SlideShare a Scribd company logo
1 of 29
Download to read offline
Blockchain & IAM for IoT:
Edge Authentication
Presented by: Sesh Raj, President DSAPPS INC
©2018DSAPPSINC
©2018DSAPPSINC
©2018DSAPPSINC
Question: What is IAM
(identity and access management)
for IOT?
©2018DSAPPSINC
Traditional IOT IAM managed by cloud
Reference: AWS IOT
Comparing Traditional IAM and IOT IAM
Traditional IAM IOT IAM
End points to manage Typically < 100,000 Can be millions
System administration IT and Security departments
Operational personnel, plant
and business managers
Auditing User-centric Device-centric
Authenticating process Passwords, biometrics
PKI certificates, device
behaviors, biometrics
Provisioning and registration
process
Static Dynamic, application driven
Self-services Typically web based
Also support Bluetooth, DSRC
etc. wireless communication
The challenge
Establishing identity through X.509 certificates provides a strong
authentication system. However, in the IoT domain, many devices
may not have enough memory to store a certificate or may not even
have the required CPU power to execute the cryptographic
operations of validating the X.509 certificates (or any type of public
key operation).
©2018DSAPPSINC
Question:What is IOT edge
authentication?
©2018DSAPPSINC
The need for IOT edge authentication
Faster response times: Without a round-trip to the cloud, data latency is reduced, lowering
the time it takes to glean actionable insights from that data.
Lowering IoT solution costs: Can process, clean and analyze mission critical data closer
to the device itself saving on processing and analysis costs and reduce the amount of data that flows back
and forth between the cloud and the edge of the network.
Added security and compliance: Edge authentication can scan for malware, filter out
sensitive personally identifiable information and process it locally,
Dependable operation even with intermittent connectivity: Enables
manufacturing equipment and other smart devices to operate without disruption even when they’re offline
or Internet connectivity is intermittent.
Interoperability between new and legacy devices: Easier to integrate new and
legacy end points with edge computing.
©2018DSAPPSINC
Question: How do we track identity
on the edge without a central server?
©2018DSAPPSINC
IOT Gateways
Reference: https://internetofthingsagenda.techtarget.com/feature/
Using-an-IoT-gateway-to-connect-the-Things-to-the-cloud
Reference: National Institute of Standards and George Mason University
©2018DSAPPSINC
Reference: https://
docs.microsoft.com/en-us/azure/iot-
hub/iot-hub-devguide-endpoints
IOT Gateway Architecture
Operating System
Example: Linux or Android OS
HAL (Hardware Abstraction Layer)
Supports reusability and portability of the IoT software.
IoT Sensors Stack
Software stacks that serve as interfaces with IoT sensors modules.
Examples: ZigBee, 6LoWPAN, EnOcean, BLE, Modbus, PROFIBUS
Device Management and Configuration
Configuration and settings to interface with different types of Sensor devices.
Security
Ensure robust data security, device security and network security.
FOTA
Firmware Over The Air (FOTA) updates with latest versions of security patches, OS,
Firewalls and more.
Data Communication Protocols
Connect with the Cloud over Ethernet, Wi-Fi or a 4G/3G modem via UDP or TCP IP
protocol. MQTT, CoAP, XMPP, AMQP utilized.
Data Management
Includes data streaming, data filtering and data storing.
Cloud Connectivity Manager
Connectivity, device state, heartbeat message, and gateway device authentication
with the cloud.
Custom Application
Manage data between sensor node and gateway and from gateway to cloud.
Gateway Data Transfer
To connect to the internet for data transfer using Ethernet, 4G/3G/GPRS modem or
Wifi.
Reference:https://www.embitel.com/blog/embedded-blog/understanding-how-an-iot-gateway-architecture-works
©2018DSAPPSINC
Key Requirements for IOT
Edge Authentication
• Has to replace central authority with distributed apps, should not depend
on a single point of failure, means to distribute trust
• Need distributed storage of device security data that is immutable
