SAP Cryptographie in the Iot


Cyptography – Security in IoT is not an option


The world of IoT is new and carries extreme traits of experimentation, anarchy and the promise of a lot of money. Companies see the money that can be earned with this amount of data, and hackers see it too. The example of the Jeep hack at Blackhat 2015, where an American researcher hacked a jeep at full speed as a hack, showed the consequences. The (admittedly very academic) gap the researcher uncovered had arisen due to design negligence. You could switch from the Bluetooth network of the car radio to the CAN bus network. The promised separation of control network and entertainment network had not been implemented for cost reasons. The image damage of a jeep blocking at full speed was certainly many times higher than the cost of profound network planning and encryption.

Big Data and Jurisdiction This also applies to the Big Data projects of SAP, to which HANA IoT naturally belongs. Wherever large amounts of data are collected and aggregated, on the one hand desires arise, on the other hand there are also large legal problem areas. What is the protection of personal data in Germany is the panic of losing credit card data in the USA. Because in the US, this can only be really expensive for affected companies.

Cryptography – Key to the Internet of Things

Security and encryptopn in SAP Leonardo and the industrial Internet of Things

Primarily, the topics of the Internet of Things (IoT) security are first of all technical, about cryptography, assemblies and manufacturing technology. But at the latest, when this data is collected centrally, when all of this data becomes a vast ocean of data in a company's server farms, the source of the information becomes part of enterprise security. With the new SAP Leonardo architecture, the ERP software makes it possible to use huge amounts of data from the "Internet of Things" for corporate IT. SAP Leonardo integrates millions of Internet-based sensors and brings this information directly to the customer's own SAP system.

Classic SAP Attack Vectors

As you can see from the basic architecture of an SAP IoT landscape, the superficial attack vectors are the areas that are also classically known: wireless networks, public networks, accessible hardware, and the data in the HANA database.

A prominent example from the recent past can clarify this: Google has bought NEST, a manufacturer of fire detectors. This is actually a triviality, if not a peculiarity. The fire detectors are additionally equipped with infrared sensors that can register movement and people. And they can not only communicate with each other via WiFi, but also with a central server. For example with a central fire protection service. If this data goes over the wire, may still be transported unencrypted over WiFi routes, then the company that collects this data has a legal problem. And if this data is massively collected in a central location, such as an SAP HANA IoT, then the accumulation alone creates a new problem topic. On the one hand, such a collection is not permitted in European jurisdiction. On the other hand, the handling of personal data (in the EU) is punishable because the data are handled negligently if they are not adequately anonymised and secured.

A simple problem of an IoT device escalates

For example, the technical problem of a sensor at the end of the digital value chain becomes a veritable legal problem, because no one has considered technical and formal safety at any point.

Security Risk of Big Data in SAP Leonardo and IoT

If this ocean of data, this "data lake" ends as a precursor, for example, in a big data SAP HANA architecture, then that too is a problem of the SAP area. Therefore, the following technical and organizational remarks should also be seen as subproblems of an SAP security scenario. Without a level of security already implemented in the basics protects (as in the case of the hacked Chrysler Jeep) the careless handling of these topics for an expensive late awakening.

Key to secure communication

The key to secure communication is cryptography, which is the foundation of any IoT architecture , including the encryption of hardware, programs, and communications, as well as data

Cryptography and Peer Review

Let's discuss a planned architecture together, how cryptography can be applied on all levels. But even if your company has a corresponding group, a so-called external "peer review" is essential, in which one group describes encryption and the other group tries to break it. Encryption is effectively sharpened in this interactive circle.

Benefit from our many years of expertise in this area and contact us.