Drones, Phones, and Pwns: The Promise
(and Dangers) of IoT APIs
© 2014 CA. All rights reserved.
<name>
<date>
Jaime Ryan
S...
2
© 2014 CA. ALL RIGHTS RESERVED.
What does the future hold?
3
© 2014 CA. ALL RIGHTS RESERVED.
These ain’t your daddy’s drones
4
© 2014 CA. ALL RIGHTS RESERVED.
They’re accessible
5
© 2014 CA. ALL RIGHTS RESERVED.
They’re affordable
6
© 2014 CA. ALL RIGHTS RESERVED.
They’re powerful
7
© 2014 CA. ALL RIGHTS RESERVED.
They’re ubiquitous
8
© 2014 CA. ALL RIGHTS RESERVED.
They’re unobtrusive
9
© 2014 CA. ALL RIGHTS RESERVED.
What happens when we scale up?
10
© 2014 CA. ALL RIGHTS RESERVED.
What can we accomplish now?
11
© 2014 CA. ALL RIGHTS RESERVED.
Emergency services
12
© 2014 CA. ALL RIGHTS RESERVED.
Emergency services
13
© 2014 CA. ALL RIGHTS RESERVED.
Even the innocuous
14
© 2014 CA. ALL RIGHTS RESERVED.
Location is important
15
© 2014 CA. ALL RIGHTS RESERVED.
Detail is important
16
© 2014 CA. ALL RIGHTS RESERVED.
What does this have to do
with the Internet of Things?
17
© 2014 CA. ALL RIGHTS RESERVED.
Internet
18
© 2014 CA. ALL RIGHTS RESERVED.
Things
19
© 2014 CA. ALL RIGHTS RESERVED.
WCoT (Word Cloud of Things)
20
© 2014 CA. ALL RIGHTS RESERVED.
Dumb Things
Collect Data Do Something
Quantified Self Track exercise, calories
consumed...
21
© 2014 CA. ALL RIGHTS RESERVED.
Supply Chain
22
© 2014 CA. ALL RIGHTS RESERVED.
The evolution of connectivity
23
© 2014 CA. ALL RIGHTS RESERVED.
Smart Things
 Bridge the gap between dumb things
 Allow for human interaction and dec...
24
© 2014 CA. ALL RIGHTS RESERVED.
What does the architecture look like?
Cloud
Sensors & Actuators
Mobile/App
Marketplace
...
25
© 2014 CA. ALL RIGHTS RESERVED.
Lots of Frameworks
26
© 2014 CA. ALL RIGHTS RESERVED.
Lots of Protocols
27
© 2014 CA. ALL RIGHTS RESERVED.
Lots of SDKs
28
© 2014 CA. ALL RIGHTS RESERVED.
APIs are fundamental to the Internet of Things
{ “min”: “23C”,
“max”: “11C”…}
29
© 2014 CA. ALL RIGHTS RESERVED.
How could I get pwned?
30
© 2014 CA. ALL RIGHTS RESERVED.
Data exposure
31
© 2014 CA. ALL RIGHTS RESERVED.
Of the worst kind
32
© 2014 CA. ALL RIGHTS RESERVED.
Cars
33
© 2014 CA. ALL RIGHTS RESERVED.
Game consoles
34
© 2014 CA. ALL RIGHTS RESERVED.
Facebook
35
© 2014 CA. ALL RIGHTS RESERVED.
Phones
36
© 2014 CA. ALL RIGHTS RESERVED.
Address Books
37
© 2014 CA. ALL RIGHTS RESERVED.
Not just the NSA
38
© 2014 CA. ALL RIGHTS RESERVED.
Not even just law enforcement
39
© 2014 CA. ALL RIGHTS RESERVED.
What are the concerns?
IDENTITY
CUSTODY
PRIVACY
• How do we make sure we retain control...
40
© 2014 CA. ALL RIGHTS RESERVED.
Maintain awareness
41
© 2014 CA. ALL RIGHTS RESERVED.
Maintain awareness
42
© 2014 CA. ALL RIGHTS RESERVED.
