SlideShare ist ein Scribd-Unternehmen logo

CIS14: Securing the Internet of Things with Open Standards

CloudIDSummit
CloudIDSummit

George Fletcher, AOL, Inc. Exploring one mechanism, using open standards, to add a layer of security and convenience for devices connecting to a personal cloud, including the challenges that exist to make it a reality.

Technologie
1 von 50
Downloaden Sie, um offline zu lesen
Where are we today? Devices and Solutions are exploding ●  personal o  fitness, watches, ... ●  household o  lights, detectors, thermostats, appliances, ... ●  medical o  heart rate monitors, ...
Emerging Pattern Each device has it’s own service in the cloud Device reports data to the service User accesses their device’s data via cloud APIs
Three examples
Internet Connected Dishwasher Big Data analytics ●  how often I wash dishes ●  when I have guests ●  when I’m not at home ●  when I’m canning
Challenges Security Ubiquity & Variety Data Model User Experience & Management
Bruce Schneider https://www.schneier.com/essays/archives/2014/01/the_internet_of_thin.html The computers in our routers and modems are much more powerful than the PCs of the mid-1990s, and the Internet of Things will put computers into all sorts of consumer devices. The industries producing these devices are even less capable of fixing the problem than the PC and software industries were.
Security Layers
Samsung Gear Live
Types of “things” personal (fitbit) shared (family, doctor, neighbor) medical (heart monitor) industrial (air conditioner) temporary (beer glasses)
Data Model Requirements Authorization / Revocation Co-ownership Grouping / Aggregation Policy Inheritance Privacy By Design
User Experience ●  How do I allow my son to change the thermostat but only within a limited range? ●  How do I easily add a light bulb to the family room and have it inherit the policy already assigned to the other lights in the “family room”? ●  How do I let my friend borrow the car such that driving data is delivered to both of us?
User Experience ●  How do I sell my washing machine? (and reset to initial state?) o  Can I save my policy from the old washing machine and apply it to the new one? ●  How do I craft custom experiences such that when a World Cup game comes on, the light change to my preferred team’s colors, the blinds close and the TV tunes to the correct channel?
Key Elements to Usability Simple onboarding process ●  provisioning device into personal cloud ●  grouping device with other like devices ●  pre-authorization of o  who/what can query the device o  who/what can control the device
Key Elements to Usability Simple Authorization model ●  out-of-band user consent channel ●  alerts of abnormalities ●  sharing / multi-access ●  centralized policy management
Key Elements to Usability Simple de-provisioning ●  revocation of authorized capabilities ●  reset of device to initial state ●  removal of device from groups and relationships ●  archive activity data for historical purposes
Building for a Better Tomorrow
Building Blocks OAuth2 OpenID Connect User Managed Access Personal Clouds
OAuth2 Basics ●  Framework for API Authorization o  e.g. Valet Key ●  Get a token (RFC 6749) o  code, implicit, refresh, assertion, ... ●  Use a token (RFC 6750) o  bearer token profile
OAuth2 Dynamic Registration Client Registration Endpoint ●  Initial Access Token o  out-of-band AuthZ ●  Software Statement o  signed claims provided by software stack
OAuth2 Dynamic Registration flow
OpenID Connect Basics Identity layer build on top of OAuth2 ●  id_token ●  user claims ●  session management ●  logout
User Managed Access (UMA) resource owner resource server authorization server client protected resources (unnamed till now) UMA, Kantara Initiative: Used with Permission
UMA & Online Sharing I want to share this stuff selectively •  Among my own apps •  With family and friends •  With organizations I want to protect this stuff from being seen by everyone in the world UMA, Kantara Initiative: Used with Permission I want to control access proactively, not just feel forced to consent over and over
UMA request flow Alice shares calendar with Bob ●  Alice emails Bob a link to her calendar ●  Bob goes to his calendar software and subscribes to Alice’s calendar using the link provided by Alice in the email