• Automated process to add and update devices without need for manual
authorization and authentication process, via code driven smart contract
• Have the means to flag abnormal behavior and quarantine devices
through group consensus on what is normal
Answer - Blockchain technology
Blockchain Concepts
• Decentralized,	peer-to-peer	networks,	where	each	
par5cipant	maintains	a	copy	of	a	shared,	append-only	(i.e.,	
otherwise	immutable)	ledger	of	digitally	signed	transac5on	
records	
• Maintain	synchronized	replicas	through	a	consensus	
protocol	
• Safeguard	the	immutability	of	the	ledger,	even	when	some	
par5cipants	are	faulty	or	malicious	
©2018DSAPPSINC
Append only Shared Ledger
Managed by Permissions with
visible, authenticated and
verifiable transactions
Support for Smart Contracts
programmed to execute with
transactions
Consensus for adding new
members and flagging abnormal
behavior
The benefits of Blockchain
Allows trust to be dispersed highly securely making IAM at the edge fast
and light without central server reliance thus removing single point of
failure
Creates an IAM-centric ecosystem that keeps track of identities,
entitlements, entitlement assignment, and access events, all autonomously.
Provides for the five security pillars: Availability, Auditability, Accountability,
Integrity and Confidentiality.
©2018DSAPPSINC
IAM Requirements provided by Blockchain
• Track device identity profiles and attributes
• Validate identity and transaction data leveraging
smart contracts
• Create and maintain IAM permission policies
• Maintain data trust
• Auditable records for validation
• Control data visibility
©2018DSAPPSINC
Question: How can we implement
IAM policies on the edge?
©2018DSAPPSINC
Support in Blockchain for IAM
security policies
func (s *SmartContract) Init(APIstub shim.ChaincodeStubInterface) sc.Response {
return shim.Success(nil)
}
func (s *SmartContract) Invoke(APIstub shim.ChaincodeStubInterface) sc.Response {
function, args := APIstub.GetFunctionAndParameters()
if function == "queryCar" {
return s.queryCar(APIstub, args)
} else if function == "initLedger" {
return s.initLedger(APIstub)
} else if function == "createCar" {
return s.createCar(APIstub, args)
} else if function == "queryAllCars" {
return s.queryAllCars(APIstub)
} else if function == "changeCarOwner" {
return s.changeCarOwner(APIstub, args)
Smart Contracts - Enforce who can perform what actions
Access Control Language -
ACL rules determine which users/roles are permitted to
create, read, update or delete member elements.
Certifying authority -
Certifies X509 certificates
rule networkControlPermission {
description: "networkControl can access network commands"
participant: "org.acme.vehicle.auction.networkControl"
operation: ALL
resource: "org.hyperledger.composer.system.Network"
action: ALLOW
}
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
10:e6:fc:62:b7:41:8a:d5:00:5e:45:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2
Validity
Not Before: Nov 21 08:00:00 2016 GMT
Subject Public Key Info:
Public-Key: (256 bit)
pub:
04:c9:22:69:31:8a:d6:6c:ea:da:c3:7f:2c:ac:a5:
af:c0:02:ea:81:cb:65:b9:fd:0c:6d:46:5b:c9:1e:
Shared Configuration -
Policies dictating modification of elements in configuration
Sample Implementations
©2018DSAPPSINC
Hyperledger Architecture
Hyperledger Fabric
- peer nodes with smart contracts and ledgers
Peer Identities via X509 certificate
Hyperledger Fabric CA (Certificate Authority)
Register identity, connect to LDAP
Issue enrollment certificates
Renew and revoke certificates
Azure Blockchain Workbench
©2018DSAPPSINC
IBM Watson IOT Platform with Blockchain
©2018DSAPPSINC
Managing IOT Edge Security Blockchain
Spec Device
authentication
Design
Blockchain
ledger and
cloud services
Launch IOT
edge
authentication
Provide IAM
policies and
smart
contracts
Update IAM policies
Update analytics
Add Devices
Create/update
security policies
Coordinate
with security
team
Track
exceptions
Resolve
exceptions
Real time
analytics
©2018DSAPPSINC
Sesh Raj, DSAPPS INC
email: sales1@dsapps.com
text: 408-940-5003
www.dsapps.com
Contact
©2018DSAPPSINC

