AWS IoT is a new managed service that enables Internet-connected things (sensors, actuators, devices, and applications) to easily and securely interact with each other and the cloud. This talk will introduce the security and access control mechanisms used by AWS IoT. These mechanisms can be used to not only securely build and provision devices, but also to integrate devices with other AWS services. This allows you to build interesting, meaningful applications while owning little to no infrastructure.
13. Requirements
Secure Communications with Things
Strong Thing Identity
Fine-grained Authorization for:
Thing Management
Pub/Sub Data Access
AWS Service Access
16. Requirements
Secure Communications with Things
Strong Thing Identity
Fine-grained Authorization for:
Thing Management
Pub/Sub Data Access
AWS Service Access
23. One Service, Two Protocols
MQTT + Mutual Auth TLS AWS Auth + HTTPS
Server Auth TLS + Cert TLS + Cert
Client Auth TLS + Cert AWS API Keys
Confidentiality TLS TLS
Protocol MQTT HTTP
24. Requirements
Secure Communications with Things
Strong Thing Identity
Fine-grained Authorization for:
Thing Management
Pub/Sub Data Access
AWS Service Access
30. Certificate Signing Request
Dear Certificate Authority,
I’d really like a certificate for %NAME%, as identified by
the key pair with public key %PUB_KEY%. If you could
sign a certificate for me with those parameters, it’d be
super spiffy.
Signed (Cryptographically),
- The holder of the private key
32. Actual Commands
$ openssl genrsa –out ThingKeypair.pem 2048
Generating RSA private key, 2048 bit long modulus
....+++
...+++
e is 65537 (0x10001)
$ openssl req -new –key ThingKeypair.pem –out Thing.csr
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:NY
Locality Name (eg, city) [Default City]:New York
Organization Name (eg, company) [Default Company Ltd]:ACME
Organizational Unit Name (eg, section) []:Makers
Common Name (eg, your name or your server's hostname) []:John Smith
Email Address []:jsmith@acme.com
39. Requirements
Secure Communications with Things
Strong Thing Identity
Fine-grained Authorization for:
Thing Management
Pub/Sub Data Access
AWS Service Access
43. Requirements
Secure Communications with Things
Strong Thing Identity
Fine-grained Authorization for:
Thing Management
Pub/Sub Data Access
AWS Service Access
50. Requirements
Secure Communications with Things
Strong Thing Identity
Fine-grained Authorization for:
Thing Management
Pub/Sub Data Access
AWS Service Access
67. Requirements
Secure Communications with Things
Strong Thing Identity
Fine-grained Authorization for:
Thing Management
Pub/Sub Data Access
AWS Service Access
71. You don’t want to miss these deep dive sessions
MBL312 Rules and Shadow - Palazzo A 2:45 PM
MBL313 Devices SDK and Kits - Palazzo A 4:15 PM
MBL303 Mobile Devices and IoT - Delfino 4005 4:15 PM
MBL203 Devices in Motion - Delfino 4005 Friday 10:15 AM
MBL305 IoT Data and Analytics - Delfino 4005 Friday 11:30