OAuth2 Code Flow UMA Request Flow UMA 3.1.1UMA 3.4.1UMA 3.1.2UMA 3.2.2 / OAuth2 Token Introspection
Personal Clouds Slide by Phil Windley: Used with Permission
Persistent Compute Object (PICO) Identity—they represent a specific entity Storage—they persistently encapsulate both structured and unstructured data Open event network—they respond to events Processing—they run applications autonomously Event Channels—they have connections to other picos APIs—they provide access to and access other online services Slide by Phil Windley: Used with Permission
Picos are Decentralized & Networked Slide by Phil Windley: Used with Permission
Picos Use an Event Query Model Slide by Phil Windley: Used with Permission
Programming Model Program in any language you like OAuth access to pico Pico provides user data processing API and inter-pico communications Slide by Phil Windley: Used with Permission
Applying to IoT
Sample Use Case Adding new garage door opener to my Internet of Things - already have Car, Lights, Thermostat, etc Goal: garage door is up when I drive in the driveway
Data Model
Solution Key Components Trusted Introduction Transport Security Activity Authorization Standards Support ●  OAuth2 ●  UMA
Architectural Requirements Owner Pico functions as the UMA AS Each Pico functions as an UMA client ●  pico channel authz is RPT introspection Smart phone app functions as an UMA client Tight binding between device and device Pico
Assumptions Device manufactured with a Software Statement Device supports bi-directional NFC Device supports HTTPS User has a smart phone bound to their personal cloud (trusted app)
Software Statement JSON Signed Web Token (JWS) ●  Issuer claim [iss] (manufacturer) ●  Subject claim [sub] (device unique id) ●  JWT ID claim [jti] (unique id) ●  Device type [com.example.device.type] Public key for signature must be retrievable via the issuer claim.
User Experience User runs personal cloud app and “taps” the Garage Door opener Garage Door opener flashes an LED to signal success Personal cloud app shows Garage Door as being connected to the House pico Personal cloud app can query (or change) the open/closed state of the door
NFC “Tap” garage door opener 1. Device transfers software statement to phone 2. Phone transfers UMA AS endpoint to device a.  optionally network connectivity creds
Phone app adds device to cloud Pre-Register Device [Software_Statement] Add Garage Door Opener to House? Create ‘Garage Door’
Garage Door Obtains Access_Token Register Device [Software_Statement] Client_ID & Client_Secret OAuth2 Client Assertion Flow Access_Token [UMA AAT]
Garage Door connects to pico Where’s my Pico? [AAT] Endpoint: https://… Pico ID: 123UMA RPT Req (3.4.1) [AAT, Pico ID] RPT (pre-authorized) Establish Connection [RPT]
Where are we? Garage Door device is connected to it’s pico Policy for what/who can query/control the garage door managed by the Owner pico and implemented via UMA
What do we want? Garage door to open when I drive into the driveway Assume: Car is already connected to it’s ‘Car’ pico ‘Car’ pico has a channel with the ‘House’ pico Car has geo-fence capability
Opening the Garage Door
Decommissioning the Garage Door 1.  User via their trusted app instructs the Owner pico to remove the ‘Garage Door’ pico 2.  The Owner pico sends a message to the ‘House’ pico to delete the ‘Garage Door’ pico 3.  The ‘Garage Door’ pico can now archive any historical data before sending a message to the ‘Garage Door’ to reset to factory defaults 4.  Owner pico revokes all ‘Garage Door’ access tokens
Benefits of this approach ●  Collected data is stored and managed under the user’s control ●  Authorization policy across the personal IoT cloud is centrally managed o  Lots of opportunity for innovation in how to help the user manage their devices o  Authorization policy can be inherited across the data model ●  Implementable today with existing standards
References UMA ●  UMA 101 2013-10-29 ●  UMA Webinar 2014-03-20 ●  UMA Core Spec Personal Clouds: ●  Connecting Things OAuth 2: ●  Dynamic Client Registration ●  Token Introspection JOSE ●  JSON Web Token ●  JSON Web Signature
Questions Acknowledgements ●  UMA: Eve Maler & Domenico Catalano ●  CloudOS: Phil Windley
Appendix

