SlideShare a Scribd company logo

Blockchain and IAM for IOT Edge Authentication

dsapps
dsapps

We present how blockchain technology can power IOT (internet of things) edge authentication which is critical for security and reliability of millions of iot applications in business, manufacturing, transportation, healthcare, banking etc. sectors.

Engineering
1 of 29
Download to read offline
Blockchain & IAM for IoT: Edge Authentication Presented by: Sesh Raj, President DSAPPS INC ©2018DSAPPSINC
©2018DSAPPSINC
©2018DSAPPSINC
Question: What is IAM (identity and access management) for IOT? ©2018DSAPPSINC
Traditional IOT IAM managed by cloud Reference: AWS IOT
Comparing Traditional IAM and IOT IAM Traditional IAM IOT IAM End points to manage Typically < 100,000 Can be millions System administration IT and Security departments Operational personnel, plant and business managers Auditing User-centric Device-centric Authenticating process Passwords, biometrics PKI certificates, device behaviors, biometrics Provisioning and registration process Static Dynamic, application driven Self-services Typically web based Also support Bluetooth, DSRC etc. wireless communication
The challenge Establishing identity through X.509 certificates provides a strong authentication system. However, in the IoT domain, many devices may not have enough memory to store a certificate or may not even have the required CPU power to execute the cryptographic operations of validating the X.509 certificates (or any type of public key operation). ©2018DSAPPSINC
Question:What is IOT edge authentication? ©2018DSAPPSINC
The need for IOT edge authentication Faster response times: Without a round-trip to the cloud, data latency is reduced, lowering the time it takes to glean actionable insights from that data. Lowering IoT solution costs: Can process, clean and analyze mission critical data closer to the device itself saving on processing and analysis costs and reduce the amount of data that flows back and forth between the cloud and the edge of the network. Added security and compliance: Edge authentication can scan for malware, filter out sensitive personally identifiable information and process it locally, Dependable operation even with intermittent connectivity: Enables manufacturing equipment and other smart devices to operate without disruption even when they’re offline or Internet connectivity is intermittent. Interoperability between new and legacy devices: Easier to integrate new and legacy end points with edge computing. ©2018DSAPPSINC
Question: How do we track identity on the edge without a central server? ©2018DSAPPSINC
IOT Gateways Reference: https://internetofthingsagenda.techtarget.com/feature/ Using-an-IoT-gateway-to-connect-the-Things-to-the-cloud Reference: National Institute of Standards and George Mason University
©2018DSAPPSINC Reference: https:// docs.microsoft.com/en-us/azure/iot- hub/iot-hub-devguide-endpoints
IOT Gateway Architecture Operating System Example: Linux or Android OS HAL (Hardware Abstraction Layer) Supports reusability and portability of the IoT software. IoT Sensors Stack Software stacks that serve as interfaces with IoT sensors modules. Examples: ZigBee, 6LoWPAN, EnOcean, BLE, Modbus, PROFIBUS Device Management and Configuration Configuration and settings to interface with different types of Sensor devices. Security Ensure robust data security, device security and network security. FOTA Firmware Over The Air (FOTA) updates with latest versions of security patches, OS, Firewalls and more. Data Communication Protocols Connect with the Cloud over Ethernet, Wi-Fi or a 4G/3G modem via UDP or TCP IP protocol. MQTT, CoAP, XMPP, AMQP utilized. Data Management Includes data streaming, data filtering and data storing. Cloud Connectivity Manager Connectivity, device state, heartbeat message, and gateway device authentication with the cloud. Custom Application Manage data between sensor node and gateway and from gateway to cloud. Gateway Data Transfer To connect to the internet for data transfer using Ethernet, 4G/3G/GPRS modem or Wifi. Reference:https://www.embitel.com/blog/embedded-blog/understanding-how-an-iot-gateway-architecture-works
©2018DSAPPSINC
