Identity & Security In AllJoyn 14.06
Tim Kellogg
Saturday, July 19 2014
https://github.com/tkellogg/alljoyn-examples
https://github.com/tkellogg/alljoyn-
core/tree/master/alljoyn_core/src
Embedded Security
Mitsubishi EMI Incident (2003)
• Brakes disabled when given 1000-10000x legal
levels of EMI radiation
• Car thinks brakes ...
Slammer Worm (2003)
• Nuclear plant safety monitoring disabled for 5
hours
• “The business value of access to the data
wit...
Hello, my name is Bruce Schneier and I
think routers are super duper easy to
hack, mostly because you nerds never
patch th...
University of Washington Study (2010)
“We demonstrate that an attacker who is able to
infiltrate virtually any Electronic ...
Hey, check it out! I
made my own
encryption algorithm
Embedded Needs “Rails”
• Software Updates
• Security & Identity
• Communication
• Media Streaming
• User Interfaces
Distributed Bus
Distributed Bus
Security
Auth Listeners
• ALLJOYN_RSA_KEYX – X.509 certificates
• ALLJOYN_SRP_KEYX – Show Random PIN
• ALLJOYN_SRP_LOGON – preset U...
ALLJOYN_RSA_KEYX
• RSA = Asymmetric key encryption
• X.509 certificates
– Trusted Certificate Authority
SRP_KEYX & SRP_LOGON
• Threshold Cryptography
• No trust required to establish a secure
connection
• LOGON = Username & Pa...
ALLJOYN_SRP_KEYX
ECDHE
• Elliptic Curve (EC) Cryptography
• DHE = Diffie-Hellman key Exchange
– Symmetric key encryption
ALLJOYN_ECDHE_NULL
• Elliptic Curve Encryption
• No verification of identity
ALLJOYN_ECDHE_PSK
• PSK = Pre-Shared Key
• Service already has the client’s public key
• A password may also be used
ALLJOYN_ECDHE_ECDSA
• ECDSA – Elliptic Curve Digital Signature
Algorithm
• Certificate shows identity
Questions?
@kellogh
Practical Internet of Things
Security & Identity in AllJoyn 14.06
Security & Identity in AllJoyn 14.06
Upcoming SlideShare
Loading in …5
×

Security & Identity in AllJoyn 14.06

2,350 views

Published on

My presentation for Cloud Identity Summit 2014. I will be talking about the security and identity features that AllJoyn offers in it's 14.06 release.

Published in: Software
2 Comments
5 Likes
Statistics
Notes
No Downloads
Views
Total views
2,350
On SlideShare
0
From Embeds
0
Number of Embeds
112
Actions
Shares
0
Downloads
55
Comments
2
Likes
5
Embeds 0
No embeds

No notes for slide
  • * David-Besse nuclear power plant
    Safety monitoring disabled for 5 hours
    FirstEnergy – received unsecured monitoring information
  • Make care ignore driver input
    Completely erase all evidence of tampering
    Unidentified make and model from 2009
  • Open source
    Lots of Partners
    Share methods, algorithms, and testing
    The irony: Maybe OSS projects are more successful because we’re asked to do them a favor
    http://www.forbes.com/sites/sap/2011/11/16/do-me-a-favor-so-youll-like-me-the-reverse-psychology-of-likeability/
  • Cluster tree mesh network
  • Go over code https://github.com/tkellogg/alljoyn-examples/blob/master/secure/service/src/org/alljoyn/bus/samples/secureservice/
  • Shared Remote Password
  • Authenticates
  • A common (public) secret is combined with private secrets
  • Like OpenSSH
  • Security & Identity in AllJoyn 14.06

    1. 1. Identity & Security In AllJoyn 14.06 Tim Kellogg Saturday, July 19 2014
    2. 2. https://github.com/tkellogg/alljoyn-examples https://github.com/tkellogg/alljoyn- core/tree/master/alljoyn_core/src
    3. 3. Embedded Security
    4. 4. Mitsubishi EMI Incident (2003) • Brakes disabled when given 1000-10000x legal levels of EMI radiation • Car thinks brakes are locked, so it releases • All within limits required by law
    5. 5. Slammer Worm (2003) • Nuclear plant safety monitoring disabled for 5 hours • “The business value of access to the data within the control center worth the risk of open connections between the control center and the corporate network” • Unpatched MSSQL Server
    6. 6. Hello, my name is Bruce Schneier and I think routers are super duper easy to hack, mostly because you nerds never patch the software https://www.schneier.com/essays/archives/2014/01/the _internet_of_thin.html
    7. 7. University of Washington Study (2010) “We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems” http://www.autosec.org/pubs/cars- oakland2010.pdf
    8. 8. Hey, check it out! I made my own encryption algorithm
    9. 9. Embedded Needs “Rails” • Software Updates • Security & Identity • Communication • Media Streaming • User Interfaces
    10. 10. Distributed Bus
    11. 11. Distributed Bus
    12. 12. Security
    13. 13. Auth Listeners • ALLJOYN_RSA_KEYX – X.509 certificates • ALLJOYN_SRP_KEYX – Show Random PIN • ALLJOYN_SRP_LOGON – preset U/P table • ALLJOYN_ECDHE_NULL • ALLJOYN_ECDHE_PSK • ALLJOYN_ECDHE_ECDSA – DSA
    14. 14. ALLJOYN_RSA_KEYX • RSA = Asymmetric key encryption • X.509 certificates – Trusted Certificate Authority
    15. 15. SRP_KEYX & SRP_LOGON • Threshold Cryptography • No trust required to establish a secure connection • LOGON = Username & Password • KEYX = A PIN is displayed
    16. 16. ALLJOYN_SRP_KEYX
    17. 17. ECDHE • Elliptic Curve (EC) Cryptography • DHE = Diffie-Hellman key Exchange – Symmetric key encryption
    18. 18. ALLJOYN_ECDHE_NULL • Elliptic Curve Encryption • No verification of identity
    19. 19. ALLJOYN_ECDHE_PSK • PSK = Pre-Shared Key • Service already has the client’s public key • A password may also be used
    20. 20. ALLJOYN_ECDHE_ECDSA • ECDSA – Elliptic Curve Digital Signature Algorithm • Certificate shows identity
    21. 21. Questions? @kellogh Practical Internet of Things

    ×