Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Similar to Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016 (20)
Recently uploaded
Recently uploaded (20)
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
- 6. Device Device Environment Field Gateway Cloud Gateway Services TransportProtocols 1 2 3 4
- 9. Windows 10 IoT Enterprise 1 GB RAM, 16 GB Storage X86 Enterprise Manageability and Security Rich user experience Win32 & UWP Handheld devices Modern Shell & UWP lockdown and multi-user support Windows 10 IoT Mobile 512 MB RAM, 4 GB storage ARM Windows 10 IoT Core (OEM Pro Edition) 256MB RAM, 2GB storage X86 or ARM Windows 10 Enterprise for IoT devices Windows 10 Mobile Enterprise for IoT devices New Windows 10 version for IoT devices
- 11. DISCOVER nearby friendly devices IDENTIFY services running on those devices ADAPT to devices coming and going MANAGE diverse transports INTEROPERATE across different OSes EXCHANGE information and services SECURE against nearby bad actors
- 13. HTTPS AMQPS IoT Hub Identity Registry Device Management Provisioning IoT Hub Gateway HTTPS, AMQPS, MQTT Data and Command Flow Per-device command queues Event Hub Self Hosted Gateway MQTT, Custom Field Gateway OPC UA, MQTT CoAP, AllJoyn, ... M M M APIs Management Communication Provisioning
- 15. Harness Connect technology assets to other devices, cloud-based services and infrastructure Address variable demand with scalable, efficient data collection and storage in the cloud Configure rules and executable scripts that define actions on devices Connect Configure Extend Administer Apply business rules to remotely manage and govern devices Intelligent Systems ServiceAzure IOT Suite Efficiently capture, store, visualize and analyze data to drive meaningful business insights
- 26. Microsoft Azure IoT Services Devices Device Connectivity Storage Analytics Presentation & Action Event Hub SQL Database Machine Learning App Service IoT Hub Table/Blob Storage Stream Analytics Power BI Service Bus DocumentDB HDInsight Notification Hubs External Data Sources 3rd party Databases Data Factory Mobile Services Data Lake BizTalk Services { }
- 27. STRIDE Threat Implementation Spoofing How do we know we are talking to the right device Authentication Secure Channels Tampering How do we make sure that the device was not tampered with (physically or environmentally) Authorization Secure Channels Repudiation Modifying audit logs Authentication Secure logging and auditing Digital Signatures Information Disclosure Eavesdropping on the communication Encryption Authorization Denial of Service DoS against service/device (resource exhaustion, power drain,…) Throttling High Available design Authorization Controlling inbound connections Elevation of Privilege Forcing the device/service to do something it was not supposed to do Authorization Least privilege
- 28. Policies, Procedures, Guidance Cloud Field Gateways Devices Physical Global Network Identity and Access Control Application Data Physical Physical Local Network Local Network EdgeApplication Data Data HostHostHost Data Privacy Protection and Controls People and Device Identity Federation, Data Attestation Trustworthy Platform Hardware, Signed Firmware, Secure Boot/Load Secure Networks, Transport and Application Protocols, Segmentation Tamper/Intrusion Detection Physical Access Security
- 29. IoT Sweet Spot $1000 PCs$400 Phones Cost Computational Capabilities Memory/Storage Capacity Energy Consumption/Source $1 Sensor $10000 Server Component Quality
- 31. http://azure.microsoft.com/en-us/support/trust-center/ ISO 27001/27002 SOC 1/SSAE 16/ISAE 3402 and SOC 2 Cloud Security Alliance CCM FedRAMP FISMA FBI CJIS (Azure Government) PCI DSS Level 1 United Kingdom G-Cloud Australian Government IRAP Singapore MTCS Standard HIPAA CDSA EU Model Clauses Food and Drug Administration 21 CFR Part 11 FERPA FIPS 140-2 CCCPPF MLPS
- 32. free cloud development courses Try Microsoft Azure for free AzureAppService for free
- 33. Internet ISP (Mobile) Network Operators Personal Environment and Networks Device Device Device Device Field Gateway Cloud Systems Device Cloud Gateway Device Local Interaction MNO Gateway Cloud Portals and APIs Mobile & Web Interaction Control System Analytics Data Management Watches, Glasses, Work Tools, Hearing Aids, Robotic Assistance, … Homes, Vehicles, Vessels, Factories, Farms, Oil Platforms, … Vehicle Fleets, Sea Vessels, LV Smart Grids, Cattle, … Local Gateway Local Portals and APIs Control System Analytics Data Management
Editor's Notes
- Software industries have had to deal with Internet and Security, now the hardware industry is having to get to grips with what it means to be an internet connected device without necessarily the background to understand the threats.