Empfohlen

Identity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTIdentity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTAllSeen Alliance
 
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTAuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTTransUnion
 
1 importance of light weight authentication in iot
1 importance of light weight authentication in iot1 importance of light weight authentication in iot
1 importance of light weight authentication in iotChintan Patel
 
Security and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSecurity and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSanjayKumarYadav58
 
Kura M2M IoT Gateway
Kura M2M IoT GatewayKura M2M IoT Gateway
Kura M2M IoT GatewayEurotech
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsRoshan Kulkarni
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTForgeRock
 
Track 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotTrack 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotST_World
 

Empfohlen

Identity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTIdentity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTAllSeen Alliance
 
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTAuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTTransUnion
 
1 importance of light weight authentication in iot
1 importance of light weight authentication in iot1 importance of light weight authentication in iot
1 importance of light weight authentication in iotChintan Patel
 
Security and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSecurity and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSanjayKumarYadav58
 
Kura M2M IoT Gateway
Kura M2M IoT GatewayKura M2M IoT Gateway
Kura M2M IoT GatewayEurotech
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsRoshan Kulkarni
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTForgeRock
 
Track 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotTrack 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotST_World
 
ACTAtek corporate presentation march 2013
ACTAtek corporate presentation march 2013ACTAtek corporate presentation march 2013
ACTAtek corporate presentation march 2013Aurangzeb Mufti
 
ACTAtek 3 Introduction
ACTAtek 3 IntroductionACTAtek 3 Introduction
ACTAtek 3 IntroductionAurangzeb Mufti
 
Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Paul Fremantle
 
Null mumbai-iot-workshop
Null mumbai-iot-workshopNull mumbai-iot-workshop
Null mumbai-iot-workshopNitesh Malviya
 
ACTAtek unique features
ACTAtek unique featuresACTAtek unique features
ACTAtek unique featuresAurangzeb Mufti
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Ulf Mattsson
 
Introduction to IOT security
Introduction to IOT securityIntroduction to IOT security
Introduction to IOT securityPriyab Satoshi
 
IRJET- Secure Buddy: An Intelligent Door Lock
IRJET- Secure Buddy: An Intelligent Door LockIRJET- Secure Buddy: An Intelligent Door Lock
IRJET- Secure Buddy: An Intelligent Door LockIRJET Journal
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoTFIDO Alliance
 
Flak general v2 5
Flak general v2 5Flak general v2 5
Flak general v2 5digiflak
 
Make the Smartcard great again
Make the Smartcard great againMake the Smartcard great again
Make the Smartcard great againEric Larcheveque
 
Iot security and Authentication solution
Iot security and Authentication solutionIot security and Authentication solution
Iot security and Authentication solutionPradeep Jeswani
 
Blockchain solutions leading to better security practices
Blockchain solutions leading to better security practicesBlockchain solutions leading to better security practices
Blockchain solutions leading to better security practicesEric Larcheveque
 
Using FIWARE and Microsoft Azure for the development of IoT solutions
Using FIWARE and Microsoft Azure for the development of IoT solutionsUsing FIWARE and Microsoft Azure for the development of IoT solutions
Using FIWARE and Microsoft Azure for the development of IoT solutionsDunavNET
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Brian Spector
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoTgr9293
 
Anonymous Individual Integration for IoT
Anonymous Individual Integration for IoTAnonymous Individual Integration for IoT
Anonymous Individual Integration for IoTPaul Fremantle
 
Demystifying Apple 'Pie' & TouchID
Demystifying Apple 'Pie' & TouchIDDemystifying Apple 'Pie' & TouchID
Demystifying Apple 'Pie' & TouchIDSebastián Guerrero Selma
 
Rebooting the smartcard
Rebooting the smartcardRebooting the smartcard
Rebooting the smartcardEric Larcheveque
 
Edcon - Hardware wallets and smart contracts
Edcon - Hardware wallets and smart contractsEdcon - Hardware wallets and smart contracts
Edcon - Hardware wallets and smart contractsEric Larcheveque
 
Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsGeorge Fletcher
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldPing Identity
 

Weitere ähnliche Inhalte

Was ist angesagt?

