SlideShare a Scribd company logo

Identity-Defined Privacay & Security for Internet of Things

Download as PPT, PDF
Ping Identity
Ping Identity

Paul Madsen from the Ping Identity CTO Office presentation at Interop. Follow Paul Madsen on Twitter: @PaulMadsen

Technology
1 of 38
Identity- defined Privacy & Security for the Internet of Things Paul Madsen @paulmadsen Ping Identity
2
The Internet of Things connects people and physical objects together through applications
What’s driving IoT • The sensor legacy. Sensors and remote monitoring tools have existed for decades, in a field known as machine-to-machine (M2M) communications, monitoring, and control. • Broadening connectivity. Mainstreaming of home wifi, 4G mobile, low-power wireless standards such as Bluetooth and ZigBee are enabling just about everything to be connected together. • The cloud and big data. Cloud computing and big data allow the massive data created by things to be sifted, processed, and acted upon • APIs.  Distributed, loosely coupled, transactional approaches in software design are allowing things to exist and communicate autonomously alongside internet-based services
Market • Market size for IoT will be $290 billion by 2017, and growing at 30 percent per year (MarketsandMarkets) • 31 billion internet-connected devices will exist by 2020 (Intel) • A family of four will move from having 10 connected devices in 2012 to 25 in 2017 to 50 in 2022 (Intel)
Privacy & Security Challenge Most of the devices in the Internet of Things will be used in two broad areas: – Critical Infrastructure - power production/generation/distribution, manufacturing, transportation, etc. – Personal "infrastructure" - personal medical devices, automobiles, home entertainment and device control, wearables, etc Demands security Demands privacy
Users surprised & disappointed Security breach Provider surprised & disappointed Privacy breach
Security requirements • Confidentiality. Protecting data from being inappropriately accessed by unauthorized actors. Often manifests in authorization policies & encryption • Integrity protecting data or methods from modification or deletion by unauthorized parties. Often manifests in digital signatures • Authentication. Verifying the identities of actors as they interact with each other to ensure that malicious parties are not given inappropriate permissions
Security challenges of the IoT • Life and death implications • Scale • Heterogeneity • Storage, processing, and connectivity constraints • Usability implications of screenless devices • Complex relationships between users & devices • Implications of gateways for end-to-end security
Privacy requirements • Transparency helps people understand who knows what about them — give people information on how their data is to be used, with whom it is shared with; how long is it held; etc • Intervenability is the ability for users to view, change, correct, block, revoke consent, and delete personal data stored by providers & applications. • Unlinkability is about the separation of informational contexts, such as work, personal, family, citizen, and social. It’s about preventing undesired linkages across different contexts.
Identity Security Privacy Authentication Authorization
Authentication & Authorization Model • IoT Actors authenticate by presenting security tokens on their calls/messages to each other • Tokens represent relationship between the relevant user and the calling actor (and any consents/permissions associated with that relationship • Upon receiving a message, an actor validates the token to verify the request is consistent with the relationship/permissions • If consent is removed, token is revoked, and access disabled
OAuth 2.0 & OpenId Connect 1.0 • OAuth 2.0 is an IETF authentication & authorization framework for securing application access to RESTful APIs • OAuth allows a Client to send an API query to a Resource Server (RS), the application hosting the desired information, such that the RS can authenticate that the message was indeed sent by the Client. • The Client authenticates to the RS through the inclusion of an access token on its API call—a token previously provided to the Client by an Authorization Server (AS). • In those scenarios that the API in question protects access to a User’s identity attributes, it may be the case that the access token will only be issued by the AS after the User has explicitly given consent to the Client accessing those attributes. • OpenID Connect 1.0 profiles and extends OAuth 2.0 to add an identity layer— creating a single framework that promises to secure APIs, mobile native applications and browser applications in a single, cohesive architecture.