More Related Content

What's hot

Alpha & Omega's Managed Security
Alpha & Omega's Managed SecurityAlpha & Omega's Managed Security
Alpha & Omega's Managed SecurityDarryl Santa
 
Zscaler mondi webinar
Zscaler mondi webinarZscaler mondi webinar
Zscaler mondi webinarZscaler
 
Data Security by AES Advanced Encryption Standard
Data Security by AES Advanced Encryption StandardData Security by AES Advanced Encryption Standard
Data Security by AES Advanced Encryption StandardYogeshIJTSRD
 
Cross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperationCross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperationPeter Waher
 
Cybesecurity of the IoT
Cybesecurity of the IoTCybesecurity of the IoT
Cybesecurity of the IoTAltoros
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......centralohioissa
 
Okta Digital Enterprise Report
Okta Digital Enterprise ReportOkta Digital Enterprise Report
Okta Digital Enterprise ReportOkta-Inc
 
Smart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart CitySmart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart CityPeter Waher
 
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...Government Technology & Services Coalition
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Ulf Mattsson
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015Eurotech
 
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...Dinis Guarda
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleForgeRock
 
Xanadu Based Blockchain Integration System Development
Xanadu Based Blockchain Integration System DevelopmentXanadu Based Blockchain Integration System Development
Xanadu Based Blockchain Integration System DevelopmentAlex G. Lee, Ph.D. Esq. CLP
 
(SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon
(SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon (SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon
(SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon Priyanka Aash
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyOkta-Inc
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonUlf Mattsson
 
(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...
(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...
(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...Priyanka Aash
 

What's hot (20)

Alpha & Omega's Managed Security
Alpha & Omega's Managed SecurityAlpha & Omega's Managed Security
Alpha & Omega's Managed Security
 
IoT architecture
IoT architectureIoT architecture
IoT architecture
 
Implementing your APIs with zero trust
Implementing your APIs with zero trustImplementing your APIs with zero trust
Implementing your APIs with zero trust
 
Zscaler mondi webinar
Zscaler mondi webinarZscaler mondi webinar
Zscaler mondi webinar
 
Data Security by AES Advanced Encryption Standard
Data Security by AES Advanced Encryption StandardData Security by AES Advanced Encryption Standard
Data Security by AES Advanced Encryption Standard
 
Cross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperationCross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperation
 
Cybesecurity of the IoT
Cybesecurity of the IoTCybesecurity of the IoT
Cybesecurity of the IoT
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
 
Okta Digital Enterprise Report
Okta Digital Enterprise ReportOkta Digital Enterprise Report
Okta Digital Enterprise Report
 
Smart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart CitySmart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart City
 
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015
 
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
 
Xanadu Based Blockchain Integration System Development
Xanadu Based Blockchain Integration System DevelopmentXanadu Based Blockchain Integration System Development
Xanadu Based Blockchain Integration System Development
 
(SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon
(SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon (SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon
(SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust Strategy
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
 
(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...
(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...
(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...
 

Similar to Blockchain and IAM for IOT Edge Authentication

Integration of Things (Sam Vanhoutte @Iglooconf 2017)
Integration of Things (Sam Vanhoutte @Iglooconf 2017) Integration of Things (Sam Vanhoutte @Iglooconf 2017)
Integration of Things (Sam Vanhoutte @Iglooconf 2017) Codit
 
Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation Eurotech
 
Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)
Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)
Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)Codit
 
Adopting the Right Architecture for IoT Implementation
Adopting the Right Architecture for IoT ImplementationAdopting the Right Architecture for IoT Implementation
Adopting the Right Architecture for IoT ImplementationRapidValue
 
