security Law, along with other similar legislation. Device identity certificates enable strong authentication and the TPM—a specialised chip on an endpoint device—provides secure key storage to ensure keys are protected against attacks. The joint solution enables the insertion of certificates into the device during the manufacturing of the device, when the device is first provisioned into a network, or into the TPM chip itself before the chip is shipped to the manufacturer. By installing certificates into the TPM chip prior to manufacturing, manufacturers are able to track the component throughout the supply chain to protect against device counterfeiting, ensuring that only authentic devices are manufactured. Securing and authenticating connected devices Together with our partner Sectigo, we are now also able to offer automated factory provisioning" “Infineon’s audited and certified TPMs enable manufacturers of connected devices to achieve higher levels of security. Together with our partner Sectigo, we are now also able to offer automated factory provisioning. This gives our customers a proven path combining ease of integration with the benefits of higher security performance,” said Lars Wemme, Head of IoT Security at Infineon Technologies. The Sectigo IoT Identity Platform removes the complexity associated with securing and authenticating connected devices so that businesses can protect their infrastructure in an easy, scalable, cost-effective, way. The platform enables enterprises and OEMs to ensure the integrity and identity of their devices and maintain that security by managing certificates throughout the lifecycle of the device. Broad portfolio of security controllers Infineon’s OPTIGA™ security solutions, including the OPTIGA™ TPM, offer a broad portfolio of security controllers to protect the integrity and authenticity of embedded devices and systems. With a secure key store and support for a variety of encryption algorithms, the security chips provide robust protection for critical data and processes through their rich functionality—and are essential for strong device identity solutions because the crypto co-processor can securely store the private key of the device. Infineon’s proven key storage, coupled with Sectigo’s automated certificate issuance and management, delivers a robust, automated and easy-to-use PKI solution for device manufacturers.