My identities and data
43
© 2014 CA. ALL RIGHTS RESERVED.
What steps to take in this
new interconnected world?
44
© 2014 CA. ALL RIGHTS RESERVED.
APIs are Central to the Modern Enterprise
45
© 2014 CA. ALL RIGHTS RESERVED.
An Enterprise API Management Solution
Internet of Things
Partners/ 3rd-party
Developer ...
46
© 2014 CA. ALL RIGHTS RESERVED.
Developer Management
Health Tracking
Workflow
Performance Global Staging Developer
Enro...
47
© 2014 CA. ALL RIGHTS RESERVED.
Questions?
Senior Director, Prouct Management & Strategy
Jaime.Ryan@ca.com
@JRyanL7
https://www.facebook.com/Layer7
linkedin.com/comp...
49
© 2014 CA. ALL RIGHTS RESERVED.
References
 http://techcrunch.com/2014/04/14/google-acquires-titan-aerospace-the-drone...
50
© 2014 CA. ALL RIGHTS RESERVED.
Copyright © 2014 CA. The Nike logo is either a registered trademark or trademark of Nik...
Upcoming SlideShare
Loading in...5
×

Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely Leverage IoT

543

Published on

The Internet of Things (IoT) promises to improve our productivity and day-to-day lives by connecting a vast range of devices – from cell phones, to cars, to domestic appliances and even to drones. APIs represent the key technology that will make it possible to integrate and leverage information from all these “things”.

There are obvious security and privacy concerns associated with using APIs to expose data and functionality from one device to many others. So, how can we make sure hackers cannot exploit the unprecedented connectivity created by IoT? This webinar will explore key IoT use cases and explain how to address the API security requirements for these use cases.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
543
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
23
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely Leverage IoT

  1. 1. Drones, Phones, and Pwns: The Promise (and Dangers) of IoT APIs © 2014 CA. All rights reserved. <name> <date> Jaime Ryan Senior Director, Product Management & Strategy CA Technologies July 23, 2014
  2. 2. 2 © 2014 CA. ALL RIGHTS RESERVED. What does the future hold?
  3. 3. 3 © 2014 CA. ALL RIGHTS RESERVED. These ain’t your daddy’s drones
  4. 4. 4 © 2014 CA. ALL RIGHTS RESERVED. They’re accessible
  5. 5. 5 © 2014 CA. ALL RIGHTS RESERVED. They’re affordable
  6. 6. 6 © 2014 CA. ALL RIGHTS RESERVED. They’re powerful
  7. 7. 7 © 2014 CA. ALL RIGHTS RESERVED. They’re ubiquitous
  8. 8. 8 © 2014 CA. ALL RIGHTS RESERVED. They’re unobtrusive
  9. 9. 9 © 2014 CA. ALL RIGHTS RESERVED. What happens when we scale up?
  10. 10. 10 © 2014 CA. ALL RIGHTS RESERVED. What can we accomplish now?
  11. 11. 11 © 2014 CA. ALL RIGHTS RESERVED. Emergency services
  12. 12. 12 © 2014 CA. ALL RIGHTS RESERVED. Emergency services
  13. 13. 13 © 2014 CA. ALL RIGHTS RESERVED. Even the innocuous
  14. 14. 14 © 2014 CA. ALL RIGHTS RESERVED. Location is important
  15. 15. 15 © 2014 CA. ALL RIGHTS RESERVED. Detail is important
  16. 16. 16 © 2014 CA. ALL RIGHTS RESERVED. What does this have to do with the Internet of Things?