Representative IoT architecture • Fitbit makes the Aria smart scale • Scale syncs through home Wifi to Fitbit cloud for display & analysis through web & native applications • 3rd party services can access weight data to provide additional analysis
Architecture FitBit Proprietary
Architecture FitBit Proprietary
Architecture FitBit 3rd party services REST APIProprietary
Security & privacy requirements • Confidentiality • Integrity • Authentication • Transparency • Intervenability • Unlinkability
Security & privacy requirements • Confidentiality • Integrity • Authentication • Transparency • Intervenability • Unlinkability
Confidentiality & Integrity • Weight data must be secured both on servers & in-transit – Encryption & access control ensures confidentiality on Fitbit & 3rd party servers – TLS ensures confidentiality in-transit – TLS protects against modifications in-transit • Both OAuth & Connect mandate TLS for over- the-network messages
Security & privacy requirements • Confidentiality • Integrity • Authentication • Transparency • Intervenability • Unlinkability
Native application authentication FitBit 3rd party services REST APIProprietary
Native Application authentication • Users can view their weight data & trends from Fitbit ioS & Android native applications • Native apps pull data from Fitbit cloud REST endpoints • Native applications can use OAuth to authenticate their API calls as being on behalf of particular user
3rd party application authentication FitBit 3rd party services REST APIProprietary
3rd party application authentication • TrendWeight offers additional insight & analysis of weight data • Pulls weight data from Fitbit cloud REST endpoints • TrendWeight uses OAuth to authenticate to Fitbit as acting on behalf of particular user • The token represents the relationship between TrendWeight and that user
Cloud to Cloud Copyright © 2014 Ping Identity Login & consent Weight data Login & consent Weight data Access token delivery
Device authentication FitBit 3rd party services REST APIProprietary
Copyright © 2014 Ping Identity • Devices communicate with each other and the gateway via the local network— sharing data, sending control messages, etc. • These local interactions may not use HTTP, but instead a application protocol more optimized to the constraints (CPU size, battery, etc.) of devices. • Such application protocols include XMPP, MQTT and CoAP. • Work has begun in exploring how to bind OAuth & Connect to such IoT optimized protocols, e.g. ACE effort in IETF Device authentication
Security & privacy requirements • Confidentiality • Integrity • Authentication • Transparency • Intervenability • Unlinkability
Transparency • Users actively mediate the issuance of tokens to native applications & 3rd parties • Provides opportunity for an explicit consent step • In theory can enable granular consent, ie view only weight data but not step data
Security & privacy requirements • Confidentiality • Integrity • Authentication • Transparency • Intervenability • Unlinkability
Intervenability User can revoke permissions assigned to 3rd parties
Security & privacy requirements • Confidentiality • Integrity • Authentication • Transparency • Intervenability • Unlinkability
Unlinkability • Authenticating to Fitbit or sharing weight data to 3rd party services should not directly enable inappropriate correlation at some other party , eg Facebook • Linkages must be explicit and consensual, as in that established between FitBit & TrendWeight
It will be relationships between users, devices, and applications that will be fundamental
THANKS
Conclusion • Authentication & authorization of actors is fundamental to enabling IoT security & privacy • Mechanisms must be secure, scalable and privacy respecting • OAuth & Connect promise to provide important pieces of authentication & authorization framework for IoT

