April 18-19, 2018Boston, MABoston Convention and Exhibition Center

ESC Boston 2018 Schedule Viewer

Use the scheduling tool below to browse all the available sessions, speakers and topics at this year's event. Find the content and sessions to fit all of your educational needs and ensure you get the most out of your time at the show.

Keeping Sensitive Information Secure — Always Secure


Paul Schneck (Principal, Schneck Consulting)

Location: 107B

Date: Wednesday, April 18

Time: 3:00pm - 5:00pm

Pass type: Conference (Paid) - Get your pass now!

Free Content & Activities: N/A

Conference Track: IoT and Connected Devices

Vault Recording: TBD

Audience Level: N/A

Security is only as good as its weakest link. And, once information is lost it is gone for good.

This tutorial describes an approach for securing data created in an embedded IoT device. The data is only shared among trusted parties. Copying or stealing data as it is being sent to others will result in obtaining encrypted copies of data. Similarly, stealing data from within the device will yield only encrypted data.

The system uses both symmetric (shared key) and asymmetric (public key) encryption. Because the system is small and easy to implement manufacturers can avoid the difficulties (bugs, complexity, protocol failures) plaguing large, complex security "solutions." Equally important, the system extends to desktops, mobile devices, and servers, creating a large ecosystem of shared secure data.

All data is encrypted with a random symmetric key and never leaves the device in unencrypted form. The symmetric encryption key is itself encrypted by the public key of the partner device(s) with which the data will be shared. Public key(s) are validated by a trusted certificate authority (possibly maintained by the equipment manufacturer). The symmetric key along with additional parameters are encrypted by the validated public key(s) and sent to the partner device(s).


Attendees will learn
- how to build systems with robust security
- a straightforward secure protocol cascades symmetric key and public key encryption
- hardware-enforced mandatory encryption foils malware and data thieves
- the approach forms the basis of an extensible secure ecosystem for IOT
- the ecosystem includes PCs, mobile devices, and entertainment devices