Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Using IoT to Restore Freedom with Physical Identity
Similar to Using IoT to Restore Freedom with Physical Identity (20)
Recently uploaded
Recently uploaded (20)
Using IoT to Restore Freedom with Physical Identity
- 1. www.uberether.com © 2018 UberEther, Inc. All Rights Reserved. 1 Using IoT to Restore Freedom Matt Topper matt@uberether.com
- 2. www.uberether.com © 2018 UberEther, Inc. All Rights Reserved. 2 Managed Solutions Hybrid IAM Deployments DevSecOps Integration Platform Development Architecture & Design About UsIAM to the Core. Our team has built the ICAM architectures that protect our nation’s most critical assets. Now we help companies ensure they’re offering their customers and employees the same level of security. Just set it and forget it. Our team runs the critical security infrastructure for numerous government agencies. Our managed services accelerate delivery and provide the secure baseline to enable your business. One of the largest challenges with moving to the cloud is determining how to balance on premise and cloud IAM strategies. Whole hog, incremental or hybrid all have their benefits, let us help enable your organization. Security in the cloud provides many new operating principles. Not only do software defined networks change operating procedures, but hardening, identity management, and auditing has completely changed. Let us help. IAM has moved well beyond the stages of rolling out a vendor product and hoping for the best. Identity is the only thread companies can rely on to fuel their digital transformation. Let our team build the platform to enabled your businesses success.
- 3. www.uberether.com © 2018 UberEther, Inc. All Rights Reserved. 3 Identities: Beyond Humans
- 4. www.uberether.com © 2018 UberEther, Inc. All Rights Reserved. 4 Going BeyondEvery single conversation
- 5. www.uberether.com © 2018 UberEther, Inc. All Rights Reserved. 5 Beyond Contextual FactorsStronger than a certificate • Biometrics • Biological Biometrics • Active Events • Behavioral Biometrics • Passive, Continuous Authentication • Multimodal Biometrics • Combinations of multiple factors • Device Factors • Geolocation, Gait Analysis, Temperature, Barometric Pressure, Voice, Facial, Finger • Profiles, Certificates, Patch Levels, Velocity Checks, IP Address, Time of Day, Fingerprinting, Open Ports, Software Versions, Keystrokes • Host Proximity
- 6. www.uberether.com © 2018 UberEther, Inc. All Rights Reserved. 6 Let’s Get Physical!
- 7. www.uberether.com © 2018 UberEther, Inc. All Rights Reserved. 7 Our HeroAnd a noble cause The Challenge: • Unfamiliar environment • New activities • Embarrassment • Worried family members • Technologically challenged • Fricking WIFI…
- 8. www.uberether.com © 2018 UberEther, Inc. All Rights Reserved. 8 The First AttemptIt’s not pretty, but it worked
- 9. www.uberether.com © 2018 UberEther, Inc. All Rights Reserved. 9 The Second AttemptBetter, but we had new problems
- 10. www.uberether.com © 2018 UberEther, Inc. All Rights Reserved. 10 What Happened NextMo’ people mo’ problems
- 11. www.uberether.com © 2018 UberEther, Inc. All Rights Reserved. 11 How We’re Doing itStandards based security
- 12. www.uberether.com © 2018 UberEther, Inc. All Rights Reserved. 12 Customer Shift Data Driven Innovation Increased Demand For Speed, Customization, Experience and Transparency How Does It ApplyLeading Your Organization Through the Digital Transformation • In the Office • Badge in = domain login • Current presence onsite? • Brand new employee welcome • Does the badge match the face? • Where are all the visitors? • In the Field • Customers in the store • Customers in the service bay • New car? No problem • Customers at the window • Customer coming for pickup • Remember when I left the room New Products and Business Models Create New Competitors and Enhance Customer Choices Data Proliferation and Application of Advanced Analytics Create New Opportunities
- 13. www.uberether.com © 2018 UberEther, Inc. All Rights Reserved. 13 Let’s Get Physical!
- 14. www.uberether.com © 2018 UberEther, Inc. All Rights Reserved. 14 Thank you!
Editor's Notes
- Many organizations are moving to a Zero Trust model, most publicly discussed implementation is Google’s BeyondCorp. We trust nothing and build up profiles on the users and devices that connect to our networks and services. Even 20 person companies are able to built perimeter less security solutions that span their on premise and cloud services. Ideally we are moving away from just a password beyond MFA to true assertion of a user, the devices they use and the patterns by which follow every day. Better definition of corporate identity that aligns with how employees operate today Access decision making is done with the right contextual information Access controls are centralized with better visibility into employee activity Enforced security measures encourage better corporate security posture The network no longer defines trust, eliminating common attack vectors
- Very quickly, through our user’s devices the behaviors by which people are following Geolocation, Gait Analysis, Temperature, Barometric pressure, voice recognition, facial recognition, connected devices, biometrics, connected accounts. Mindwave headset But also the user’s devices utilizing Device Profiling, Certificates, Patch Levels, Velocity Checks, IP Address, Time of Day, trusted devices, fingerprinting, open ports, known software versions, and the combination of these devices working together in proximity from the same places. People have become the new perimeter.