Recommended

Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
Ping Identity
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
Ping Identity
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA
Ping Identity
 
9.35am robert humphrey
9.35am robert humphrey9.35am robert humphrey
9.35am robert humphrey
Argyle Executive Forum
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual World
Ping Identity
 
Clear and Present Danger
Clear and Present DangerClear and Present Danger
Clear and Present Danger
Ping Identity
 
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Ping Identity
 
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Ping Identity
 

Recommended

Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
Ping Identity
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
Ping Identity
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA
Ping Identity
 
9.35am robert humphrey
9.35am robert humphrey9.35am robert humphrey
9.35am robert humphrey
Argyle Executive Forum
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual World
Ping Identity
 
Clear and Present Danger
Clear and Present DangerClear and Present Danger
Clear and Present Danger
Ping Identity
 
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Ping Identity
 
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Ping Identity
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
ForgeRock
 
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Ping Identity
 
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At ComplianceGDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
Ping Identity
 
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Ping Identity
 
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorWebinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Ping Identity
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM
Patrick Harding
 
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesIdentity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Ping Identity
 
Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoT
Paul Madsen
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Ping Identity
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust Strategy
Okta-Inc
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
OracleIDM
 
Okta Digital Enterprise Report
Okta Digital Enterprise ReportOkta Digital Enterprise Report
Okta Digital Enterprise Report
Okta-Inc
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Ping Identity
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
Ulf Mattsson
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity Chalktalk
Craig Wu
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise"
mycroftinc
 
Managing Mobile Business Insecurities
Managing Mobile Business InsecuritiesManaging Mobile Business Insecurities
Managing Mobile Business Insecurities
Ping Identity
 
Security On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of ThingsSecurity On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of Things
ForgeRock
 
SWM_WP_MaturityModel_July15
SWM_WP_MaturityModel_July15SWM_WP_MaturityModel_July15
SWM_WP_MaturityModel_July15
Mike Lemons
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
Pierluigi Paganini
 
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
Ping Identity
 

More Related Content

What's hot

Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Ping Identity
 
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorWebinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Ping Identity
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Ping Identity
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Ping Identity
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise"
mycroftinc
 
SWM_WP_MaturityModel_July15
SWM_WP_MaturityModel_July15SWM_WP_MaturityModel_July15
SWM_WP_MaturityModel_July15
Mike Lemons
 

What's hot (20)

IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
 
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
 
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At ComplianceGDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
 
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
 
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorWebinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM
 
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesIdentity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
 
Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoT
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust Strategy
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
 
Okta Digital Enterprise Report
Okta Digital Enterprise ReportOkta Digital Enterprise Report
Okta Digital Enterprise Report
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity Chalktalk
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise"
 
Managing Mobile Business Insecurities
Managing Mobile Business InsecuritiesManaging Mobile Business Insecurities
Managing Mobile Business Insecurities
 
Security On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of ThingsSecurity On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of Things
 
SWM_WP_MaturityModel_July15
SWM_WP_MaturityModel_July15SWM_WP_MaturityModel_July15
SWM_WP_MaturityModel_July15
 

Viewers also liked

​The Identity of Things
​The Identity of Things​The Identity of Things
​The Identity of Things
Sherry Jones
 
B4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everythingB4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everything
Dr. Wilfred Lin (Ph.D.)
 

Viewers also liked (20)

Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
 
Cloud Identity and Access Management
Cloud Identity and Access ManagementCloud Identity and Access Management
Cloud Identity and Access Management
 
Digital Transformation and the Role of IAM
Digital Transformation and the Role of IAMDigital Transformation and the Role of IAM
Digital Transformation and the Role of IAM
 
Privacy, the Internet of Things and Smart Cities
Privacy, the Internet of Things and Smart Cities Privacy, the Internet of Things and Smart Cities
Privacy, the Internet of Things and Smart Cities
 
​The Identity of Things
​The Identity of Things​The Identity of Things
​The Identity of Things
 
B4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everythingB4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everything
 
Paris Identity Tech Talk IoT
Paris Identity Tech Talk IoTParis Identity Tech Talk IoT
Paris Identity Tech Talk IoT
 
CIS 2015-Rationing Identity in the Internet of Things- Steve Wilson
CIS 2015-Rationing Identity in the Internet of Things- Steve WilsonCIS 2015-Rationing Identity in the Internet of Things- Steve Wilson
CIS 2015-Rationing Identity in the Internet of Things- Steve Wilson
 
The identity of things & the smart cities of tomorrow webinar may 2015
The identity of things & the smart cities of tomorrow webinar may 2015The identity of things & the smart cities of tomorrow webinar may 2015
The identity of things & the smart cities of tomorrow webinar may 2015
 