  17. 17. 17 © 2014 CA. ALL RIGHTS RESERVED. Internet
  18. 18. 18 © 2014 CA. ALL RIGHTS RESERVED. Things
  19. 19. 19 © 2014 CA. ALL RIGHTS RESERVED. WCoT (Word Cloud of Things)
  20. 20. 20 © 2014 CA. ALL RIGHTS RESERVED. Dumb Things Collect Data Do Something Quantified Self Track exercise, calories consumed, sleeping habits Suggestion-based fitness Create customized workouts, social running routes, sleep suggestions Surveillance Capture images/video – home, retail, gambling Security Unlock door based on Bluetooth or NFC proximity Agricultural Sensors Track conditions in soil, air, supply chain Industrial Farm Equipment Increase/decrease irrigation, feed, pesticides Smart Parking Record and plot empty parking spaces Connected Meters Email driver when it’s time to pay for more time Disease Tracking Wearables Sensors in underwear, pacemakers, Notification and Medication Administration Remind patient to take medications; notify emergency medical personnel prior to seizure Manage Retail Inventory Location of items in-store, automatically updated inventory Ordering/Loss Prevention Place new order upon low inventory; alert staff if removed from store Energy Usage Tracking Identify power-guzzling appliances, collect meter readings Home Automation Turn on lights, manage AC/heating, regulate power
  21. 21. 21 © 2014 CA. ALL RIGHTS RESERVED. Supply Chain
  22. 22. 22 © 2014 CA. ALL RIGHTS RESERVED. The evolution of connectivity
  23. 23. 23 © 2014 CA. ALL RIGHTS RESERVED. Smart Things  Bridge the gap between dumb things  Allow for human interaction and decision-making  Create/enforce policy - IFTTT  Portal/UI into the world of data  App-based Laptops, desktops, tablets, phones, smartwatches
  24. 24. 24 © 2014 CA. ALL RIGHTS RESERVED. What does the architecture look like? Cloud Sensors & Actuators Mobile/App Marketplace Mobile/App Server Gateway Server Gateway Overlapping Domains of Interest (Clustered Graphs) Mobile/App Mobile/App Mobile/App Domain A Domain B Domain C = A ∩ B Domain E = C ∩ …
  25. 25. 25 © 2014 CA. ALL RIGHTS RESERVED. Lots of Frameworks
  26. 26. 26 © 2014 CA. ALL RIGHTS RESERVED. Lots of Protocols
  27. 27. 27 © 2014 CA. ALL RIGHTS RESERVED. Lots of SDKs
  28. 28. 28 © 2014 CA. ALL RIGHTS RESERVED. APIs are fundamental to the Internet of Things { “min”: “23C”, “max”: “11C”…}
  29. 29. 29 © 2014 CA. ALL RIGHTS RESERVED. How could I get pwned?
  30. 30. 30 © 2014 CA. ALL RIGHTS RESERVED. Data exposure
  31. 31. 31 © 2014 CA. ALL RIGHTS RESERVED. Of the worst kind
  32. 32. 32 © 2014 CA. ALL RIGHTS RESERVED. Cars
  33. 33. 33 © 2014 CA. ALL RIGHTS RESERVED. Game consoles
  34. 34. 34 © 2014 CA. ALL RIGHTS RESERVED. Facebook
  35. 35. 35 © 2014 CA. ALL RIGHTS RESERVED. Phones
  36. 36. 36 © 2014 CA. ALL RIGHTS RESERVED. Address Books
  37. 37. 37 © 2014 CA. ALL RIGHTS RESERVED. Not just the NSA
  38. 38. 38 © 2014 CA. ALL RIGHTS RESERVED. Not even just law enforcement
  39. 39. 39 © 2014 CA. ALL RIGHTS RESERVED. What are the concerns? IDENTITY CUSTODY PRIVACY • How do we make sure we retain control? • How do we authenticate ourselves in person and online? • How do we delegate information to interested parties? • Who has our information? • What information do they have? • What do they need? • Who do we trust? Why? • How does information get from one place to another? • Are those pathways secure? • What role do we play?
  40. 40. 40 © 2014 CA. ALL RIGHTS RESERVED. Maintain awareness
  41. 41. 41 © 2014 CA. ALL RIGHTS RESERVED. Maintain awareness
  42. 42. 42 © 2014 CA. ALL RIGHTS RESERVED. My identities and data
  43. 43. 43 © 2014 CA. ALL RIGHTS RESERVED. What steps to take in this new interconnected world?