ACTAtek corporate presentation march 2013
ACTAtek corporate presentation march 2013ACTAtek corporate presentation march 2013
ACTAtek corporate presentation march 2013Aurangzeb Mufti
 
Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Paul Fremantle
 
Null mumbai-iot-workshop
Null mumbai-iot-workshopNull mumbai-iot-workshop
Null mumbai-iot-workshopNitesh Malviya
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Ulf Mattsson
 
Introduction to IOT security
Introduction to IOT securityIntroduction to IOT security
Introduction to IOT securityPriyab Satoshi
 
IRJET- Secure Buddy: An Intelligent Door Lock
IRJET- Secure Buddy: An Intelligent Door LockIRJET- Secure Buddy: An Intelligent Door Lock
IRJET- Secure Buddy: An Intelligent Door LockIRJET Journal
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoTFIDO Alliance
 
Flak general v2 5
Flak general v2 5Flak general v2 5
Flak general v2 5digiflak
 
Make the Smartcard great again
Make the Smartcard great againMake the Smartcard great again
Make the Smartcard great againEric Larcheveque
 
Iot security and Authentication solution
Iot security and Authentication solutionIot security and Authentication solution
Iot security and Authentication solutionPradeep Jeswani
 
Blockchain solutions leading to better security practices
Blockchain solutions leading to better security practicesBlockchain solutions leading to better security practices
Blockchain solutions leading to better security practicesEric Larcheveque
 
Using FIWARE and Microsoft Azure for the development of IoT solutions
Using FIWARE and Microsoft Azure for the development of IoT solutionsUsing FIWARE and Microsoft Azure for the development of IoT solutions
Using FIWARE and Microsoft Azure for the development of IoT solutionsDunavNET
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Brian Spector
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoTgr9293
 
Anonymous Individual Integration for IoT
Anonymous Individual Integration for IoTAnonymous Individual Integration for IoT
Anonymous Individual Integration for IoTPaul Fremantle
 
Edcon - Hardware wallets and smart contracts
Edcon - Hardware wallets and smart contractsEdcon - Hardware wallets and smart contracts
Edcon - Hardware wallets and smart contractsEric Larcheveque
 

Was ist angesagt? (20)

ACTAtek corporate presentation march 2013
ACTAtek corporate presentation march 2013ACTAtek corporate presentation march 2013
ACTAtek corporate presentation march 2013
 
ACTAtek 3 Introduction
ACTAtek 3 IntroductionACTAtek 3 Introduction
ACTAtek 3 Introduction
 
Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2
 
Null mumbai-iot-workshop
Null mumbai-iot-workshopNull mumbai-iot-workshop
Null mumbai-iot-workshop
 
ACTAtek unique features
ACTAtek unique featuresACTAtek unique features
ACTAtek unique features
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
 
Introduction to IOT security
Introduction to IOT securityIntroduction to IOT security
Introduction to IOT security
 
IRJET- Secure Buddy: An Intelligent Door Lock
IRJET- Secure Buddy: An Intelligent Door LockIRJET- Secure Buddy: An Intelligent Door Lock
IRJET- Secure Buddy: An Intelligent Door Lock
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoT
 
Flak general v2 5
Flak general v2 5Flak general v2 5
Flak general v2 5
 
Make the Smartcard great again
Make the Smartcard great againMake the Smartcard great again
Make the Smartcard great again
 
Iot security and Authentication solution
Iot security and Authentication solutionIot security and Authentication solution
Iot security and Authentication solution
 
Blockchain solutions leading to better security practices
Blockchain solutions leading to better security practicesBlockchain solutions leading to better security practices
Blockchain solutions leading to better security practices
 
Using FIWARE and Microsoft Azure for the development of IoT solutions
Using FIWARE and Microsoft Azure for the development of IoT solutionsUsing FIWARE and Microsoft Azure for the development of IoT solutions
Using FIWARE and Microsoft Azure for the development of IoT solutions
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoT
 
Anonymous Individual Integration for IoT
Anonymous Individual Integration for IoTAnonymous Individual Integration for IoT
Anonymous Individual Integration for IoT
 
Demystifying Apple 'Pie' & TouchID
Demystifying Apple 'Pie' & TouchIDDemystifying Apple 'Pie' & TouchID
Demystifying Apple 'Pie' & TouchID
 
Rebooting the smartcard
Rebooting the smartcardRebooting the smartcard
Rebooting the smartcard
 
Edcon - Hardware wallets and smart contracts
Edcon - Hardware wallets and smart contractsEdcon - Hardware wallets and smart contracts
Edcon - Hardware wallets and smart contracts
 

Ähnlich wie CIS14: Securing the Internet of Things with Open Standards

Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsGeorge Fletcher
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldPing Identity
 