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...Amazon Web Services
 
IoT based Industrial Gateway (IoT-SDK) built around Sitara™ AM437x processors...
IoT based Industrial Gateway (IoT-SDK) built around Sitara™ AM437x processors...IoT based Industrial Gateway (IoT-SDK) built around Sitara™ AM437x processors...
IoT based Industrial Gateway (IoT-SDK) built around Sitara™ AM437x processors...Mistral Solutions
 
Role of cloud and analytics in IoT
Role of cloud and analytics in IoTRole of cloud and analytics in IoT
Role of cloud and analytics in IoTSelvaraj Kesavan
 
AWS re:Invent 2016: IoT: Build, Test, and Securely Scale (GPST302)
AWS re:Invent 2016: IoT: Build, Test, and Securely Scale (GPST302)AWS re:Invent 2016: IoT: Build, Test, and Securely Scale (GPST302)
AWS re:Invent 2016: IoT: Build, Test, and Securely Scale (GPST302)Amazon Web Services
 
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWAREFIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWAREFIWARE
 
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech TalksEssential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech TalksAmazon Web Services
 
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018   sd-wan - delivering intent-based networking to t...Cisco Connect Toronto 2018   sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...Cisco Canada
 
IxorTalk IoT Convention 2018
IxorTalk IoT Convention 2018IxorTalk IoT Convention 2018
IxorTalk IoT Convention 2018Peter Defreyne
 
Simplify Internet of Things with an Intelligent Gateway
Simplify Internet of Things with an Intelligent GatewaySimplify Internet of Things with an Intelligent Gateway
Simplify Internet of Things with an Intelligent GatewayEurotech
 
Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...
Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...
Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...Amazon Web Services
 
Real World IoT Architectures and Projects with Eclipse IoT
Real World IoT Architectures and Projects with Eclipse IoTReal World IoT Architectures and Projects with Eclipse IoT
Real World IoT Architectures and Projects with Eclipse IoTEurotech
 
A Reference Architecture for IoT
A Reference Architecture for IoT A Reference Architecture for IoT
A Reference Architecture for IoT WSO2
 
FIWARE Tech Summit - FIWARE Overview and Description of GEs
FIWARE Tech Summit - FIWARE Overview and Description of GEsFIWARE Tech Summit - FIWARE Overview and Description of GEs
FIWARE Tech Summit - FIWARE Overview and Description of GEsFIWARE
 
The Internet of Things - Solutions to Drive Business Transformation
The Internet of Things - Solutions to Drive Business TransformationThe Internet of Things - Solutions to Drive Business Transformation
The Internet of Things - Solutions to Drive Business TransformationRed Hat India Pvt. Ltd.
 

Similar to Blockchain and IAM for IOT Edge Authentication (20)

Integration of Things (Sam Vanhoutte @Iglooconf 2017)
Integration of Things (Sam Vanhoutte @Iglooconf 2017) Integration of Things (Sam Vanhoutte @Iglooconf 2017)
Integration of Things (Sam Vanhoutte @Iglooconf 2017)
 
Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation
 
Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)
Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)
Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)
 
Adopting the Right Architecture for IoT Implementation
Adopting the Right Architecture for IoT ImplementationAdopting the Right Architecture for IoT Implementation
Adopting the Right Architecture for IoT Implementation
 
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...
 
IoT based Industrial Gateway (IoT-SDK) built around Sitara™ AM437x processors...
IoT based Industrial Gateway (IoT-SDK) built around Sitara™ AM437x processors...IoT based Industrial Gateway (IoT-SDK) built around Sitara™ AM437x processors...
IoT based Industrial Gateway (IoT-SDK) built around Sitara™ AM437x processors...
 
