SlideShare a Scribd company logo

Securing the Internet of Things

Download as PPTX, PDF
Paul Fremantle
Paul Fremantle

A talk given at the EclipseCon 2014 M2M day. This deck addresses a number of aspects of security for IoT devices and applications and also looks at using federated identity for IoT including MQTT

1 of 49
Securing the Internet of Things Paul Fremantle CTO, WSO2 (paul@wso2.com) PhD researcher, Portsmouth University (paul.fremantle@port.ac.uk) @pzfreo Paul Madsen* Technical Architect, PingIdentity (pmadsen@pingidentity.com) @paulmadsen *Paul M helped me with the initial content, but I take responsibility for anything you don’t like in this slide deck.
About me • CTO and Co-Founder WSO2 – Open Source Middleware platform • Part-time PhD looking at security • Working in Apache for 14 years • Working with Cloud, SOA, APIs, MQTT, IoT 3
Firstly, does it matter?
“Google Hacking”
http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/
http://freo.me/1pbUmof
So what is different about IoT? • The longevity of the device – Updates are harder (or impossible) • The size of the device – Capabilities are limited – especially around crypto • The fact there is a device – Usually no UI for entering userids and passwords • The data – Often highly personal • The mindset – Appliance manufacturers don’t think like security experts – Embedded systems are often developed by grabbing existing chips, designs, etc
Physical Hacks A Practical Attack on the MIFARE Classic: http://www.cs.ru.nl/~flaviog/publications/Attack.MIFARE.pdf Karsten Nohl and Henryk Plotz. MIFARE, Little Security, Despite Obscurity
Or try this at home? http://freo.me/1g15BiG
http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.html
Hardware recommendations • Don’t rely on obscurity
Hardware recommendations • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity
Hardware Recommendation #2 • Unlocking a single device should risk only that device’s data
The Network
Crypto on small devices • Practical Considerations and Implementation Experiences in Securing Smart Object Networks – http://tools.ietf.org/html/draft-aks-crypto-sensors-02
ROM requirements
ECC is possible (and about fast enough)
Crypto Borrowed from Chris Swan: http://www.slideshare.net/cpswan/security-protocols-in-constrained-environments/13
Won’t ARM just solve this problem?
Cost matters 8 bits $5 retail $1 or less to embed 32 bits $25 retail $?? to embed
Another option?
SIMON and SPECK https://www.schneier.com/blog/archives/2013/07/simon_and_speck.html
Datagram Transport Layer Security (DTLS) • UDP based equivalent to TLS • https://tools.ietf.org/html/rfc4347
Key distribution
CoAP • Constrained Application Protocol – http://tools.ietf.org/html/draft-ietf-core-coap-18 – REST-like model built on UDP – Californium project coming soon to Eclipse IoT • No authentication or authorization – Relies on DLTS or data in the body
MQTT
MQTT • Very lightweight messaging protocol – Designed for 8-bit controllers, SCADA, etc – Low power, low bandwidth – Binary header of 2 bytes – Lots of implementations • Mosquitto, Paho, RSMB and Moquette from Eclipse – Clients: • Arduino, Perl, Python, PHP, C, Java, JS/Node.js, .Net, etc • Plus an even lighter-weight version for Zigbee – MQTT-SN (Sensor Network)
MQTT • Relies on TLS for confidentiality • Username/Password field
Passwords • Passwords suck for humans • They suck even more for devices
Tokens
Why OAuth2? • Widely implemented • Pretty good – Of course there is never 100% agreement – Or certainty with security protocols • Not just HTTP: – http://tools.ietf.org/html/draft-ietf-kitten-sasl- oauth-12 – OAuth2 used with SSL
Why FIAM for IoT? • Can enable a meaningful consent mechanism for sharing of device data • Giving a device a token to use on API calls better than giving it a password – Revokable – Granular • May be relevant for both – Device to cloud – Cloud to app
Two aspects using OAuth with IoT • On the device – Tokens are good – Limiting the access of the device • On the cloud – Putting users in control of their data – Just good current practice • Demo with MQTT – But not just for MQTT – Also for the cloud, CoAP, and other protocols too
Demo components Mosquitto (Open Source MQTT Broker) Acting as “Resource Server” Mosquitto_py_auth mqtt-oauth2.py IdP WSO2 Identity Server ESB Introspection API Refresher.py Arduino CreateToken.py 1 2 3 4 5 6
WSO2 Identity Server
Lessons learnt • MQTT and MPU / I2C code is 97% of Duemilanove – Adding the final logic to do OAuth2 flow pushed it to 99% – No TLS in this demo is a big issue • Different Oauth2 implementations behave differently (e.g. changing the refresh token every time you refresh) • Need to be able to update the scope of token if this will work for long term embedded devices • The refresh flow should not really go via the Resource server – Easy fix • MQTT should have a well defined model for sending a message to just one client (securely)
What I haven’t covered enough of
Summary • Think about security with your next device • We as a community need to make sure that the next generation of IoT devices are secure • We need to create exemplars – Shields – Libraries – Server software – Standards
Questions?