Key Requirements for IOT Edge Authentication • Has to replace central authority with distributed apps, should not depend on a single point of failure, means to distribute trust • Need distributed storage of device security data that is immutable • Automated process to add and update devices without need for manual authorization and authentication process, via code driven smart contract • Have the means to flag abnormal behavior and quarantine devices through group consensus on what is normal Answer - Blockchain technology
Blockchain Concepts • Decentralized, peer-to-peer networks, where each par5cipant maintains a copy of a shared, append-only (i.e., otherwise immutable) ledger of digitally signed transac5on records • Maintain synchronized replicas through a consensus protocol • Safeguard the immutability of the ledger, even when some par5cipants are faulty or malicious ©2018DSAPPSINC Append only Shared Ledger Managed by Permissions with visible, authenticated and verifiable transactions Support for Smart Contracts programmed to execute with transactions Consensus for adding new members and flagging abnormal behavior
The benefits of Blockchain Allows trust to be dispersed highly securely making IAM at the edge fast and light without central server reliance thus removing single point of failure Creates an IAM-centric ecosystem that keeps track of identities, entitlements, entitlement assignment, and access events, all autonomously. Provides for the five security pillars: Availability, Auditability, Accountability, Integrity and Confidentiality. ©2018DSAPPSINC
IAM Requirements provided by Blockchain • Track device identity profiles and attributes • Validate identity and transaction data leveraging smart contracts • Create and maintain IAM permission policies • Maintain data trust • Auditable records for validation • Control data visibility ©2018DSAPPSINC
Question: How can we implement IAM policies on the edge? ©2018DSAPPSINC
Support in Blockchain for IAM security policies func (s *SmartContract) Init(APIstub shim.ChaincodeStubInterface) sc.Response { return shim.Success(nil) } func (s *SmartContract) Invoke(APIstub shim.ChaincodeStubInterface) sc.Response { function, args := APIstub.GetFunctionAndParameters() if function == "queryCar" { return s.queryCar(APIstub, args) } else if function == "initLedger" { return s.initLedger(APIstub) } else if function == "createCar" { return s.createCar(APIstub, args) } else if function == "queryAllCars" { return s.queryAllCars(APIstub) } else if function == "changeCarOwner" { return s.changeCarOwner(APIstub, args) Smart Contracts - Enforce who can perform what actions Access Control Language - ACL rules determine which users/roles are permitted to create, read, update or delete member elements. Certifying authority - Certifies X509 certificates rule networkControlPermission { description: "networkControl can access network commands" participant: "org.acme.vehicle.auction.networkControl" operation: ALL resource: "org.hyperledger.composer.system.Network" action: ALLOW } Certificate: Data: Version: 3 (0x2) Serial Number: 10:e6:fc:62:b7:41:8a:d5:00:5e:45:b6 Signature Algorithm: sha256WithRSAEncryption Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 Validity Not Before: Nov 21 08:00:00 2016 GMT Subject Public Key Info: Public-Key: (256 bit) pub: 04:c9:22:69:31:8a:d6:6c:ea:da:c3:7f:2c:ac:a5: af:c0:02:ea:81:cb:65:b9:fd:0c:6d:46:5b:c9:1e: Shared Configuration - Policies dictating modification of elements in configuration
Sample Implementations ©2018DSAPPSINC
Hyperledger Architecture
Hyperledger Fabric - peer nodes with smart contracts and ledgers
Peer Identities via X509 certificate
Hyperledger Fabric CA (Certificate Authority) Register identity, connect to LDAP Issue enrollment certificates Renew and revoke certificates
Azure Blockchain Workbench ©2018DSAPPSINC
IBM Watson IOT Platform with Blockchain ©2018DSAPPSINC
Managing IOT Edge Security Blockchain Spec Device authentication Design Blockchain ledger and cloud services Launch IOT edge authentication Provide IAM policies and smart contracts Update IAM policies Update analytics Add Devices Create/update security policies Coordinate with security team Track exceptions Resolve exceptions Real time analytics ©2018DSAPPSINC
Sesh Raj, DSAPPS INC email: sales1@dsapps.com text: 408-940-5003 www.dsapps.com Contact ©2018DSAPPSINC