- With all of this movement, it’s always bugged me that in so many companies the logical access control systems are completely separate from the physical access control systems. Badge readers, security cameras and security personnel are rarely integrated into the IAM governance solutions. Contractors and visitors are managed here but never connected to our internal systems for account provisioning or tracking them around the building. When we get an itch as a company we tend to do things that also solve a problem we personally have. In 2013 we wanted to learn more about AWS so we built a scalable cloud native web application to help us and up to 10,000 of our closest friends at a time to plan, rate and drink more beer at festivals across the country. There is nothing like 10,000 drunk people hitting your app within a 20 minute period to make sure your auto scaling works. This project was no different, but this one was for a much more noble cause. We’d been scratching an itch on how to manage IoT devices that aren’t directly tied to humans, the rapid lowering of costs to acquire and deploy devices, advancement in BLE technologies for positioning (we tried this with our beer event application) and facial recognition APIs from Google and Amazon. We also realize how cheap and easy it is to clone a RFID based access card with only a few hundred dollars in hardware and proximity to your readers.
- This is Chris. Additionally, Chris was mentioning that his mother in law was struggling with dementia, she and her husband were currently living with them and soon to move into a new retirement community. There was worry that she would get lost and not deal well with the transition. Quickly upon moving into the new environment these worries turned out to be true. Not being familiar with the new environment she struggled to adapt. She could not easily find where she was supposed to be going, was getting lost, and started to just stay in her room and not enjoy life. When Chris talked with her he asked why she didn’t use the facility’s call button to ask for help when she was stuck and she felt that she was a bother to the staff with the button and they treated it like an emergency. She also wanted a way to more discretely ask for help from friends and family and not cause a stink. Initially we tried addressing some of this through giving her shortcuts on her phone to call specific people, update here google calendar to remind her where she was going, but the biggest challenge was she couldn’t describe where she was if she was in trouble or how she could get to the actual places that were on her calendar.
- We were close, but had to turn it on it’s head to overcome these issues. We started using active readers (first raspberry pi’s then ESP32s about $10 each) and dummy tokens. We built a mesh network of the devices so they all communicated with each other on beacon locations. We found that BLE enabled badges and fobs are down to $1 a piece at scale. Some of these even have an ability to broadcast a different identifier when a button is pushed. Able to control the antenna/signal strength to get better positioning. We had a working prototype of one person and their family.
- We were close, but had to turn it on it’s head to overcome these issues. We started using active readers (first raspberry pi’s then ESP32s about $10 each) and dummy tokens. We built a mesh network of the devices so they all communicated with each other on beacon locations. We found that BLE enabled badges and fobs are down to $1 a piece at scale. Some of these even have an ability to broadcast a different identifier when a button is pushed. Able to control the antenna/signal strength to get better positioning. We had a working prototype of one person and their family.
- Then something happened. Other people started asking questions, she shared the cool tracking with her friends. They wanted it too. The facility asked us about it because they could see her demeanor change. All of a sudden we had an identity problem brewing. Multiple devices, people registration, fob registration, needed to associate those fobs to humans. Needed to only track allowed fobs. Their friends needed to register for the platform. They had to authorize their friends to see their locations. Had to register staff members. Everyone needed authentication for the UIs Distributed readers needed to be managed to the platform. We had to manage certificates on the devices, control software push updates from afar.
- Show user interfaces, show architecture diagrams, show some of the devices, discuss the standards being used in each level / layer of the architecture. (certificates, mqqt, oauth, oidc, social login, etc.)
- Discuss how this not only applies to a nursing home, but how these factors can contribute to additional factors for authorization policies and tracking behavior patterns. Easier to detect badge cloning without expensive camera systems (but that would add more context). Talk about simple things like what was done at CIA. If you aren’t in the building you can’t log into the network directly. No more tailgating. When you leave you badge out and we remove your access. Your badge is in the office with you laptop, but your phone is at home. What is the policy and access risk on this? You customers are in the store, where are they? Are they a VIP? What were they looking at on your website last night? What should you sell them today? What did they leave in their cart? A car pulls into the service bay, know what car it is and what you need to schedule before you even approach the window of the vehicle. Greet the customer by name when they pull up to the speaker to order lunch, ask them if they want the grande frappucino again. When the customer walks in just hand them their pizza from the shelf. It’ll amaze them. You are watching TV with your significant other and go to bed, your set top box should know when you left the room and where to start the show when you get up in the morning (even though they stayed up and finished the show) These devices are getting cheaper every day, the best practices are emerging and providing exciting new opportunities in for our businesses can help power your digital transformation. With the power of identity we can change the lives of our customers for the better and give them a much more memorable experience.