Role of cloud and analytics in IoT
Role of cloud and analytics in IoTRole of cloud and analytics in IoT
Role of cloud and analytics in IoT
 
AWS re:Invent 2016: IoT: Build, Test, and Securely Scale (GPST302)
AWS re:Invent 2016: IoT: Build, Test, and Securely Scale (GPST302)AWS re:Invent 2016: IoT: Build, Test, and Securely Scale (GPST302)
AWS re:Invent 2016: IoT: Build, Test, and Securely Scale (GPST302)
 
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWAREFIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
 
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech TalksEssential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
 
QNAP NAS for IoT
QNAP NAS for IoTQNAP NAS for IoT
QNAP NAS for IoT
 
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018   sd-wan - delivering intent-based networking to t...Cisco Connect Toronto 2018   sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
 
IxorTalk IoT Convention 2018
IxorTalk IoT Convention 2018IxorTalk IoT Convention 2018
IxorTalk IoT Convention 2018
 
iot
iotiot
iot
 
Simplify Internet of Things with an Intelligent Gateway
Simplify Internet of Things with an Intelligent GatewaySimplify Internet of Things with an Intelligent Gateway
Simplify Internet of Things with an Intelligent Gateway
 
Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...
Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...
Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...
 
Real World IoT Architectures and Projects with Eclipse IoT
Real World IoT Architectures and Projects with Eclipse IoTReal World IoT Architectures and Projects with Eclipse IoT
Real World IoT Architectures and Projects with Eclipse IoT
 
A Reference Architecture for IoT
A Reference Architecture for IoT A Reference Architecture for IoT
A Reference Architecture for IoT
 
FIWARE Tech Summit - FIWARE Overview and Description of GEs
FIWARE Tech Summit - FIWARE Overview and Description of GEsFIWARE Tech Summit - FIWARE Overview and Description of GEs
FIWARE Tech Summit - FIWARE Overview and Description of GEs
 
The Internet of Things - Solutions to Drive Business Transformation
The Internet of Things - Solutions to Drive Business TransformationThe Internet of Things - Solutions to Drive Business Transformation
The Internet of Things - Solutions to Drive Business Transformation
 

Recently uploaded

Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxRomil Mishra
 
Python Programming for basic beginners.pptx
Python Programming for basic beginners.pptxPython Programming for basic beginners.pptx
Python Programming for basic beginners.pptxmohitesoham12
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catcherssdickerson1
 
Input Output Management in Operating System
Input Output Management in Operating SystemInput Output Management in Operating System
Input Output Management in Operating SystemRashmi Bhat
 
OOP concepts -in-Python programming language
OOP concepts -in-Python programming languageOOP concepts -in-Python programming language
OOP concepts -in-Python programming languageSmritiSharma901052
 
Research Methodology for Engineering pdf
Research Methodology for Engineering pdfResearch Methodology for Engineering pdf
Research Methodology for Engineering pdfCaalaaAbdulkerim
 
Turn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxTurn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxStephen Sitton
 
Crushers to screens in aggregate production
Crushers to screens in aggregate productionCrushers to screens in aggregate production
Crushers to screens in aggregate productionChinnuNinan
 
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...Erbil Polytechnic University
 
Engineering Drawing section of solid
Engineering Drawing     section of solidEngineering Drawing     section of solid
Engineering Drawing section of solidnamansinghjarodiya
 
Internet of things -Arshdeep Bahga .pptx
Internet of things -Arshdeep Bahga .pptxInternet of things -Arshdeep Bahga .pptx
Internet of things -Arshdeep Bahga .pptxVelmuruganTECE
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleAlluxio, Inc.
 
Levelling - Rise and fall - Height of instrument method
Levelling - Rise and fall - Height of instrument methodLevelling - Rise and fall - Height of instrument method
Levelling - Rise and fall - Height of instrument methodManicka Mamallan Andavar
 
Ch10-Global Supply Chain - Cadena de Suministro.pdf
Ch10-Global Supply Chain - Cadena de Suministro.pdfCh10-Global Supply Chain - Cadena de Suministro.pdf
Ch10-Global Supply Chain - Cadena de Suministro.pdfChristianCDAM
 