Center for Identity Webcast: The Internet of Things
Center for Identity Webcast: The Internet of Things Center for Identity Webcast: The Internet of Things
Center for Identity Webcast: The Internet of Things
 
Identity Relationship Management: The Community Revolution
Identity Relationship Management: The Community RevolutionIdentity Relationship Management: The Community Revolution
Identity Relationship Management: The Community Revolution
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern Identity
 
The Future of Digital Identity in the Age of the Internet of Things
The Future of Digital Identity in the Age of the Internet of ThingsThe Future of Digital Identity in the Age of the Internet of Things
The Future of Digital Identity in the Age of the Internet of Things
 
What hope for privacy in an IoT world?
What hope for privacy in an IoT world? What hope for privacy in an IoT world?
What hope for privacy in an IoT world?
 
Identity, the Internet of Things and the Blockchain
Identity, the Internet of Things and the Blockchain Identity, the Internet of Things and the Blockchain
Identity, the Internet of Things and the Blockchain
 
Security & Identity for the Internet of Things Webinar
Security & Identity for the Internet of Things WebinarSecurity & Identity for the Internet of Things Webinar
Security & Identity for the Internet of Things Webinar
 
Trends in IRM: Internet of Things
Trends in IRM: Internet of ThingsTrends in IRM: Internet of Things
Trends in IRM: Internet of Things
 
Information Rights Management (IRM)
Information Rights Management (IRM)Information Rights Management (IRM)
Information Rights Management (IRM)
 

Similar to Identity-Defined Privacay & Security for Internet of Things

iot iotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotioti...
iot iotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotioti...iot iotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotioti...
iot iotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotioti...
rohanbawadkar
 

Similar to Identity-Defined Privacay & Security for Internet of Things (20)

iot iotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotioti...
iot iotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotioti...iot iotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotioti...
iot iotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotiotioti...
 
Unit - 1.pptx
Unit - 1.pptxUnit - 1.pptx
Unit - 1.pptx
 
RISE OF THE MACHINES: IRM IN AN IOT WORLD
RISE OF THE MACHINES: IRM IN AN IOT WORLDRISE OF THE MACHINES: IRM IN AN IOT WORLD
RISE OF THE MACHINES: IRM IN AN IOT WORLD
 
Identity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTIdentity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoT
 
ЄВГЕНІЙ ПАСЄКА «IoT як це тестувати» Lviv QA Day 2019
ЄВГЕНІЙ ПАСЄКА «IoT як це тестувати» Lviv QA Day 2019ЄВГЕНІЙ ПАСЄКА «IoT як це тестувати» Lviv QA Day 2019
ЄВГЕНІЙ ПАСЄКА «IoT як це тестувати» Lviv QA Day 2019
 
Introduction to IoT
Introduction to IoTIntroduction to IoT
Introduction to IoT
 
IRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using BlockchainIRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using Blockchain
 
Unit 6 Final ppt (1).ppt
Unit 6 Final ppt (1).pptUnit 6 Final ppt (1).ppt
Unit 6 Final ppt (1).ppt
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
 
IoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architectureIoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architecture
 
Anonymous Individual Integration for IoT
Anonymous Individual Integration for IoTAnonymous Individual Integration for IoT
Anonymous Individual Integration for IoT
 
Basics of IoT Testing
Basics of IoT TestingBasics of IoT Testing
Basics of IoT Testing
 
INTEROPERABILITY, FLEXIBILITY AND INDUSTRIAL DESIGN REQUIREMENTS IN THE IoT
INTEROPERABILITY, FLEXIBILITY AND INDUSTRIAL DESIGN REQUIREMENTS IN THE IoTINTEROPERABILITY, FLEXIBILITY AND INDUSTRIAL DESIGN REQUIREMENTS IN THE IoT
INTEROPERABILITY, FLEXIBILITY AND INDUSTRIAL DESIGN REQUIREMENTS IN THE IoT
 
Chapter 1 updated.pdf
Chapter 1 updated.pdfChapter 1 updated.pdf
Chapter 1 updated.pdf
 
Ctc rick ryan prezi 3 2016
Ctc rick ryan prezi 3 2016Ctc rick ryan prezi 3 2016
Ctc rick ryan prezi 3 2016
 
Presentation about IoT in media and communication.pdf
Presentation about IoT in media and communication.pdfPresentation about IoT in media and communication.pdf
Presentation about IoT in media and communication.pdf
 
intro to iot.pdf
intro to iot.pdfintro to iot.pdf
intro to iot.pdf
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
 
Chapter-1 - Internet of Things: A Hands-on Approach
Chapter-1 - Internet of Things: A Hands-on ApproachChapter-1 - Internet of Things: A Hands-on Approach
Chapter-1 - Internet of Things: A Hands-on Approach
 
IRJET- Blockchain for Large-Scale Internet of Things Data Storage and Protection
IRJET- Blockchain for Large-Scale Internet of Things Data Storage and ProtectionIRJET- Blockchain for Large-Scale Internet of Things Data Storage and Protection
IRJET- Blockchain for Large-Scale Internet of Things Data Storage and Protection
 

More from Ping Identity

More from Ping Identity (17)

Healthcare Patient Experiences Matter
Healthcare Patient Experiences MatterHealthcare Patient Experiences Matter
Healthcare Patient Experiences Matter
 
Optimize Your Zero Trust Infrastructure
Optimize Your Zero Trust InfrastructureOptimize Your Zero Trust Infrastructure
Optimize Your Zero Trust Infrastructure
 
Ping’s Technology Partner Program
Ping’s Technology Partner ProgramPing’s Technology Partner Program
Ping’s Technology Partner Program
 
Remote Work Fuels Zero Trust Growth
Remote Work Fuels Zero Trust GrowthRemote Work Fuels Zero Trust Growth
Remote Work Fuels Zero Trust Growth
 
Identity Verification: Who’s Really There?
Identity Verification: Who’s Really There? Identity Verification: Who’s Really There?
Identity Verification: Who’s Really There?
 
Extraordinary Financial Customer Experiences
Extraordinary Financial Customer ExperiencesExtraordinary Financial Customer Experiences
Extraordinary Financial Customer Experiences
 
Extraordinary Retail Customer Experiences
Extraordinary Retail Customer ExperiencesExtraordinary Retail Customer Experiences
Extraordinary Retail Customer Experiences
 
Security Practices: The Generational Gap | Infographic
Security Practices: The Generational Gap | InfographicSecurity Practices: The Generational Gap | Infographic
Security Practices: The Generational Gap | Infographic
 
Security Concerns Around the World | Infographic
Security Concerns Around the World | InfographicSecurity Concerns Around the World | Infographic
Security Concerns Around the World | Infographic
 
LES ATTITUDES DES CONSOMMATEURS À L’ÈRE DES CYBERATTAQUES
LES ATTITUDES DES CONSOMMATEURS À L’ÈRE DES CYBERATTAQUESLES ATTITUDES DES CONSOMMATEURS À L’ÈRE DES CYBERATTAQUES
LES ATTITUDES DES CONSOMMATEURS À L’ÈRE DES CYBERATTAQUES
 
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN?
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN?WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN?
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN?
 
Consumer Attitudes in a Post-breach Era: The Geographical Gap
Consumer Attitudes in a Post-breach Era: The Geographical GapConsumer Attitudes in a Post-breach Era: The Geographical Gap
Consumer Attitudes in a Post-breach Era: The Geographical Gap
 
ATTITUDES DES CONSOMMATEURS A L’ERE DES PIRATAGES LE CONFLIT DE GENERATIONS
ATTITUDES DES CONSOMMATEURS A L’ERE DES PIRATAGES LE CONFLIT DE GENERATIONSATTITUDES DES CONSOMMATEURS A L’ERE DES PIRATAGES LE CONFLIT DE GENERATIONS
ATTITUDES DES CONSOMMATEURS A L’ERE DES PIRATAGES LE CONFLIT DE GENERATIONS
 
2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational Gap
2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational Gap2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational Gap
2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational Gap
 
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN? ALLES EINE F...
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN? ALLES EINE F...WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN? ALLES EINE F...
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN? ALLES EINE F...
 
API Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverAPI Security Needs AI Now More Than Ever
API Security Needs AI Now More Than Ever
 
Fishing for a CIAM Platform? 11 Question to Ask Before You Buy
Fishing for a CIAM Platform? 11 Question to Ask Before You BuyFishing for a CIAM Platform? 11 Question to Ask Before You Buy
Fishing for a CIAM Platform? 11 Question to Ask Before You Buy
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

Identity-Defined Privacay & Security for Internet of Things

  • 1. Identity- defined Privacy & Security for the Internet of Things Paul Madsen @paulmadsen Ping Identity
  • 2. 2
  • 3. The Internet of Things connects people and physical objects together through applications
  • 4. What’s driving IoT • The sensor legacy. Sensors and remote monitoring tools have existed for decades, in a field known as machine-to-machine (M2M) communications, monitoring, and control. • Broadening connectivity. Mainstreaming of home wifi, 4G mobile, low-power wireless standards such as Bluetooth and ZigBee are enabling just about everything to be connected together. • The cloud and big data. Cloud computing and big data allow the massive data created by things to be sifted, processed, and acted upon • APIs.  Distributed, loosely coupled, transactional approaches in software design are allowing things to exist and communicate autonomously alongside internet-based services
  • 5. Market • Market size for IoT will be $290 billion by 2017, and growing at 30 percent per year (MarketsandMarkets) • 31 billion internet-connected devices will exist by 2020 (Intel) • A family of four will move from having 10 connected devices in 2012 to 25 in 2017 to 50 in 2022 (Intel)
  • 6. Privacy & Security Challenge Most of the devices in the Internet of Things will be used in two broad areas: – Critical Infrastructure - power production/generation/distribution, manufacturing, transportation, etc. – Personal "infrastructure" - personal medical devices, automobiles, home entertainment and device control, wearables, etc Demands security Demands privacy
  • 7. Users surprised & disappointed Security breach Provider surprised & disappointed Privacy breach
  • 8. Security requirements • Confidentiality. Protecting data from being inappropriately accessed by unauthorized actors. Often manifests in authorization policies & encryption • Integrity protecting data or methods from modification or deletion by unauthorized parties. Often manifests in digital signatures • Authentication. Verifying the identities of actors as they interact with each other to ensure that malicious parties are not given inappropriate permissions
  • 9. Security challenges of the IoT • Life and death implications • Scale • Heterogeneity • Storage, processing, and connectivity constraints • Usability implications of screenless devices • Complex relationships between users & devices • Implications of gateways for end-to-end security
  • 10. Privacy requirements • Transparency helps people understand who knows what about them — give people information on how their data is to be used, with whom it is shared with; how long is it held; etc • Intervenability is the ability for users to view, change, correct, block, revoke consent, and delete personal data stored by providers & applications. • Unlinkability is about the separation of informational contexts, such as work, personal, family, citizen, and social. It’s about preventing undesired linkages across different contexts.
  • 12. Authentication & Authorization Model • IoT Actors authenticate by presenting security tokens on their calls/messages to each other • Tokens represent relationship between the relevant user and the calling actor (and any consents/permissions associated with that relationship • Upon receiving a message, an actor validates the token to verify the request is consistent with the relationship/permissions • If consent is removed, token is revoked, and access disabled
  • 13. OAuth 2.0 & OpenId Connect 1.0 • OAuth 2.0 is an IETF authentication & authorization framework for securing application access to RESTful APIs • OAuth allows a Client to send an API query to a Resource Server (RS), the application hosting the desired information, such that the RS can authenticate that the message was indeed sent by the Client. • The Client authenticates to the RS through the inclusion of an access token on its API call—a token previously provided to the Client by an Authorization Server (AS). • In those scenarios that the API in question protects access to a User’s identity attributes, it may be the case that the access token will only be issued by the AS after the User has explicitly given consent to the Client accessing those attributes. • OpenID Connect 1.0 profiles and extends OAuth 2.0 to add an identity layer— creating a single framework that promises to secure APIs, mobile native applications and browser applications in a single, cohesive architecture.
  • 14. Representative IoT architecture • Fitbit makes the Aria smart scale • Scale syncs through home Wifi to Fitbit cloud for display & analysis through web & native applications • 3rd party services can access weight data to provide additional analysis
  • 18. Security & privacy requirements • Confidentiality • Integrity • Authentication • Transparency • Intervenability • Unlinkability
  • 19. Security & privacy requirements • Confidentiality • Integrity • Authentication • Transparency • Intervenability • Unlinkability
  • 20. Confidentiality & Integrity • Weight data must be secured both on servers & in-transit – Encryption & access control ensures confidentiality on Fitbit & 3rd party servers – TLS ensures confidentiality in-transit – TLS protects against modifications in-transit • Both OAuth & Connect mandate TLS for over- the-network messages
  • 21. Security & privacy requirements • Confidentiality • Integrity • Authentication • Transparency • Intervenability • Unlinkability
  • 22. Native application authentication FitBit 3rd party services REST APIProprietary
  • 23. Native Application authentication • Users can view their weight data & trends from Fitbit ioS & Android native applications • Native apps pull data from Fitbit cloud REST endpoints • Native applications can use OAuth to authenticate their API calls as being on behalf of particular user
  • 24. 3rd party application authentication FitBit 3rd party services REST APIProprietary
  • 25. 3rd party application authentication • TrendWeight offers additional insight & analysis of weight data • Pulls weight data from Fitbit cloud REST endpoints • TrendWeight uses OAuth to authenticate to Fitbit as acting on behalf of particular user • The token represents the relationship between TrendWeight and that user
  • 26. Cloud to Cloud Copyright © 2014 Ping Identity Login & consent Weight data Login & consent Weight data Access token delivery
  • 28. Copyright © 2014 Ping Identity • Devices communicate with each other and the gateway via the local network— sharing data, sending control messages, etc. • These local interactions may not use HTTP, but instead a application protocol more optimized to the constraints (CPU size, battery, etc.) of devices. • Such application protocols include XMPP, MQTT and CoAP. • Work has begun in exploring how to bind OAuth & Connect to such IoT optimized protocols, e.g. ACE effort in IETF Device authentication
  • 29. Security & privacy requirements • Confidentiality • Integrity • Authentication • Transparency • Intervenability • Unlinkability
  • 30. Transparency • Users actively mediate the issuance of tokens to native applications & 3rd parties • Provides opportunity for an explicit consent step • In theory can enable granular consent, ie view only weight data but not step data
  • 31. Security & privacy requirements • Confidentiality • Integrity • Authentication • Transparency • Intervenability • Unlinkability
  • 32. Intervenability User can revoke permissions assigned to 3rd parties
  • 33. Security & privacy requirements • Confidentiality • Integrity • Authentication • Transparency • Intervenability • Unlinkability
  • 34. Unlinkability • Authenticating to Fitbit or sharing weight data to 3rd party services should not directly enable inappropriate correlation at some other party , eg Facebook • Linkages must be explicit and consensual, as in that established between FitBit & TrendWeight
  • 35. It will be relationships between users, devices, and applications that will be fundamental
  • 36.
  • 38. Conclusion • Authentication & authorization of actors is fundamental to enabling IoT security & privacy • Mechanisms must be secure, scalable and privacy respecting • OAuth & Connect promise to provide important pieces of authentication & authorization framework for IoT