Recommended

API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
dsapps
 
IOT Platform as a Service
IOT Platform as a ServiceIOT Platform as a Service
IOT Platform as a Service
kidozen
 
apidays LIVE New York 2021 - Securing access to high performing API in a regu...
apidays LIVE New York 2021 - Securing access to high performing API in a regu...apidays LIVE New York 2021 - Securing access to high performing API in a regu...
apidays LIVE New York 2021 - Securing access to high performing API in a regu...
apidays
 
9.35am robert humphrey
9.35am robert humphrey9.35am robert humphrey
9.35am robert humphrey
Argyle Executive Forum
 
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At ComplianceGDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
Ping Identity
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
Ulf Mattsson
 
Arkibiz Partners with GuardTime to Provide Auditable E-Documents and Records ...
Arkibiz Partners with GuardTime to Provide Auditable E-Documents and Records ...Arkibiz Partners with GuardTime to Provide Auditable E-Documents and Records ...
Arkibiz Partners with GuardTime to Provide Auditable E-Documents and Records ...
flashnewsrelease
 
Security On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of ThingsSecurity On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of Things
ForgeRock
 

Recommended

API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
dsapps
 
IOT Platform as a Service
IOT Platform as a ServiceIOT Platform as a Service
IOT Platform as a Service
kidozen
 
apidays LIVE New York 2021 - Securing access to high performing API in a regu...
apidays LIVE New York 2021 - Securing access to high performing API in a regu...apidays LIVE New York 2021 - Securing access to high performing API in a regu...
apidays LIVE New York 2021 - Securing access to high performing API in a regu...
apidays
 
9.35am robert humphrey
9.35am robert humphrey9.35am robert humphrey
9.35am robert humphrey
Argyle Executive Forum
 
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At ComplianceGDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
Ping Identity
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
Ulf Mattsson
 
Arkibiz Partners with GuardTime to Provide Auditable E-Documents and Records ...
Arkibiz Partners with GuardTime to Provide Auditable E-Documents and Records ...Arkibiz Partners with GuardTime to Provide Auditable E-Documents and Records ...
Arkibiz Partners with GuardTime to Provide Auditable E-Documents and Records ...
flashnewsrelease
 
Security On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of ThingsSecurity On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of Things
ForgeRock
 
Alpha & Omega's Managed Security
Alpha & Omega's Managed SecurityAlpha & Omega's Managed Security
Alpha & Omega's Managed Security
Darryl Santa
 
IoT architecture
IoT architectureIoT architecture
IoT architecture
Sumit Sharma
 
Implementing your APIs with zero trust
Implementing your APIs with zero trustImplementing your APIs with zero trust
Implementing your APIs with zero trust
Coforge (Erstwhile WHISHWORKS)
 
Zscaler mondi webinar
Zscaler mondi webinarZscaler mondi webinar
Zscaler mondi webinar
Zscaler
 
Data Security by AES Advanced Encryption Standard
Data Security by AES Advanced Encryption StandardData Security by AES Advanced Encryption Standard
Data Security by AES Advanced Encryption Standard
YogeshIJTSRD
 
Cross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperationCross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperation
Peter Waher
 
Cybesecurity of the IoT
Cybesecurity of the IoTCybesecurity of the IoT
Cybesecurity of the IoT
Altoros
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
centralohioissa
 
Okta Digital Enterprise Report
Okta Digital Enterprise ReportOkta Digital Enterprise Report
Okta Digital Enterprise Report
Okta-Inc
 
Smart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart CitySmart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart City
Peter Waher
 
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Government Technology & Services Coalition
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Ulf Mattsson
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015
Eurotech
 
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...
Dinis Guarda
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
ForgeRock
 
Xanadu Based Blockchain Integration System Development
Xanadu Based Blockchain Integration System DevelopmentXanadu Based Blockchain Integration System Development
Xanadu Based Blockchain Integration System Development
Alex G. Lee, Ph.D. Esq. CLP
 
(SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon
(SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon (SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon
(SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon
Priyanka Aash
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust Strategy
Okta-Inc
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
Ulf Mattsson
 
(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...
(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...
(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...
Priyanka Aash
 
Integration of Things (Sam Vanhoutte @Iglooconf 2017)
Integration of Things (Sam Vanhoutte @Iglooconf 2017) Integration of Things (Sam Vanhoutte @Iglooconf 2017)
Integration of Things (Sam Vanhoutte @Iglooconf 2017)
Codit
 
Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation
Eurotech
 

More Related Content

What's hot

Implementing your APIs with zero trust
Implementing your APIs with zero trustImplementing your APIs with zero trust
Implementing your APIs with zero trust
Coforge (Erstwhile WHISHWORKS)
 
Data Security by AES Advanced Encryption Standard
Data Security by AES Advanced Encryption StandardData Security by AES Advanced Encryption Standard
Data Security by AES Advanced Encryption Standard
YogeshIJTSRD
 
Cross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperationCross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperation
Peter Waher
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
centralohioissa
 
Smart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart CitySmart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart City
Peter Waher
 