DEVICE DRIVERS AND INTERRUPTS SERVICE MECHANISM.pdf
DEVICE DRIVERS AND INTERRUPTS  SERVICE MECHANISM.pdfDEVICE DRIVERS AND INTERRUPTS  SERVICE MECHANISM.pdf
DEVICE DRIVERS AND INTERRUPTS SERVICE MECHANISM.pdfAkritiPradhan2
 
Energy Awareness training ppt for manufacturing process.pptx
Energy Awareness training ppt for manufacturing process.pptxEnergy Awareness training ppt for manufacturing process.pptx
Energy Awareness training ppt for manufacturing process.pptxsiddharthjain2303
 
Cooling Tower SERD pH drop issue (11 April 2024) .pptx
Cooling Tower SERD pH drop issue (11 April 2024) .pptxCooling Tower SERD pH drop issue (11 April 2024) .pptx
Cooling Tower SERD pH drop issue (11 April 2024) .pptxmamansuratman0253
 
Immutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdfImmutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdfDrew Moseley
 
Novel 3D-Printed Soft Linear and Bending Actuators
Novel 3D-Printed Soft Linear and Bending ActuatorsNovel 3D-Printed Soft Linear and Bending Actuators
Novel 3D-Printed Soft Linear and Bending ActuatorsResearcher Researcher
 
Virtual memory management in Operating System
Virtual memory management in Operating SystemVirtual memory management in Operating System
Virtual memory management in Operating SystemRashmi Bhat
 

Recently uploaded (20)

Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptx
 
Python Programming for basic beginners.pptx
Python Programming for basic beginners.pptxPython Programming for basic beginners.pptx
Python Programming for basic beginners.pptx
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
 
Input Output Management in Operating System
Input Output Management in Operating SystemInput Output Management in Operating System
Input Output Management in Operating System
 
OOP concepts -in-Python programming language
OOP concepts -in-Python programming languageOOP concepts -in-Python programming language
OOP concepts -in-Python programming language
 
Research Methodology for Engineering pdf
Research Methodology for Engineering pdfResearch Methodology for Engineering pdf
Research Methodology for Engineering pdf
 
Turn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxTurn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptx
 
Crushers to screens in aggregate production
Crushers to screens in aggregate productionCrushers to screens in aggregate production
Crushers to screens in aggregate production
 
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
 
Engineering Drawing section of solid
Engineering Drawing     section of solidEngineering Drawing     section of solid
Engineering Drawing section of solid
 
Internet of things -Arshdeep Bahga .pptx
Internet of things -Arshdeep Bahga .pptxInternet of things -Arshdeep Bahga .pptx
Internet of things -Arshdeep Bahga .pptx
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at Scale
 
Levelling - Rise and fall - Height of instrument method
Levelling - Rise and fall - Height of instrument methodLevelling - Rise and fall - Height of instrument method
Levelling - Rise and fall - Height of instrument method
 
Ch10-Global Supply Chain - Cadena de Suministro.pdf
Ch10-Global Supply Chain - Cadena de Suministro.pdfCh10-Global Supply Chain - Cadena de Suministro.pdf
Ch10-Global Supply Chain - Cadena de Suministro.pdf
 
DEVICE DRIVERS AND INTERRUPTS SERVICE MECHANISM.pdf
DEVICE DRIVERS AND INTERRUPTS  SERVICE MECHANISM.pdfDEVICE DRIVERS AND INTERRUPTS  SERVICE MECHANISM.pdf
DEVICE DRIVERS AND INTERRUPTS SERVICE MECHANISM.pdf
 
Energy Awareness training ppt for manufacturing process.pptx
Energy Awareness training ppt for manufacturing process.pptxEnergy Awareness training ppt for manufacturing process.pptx
Energy Awareness training ppt for manufacturing process.pptx
 
Cooling Tower SERD pH drop issue (11 April 2024) .pptx
Cooling Tower SERD pH drop issue (11 April 2024) .pptxCooling Tower SERD pH drop issue (11 April 2024) .pptx
Cooling Tower SERD pH drop issue (11 April 2024) .pptx
 
Immutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdfImmutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdf
 
Novel 3D-Printed Soft Linear and Bending Actuators
Novel 3D-Printed Soft Linear and Bending ActuatorsNovel 3D-Printed Soft Linear and Bending Actuators
Novel 3D-Printed Soft Linear and Bending Actuators
 
Virtual memory management in Operating System
Virtual memory management in Operating SystemVirtual memory management in Operating System
Virtual memory management in Operating System
 

Blockchain and IAM for IOT Edge Authentication

  • 1. Blockchain & IAM for IoT: Edge Authentication Presented by: Sesh Raj, President DSAPPS INC ©2018DSAPPSINC
  • 4. Question: What is IAM (identity and access management) for IOT? ©2018DSAPPSINC
  • 5. Traditional IOT IAM managed by cloud Reference: AWS IOT
  • 6. Comparing Traditional IAM and IOT IAM Traditional IAM IOT IAM End points to manage Typically < 100,000 Can be millions System administration IT and Security departments Operational personnel, plant and business managers Auditing User-centric Device-centric Authenticating process Passwords, biometrics PKI certificates, device behaviors, biometrics Provisioning and registration process Static Dynamic, application driven Self-services Typically web based Also support Bluetooth, DSRC etc. wireless communication
  • 7. The challenge Establishing identity through X.509 certificates provides a strong authentication system. However, in the IoT domain, many devices may not have enough memory to store a certificate or may not even have the required CPU power to execute the cryptographic operations of validating the X.509 certificates (or any type of public key operation). ©2018DSAPPSINC
  • 8. Question:What is IOT edge authentication? ©2018DSAPPSINC
  • 9. The need for IOT edge authentication Faster response times: Without a round-trip to the cloud, data latency is reduced, lowering the time it takes to glean actionable insights from that data. Lowering IoT solution costs: Can process, clean and analyze mission critical data closer to the device itself saving on processing and analysis costs and reduce the amount of data that flows back and forth between the cloud and the edge of the network. Added security and compliance: Edge authentication can scan for malware, filter out sensitive personally identifiable information and process it locally, Dependable operation even with intermittent connectivity: Enables manufacturing equipment and other smart devices to operate without disruption even when they’re offline or Internet connectivity is intermittent. Interoperability between new and legacy devices: Easier to integrate new and legacy end points with edge computing. ©2018DSAPPSINC
  • 10. Question: How do we track identity on the edge without a central server? ©2018DSAPPSINC
  • 13. IOT Gateway Architecture Operating System Example: Linux or Android OS HAL (Hardware Abstraction Layer) Supports reusability and portability of the IoT software. IoT Sensors Stack Software stacks that serve as interfaces with IoT sensors modules. Examples: ZigBee, 6LoWPAN, EnOcean, BLE, Modbus, PROFIBUS Device Management and Configuration Configuration and settings to interface with different types of Sensor devices. Security Ensure robust data security, device security and network security. FOTA Firmware Over The Air (FOTA) updates with latest versions of security patches, OS, Firewalls and more. Data Communication Protocols Connect with the Cloud over Ethernet, Wi-Fi or a 4G/3G modem via UDP or TCP IP protocol. MQTT, CoAP, XMPP, AMQP utilized. Data Management Includes data streaming, data filtering and data storing. Cloud Connectivity Manager Connectivity, device state, heartbeat message, and gateway device authentication with the cloud. Custom Application Manage data between sensor node and gateway and from gateway to cloud. Gateway Data Transfer To connect to the internet for data transfer using Ethernet, 4G/3G/GPRS modem or Wifi. Reference:https://www.embitel.com/blog/embedded-blog/understanding-how-an-iot-gateway-architecture-works