Neudesic IoT HIMSS Healthcare
Neudesic IoT HIMSS HealthcareNeudesic IoT HIMSS Healthcare
Neudesic IoT HIMSS HealthcareMike Rossi
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemInductive Automation
 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversWithTheBest
 
Successful Industrial IoT patterns
Successful Industrial IoT patterns Successful Industrial IoT patterns
Successful Industrial IoT patterns John Mathon
 
ciphertext presentation at Enterprise Connect 2018 TADHack session
ciphertext presentation at Enterprise Connect 2018 TADHack sessionciphertext presentation at Enterprise Connect 2018 TADHack session
ciphertext presentation at Enterprise Connect 2018 TADHack sessionAlan Quayle
 
WSO2Con EU 2015: IoT in Finance
WSO2Con EU 2015: IoT in FinanceWSO2Con EU 2015: IoT in Finance
WSO2Con EU 2015: IoT in FinanceWSO2
 
Augmate connect_Deck
Augmate connect_DeckAugmate connect_Deck
Augmate connect_DeckEtheralabs
 
Successful Industrial IoT Patterns
Successful Industrial IoT PatternsSuccessful Industrial IoT Patterns
Successful Industrial IoT PatternsWSO2
 
Session 1908 connecting devices to the IBM IoT Cloud
Session 1908 connecting devices to the IBM IoT CloudSession 1908 connecting devices to the IBM IoT Cloud
Session 1908 connecting devices to the IBM IoT CloudPeterNiblett
 
Living bits and things 2013 - Using peer-to-peer and distributed technologies...
Living bits and things 2013 - Using peer-to-peer and distributed technologies...Living bits and things 2013 - Using peer-to-peer and distributed technologies...
Living bits and things 2013 - Using peer-to-peer and distributed technologies...Carsten Rhod Gregersen
 
Augmate connect deck
Augmate connect deckAugmate connect deck
Augmate connect deckEtheralabs
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalOracleIDM
 
What’s New in WSO2 IoT Server 3.1.0
What’s New in WSO2 IoT Server 3.1.0What’s New in WSO2 IoT Server 3.1.0
What’s New in WSO2 IoT Server 3.1.0WSO2
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatDuo Security
 
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)Amazon Web Services
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFernando Lopez Aguilar
 

Ähnlich wie CIS14: Securing the Internet of Things with Open Standards (20)

Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open Standards
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual World
 
Neudesic IoT HIMSS Healthcare
Neudesic IoT HIMSS HealthcareNeudesic IoT HIMSS Healthcare
Neudesic IoT HIMSS Healthcare
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition System
 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank Chavers
 
Successful Industrial IoT patterns
Successful Industrial IoT patterns Successful Industrial IoT patterns
Successful Industrial IoT patterns
 
Security analysis of emerging smart home applications 11.2016
Security analysis of emerging smart home applications 11.2016Security analysis of emerging smart home applications 11.2016
Security analysis of emerging smart home applications 11.2016
 
ciphertext presentation at Enterprise Connect 2018 TADHack session
ciphertext presentation at Enterprise Connect 2018 TADHack sessionciphertext presentation at Enterprise Connect 2018 TADHack session
ciphertext presentation at Enterprise Connect 2018 TADHack session
 
WSO2Con EU 2015: IoT in Finance
WSO2Con EU 2015: IoT in FinanceWSO2Con EU 2015: IoT in Finance
WSO2Con EU 2015: IoT in Finance
 
Augmate connect_Deck
Augmate connect_DeckAugmate connect_Deck
Augmate connect_Deck
 
Successful Industrial IoT Patterns
Successful Industrial IoT PatternsSuccessful Industrial IoT Patterns
Successful Industrial IoT Patterns
 
Session 1908 connecting devices to the IBM IoT Cloud
Session 1908 connecting devices to the IBM IoT CloudSession 1908 connecting devices to the IBM IoT Cloud
Session 1908 connecting devices to the IBM IoT Cloud
 
Living bits and things 2013 - Using peer-to-peer and distributed technologies...
Living bits and things 2013 - Using peer-to-peer and distributed technologies...Living bits and things 2013 - Using peer-to-peer and distributed technologies...
Living bits and things 2013 - Using peer-to-peer and distributed technologies...
 