Recommended

Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things Security
Tutun Juhana
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
Julien Vermillard
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
Amit Rohatgi
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoT
WSO2
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
Mark Benson
 
IoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architectureIoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architecture
Paul Fremantle
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
Leonardo De Moura Rocha Lima
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay Kumar
OWASP Delhi
 

Recommended

Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things Security
Tutun Juhana
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
Julien Vermillard
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
Amit Rohatgi
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoT
WSO2
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
Mark Benson
 
IoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architectureIoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architecture
Paul Fremantle
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
Leonardo De Moura Rocha Lima
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay Kumar
OWASP Delhi
 
Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2
Paul Fremantle
 
Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A Survey
Adeel Ahmed
 
Introduction to the Internet of Things
Introduction to the Internet of ThingsIntroduction to the Internet of Things
Introduction to the Internet of Things
Alexandru Radovici
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Design World
 
Owasp top 10
Owasp top 10 Owasp top 10
Owasp top 10
veerababu penugonda(Mr-IoT)
 
Iot Security
Iot SecurityIot Security
Iot Security
MAITREYA MISRA
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
Leonardo De Moura Rocha Lima
 
Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016
Erez Metula
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
Clare Nelson, CISSP, CIPP-E
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
veerababu penugonda(Mr-IoT)
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
Frank Siepmann
 
Automatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoTAutomatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoT
automatskicorporation
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of Things
ForgeRock
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
EC-Council
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
Bryan Len
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Charalampos Doukas
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015
Eurotech
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Security
noornabi16
 
Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open Standards
George Fletcher
 
A military perspective on cyber security
A military perspective on cyber securityA military perspective on cyber security
A military perspective on cyber security
Joey Hernandez
 
Practical Security with MQTT and Mosquitto
Practical Security with MQTT and MosquittoPractical Security with MQTT and Mosquitto
Practical Security with MQTT and Mosquitto
nbarendt
 

More Related Content

What's hot

Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2
Paul Fremantle
 
Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A Survey
Adeel Ahmed
 
Introduction to the Internet of Things
Introduction to the Internet of ThingsIntroduction to the Internet of Things
Introduction to the Internet of Things
Alexandru Radovici
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Design World
 
Owasp top 10
Owasp top 10 Owasp top 10
Owasp top 10
veerababu penugonda(Mr-IoT)
 
Iot Security
Iot SecurityIot Security
Iot Security
MAITREYA MISRA
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
Leonardo De Moura Rocha Lima
 
Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016
Erez Metula
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
Clare Nelson, CISSP, CIPP-E
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
veerababu penugonda(Mr-IoT)
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
Frank Siepmann
 
Automatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoTAutomatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoT
automatskicorporation
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of Things
ForgeRock
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
EC-Council
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
Bryan Len
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Charalampos Doukas
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015
Eurotech
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Security
noornabi16
 
Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open Standards
George Fletcher
 

What's hot (20)

Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2
 
Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A Survey
 
Introduction to the Internet of Things
Introduction to the Internet of ThingsIntroduction to the Internet of Things
Introduction to the Internet of Things
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
 
Owasp top 10
Owasp top 10 Owasp top 10
Owasp top 10
 
Iot Security
Iot SecurityIot Security
Iot Security
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoT
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
 
Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
 
Automatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoTAutomatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoT
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of Things
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health Devices
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015
 
IOT privacy and Security
IOT privacy and SecurityIOT privacy and Security
IOT privacy and Security
 
Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open Standards
 

Viewers also liked

A military perspective on cyber security
A military perspective on cyber securityA military perspective on cyber security
A military perspective on cyber security
Joey Hernandez
 
Practical Security with MQTT and Mosquitto
Practical Security with MQTT and MosquittoPractical Security with MQTT and Mosquitto
Practical Security with MQTT and Mosquitto
nbarendt
 
MQTT Hacks for Fun and... Fun!
MQTT Hacks for Fun and... Fun!MQTT Hacks for Fun and... Fun!
MQTT Hacks for Fun and... Fun!
Andy Piper
 
Securing MQTT - BuildingIoT 2016 slides
Securing MQTT - BuildingIoT 2016 slidesSecuring MQTT - BuildingIoT 2016 slides
Securing MQTT - BuildingIoT 2016 slides
Dominik Obermaier
 
MQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message QueueingMQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message Queueing
Peter R. Egli
 
Military Robots
Military RobotsMilitary Robots
Military Robots
nsapre
 
Indian Army
Indian ArmyIndian Army
Indian Army
Sridhar Srinivas
 
Civil – military relations in india a perspective
Civil – military relations in india a perspectiveCivil – military relations in india a perspective
Civil – military relations in india a perspectiveUmong Sethi
 
Cyber security
Cyber securityCyber security
Cyber security
Siblu28
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
IoT - IT 423 ppt
IoT - IT 423 pptIoT - IT 423 ppt
IoT - IT 423 pptMhae Lyn
 

Viewers also liked (13)

A military perspective on cyber security
A military perspective on cyber securityA military perspective on cyber security
A military perspective on cyber security
 
Practical Security with MQTT and Mosquitto
Practical Security with MQTT and MosquittoPractical Security with MQTT and Mosquitto
Practical Security with MQTT and Mosquitto
 
MQTT Hacks for Fun and... Fun!
MQTT Hacks for Fun and... Fun!MQTT Hacks for Fun and... Fun!
MQTT Hacks for Fun and... Fun!
 