- The Unified Extensible Firmware Interface (UEFI, pronounced as an initialism U-E-F-I or like "unify" without the n[a]) is a specification that defines a software interface between an operating system and platform firmware. UEFI replaces the Basic Input/Output System (BIOS) firmware interface. Secure Boot – Secures against Boot Attack Validates the firmware image before allowed to execute Cryptographically validates all the boot components and drivers Only authorised code can execute on the device Measured Boot Securely records on to the TPM a log/record of the boot process, drivers loaded, signatures etc Available to administrators Bitlocker – Secures against Offline Attack 1) Encrypts all data stored locally
- When we launched, Windows 10 this July, we created an converged platform that can serve devices from desktops to PC to the IoT devices. We introduced 3 new editions for IoT Devices. Windows 10 IoT Enterprise – This is the same Windows 10 Enterprise licensed for IoT devices market. It provides a rich set of functionalities to build powerful, high performance industry devices. Windows 10 IoT Mobile Enterprise – This is the same Windows 10 Mobile Enterprise edition licensed for the IoT devices market to build ruggedized and industry handheld devices. With Windows 10, it gets on par experience with the Enterprise in a number of aspects and include a Modern shell and advanced lockdown capabilities Windows 10 IoT Core – This is a new edition that we released for building small and low cost IoT devices that provides a single purpose device experience with modern UWP app support and low cost silicon support.
- Windows 10 for IoT will be available initially on three boards: Raspberry Pi 2 Minnowboard Max (essentially the guts of a tablet) Dragonboard (essentially the guts of a phone) (coming soon) All of these boards support universal apps and the new IoT APIs in UAP. All three have first-class developer experience in Visual Studio. We also support other Windows 10 IoT SKUs for mobile and larger systems, all of which support the same UAP programming model and binaries.
- Key points The AllJoyn software framework is a collaborative open source project of the AllSeen Alliance. Microsoft has joined the AllSeen Alliance as a Premier member and is one of over a hundred members. AllJoyn enabled devices describe their capabilities via service interfaces on the virtual bus. AllJoyn is integrated into Windows 10 core framework, so its available to all Windows 10 devices Developers can easily create Universal Windows Apps for AllJoyn-Enabled Devices Expose C & WinRT APIs for AllJoyn & Universal Windows App platform integration Microsoft contributes Windows platform fixes back to the Alliance including improving AllJoyn security AllJoyn solves challenges …in an open interoperable way Find nearby devices Painlessly connect to those devices, regardless of brand Discover services running on those devices Adapt to devices coming and going Deal with different transports Interoperate across different OSes Exchange information and services Provide reliable performance in wireless environments Ensure no one nearby maliciously hacks into your phone
- OPC UA - OPC Unified Architecture (OPC UA) is an industrial M2M communication protocol for interoperability developed by the OPC Foundation. It is the successor to Open Platform Communications (OPC). Although developed by the same organization, OPC UA differs significantly from its predecessor. The Foundation's goal for this project was to provide a path forward from the original OPC communications model (namely the Microsoft Windows only process exchange COM/DCOM) to a cross-platform service-oriented architecture (SOA) for process control, while enhancing security and providing an information model Constrained Application Protocol (CoAP)
- Key goal of slide: Outline the key capabilities of Microsoft Azure Intelligent Systems Service. Let’s spend a few minutes talking about some of the capabilities of Microsoft Azure Intelligent Systems Service… Slide talk track: Microsoft Azure Intelligent Systems Service supports the following capabilities in a highly secure manner Connect your assets – Connect technology assets to other devices, cloud based services and infrastructure and extend to all technology assets regardless of form-factor, OS or intelligence Configure your setup – Configure rules and executable scripts that define actions on devices Harness your data -- Efficiently capture, store, join, visualize, analyze and share data to drive meaningful business insights Administer your assets – Apply business rules to govern industry devices and edge devices, and manage remotely with configurable alarms and response options for pervasive predictive capability Extend your solution – Address variable demands with scalable and efficient data collection and storage in the cloud. Innovate on top of ISS to create rich, customized experiences These allow our customers to harness their machine-generated data - collecting, compiling, and sending packaged information to Microsoft assets like Power BI and HD Insight for analytics to drive meaningful business insights
- We’re not going to use the Azure IoT Suite in this lab. Instead, we’re going to focus on core components so you can learn how to really connect with Azure and build up a solution from scratch. Highlighted are the pieces of Azure IoT Services that we will use in this lab. Additionally, we’ll use the Microsoft Azure Web App service to host a simple website showing data from our devices.