Augmate connect deck
Augmate connect deckAugmate connect deck
Augmate connect deck
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
 
What’s New in WSO2 IoT Server 3.1.0
What’s New in WSO2 IoT Server 3.1.0What’s New in WSO2 IoT Server 3.1.0
What’s New in WSO2 IoT Server 3.1.0
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
 
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
 

Mehr von CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 

Mehr von CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Kürzlich hochgeladen

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Kürzlich hochgeladen (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

CIS14: Securing the Internet of Things with Open Standards

  • 1. Where are we today? Devices and Solutions are exploding ●  personal o  fitness, watches, ... ●  household o  lights, detectors, thermostats, appliances, ... ●  medical o  heart rate monitors, ...
  • 2. Emerging Pattern Each device has it’s own service in the cloud Device reports data to the service User accesses their device’s data via cloud APIs
  • 4. Internet Connected Dishwasher Big Data analytics ●  how often I wash dishes ●  when I have guests ●  when I’m not at home ●  when I’m canning
  • 5. Challenges Security Ubiquity & Variety Data Model User Experience & Management
  • 6. Bruce Schneider https://www.schneier.com/essays/archives/2014/01/the_internet_of_thin.html The computers in our routers and modems are much more powerful than the PCs of the mid-1990s, and the Internet of Things will put computers into all sorts of consumer devices. The industries producing these devices are even less capable of fixing the problem than the PC and software industries were.
  • 9. Types of “things” personal (fitbit) shared (family, doctor, neighbor) medical (heart monitor) industrial (air conditioner) temporary (beer glasses)
  • 10. Data Model Requirements Authorization / Revocation Co-ownership Grouping / Aggregation Policy Inheritance Privacy By Design
  • 11. User Experience ●  How do I allow my son to change the thermostat but only within a limited range? ●  How do I easily add a light bulb to the family room and have it inherit the policy already assigned to the other lights in the “family room”? ●  How do I let my friend borrow the car such that driving data is delivered to both of us?
  • 12. User Experience ●  How do I sell my washing machine? (and reset to initial state?) o  Can I save my policy from the old washing machine and apply it to the new one? ●  How do I craft custom experiences such that when a World Cup game comes on, the light change to my preferred team’s colors, the blinds close and the TV tunes to the correct channel?
  • 13. Key Elements to Usability Simple onboarding process ●  provisioning device into personal cloud ●  grouping device with other like devices ●  pre-authorization of o  who/what can query the device o  who/what can control the device
  • 14. Key Elements to Usability Simple Authorization model ●  out-of-band user consent channel ●  alerts of abnormalities ●  sharing / multi-access ●  centralized policy management
  • 15. Key Elements to Usability Simple de-provisioning ●  revocation of authorized capabilities ●  reset of device to initial state ●  removal of device from groups and relationships ●  archive activity data for historical purposes
  • 16. Building for a Better Tomorrow
  • 17. Building Blocks OAuth2 OpenID Connect User Managed Access Personal Clouds
  • 18. OAuth2 Basics ●  Framework for API Authorization o  e.g. Valet Key ●  Get a token (RFC 6749) o  code, implicit, refresh, assertion, ... ●  Use a token (RFC 6750) o  bearer token profile
  • 19. OAuth2 Dynamic Registration Client Registration Endpoint ●  Initial Access Token o  out-of-band AuthZ ●  Software Statement o  signed claims provided by software stack
  • 21. OpenID Connect Basics Identity layer build on top of OAuth2 ●  id_token ●  user claims ●  session management ●  logout
  • 22. User Managed Access (UMA) resource owner resource server authorization server client protected resources (unnamed till now) UMA, Kantara Initiative: Used with Permission
  • 23. UMA & Online Sharing I want to share this stuff selectively •  Among my own apps •  With family and friends •  With organizations I want to protect this stuff from being seen by everyone in the world UMA, Kantara Initiative: Used with Permission I want to control access proactively, not just feel forced to consent over and over