Xanadu Based Blockchain Integration System Development
Xanadu Based Blockchain Integration System DevelopmentXanadu Based Blockchain Integration System Development
Xanadu Based Blockchain Integration System Development
Alex G. Lee, Ph.D. Esq. CLP
 

What's hot (20)

Alpha & Omega's Managed Security
Alpha & Omega's Managed SecurityAlpha & Omega's Managed Security
Alpha & Omega's Managed Security
 
IoT architecture
IoT architectureIoT architecture
IoT architecture
 
Implementing your APIs with zero trust
Implementing your APIs with zero trustImplementing your APIs with zero trust
Implementing your APIs with zero trust
 
Zscaler mondi webinar
Zscaler mondi webinarZscaler mondi webinar
Zscaler mondi webinar
 
Data Security by AES Advanced Encryption Standard
Data Security by AES Advanced Encryption StandardData Security by AES Advanced Encryption Standard
Data Security by AES Advanced Encryption Standard
 
Cross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperationCross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperation
 
Cybesecurity of the IoT
Cybesecurity of the IoTCybesecurity of the IoT
Cybesecurity of the IoT
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
 
Okta Digital Enterprise Report
Okta Digital Enterprise ReportOkta Digital Enterprise Report
Okta Digital Enterprise Report
 
Smart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart CitySmart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart City
 
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
Software Defined Perimeter - A New Paradigm for Securing Digital Infrastructu...
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015
 
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...
Blockchain, AI, IOT, Crypto Challenges and opportunities for the Energy Oil a...
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
 
Xanadu Based Blockchain Integration System Development
Xanadu Based Blockchain Integration System DevelopmentXanadu Based Blockchain Integration System Development
Xanadu Based Blockchain Integration System Development
 
(SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon
(SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon (SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon
(SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust Strategy
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
 
(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...
(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...
(SACON) Dr. James Stanger - Surfing today’s emerging tech: A policy-based app...
 

Similar to Blockchain and IAM for IOT Edge Authentication

Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)
Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)
Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)
Codit
 
A Reference Architecture for IoT
A Reference Architecture for IoT A Reference Architecture for IoT
A Reference Architecture for IoT
WSO2
 

Similar to Blockchain and IAM for IOT Edge Authentication (20)

Integration of Things (Sam Vanhoutte @Iglooconf 2017)
Integration of Things (Sam Vanhoutte @Iglooconf 2017) Integration of Things (Sam Vanhoutte @Iglooconf 2017)
Integration of Things (Sam Vanhoutte @Iglooconf 2017)
 
Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation
 
Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)
Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)
Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)
 
Adopting the Right Architecture for IoT Implementation
Adopting the Right Architecture for IoT ImplementationAdopting the Right Architecture for IoT Implementation
Adopting the Right Architecture for IoT Implementation
 
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...
 
IoT based Industrial Gateway (IoT-SDK) built around Sitara™ AM437x processors...
IoT based Industrial Gateway (IoT-SDK) built around Sitara™ AM437x processors...IoT based Industrial Gateway (IoT-SDK) built around Sitara™ AM437x processors...
IoT based Industrial Gateway (IoT-SDK) built around Sitara™ AM437x processors...
 
Role of cloud and analytics in IoT
Role of cloud and analytics in IoTRole of cloud and analytics in IoT
Role of cloud and analytics in IoT
 
AWS re:Invent 2016: IoT: Build, Test, and Securely Scale (GPST302)
AWS re:Invent 2016: IoT: Build, Test, and Securely Scale (GPST302)AWS re:Invent 2016: IoT: Build, Test, and Securely Scale (GPST302)
AWS re:Invent 2016: IoT: Build, Test, and Securely Scale (GPST302)
 
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWAREFIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
 
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech TalksEssential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
 
QNAP NAS for IoT
QNAP NAS for IoTQNAP NAS for IoT
QNAP NAS for IoT
 
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
 
IxorTalk IoT Convention 2018
IxorTalk IoT Convention 2018IxorTalk IoT Convention 2018
IxorTalk IoT Convention 2018
 
iot
iotiot
iot
 
Simplify Internet of Things with an Intelligent Gateway
Simplify Internet of Things with an Intelligent GatewaySimplify Internet of Things with an Intelligent Gateway
Simplify Internet of Things with an Intelligent Gateway
 
Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...
Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...
Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered b...
 
