This document proposes a new model called OAuthing for federated identity, access control, and data sharing in IoT. It describes the growth of IoT devices and privacy/security issues. The model includes a Device Identity Provider (DIdP) that provides anonymous identities and tokens, a Personal Cloud Middleware (PCM) that runs on behalf of each user to filter data, and an Intelligent Gateway (IG) that routes requests based on identities. It presents the implementation including a device bootloader, and prototype results showing it can support 400 brokers handling 10 messages/second each with low latency. Comparisons are made to related work which don't provide the same anonymous identities, registration processes, or personal middleware capabilities.
A talk given at the EclipseCon 2014 M2M day.
This deck addresses a number of aspects of security for IoT devices and applications and also looks at using federated identity for IoT including MQTT
Blockchain for IoT Security and Privacy: The Case Study of a Smart HomeKishor Datta Gupta
Internet of Things (IoT) security and privacy remain
a major challenge, mainly due to the massive scale and
distributed nature of IoT networks. Blockchain-based approaches
provide decentralized security and privacy, yet they involve
significant energy, delay, and computational overhead that is
not suitable for most resource-constrained IoT devices. In our
previous work, we presented a lightweight instantiation of a
BC particularly geared for use in IoT by eliminating the Proof
of Work (POW) and the concept of coins. Our approach was
exemplified in a smart home setting and consists of three main
tiers namely: cloud storage, overlay, and smart home. In this
paper we delve deeper and outline the various core components
and functions of the smart home tier. Each smart home is
equipped with an always online, high resource device, known
as ”miner” that is responsible for handling all communication
within and external to the home. The miner also preserves
a private and secure BC, used for controlling and auditing
communications. We show that our proposed BC-based smart
home framework is secure by thoroughly analysing its security
with respect to the fundamental security goals of confidentiality,
integrity, and availability. Finally, we present simulation results
to highlight that the overheads (in terms of traffic, processing
time and energy consumption) introduced by our approach are
insignificant relative to its security and privacy gains.
CAN BLOCKCHAIN BE A SOLUTION TO IOT TECHNICAL AND SECURITY ISSUESIJNSA Journal
The Internet of Things (IoT) is a growing trend in technology that interconnects millions of physical devices from any location anytime. Currently, IoT devices have become an integral part of human lives, as such organizations are deeply concerned with its security and technical issues. Blockchain system comprises a distributed digital ledger which is shared among community of users on the Internet; validated and recorded transactions in the ledger which cannot be altered or removed. We presented the challenges of IoT devices and how blockchain can be used to alleviate these problems. An outline of how to integrate blockchain with IoT was tackled, highlighting the challenges of IoT and how blockchain can remedy the issues. It was concluded that blockchain has the capability to curb the challenges posed by IoT devices.
A talk given at the EclipseCon 2014 M2M day.
This deck addresses a number of aspects of security for IoT devices and applications and also looks at using federated identity for IoT including MQTT
Blockchain for IoT Security and Privacy: The Case Study of a Smart HomeKishor Datta Gupta
Internet of Things (IoT) security and privacy remain
a major challenge, mainly due to the massive scale and
distributed nature of IoT networks. Blockchain-based approaches
provide decentralized security and privacy, yet they involve
significant energy, delay, and computational overhead that is
not suitable for most resource-constrained IoT devices. In our
previous work, we presented a lightweight instantiation of a
BC particularly geared for use in IoT by eliminating the Proof
of Work (POW) and the concept of coins. Our approach was
exemplified in a smart home setting and consists of three main
tiers namely: cloud storage, overlay, and smart home. In this
paper we delve deeper and outline the various core components
and functions of the smart home tier. Each smart home is
equipped with an always online, high resource device, known
as ”miner” that is responsible for handling all communication
within and external to the home. The miner also preserves
a private and secure BC, used for controlling and auditing
communications. We show that our proposed BC-based smart
home framework is secure by thoroughly analysing its security
with respect to the fundamental security goals of confidentiality,
integrity, and availability. Finally, we present simulation results
to highlight that the overheads (in terms of traffic, processing
time and energy consumption) introduced by our approach are
insignificant relative to its security and privacy gains.