  • 24. UMA request flow Alice shares calendar with Bob ●  Alice emails Bob a link to her calendar ●  Bob goes to his calendar software and subscribes to Alice’s calendar using the link provided by Alice in the email
  • 25. OAuth2 Code Flow UMA Request Flow UMA 3.1.1UMA 3.4.1UMA 3.1.2UMA 3.2.2 / OAuth2 Token Introspection
  • 26. Personal Clouds Slide by Phil Windley: Used with Permission
  • 27. Persistent Compute Object (PICO) Identity—they represent a specific entity Storage—they persistently encapsulate both structured and unstructured data Open event network—they respond to events Processing—they run applications autonomously Event Channels—they have connections to other picos APIs—they provide access to and access other online services Slide by Phil Windley: Used with Permission
  • 28. Picos are Decentralized & Networked Slide by Phil Windley: Used with Permission
  • 29. Picos Use an Event Query Model Slide by Phil Windley: Used with Permission
  • 30. Programming Model Program in any language you like OAuth access to pico Pico provides user data processing API and inter-pico communications Slide by Phil Windley: Used with Permission
  • 32. Sample Use Case Adding new garage door opener to my Internet of Things - already have Car, Lights, Thermostat, etc Goal: garage door is up when I drive in the driveway
  • 34. Solution Key Components Trusted Introduction Transport Security Activity Authorization Standards Support ●  OAuth2 ●  UMA
  • 35. Architectural Requirements Owner Pico functions as the UMA AS Each Pico functions as an UMA client ●  pico channel authz is RPT introspection Smart phone app functions as an UMA client Tight binding between device and device Pico
  • 36. Assumptions Device manufactured with a Software Statement Device supports bi-directional NFC Device supports HTTPS User has a smart phone bound to their personal cloud (trusted app)
  • 37. Software Statement JSON Signed Web Token (JWS) ●  Issuer claim [iss] (manufacturer) ●  Subject claim [sub] (device unique id) ●  JWT ID claim [jti] (unique id) ●  Device type [com.example.device.type] Public key for signature must be retrievable via the issuer claim.
  • 38. User Experience User runs personal cloud app and “taps” the Garage Door opener Garage Door opener flashes an LED to signal success Personal cloud app shows Garage Door as being connected to the House pico Personal cloud app can query (or change) the open/closed state of the door
  • 39. NFC “Tap” garage door opener 1. Device transfers software statement to phone 2. Phone transfers UMA AS endpoint to device a.  optionally network connectivity creds
  • 40. Phone app adds device to cloud Pre-Register Device [Software_Statement] Add Garage Door Opener to House? Create ‘Garage Door’
  • 41. Garage Door Obtains Access_Token Register Device [Software_Statement] Client_ID & Client_Secret OAuth2 Client Assertion Flow Access_Token [UMA AAT]
  • 42. Garage Door connects to pico Where’s my Pico? [AAT] Endpoint: https://… Pico ID: 123UMA RPT Req (3.4.1) [AAT, Pico ID] RPT (pre-authorized) Establish Connection [RPT]
  • 43. Where are we? Garage Door device is connected to it’s pico Policy for what/who can query/control the garage door managed by the Owner pico and implemented via UMA
  • 44. What do we want? Garage door to open when I drive into the driveway Assume: Car is already connected to it’s ‘Car’ pico ‘Car’ pico has a channel with the ‘House’ pico Car has geo-fence capability
  • 46. Decommissioning the Garage Door 1.  User via their trusted app instructs the Owner pico to remove the ‘Garage Door’ pico 2.  The Owner pico sends a message to the ‘House’ pico to delete the ‘Garage Door’ pico 3.  The ‘Garage Door’ pico can now archive any historical data before sending a message to the ‘Garage Door’ to reset to factory defaults 4.  Owner pico revokes all ‘Garage Door’ access tokens
  • 47. Benefits of this approach ●  Collected data is stored and managed under the user’s control ●  Authorization policy across the personal IoT cloud is centrally managed o  Lots of opportunity for innovation in how to help the user manage their devices o  Authorization policy can be inherited across the data model ●  Implementable today with existing standards
  • 48. References UMA ●  UMA 101 2013-10-29 ●  UMA Webinar 2014-03-20 ●  UMA Core Spec Personal Clouds: ●  Connecting Things OAuth 2: ●  Dynamic Client Registration ●  Token Introspection JOSE ●  JSON Web Token ●  JSON Web Signature
  • 49. Questions Acknowledgements ●  UMA: Eve Maler & Domenico Catalano ●  CloudOS: Phil Windley