  • 15. Key Requirements for IOT Edge Authentication • Has to replace central authority with distributed apps, should not depend on a single point of failure, means to distribute trust • Need distributed storage of device security data that is immutable • Automated process to add and update devices without need for manual authorization and authentication process, via code driven smart contract • Have the means to flag abnormal behavior and quarantine devices through group consensus on what is normal Answer - Blockchain technology
  • 16. Blockchain Concepts • Decentralized, peer-to-peer networks, where each par5cipant maintains a copy of a shared, append-only (i.e., otherwise immutable) ledger of digitally signed transac5on records • Maintain synchronized replicas through a consensus protocol • Safeguard the immutability of the ledger, even when some par5cipants are faulty or malicious ©2018DSAPPSINC Append only Shared Ledger Managed by Permissions with visible, authenticated and verifiable transactions Support for Smart Contracts programmed to execute with transactions Consensus for adding new members and flagging abnormal behavior
  • 17. The benefits of Blockchain Allows trust to be dispersed highly securely making IAM at the edge fast and light without central server reliance thus removing single point of failure Creates an IAM-centric ecosystem that keeps track of identities, entitlements, entitlement assignment, and access events, all autonomously. Provides for the five security pillars: Availability, Auditability, Accountability, Integrity and Confidentiality. ©2018DSAPPSINC
  • 18. IAM Requirements provided by Blockchain • Track device identity profiles and attributes • Validate identity and transaction data leveraging smart contracts • Create and maintain IAM permission policies • Maintain data trust • Auditable records for validation • Control data visibility ©2018DSAPPSINC
  • 19. Question: How can we implement IAM policies on the edge? ©2018DSAPPSINC
  • 20. Support in Blockchain for IAM security policies func (s *SmartContract) Init(APIstub shim.ChaincodeStubInterface) sc.Response { return shim.Success(nil) } func (s *SmartContract) Invoke(APIstub shim.ChaincodeStubInterface) sc.Response { function, args := APIstub.GetFunctionAndParameters() if function == "queryCar" { return s.queryCar(APIstub, args) } else if function == "initLedger" { return s.initLedger(APIstub) } else if function == "createCar" { return s.createCar(APIstub, args) } else if function == "queryAllCars" { return s.queryAllCars(APIstub) } else if function == "changeCarOwner" { return s.changeCarOwner(APIstub, args) Smart Contracts - Enforce who can perform what actions Access Control Language - ACL rules determine which users/roles are permitted to create, read, update or delete member elements. Certifying authority - Certifies X509 certificates rule networkControlPermission { description: "networkControl can access network commands" participant: "org.acme.vehicle.auction.networkControl" operation: ALL resource: "org.hyperledger.composer.system.Network" action: ALLOW } Certificate: Data: Version: 3 (0x2) Serial Number: 10:e6:fc:62:b7:41:8a:d5:00:5e:45:b6 Signature Algorithm: sha256WithRSAEncryption Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 Validity Not Before: Nov 21 08:00:00 2016 GMT Subject Public Key Info: Public-Key: (256 bit) pub: 04:c9:22:69:31:8a:d6:6c:ea:da:c3:7f:2c:ac:a5: af:c0:02:ea:81:cb:65:b9:fd:0c:6d:46:5b:c9:1e: Shared Configuration - Policies dictating modification of elements in configuration
  • 23. Hyperledger Fabric - peer nodes with smart contracts and ledgers
  • 24. Peer Identities via X509 certificate
  • 25. Hyperledger Fabric CA (Certificate Authority) Register identity, connect to LDAP Issue enrollment certificates Renew and revoke certificates
  • 27. IBM Watson IOT Platform with Blockchain ©2018DSAPPSINC
  • 28. Managing IOT Edge Security Blockchain Spec Device authentication Design Blockchain ledger and cloud services Launch IOT edge authentication Provide IAM policies and smart contracts Update IAM policies Update analytics Add Devices Create/update security policies Coordinate with security team Track exceptions Resolve exceptions Real time analytics ©2018DSAPPSINC
  • 29. Sesh Raj, DSAPPS INC email: sales1@dsapps.com text: 408-940-5003 www.dsapps.com Contact ©2018DSAPPSINC