CAN BLOCKCHAIN BE A SOLUTION TO IOT TECHNICAL AND SECURITY ISSUESIJNSA Journal
The Internet of Things (IoT) is a growing trend in technology that interconnects millions of physical devices from any location anytime. Currently, IoT devices have become an integral part of human lives, as such organizations are deeply concerned with its security and technical issues. Blockchain system comprises a distributed digital ledger which is shared among community of users on the Internet; validated and recorded transactions in the ledger which cannot be altered or removed. We presented the challenges of IoT devices and how blockchain can be used to alleviate these problems. An outline of how to integrate blockchain with IoT was tackled, highlighting the challenges of IoT and how blockchain can remedy the issues. It was concluded that blockchain has the capability to curb the challenges posed by IoT devices.
In developing for IoT, security is not often the highest priority: APIs exposed without care and devices deployed with default passwords become gateways to your network and your data. Many best practices can be used to thwart attacks on your devices, but they have to be thought through from the first architectural design. This session covers many recent IoT attacks, their consequences, and how they could have been prevented. It also explores the many security levels one device can have, from totally exposed to completely secured against physical tampering and identity theft.
How do Blockchain and IOT work together? The focus of this presentation is to provide an introduction to Blockchain, review why IOT is critical to blockchain success and identify the leading projects you should be using
Introduction to the FIWARE IoT Agents. Which kind of transport protocol are used. What is a message protocol. What do the terms northbound/southbound and north/south port mean. How are commands and measurements processed. What is an IoT Agent and what does it do.
A Pragmatic Reference Architecture for The Internet of ThingsRick G. Garibay
We already know that the Internet of Things is big. It isn't something that's coming. It's already here. From manufacturing to healthcare, retail and hospitality, transportation, utilities and energy, the shift from Information Technology to Operational Technology and the value that this massive explosion of data can provide is taking the world by storm.
But IoT isn't a product. It's not something you can buy. As with any gold rush, snake oil abounds. The potential is massive and the good news is that the technology and platforms are already here!
But how do you get started? What are the application and networking protocols at play? How do you handle the ingestion of massive, real-time streams of data? Where do you land the data? What kind of insights does the data at scale provide? How do you make sense of it and/or take action on the data in real time scaling to hundreds if not hundreds of thousands of devices per deployment?
In this session, Rick G. Garibay will share a pragmatic reference architecture based on his experience working with dozens of customers in the field and provide an insider’s view on some real-world IoT solutions he's led. He'll demystify what IoT is and what it isn't, discuss patterns for addressing the challenges inherent in IoT projects and how the most popular public cloud vendors are already providing the capabilities you need to build real-world IoT solutions today.
An overview of Secure IoT development using Java technologies. A brief overview of some recent attacks, some considerations on what to consider and the related Java technologies
How to track the location of an Internet of Things (IoT) device on the blockchain and view it in a Google Maps reader application.
This solution features: (Hardware) Particle.io Electron device using C++ programming; (Platform) Provide Platform running on the Ethereum Network using Solidity smart contracts; (Application) Google Maps leveraging the Provide Platform APIs and running on a node.js platform.
Resources:
http://provide.services
http://particle.io
https://cloud.google.com/maps-platform/
For a video overview of the detailed solution:
https://youtu.be/TTroWlQCwZc
Azure IoT Hub is a PaaS scalable and multi-tenant platform that allows developers to easely build features like device registration, secure bidirectional communication between their core platform and their devices in the field, and at the same time be the hub for all the massive amount of data being generated by all those sensors that needs to be processed and stored, and with all that has become a core piece of a IoT solution that you want to build. On this session you will get to know the Azure IoT hub pretty well, getting introduced to the main features and seeing it in action and how fast you can deploy a solution with it and take the most out of Azure and your sensors to start making the most out of those sensors and their data.
