• Like

Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely Leverage IoT

  • 320 views
Uploaded on

The Internet of Things (IoT) promises to improve our productivity and day-to-day lives by connecting a vast range of devices – from cell phones, to cars, to domestic appliances and even to drones. …

The Internet of Things (IoT) promises to improve our productivity and day-to-day lives by connecting a vast range of devices – from cell phones, to cars, to domestic appliances and even to drones. APIs represent the key technology that will make it possible to integrate and leverage information from all these “things”.

There are obvious security and privacy concerns associated with using APIs to expose data and functionality from one device to many others. So, how can we make sure hackers cannot exploit the unprecedented connectivity created by IoT? This webinar will explore key IoT use cases and explain how to address the API security requirements for these use cases.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
320
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
19
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Drones, Phones, and Pwns: The Promise (and Dangers) of IoT APIs © 2014 CA. All rights reserved. <name> <date> Jaime Ryan Senior Director, Product Management & Strategy CA Technologies July 23, 2014
  • 2. 2 © 2014 CA. ALL RIGHTS RESERVED. What does the future hold?
  • 3. 3 © 2014 CA. ALL RIGHTS RESERVED. These ain’t your daddy’s drones
  • 4. 4 © 2014 CA. ALL RIGHTS RESERVED. They’re accessible
  • 5. 5 © 2014 CA. ALL RIGHTS RESERVED. They’re affordable
  • 6. 6 © 2014 CA. ALL RIGHTS RESERVED. They’re powerful
  • 7. 7 © 2014 CA. ALL RIGHTS RESERVED. They’re ubiquitous
  • 8. 8 © 2014 CA. ALL RIGHTS RESERVED. They’re unobtrusive
  • 9. 9 © 2014 CA. ALL RIGHTS RESERVED. What happens when we scale up?
  • 10. 10 © 2014 CA. ALL RIGHTS RESERVED. What can we accomplish now?
  • 11. 11 © 2014 CA. ALL RIGHTS RESERVED. Emergency services
  • 12. 12 © 2014 CA. ALL RIGHTS RESERVED. Emergency services
  • 13. 13 © 2014 CA. ALL RIGHTS RESERVED. Even the innocuous
  • 14. 14 © 2014 CA. ALL RIGHTS RESERVED. Location is important
  • 15. 15 © 2014 CA. ALL RIGHTS RESERVED. Detail is important
  • 16. 16 © 2014 CA. ALL RIGHTS RESERVED. What does this have to do with the Internet of Things?
  • 17. 17 © 2014 CA. ALL RIGHTS RESERVED. Internet
  • 18. 18 © 2014 CA. ALL RIGHTS RESERVED. Things
  • 19. 19 © 2014 CA. ALL RIGHTS RESERVED. WCoT (Word Cloud of Things)
  • 20. 20 © 2014 CA. ALL RIGHTS RESERVED. Dumb Things Collect Data Do Something Quantified Self Track exercise, calories consumed, sleeping habits Suggestion-based fitness Create customized workouts, social running routes, sleep suggestions Surveillance Capture images/video – home, retail, gambling Security Unlock door based on Bluetooth or NFC proximity Agricultural Sensors Track conditions in soil, air, supply chain Industrial Farm Equipment Increase/decrease irrigation, feed, pesticides Smart Parking Record and plot empty parking spaces Connected Meters Email driver when it’s time to pay for more time Disease Tracking Wearables Sensors in underwear, pacemakers, Notification and Medication Administration Remind patient to take medications; notify emergency medical personnel prior to seizure Manage Retail Inventory Location of items in-store, automatically updated inventory Ordering/Loss Prevention Place new order upon low inventory; alert staff if removed from store Energy Usage Tracking Identify power-guzzling appliances, collect meter readings Home Automation Turn on lights, manage AC/heating, regulate power
  • 21. 21 © 2014 CA. ALL RIGHTS RESERVED. Supply Chain
  • 22. 22 © 2014 CA. ALL RIGHTS RESERVED. The evolution of connectivity
  • 23. 23 © 2014 CA. ALL RIGHTS RESERVED. Smart Things  Bridge the gap between dumb things  Allow for human interaction and decision-making  Create/enforce policy - IFTTT  Portal/UI into the world of data  App-based Laptops, desktops, tablets, phones, smartwatches
  • 24. 24 © 2014 CA. ALL RIGHTS RESERVED. What does the architecture look like? Cloud Sensors & Actuators Mobile/App Marketplace Mobile/App Server Gateway Server Gateway Overlapping Domains of Interest (Clustered Graphs) Mobile/App Mobile/App Mobile/App Domain A Domain B Domain C = A ∩ B Domain E = C ∩ …
  • 25. 25 © 2014 CA. ALL RIGHTS RESERVED. Lots of Frameworks
  • 26. 26 © 2014 CA. ALL RIGHTS RESERVED. Lots of Protocols
  • 27. 27 © 2014 CA. ALL RIGHTS RESERVED. Lots of SDKs
  • 28. 28 © 2014 CA. ALL RIGHTS RESERVED. APIs are fundamental to the Internet of Things { “min”: “23C”, “max”: “11C”…}
  • 29. 29 © 2014 CA. ALL RIGHTS RESERVED. How could I get pwned?
  • 30. 30 © 2014 CA. ALL RIGHTS RESERVED. Data exposure
  • 31. 31 © 2014 CA. ALL RIGHTS RESERVED. Of the worst kind
  • 32. 32 © 2014 CA. ALL RIGHTS RESERVED. Cars
  • 33. 33 © 2014 CA. ALL RIGHTS RESERVED. Game consoles
  • 34. 34 © 2014 CA. ALL RIGHTS RESERVED. Facebook
  • 35. 35 © 2014 CA. ALL RIGHTS RESERVED. Phones
  • 36. 36 © 2014 CA. ALL RIGHTS RESERVED. Address Books
  • 37. 37 © 2014 CA. ALL RIGHTS RESERVED. Not just the NSA
  • 38. 38 © 2014 CA. ALL RIGHTS RESERVED. Not even just law enforcement