Real World IoT Architectures and Projects with Eclipse IoT
Real World IoT Architectures and Projects with Eclipse IoTReal World IoT Architectures and Projects with Eclipse IoT
Real World IoT Architectures and Projects with Eclipse IoT
 
A Reference Architecture for IoT
A Reference Architecture for IoT A Reference Architecture for IoT
A Reference Architecture for IoT
 
FIWARE Tech Summit - FIWARE Overview and Description of GEs
FIWARE Tech Summit - FIWARE Overview and Description of GEsFIWARE Tech Summit - FIWARE Overview and Description of GEs
FIWARE Tech Summit - FIWARE Overview and Description of GEs
 
The Internet of Things - Solutions to Drive Business Transformation
The Internet of Things - Solutions to Drive Business TransformationThe Internet of Things - Solutions to Drive Business Transformation
The Internet of Things - Solutions to Drive Business Transformation
 

Recently uploaded

(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Christo Ananth
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
Asst.prof M.Gokilavani
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
MsecMca
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
tanu pandey
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Christo Ananth
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
ranjana rawat
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
ranjana rawat
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 

Recently uploaded (20)

BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
Vivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design SpainVivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design Spain
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
NFPA 5000 2024 standard .
NFPA 5000 2024 standard .NFPA 5000 2024 standard .
NFPA 5000 2024 standard .
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 

Blockchain and IAM for IOT Edge Authentication

  • 1. Blockchain & IAM for IoT: Edge Authentication Presented by: Sesh Raj, President DSAPPS INC ©2018DSAPPSINC
  • 4. Question: What is IAM (identity and access management) for IOT? ©2018DSAPPSINC
  • 5. Traditional IOT IAM managed by cloud Reference: AWS IOT
  • 6. Comparing Traditional IAM and IOT IAM Traditional IAM IOT IAM End points to manage Typically < 100,000 Can be millions System administration IT and Security departments Operational personnel, plant and business managers Auditing User-centric Device-centric Authenticating process Passwords, biometrics PKI certificates, device behaviors, biometrics Provisioning and registration process Static Dynamic, application driven Self-services Typically web based Also support Bluetooth, DSRC etc. wireless communication
  • 7. The challenge Establishing identity through X.509 certificates provides a strong authentication system. However, in the IoT domain, many devices may not have enough memory to store a certificate or may not even have the required CPU power to execute the cryptographic operations of validating the X.509 certificates (or any type of public key operation). ©2018DSAPPSINC
  • 8. Question:What is IOT edge authentication? ©2018DSAPPSINC
  • 9. The need for IOT edge authentication Faster response times: Without a round-trip to the cloud, data latency is reduced, lowering the time it takes to glean actionable insights from that data. Lowering IoT solution costs: Can process, clean and analyze mission critical data closer to the device itself saving on processing and analysis costs and reduce the amount of data that flows back and forth between the cloud and the edge of the network. Added security and compliance: Edge authentication can scan for malware, filter out sensitive personally identifiable information and process it locally, Dependable operation even with intermittent connectivity: Enables manufacturing equipment and other smart devices to operate without disruption even when they’re offline or Internet connectivity is intermittent. Interoperability between new and legacy devices: Easier to integrate new and legacy end points with edge computing. ©2018DSAPPSINC
  • 10. Question: How do we track identity on the edge without a central server? ©2018DSAPPSINC
  • 13. IOT Gateway Architecture Operating System Example: Linux or Android OS HAL (Hardware Abstraction Layer) Supports reusability and portability of the IoT software. IoT Sensors Stack Software stacks that serve as interfaces with IoT sensors modules. Examples: ZigBee, 6LoWPAN, EnOcean, BLE, Modbus, PROFIBUS Device Management and Configuration Configuration and settings to interface with different types of Sensor devices. Security Ensure robust data security, device security and network security. FOTA Firmware Over The Air (FOTA) updates with latest versions of security patches, OS, Firewalls and more. Data Communication Protocols Connect with the Cloud over Ethernet, Wi-Fi or a 4G/3G modem via UDP or TCP IP protocol. MQTT, CoAP, XMPP, AMQP utilized. Data Management Includes data streaming, data filtering and data storing. Cloud Connectivity Manager Connectivity, device state, heartbeat message, and gateway device authentication with the cloud. Custom Application Manage data between sensor node and gateway and from gateway to cloud. Gateway Data Transfer To connect to the internet for data transfer using Ethernet, 4G/3G/GPRS modem or Wifi. Reference:https://www.embitel.com/blog/embedded-blog/understanding-how-an-iot-gateway-architecture-works
  • 15. Key Requirements for IOT Edge Authentication • Has to replace central authority with distributed apps, should not depend on a single point of failure, means to distribute trust • Need distributed storage of device security data that is immutable • Automated process to add and update devices without need for manual authorization and authentication process, via code driven smart contract • Have the means to flag abnormal behavior and quarantine devices through group consensus on what is normal Answer - Blockchain technology
  • 16. Blockchain Concepts • Decentralized, peer-to-peer networks, where each par5cipant maintains a copy of a shared, append-only (i.e., otherwise immutable) ledger of digitally signed transac5on records • Maintain synchronized replicas through a consensus protocol • Safeguard the immutability of the ledger, even when some par5cipants are faulty or malicious ©2018DSAPPSINC Append only Shared Ledger Managed by Permissions with visible, authenticated and verifiable transactions Support for Smart Contracts programmed to execute with transactions Consensus for adding new members and flagging abnormal behavior
  • 17. The benefits of Blockchain Allows trust to be dispersed highly securely making IAM at the edge fast and light without central server reliance thus removing single point of failure Creates an IAM-centric ecosystem that keeps track of identities, entitlements, entitlement assignment, and access events, all autonomously. Provides for the five security pillars: Availability, Auditability, Accountability, Integrity and Confidentiality. ©2018DSAPPSINC
  • 18. IAM Requirements provided by Blockchain • Track device identity profiles and attributes • Validate identity and transaction data leveraging smart contracts • Create and maintain IAM permission policies • Maintain data trust • Auditable records for validation • Control data visibility ©2018DSAPPSINC
  • 19. Question: How can we implement IAM policies on the edge? ©2018DSAPPSINC
  • 20. Support in Blockchain for IAM security policies func (s *SmartContract) Init(APIstub shim.ChaincodeStubInterface) sc.Response { return shim.Success(nil) } func (s *SmartContract) Invoke(APIstub shim.ChaincodeStubInterface) sc.Response { function, args := APIstub.GetFunctionAndParameters() if function == "queryCar" { return s.queryCar(APIstub, args) } else if function == "initLedger" { return s.initLedger(APIstub) } else if function == "createCar" { return s.createCar(APIstub, args) } else if function == "queryAllCars" { return s.queryAllCars(APIstub) } else if function == "changeCarOwner" { return s.changeCarOwner(APIstub, args) Smart Contracts - Enforce who can perform what actions Access Control Language - ACL rules determine which users/roles are permitted to create, read, update or delete member elements. Certifying authority - Certifies X509 certificates rule networkControlPermission { description: "networkControl can access network commands" participant: "org.acme.vehicle.auction.networkControl" operation: ALL resource: "org.hyperledger.composer.system.Network" action: ALLOW } Certificate: Data: Version: 3 (0x2) Serial Number: 10:e6:fc:62:b7:41:8a:d5:00:5e:45:b6 Signature Algorithm: sha256WithRSAEncryption Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 Validity Not Before: Nov 21 08:00:00 2016 GMT Subject Public Key Info: Public-Key: (256 bit) pub: 04:c9:22:69:31:8a:d6:6c:ea:da:c3:7f:2c:ac:a5: af:c0:02:ea:81:cb:65:b9:fd:0c:6d:46:5b:c9:1e: Shared Configuration - Policies dictating modification of elements in configuration
  • 23. Hyperledger Fabric - peer nodes with smart contracts and ledgers
  • 24. Peer Identities via X509 certificate
  • 25. Hyperledger Fabric CA (Certificate Authority) Register identity, connect to LDAP Issue enrollment certificates Renew and revoke certificates
  • 27. IBM Watson IOT Platform with Blockchain ©2018DSAPPSINC
  • 28. Managing IOT Edge Security Blockchain Spec Device authentication Design Blockchain ledger and cloud services Launch IOT edge authentication Provide IAM policies and smart contracts Update IAM policies Update analytics Add Devices Create/update security policies Coordinate with security team Track exceptions Resolve exceptions Real time analytics ©2018DSAPPSINC
  • 29. Sesh Raj, DSAPPS INC email: sales1@dsapps.com text: 408-940-5003 www.dsapps.com Contact ©2018DSAPPSINC