Using an Open Source RESTful Backend for IoT ApplicationsJan Liband
Presentation from IoT DevCon 2015 explaining how an open source RESTful backend can be used for IoT applications. Presented by Bill Appleton, DreamFactory CEO and co-founder.
Dan Debrunner and Susan Cline are developers for IBM Streams. In their presentation, they will discuss Apache Edgent, IBM Watson IoT Platform and IBM Streams.
Building Services with WSO2 Microservices framework for Java and WSO2 ASKasun Gajasinghe
In this WSO2Con tutorial session, we go through how to create microservices with the WSO2 MSF4J library, and how to create web services with WSO2 Application Server.
In developing for IoT, security is not often the highest priority: APIs exposed without care and devices deployed with default passwords become gateways to your network and your data. Many best practices can be used to thwart attacks on your devices, but they have to be thought through from the first architectural design. This session covers many recent IoT attacks, their consequences, and how they could have been prevented. It also explores the many security levels one device can have, from totally exposed to completely secured against physical tampering and identity theft.
How do Blockchain and IOT work together? The focus of this presentation is to provide an introduction to Blockchain, review why IOT is critical to blockchain success and identify the leading projects you should be using
Introduction to the FIWARE IoT Agents. Which kind of transport protocol are used. What is a message protocol. What do the terms northbound/southbound and north/south port mean. How are commands and measurements processed. What is an IoT Agent and what does it do.
A Pragmatic Reference Architecture for The Internet of ThingsRick G. Garibay
We already know that the Internet of Things is big. It isn't something that's coming. It's already here. From manufacturing to healthcare, retail and hospitality, transportation, utilities and energy, the shift from Information Technology to Operational Technology and the value that this massive explosion of data can provide is taking the world by storm.
But IoT isn't a product. It's not something you can buy. As with any gold rush, snake oil abounds. The potential is massive and the good news is that the technology and platforms are already here!
But how do you get started? What are the application and networking protocols at play? How do you handle the ingestion of massive, real-time streams of data? Where do you land the data? What kind of insights does the data at scale provide? How do you make sense of it and/or take action on the data in real time scaling to hundreds if not hundreds of thousands of devices per deployment?
In this session, Rick G. Garibay will share a pragmatic reference architecture based on his experience working with dozens of customers in the field and provide an insider’s view on some real-world IoT solutions he's led. He'll demystify what IoT is and what it isn't, discuss patterns for addressing the challenges inherent in IoT projects and how the most popular public cloud vendors are already providing the capabilities you need to build real-world IoT solutions today.
An overview of Secure IoT development using Java technologies. A brief overview of some recent attacks, some considerations on what to consider and the related Java technologies
How to track the location of an Internet of Things (IoT) device on the blockchain and view it in a Google Maps reader application.
This solution features: (Hardware) Particle.io Electron device using C++ programming; (Platform) Provide Platform running on the Ethereum Network using Solidity smart contracts; (Application) Google Maps leveraging the Provide Platform APIs and running on a node.js platform.
Resources:
http://provide.services
http://particle.io
https://cloud.google.com/maps-platform/
For a video overview of the detailed solution:
https://youtu.be/TTroWlQCwZc
Azure IoT Hub is a PaaS scalable and multi-tenant platform that allows developers to easely build features like device registration, secure bidirectional communication between their core platform and their devices in the field, and at the same time be the hub for all the massive amount of data being generated by all those sensors that needs to be processed and stored, and with all that has become a core piece of a IoT solution that you want to build. On this session you will get to know the Azure IoT hub pretty well, getting introduced to the main features and seeing it in action and how fast you can deploy a solution with it and take the most out of Azure and your sensors to start making the most out of those sensors and their data.
Using an Open Source RESTful Backend for IoT ApplicationsJan Liband
Presentation from IoT DevCon 2015 explaining how an open source RESTful backend can be used for IoT applications. Presented by Bill Appleton, DreamFactory CEO and co-founder.
Dan Debrunner and Susan Cline are developers for IBM Streams. In their presentation, they will discuss Apache Edgent, IBM Watson IoT Platform and IBM Streams.
Building Services with WSO2 Microservices framework for Java and WSO2 ASKasun Gajasinghe
In this WSO2Con tutorial session, we go through how to create microservices with the WSO2 MSF4J library, and how to create web services with WSO2 Application Server.
This deck presents some basic concepts of IoT and some more advanced concepts, reviews the current market players and future of IoT as well as the key ingredients and architecture for success.
Beyond digitalizing money, payments, economics, and finance, blockchains are a singularity-class technology that enables the secure, trackable, automated coordination of very large-scale projects, fleets, and swarms
The implications could be an orderly transition to the automation economy and trust-rich human-machine collaboration in the digital smartnetwork societies of the future
VCs have for the most part retreated from investing in Bitcoin and Blockchain. The appetite for blockchain products however has only increased. Corporations have formed consortiums such as R3 and the Hyperledger Project to learn more about the technology. Numerous enterprises have rolled out internal pilots to test and explore the applications of blockchain.
At Thomvest, we believe blockchain adoption is about to take off - making it a prime time for VCs to begin making early stage bets.
Take a look at our most recent research report which delves into the current state of blockchain.
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsMaxim Salnikov
The ForgeRock Identity Platform and Edge security solution can turn any IoT device into a secure, trusted active subject enrolled and on-boarded from a hardware based root of trust to become an autonomous entity in your business relationship eco system represented by a digital twin.
Gustavo Zastrow - Introduction to AWS IoT Core and MQTTGustavoRuizZastrow
Introduction to IoT Core and MQTT concepts. Demo using a Raspberry Pi and temperature and humidity sensors publishing to AWS IoT Core. Rules to plot values in Cloudwatch and alert using SNS.
Presented on 05-15-2019 at Arlington AWS Meetup
Internet of Things has surpassed the hype phase and according to Gartner, in the next 5-10 years it is expected to become the mainstream. Estimates of this growth predict that IoT market shall grow to $8.9 trillion with over 212 billion connected things by 2020.
With so many devices in question, the ultimate success of IoT lies in the ability of these devices to seamlessly connect and share information securely with each other. With this primary requirement, one cannot overemphasize the role of software technology as an enabler for IoT devices to carry out the chores and achieve the goals.
Attendees got insights on the various software components that make an IoT application and also on some frameworks that help in building IoT apps.
Topics of this presentation:
- Fundamental concepts and principles.
- General architecture guidance.
- IoT applications component design.
- Cross-cutting issues.
This presentation by Andrii Antilikatorov (Consultant, Engineering, GlobalLogic) was delivered at GlobalLogic Kharkiv .NET TechTalk #1 on May 24, 2019.
What are the standards for IoT? What are the requirements for different parts of your business for IoT? For your infrastructure? For your employees? For your customers? For your partners? Examples of Successful Enterprise IOT architecture patterns and use cases. What are problems like security for IoT?
Hello All,
Let's meet and discuss what are the new announcements from Build 2016 and how we can best leverage them in our business!
Here are some of the topics we will cover this time:
- Azure Functions
- Service Fabric
- Azure Storage
- Document DB
- Azure Container Services
- Power BI Embedded
- ASP.NET Core
- Virtual Machine Scale Sets
I will be happy to share my experience from the conference, especially the session I visited and also the conversations I had with various Microsoft representatives.
Azure is developing faster than ever and Microsoft is driving the platform in very interesting direction that require us to know and work with more and more new technologies!
Come and join us to learn more about Azure!
I am arranging the venue but my plan for the meetup is to be on April 25-th or April 27-th from 19:30. I will keep you updated on that!
Thank you!
Kanio
Decision Matrix for IoT Product DevelopmentAlexey Pyshkin
At first sight, the development of "hardware" products hardly differs from that of IoT devices. Here you can see the methodology of IoT product development based on an IoT framework by Daniel Elizalde. It’s a convenient and simple model that estimates expenses and potential income, evaluates the technological complexity and at the same time is easily understood by the client.
Made by notAnotherOne
Connecting devices to the internet of thingsBernard Kufluk
Connecting devices to IBM's Internet of Things Foundation. The foundation is a PaaS service allowing you to get devices connected quicker than ever before.
Similar to Anonymous Individual Integration for IoT (20)
Apache Stratos - Building a PaaS using OSGi and EquinoxPaul Fremantle
Apache Stratos is a PaaS built on top of Equinox and OSGi. Stratos runs all kinds of workloads including Java, OSGi, Tomcat apps, PHP, Node.js, MySQL, Mongo, Cassandra and others.
This session is an introduction to Stratos which will cover:
- How to get started
- Deploying on Amazon AWS and OpenStack Clouds
- Workloads Stratos supports
- Why and how Equinox is used
- Multi-tenancy and security
- Elastic scaling
- How Stratos compares to other PaaS systems
The session will include live demontrations of Stratos.
The session is aimed at those interested in PaaS models, as well as those with a strong interest in OSGi runtimes and Equinox.
Making Apache Tomcat Multi-tenant, Elastic and MeteredPaul Fremantle
Are you running Tomcat on the Cloud? What can you do to make Tomcat really take advantage of the cloud? In this session we will discuss how to make Tomcat a native cloud runtime - one that is optimized to run "in" the cloud rather than just "on top" of the cloud. First we will look at what is important for any runtime that wants to truly be cloud native: multi-tenancy, self-service, elasticity, metering and billing, dynamic discovery and side-by-side versioning. Then we will explore how to make Tomcat work in this way. Based on experiences making Tomcat run in a cloud environment as part of Stratos, an Open Source project based on Tomcat and OSGi, we will look at the real issues, solutions, as well as exploring future work in this area.
To really take advantage of cloud, software must be optimized to run in the cloud. This presentation explores what it means to be "Cloud Native" and looks at a real open source project that has built a complete Cloud Native platform. Cloud is not just a better way to run existing software, there are core enhancements that need to be made to software to enable it to run really effectively in a cloud environment. Often the first thought is about massive scalability, but actually there are other key enablers: multi-tenancy, metering, dynamic distribution, self-service and incremental deployment and testability. This presentation explores these enablers and looks at how an Open Source project (Carbon) built on Apache technology was re-built to be cloud native. The presentation will cover not just the concepts but dive into the practical issues in making a cloud native system and also explore which Apache technologies can help along the way.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
2. Agenda
• Motivation and background
• Previous iterations
• Model and architecture
• Prototype and results
• Comparison with related work and conclusions
7. Problem statement
• Today many IoT devices are
inherently tied to the manufacturer
• I want to share data under my own control with
trust
• Threats include:
• Lack of individual credentials
• Hacking of data and passwords
• Trust in the company to behave well
• Data sharing and privacy
• Going out of business
8. Privacy By Design
• 7 key principles
• Proactive not Reactive; Preventative not Remedial
• Privacy as the Default Setting
• Privacy Embedded into Design
• Full Functionality – Positive-Sum, not Zero-Sum
• End-to-End Security – Full Lifecycle Protection
• Visibility and Transparency – Keep it Open
• Respect for User Privacy – Keep it User-Centric
Cavoukian, Ann, Scott Taylor, and Martin E. Abrams. "Privacy by Design: essential for
organizational accountability and strong business practices."Identity in the Information Society 3.2
(2010): 405-413.
9. Three layer privacy model
User
Sphere
Recipient
Sphere
Joint
Sphere
Spiekermann, Sarah, and Lorrie Faith Cranor. "Engineering privacy.”
IEEE Transactions on software engineering 35.1 (2009): 67-82.
10. Overall approach and timeline
• First iteration: FIOT
• Tokens on devices, user consent to data sharing
• Fremantle, Paul, et al. "Federated identity and access management for the
internet of things." Secure Internet of Things (SIoT), 2014 International
Workshop on. IEEE, 2014.
• Second iteration - IGNITE
• Unique identifiers per device, Initial performance data
• Fremantle, Paul, Jacek Kopecký, and Benjamin Aziz. "Web API management meets
the internet of things." European Semantic Web Conference. Springer International
Publishing, 2015.
• Third iteration: OAUTHING
• Device and User Registration processes
• Anonymous identities
• Cloud based “personal middleware”
• Improved testing and performance data
• CIOT
11. Contributions of this work
• OAuthing: a new model for federated identity, access
control and data sharing in IoT
• A clear manufacturing and user registration process for OAuth2
credentials with IoT devices
• An approach for using anonymous identities in IoT while allowing
users to share data effectively
• Personal Cloud Middleware to ensure trust in the server model
• A working prototype of the OAuthing model
• Experimental results demonstrating scaling in a cloud
environment
13. Scoping
• In Scope
• Directly Internet-connected devices
• Sample device is based on ESP8266 with wifi
• IoT Hub (e.g. Smart Home gateway, Connected Car)
• Treat individual sensors as attached to the hub
• Treat the hub as a Device
• Out of scope in the current model
• Implicit Data Transfer
• Privacy infringement through scanning
• e.g. MAC scanning attacks, ambient devices
• Devices with multiple owners
• This may be extended in future research
• Devices that are not directly connected to the Internet
• This may be extended in future research
16. Device Identity Provider (DIdP)
• Provides secure anonymous identities to devices and
issues tokens that authorize devices or services
• Allows users to register their devices
• Allows users to consent to share data or commands
• Offers the Identity Broker pattern
17. Personal Cloud Middleware (PCM)
• Each user has a server running on their behalf
• Originally proposed in Webinos
• Personal Zone Hub (PZH) and Personal Zone Proxy (PZP)
• Webinos does not deal with running these in a cloud, locating them, etc
• A cloud shadow of the user’s devices
• Does not persistently store data
• Performs summarization and filtering*
• Only distributes data according to user consent
• Enhances Trust in the Cloud
* Not yet implemented!
18. Intelligent Gateway (IG)
• Validates tokens against the DIdP
• Routes requests based on anonymous identities
• Applies dynamic authorization policies
• As consented by users
• Instantiates PCMs in Docker
20. Device Lifecycle
and Bootloader
• The device bootloader
implements a well-defined
lifecycle
• Secure device identity is
embedded at manufacture time
• User registration process based
on QR codes
21. Information sharing matrix
User
Profil
e
MAC
HW ID
Device
ID
Device
Secret
Pseud
o-nym
Bearer
Token
Device
Data
UIdP ✔
DIdP ✔ ✔ ✔ ✔ ✔
Manu-
facturer
✔ ✔
Device ✔ ✔ ✔ ✔ ✔
IG ✔ ✔ ✔
Data
Recipie
nt
✔
22. Analysis of the sharing matrix
• In order to steal data an attacker needs to attack both the
DIdP and IG/PCM
• The DIdP doesn’t see any device data
• The IG/PCM do not see any real identities
• Third-party services don’t inherently know any identities
• Users may leak it in other ways
• The manufacturer and other services only see data that
has consent to share
• All third-party services / data recipients are equal
23. Addressing the security and privacy
problems of IoT
• Default passwords
• Each device is configured at manufacturing with a secure id
• User control
• Clear user registration and ownership model
• User’s choice of provider
• Personal middleware
• Fingerprinting and identification
• Anonymous Identities
• Device/User shadow protects metadata
• Summarising and filtering
• Consent
• No data is shared without consent
25. Implementation
• OAuthing (DIdP)
• OAuth2 support, onbound support for popular UIdPs (Google, FB,
Twitter), embedded MQTT broker
• IGNITE (IG)
• Performant MQTT gateway, with pluggable intermediation, launching
of PCMs in Docker, OAuth2 scope validation
• RSMB Docker (PCM)
• Lightweight containers running in Docker
• Device Bootloader and Sample Device
• Based on ESP8266 low-cost device chip, implements
MQTT/TLS, Device and User registration flows
• Third-Party App (TPA)
• Simple application to demonstrate consent-based data sharing using
MQTT / WebSockets / TLS
https://github.com/pzfreo/oauthing
https://github.com/pzfreo/ignite
26. Digital Ocean LON1 region
Device IdP:
OAuthing
DIdP
Database:
Cassandra
oauthing.io
2Gb Droplet
Cloud
Service
Provider:
IGNITE
Docker
Controller:
dproxy
ignite-iot.net
2Gb Droplet
Personal
RSMB
Brokers
Personal
RSMB
Brokers
Personal
RSMB
Brokers
Personal
RSMB
Brokers
Personal
RSMB
Brokers
Personal
RSMB
Brokers
Personal
Zone Hub:
RSMB
MQTT
collector
Test Manager
4Gb Droplet
Stats analyser
Test Load Driver
4Gb Droplet
50 virtual
clients
Up to 10 TLDs
per test
Key
Datacenter
Droplet/cloud
instance
Docker Container
Test Environment and Harness
29. Individual anonymous integration
• On a 2Gb Digital Ocean droplet
• 400 MQTT brokers
• Handling 10 messages / second each
• Based on pseudonyms
• With OAuth2 based consent
35. Analysis of results
• The model can be implemented effectively
• The additional latency on data messages is ~1ms
• Not noticeable compared to average mobile Internet latencies of 100-1000ms
• The “first connect” performance is also acceptable (it takes the device
3-10 secs to associate to Wifi)
• The additional memory usage of the bootloader on the device is
acceptable
• 400 PZH servers can be run on a $20/month cloud server
• $0.60/year/user cost can be further reduced with optimization
• Supporting each user with 100 devices each communicating every 10 seconds
36. Potential Use Cases
• Wide: Supporting the EU GDPR
• Ensuring full consent for all IoT data sharing
• Specific: Connected Medical Devices
• Only sharing specific data or averages
• Avoiding sharing all data with the manufacturer
• Better compliance with regulatory systems
• Specific: Industrial IoT
• High security and privacy required around smart production lines
37. Comparison with related work
• OAuth for Devices
• Previous work offers OAuth2 models for devices:
• FIOT [8], IGNITE [9], IOT-OAS [1], COMPOSE[14], OAuth1 for MQTT[13], IBM
Watson, AWS IoT
• None of these provide:
• Anonymous Identities
• Clear automated registration processes or
• Personal Cloud Middleware
• Webinos
• Concept of Personal Zone Hub – personal middleware
• Does not address usability of PZH, how to configure and run in a cloud
• Does not support federated identity to the device
• IoT@Work [16]
• A model for anonymous identities for IoT
• No separation of identity management and data sharing systems
• No federated identity models
[n] References refer to the bibliography in the paper
38. Further Work
• Formal models
• In one of CSP/Event-B/Tamarin
• Implementation of updated model “OAuthing 2”
• Detailed threat analysis and threat modeling
• Intersection with Blockchains and Distributed Ledgers
• Use of blockchain to validate identity, ownership, manage consent,
provide an audit trail of IoT lifecycles
@startuml
start
:**Manufacture**
(the device is created);
:**Client Registration**
(the device is registered with OAuThing
as a OAuth2 client);
:**Purchase**
(the device is physically
in the hands of a user);
repeat
:**User Registration**
(the user takes ownership of the
device and allocates it permissions);
:**Use**
(the device is now publishing data and
acting on user commands);
repeat while (reset ownership)
@enduml