  • 39. 39 © 2014 CA. ALL RIGHTS RESERVED. What are the concerns? IDENTITY CUSTODY PRIVACY • How do we make sure we retain control? • How do we authenticate ourselves in person and online? • How do we delegate information to interested parties? • Who has our information? • What information do they have? • What do they need? • Who do we trust? Why? • How does information get from one place to another? • Are those pathways secure? • What role do we play?
  • 40. 40 © 2014 CA. ALL RIGHTS RESERVED. Maintain awareness
  • 41. 41 © 2014 CA. ALL RIGHTS RESERVED. Maintain awareness
  • 42. 42 © 2014 CA. ALL RIGHTS RESERVED. My identities and data
  • 43. 43 © 2014 CA. ALL RIGHTS RESERVED. What steps to take in this new interconnected world?
  • 44. 44 © 2014 CA. ALL RIGHTS RESERVED. APIs are Central to the Modern Enterprise
  • 45. 45 © 2014 CA. ALL RIGHTS RESERVED. An Enterprise API Management Solution Internet of Things Partners/ 3rd-party Developer Community Cloud Services BYOD Sister Company APIs Daughter Company APIs …
  • 46. 46 © 2014 CA. ALL RIGHTS RESERVED. Developer Management Health Tracking Workflow Performance Global Staging Developer Enrollment API Docs Forums API Explorer RankingsQuotas Plans AnalyticsReporting Config Migration Patch Management Policy Migration Operations Management Throttling Prioritization Caching Routing Traffic ControlTransformation Security Interface Management Composition Authentication Single Sign OnAPI KeysEntitlements OAuth 1.x OAuth 2.0 OpenID Connect Identity Management Key Functional Areas of API Management Token Service
  • 47. 47 © 2014 CA. ALL RIGHTS RESERVED. Questions?
  • 48. Senior Director, Prouct Management & Strategy Jaime.Ryan@ca.com @JRyanL7 https://www.facebook.com/Layer7 linkedin.com/company/ca-technologies ca.com Jaime Ryan
  • 49. 49 © 2014 CA. ALL RIGHTS RESERVED. References  http://techcrunch.com/2014/04/14/google-acquires-titan-aerospace-the-drone-company-pursued-by-facebook/  http://www.cnet.com/news/google-buys-solar-powered-drone-company-titan-aerospace/  http://finance.yahoo.com/news/facebooks-feature-users-thoroughly-creeped-005800620.html  http://www.foxnews.com/leisure/2013/09/04/hackers-find-weaknesses-in-car-computer-systems/  http://www.mirror.co.uk/news/technology-science/technology/spies-can-listen-your-iphone-3670347  http://www.theblaze.com/stories/2013/08/02/report-fbi-can-remotely-turn-on-phone-microphones-for-spying/  http://www.theblaze.com/stories/2011/04/18/can-your-smartphone-use-your-microphone-camera-to-gather-data-yes/  http://www.usatoday.com/story/news/nation/2013/12/08/cellphone-data-spying-nsa-police/3902809/  cow: https://www.flickr.com/photos/julochka/  milk: https://www.flickr.com/photos/crazytales562/  https://security.google.com/settings/security/permissions?pli=1  https://www.facebook.com/help/405183566203254/  http://www.businessinsider.com/facebook-app-privacy-controls-2012-10
  • 50. 50 © 2014 CA. ALL RIGHTS RESERVED. Copyright © 2014 CA. The Nike logo is either a registered trademark or trademark of Nike Corporation in the United States and/or other countries. The Sonos logo is either a registered trademark or trademark of Sonos Corporation in the United States and/or other countries. The Google logo is either a registered trademark or trademark of Google Corporation in the United States and/or other countries. The Facebook logo is either a registered trademark or trademark of Facebook Corporation in the United States and/or other countries. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. Certain information in this publication may outline CA’s general product direction. However, CA may make modifications to any CA product, software program, method or procedure described in this publication at any time without notice, and the development, release and timing of any features or functionality described in this publication remain at CA’s sole discretion. CA will support only the referenced products in accordance with (i) the documentation and specifications provided with the referenced product, and (ii)CA’s then-current maintenance and support policy for the referenced product. Notwithstanding anything in this publication to the contrary, this publication shall not: (i) constitute product documentation or specifications under any existing or future written license agreement or services agreement relating to any CA software product, or be subject to any warranty set forth in any such written agreement; (ii) serve to affect the rights and/or obligations of CA or its licensees under any existing or future written license agreement or services agreement relating to any CA software product; or (iii) serve to amend any product documentation or specifications for any CA software product. THIS PRESENTATION IS FOR YOUR INFORMATIONAL PURPOSES ONLY. CA assumes no responsibility for the accuracy or completeness of the information. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENT “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. In no event will CA be liable for any loss or damage, direct or indirect, in connection with this presentation, including, without limitation, lost profits, lost investment, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages.