Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Kranky geek15 - securing IoT with webrtc

1,060 views

Published on

Tim Panton builds a webRTC app that controls an IoT device from a chrome browser using a secure (QRcode based) proximity pairing protocol. (with added lego dog) https://www.youtube.com/watch?v=TLXmB2TZyZE

Published in: Internet
  • Be the first to comment

Kranky geek15 - securing IoT with webrtc

  1. 1. Building a different sort of WebRTC app Tim Panton - Protocol Droid - westhawk Ltd @steely_glint
  2. 2. @steely_glint - Westhawk Ltd
  3. 3. @steely_glint - Westhawk Ltd
  4. 4. @steely_glint - Westhawk Ltd
  5. 5. @steely_glint - Westhawk Ltd
  6. 6. @steely_glint - Westhawk Ltd
  7. 7. @steely_glint - Westhawk Ltd
  8. 8. Security isn’t what it was.
  9. 9. @steely_glint - Westhawk Ltd Ideal Internet of everything Protocol would be Standardized Secure Widely deployed Peer-to-Peer (NAT traversal) Realtime Strong on Identity management Mobile capable (and smaller) User-centric
  10. 10. @steely_glint - Westhawk Ltd RTCweb Protocol is Standardized Secure Widely deployed Peer-to-Peer (NAT traversal) Realtime Strong on Identity management Mobile capable (and smaller) ? User-centric
  11. 11. @steely_glint - Westhawk Ltd What we will build today Realtime Authenticated P2P communication Between a small device and a webRTC browser - using the DataChannel but no passwords.
  12. 12. @steely_glint - Westhawk Ltd Components we need WebRTC (datachannel) app in my smartphone WebRTC (datachannel) embedded in a device WebRTC service for rendevous Some sort of pairing
  13. 13. @steely_glint - Westhawk Ltd Components we will use Chrome on android (well Mac - for easy AV) Lightweight stack on device Simple websockets message hub (https://github.com/steely-glint/fingersmith) QRcode pairing
  14. 14. @steely_glint - Westhawk Ltd Duckling protocol Described by Ross Anderson in 1990s Device trusts first thing it sees We flip this and the device shows QRcode Smartphone then calls this address First to connect claims ownership https://www.flickr.com/photos/bunnygoth/14021732859/
  15. 15. Demo of QR using yoPet.us
  16. 16. Code walk through of Fingersmith
  17. 17. @steely_glint - Westhawk Ltd Which address token? WebRTC has no built in identity so … Random key Generated server side (like XMPP anon) Generated client side and asserted to service (As in Respoke, Twillio etc) Exchanged over QR code at ‘hatching’ Stored locally and reused for ‘life’
  18. 18. @steely_glint - Westhawk Ltd But wait… Full disclosure: this is such a good idea I filed a patent on it Whats this fingerprint thing ? Hash of the x509 cert used in DTLS exchange Can we use that as an address ? Yes - it means the duckling can tell that it is mommy calling and ignore all other distractions. More on this at IIT RTC conference in October…
  19. 19. @steely_glint - Westhawk Ltd Javascript walkthrough Dummy offer to find it at start-up Phono.sdp.js parse SDP to extract fingerprint (open source - thanks tropo) Ipseorama to set up DataChannel via Fingersmith generateCertificate + IndexDB to make firefox use stable identity
  20. 20. @steely_glint - Westhawk Ltd Device Code options Javascript Use google’s webrtc wrapped in node C/C++ Use Janus codebase etc…. Java DIY
  21. 21. @steely_glint - Westhawk Ltd Yep, you guessed it, I took the Java way. STUN/TURN/ICE Ice4j - Jitsi DTLS BouncyCastle - Tropo (now Cisco) SCTP/DCEP in progress….
  22. 22. @steely_glint - Westhawk Ltd Demo on Beaglebone Think of it as an American Pi :-) Typical of future devices Small footprint Low power Linux ARM (see Intel Edison)
  23. 23. @steely_glint - Westhawk Ltd What, that’s not small enough Arm 9 300Mhz 64 Mb Linux
  24. 24. @steely_glint - Westhawk Ltd Lego EV3 Lego EV3 Arm 9 300Mhz 64 Mb Linux LeJos Java ;-)
  25. 25. @steely_glint - Westhawk Ltd Demo
  26. 26. @steely_glint - Westhawk Ltd By using webRTC data channel we have Standardized Secure Widely deployed Peer-to-Peer (NAT traversal) Realtime Strong on Identity management Mobile capable (and smaller) User-centric
  27. 27. tldr; WebRTC isn’t just for video calls - it can solve Internet of Everything problems too. Tim Panton - Protocol Droid - Westhawk Ltd @steely_glint

×