  44. 44. 44 © 2014 CA. ALL RIGHTS RESERVED. APIs are Central to the Modern Enterprise
  45. 45. 45 © 2014 CA. ALL RIGHTS RESERVED. An Enterprise API Management Solution Internet of Things Partners/ 3rd-party Developer Community Cloud Services BYOD Sister Company APIs Daughter Company APIs …
  46. 46. 46 © 2014 CA. ALL RIGHTS RESERVED. Developer Management Health Tracking Workflow Performance Global Staging Developer Enrollment API Docs Forums API Explorer RankingsQuotas Plans AnalyticsReporting Config Migration Patch Management Policy Migration Operations Management Throttling Prioritization Caching Routing Traffic ControlTransformation Security Interface Management Composition Authentication Single Sign OnAPI KeysEntitlements OAuth 1.x OAuth 2.0 OpenID Connect Identity Management Key Functional Areas of API Management Token Service
  47. 47. 47 © 2014 CA. ALL RIGHTS RESERVED. Questions?
  48. 48. Senior Director, Prouct Management & Strategy Jaime.Ryan@ca.com @JRyanL7 https://www.facebook.com/Layer7 linkedin.com/company/ca-technologies ca.com Jaime Ryan
  49. 49. 49 © 2014 CA. ALL RIGHTS RESERVED. References  http://techcrunch.com/2014/04/14/google-acquires-titan-aerospace-the-drone-company-pursued-by-facebook/  http://www.cnet.com/news/google-buys-solar-powered-drone-company-titan-aerospace/  http://finance.yahoo.com/news/facebooks-feature-users-thoroughly-creeped-005800620.html  http://www.foxnews.com/leisure/2013/09/04/hackers-find-weaknesses-in-car-computer-systems/  http://www.mirror.co.uk/news/technology-science/technology/spies-can-listen-your-iphone-3670347  http://www.theblaze.com/stories/2013/08/02/report-fbi-can-remotely-turn-on-phone-microphones-for-spying/  http://www.theblaze.com/stories/2011/04/18/can-your-smartphone-use-your-microphone-camera-to-gather-data-yes/  http://www.usatoday.com/story/news/nation/2013/12/08/cellphone-data-spying-nsa-police/3902809/  cow: https://www.flickr.com/photos/julochka/  milk: https://www.flickr.com/photos/crazytales562/  https://security.google.com/settings/security/permissions?pli=1  https://www.facebook.com/help/405183566203254/  http://www.businessinsider.com/facebook-app-privacy-controls-2012-10
  50. 50. 50 © 2014 CA. ALL RIGHTS RESERVED. Copyright © 2014 CA. The Nike logo is either a registered trademark or trademark of Nike Corporation in the United States and/or other countries. The Sonos logo is either a registered trademark or trademark of Sonos Corporation in the United States and/or other countries. The Google logo is either a registered trademark or trademark of Google Corporation in the United States and/or other countries. The Facebook logo is either a registered trademark or trademark of Facebook Corporation in the United States and/or other countries. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. Certain information in this publication may outline CA’s general product direction. However, CA may make modifications to any CA product, software program, method or procedure described in this publication at any time without notice, and the development, release and timing of any features or functionality described in this publication remain at CA’s sole discretion. CA will support only the referenced products in accordance with (i) the documentation and specifications provided with the referenced product, and (ii)CA’s then-current maintenance and support policy for the referenced product. Notwithstanding anything in this publication to the contrary, this publication shall not: (i) constitute product documentation or specifications under any existing or future written license agreement or services agreement relating to any CA software product, or be subject to any warranty set forth in any such written agreement; (ii) serve to affect the rights and/or obligations of CA or its licensees under any existing or future written license agreement or services agreement relating to any CA software product; or (iii) serve to amend any product documentation or specifications for any CA software product. THIS PRESENTATION IS FOR YOUR INFORMATIONAL PURPOSES ONLY. CA assumes no responsibility for the accuracy or completeness of the information. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENT “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. In no event will CA be liable for any loss or damage, direct or indirect, in connection with this presentation, including, without limitation, lost profits, lost investment, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×