Securing MQTT - BuildingIoT 2016 slides
Securing MQTT - BuildingIoT 2016 slidesSecuring MQTT - BuildingIoT 2016 slides
Securing MQTT - BuildingIoT 2016 slides
 
MQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message QueueingMQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message Queueing
 
Military Robots
Military RobotsMilitary Robots
Military Robots
 
Indian Army
Indian ArmyIndian Army
Indian Army
 
Indian army
Indian armyIndian army
Indian army
 
Network security
Network securityNetwork security
Network security
 
Civil – military relations in india a perspective
Civil – military relations in india a perspectiveCivil – military relations in india a perspective
Civil – military relations in india a perspective
 
Cyber security
Cyber securityCyber security
Cyber security
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
IoT - IT 423 ppt
IoT - IT 423 pptIoT - IT 423 ppt
IoT - IT 423 ppt
 

Similar to Securing the Internet of Things

Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications WSO2
 
Building the Internet of Things with Eclipse IoT - IoTBE meetup
Building the Internet of Things with Eclipse IoT - IoTBE meetupBuilding the Internet of Things with Eclipse IoT - IoTBE meetup
Building the Internet of Things with Eclipse IoT - IoTBE meetup
Benjamin Cabé
 
Kumar cscl final
Kumar cscl finalKumar cscl final
Kumar cscl final
Kumar Gaurav
 
Supercharge your IOT toolbox with MQTT and Node-RED
Supercharge your IOT toolbox with MQTT and Node-REDSupercharge your IOT toolbox with MQTT and Node-RED
Supercharge your IOT toolbox with MQTT and Node-RED
Simen Sommerfeldt
 
The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017
Jian-Hong Pan
 
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...
Rick G. Garibay
 
IPv4 to IPv6 network transformation
IPv4 to IPv6 network transformationIPv4 to IPv6 network transformation
IPv4 to IPv6 network transformation
Nikolay Milovanov
 
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the RescueIndustrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Eurotech
 
Open source building blocks for the Internet of Things - Jfokus 2013
Open source building blocks for the Internet of Things - Jfokus 2013Open source building blocks for the Internet of Things - Jfokus 2013
Open source building blocks for the Internet of Things - Jfokus 2013
Benjamin Cabé
 
Test Execution Infrastructure for IoT Quality analysis
Test Execution Infrastructure for IoT Quality analysisTest Execution Infrastructure for IoT Quality analysis
Test Execution Infrastructure for IoT Quality analysis
Axel Rennoch
 
Using open source for IoT
Using open source for IoTUsing open source for IoT
Using open source for IoT
Ian Skerrett
 
Pushing Data from S7-1200 to Cloud
Pushing Data from S7-1200 to CloudPushing Data from S7-1200 to Cloud
Pushing Data from S7-1200 to Cloud
DMC, Inc.
 
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Julien Vermillard
 
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Adam Dunkels
 
Io t standard_bis_arpanpal
Io t standard_bis_arpanpalIo t standard_bis_arpanpal
Io t standard_bis_arpanpal
Arpan Pal
 
Integrating Things and the smart mobile phone capabilities
Integrating Things and the smart mobile phone capabilitiesIntegrating Things and the smart mobile phone capabilities
Integrating Things and the smart mobile phone capabilities
Marino Linaje Trigueros
 
this is a power point presentation on chat application
this is a power point presentation on chat applicationthis is a power point presentation on chat application
this is a power point presentation on chat application
mdprince1262
 
COMP8045 - Project Report v.1.3
COMP8045 - Project Report v.1.3COMP8045 - Project Report v.1.3
COMP8045 - Project Report v.1.3Soon Zoo Kwon
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT Gateway
LF Events
 
Authentication system with Decentralized chat app
Authentication system with Decentralized chat appAuthentication system with Decentralized chat app
Authentication system with Decentralized chat app
IRJET Journal
 

Similar to Securing the Internet of Things (20)

Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications
 
Building the Internet of Things with Eclipse IoT - IoTBE meetup
Building the Internet of Things with Eclipse IoT - IoTBE meetupBuilding the Internet of Things with Eclipse IoT - IoTBE meetup
Building the Internet of Things with Eclipse IoT - IoTBE meetup
 
Kumar cscl final
Kumar cscl finalKumar cscl final
Kumar cscl final
 
Supercharge your IOT toolbox with MQTT and Node-RED
Supercharge your IOT toolbox with MQTT and Node-REDSupercharge your IOT toolbox with MQTT and Node-RED
Supercharge your IOT toolbox with MQTT and Node-RED
 
The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017
 
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...
 
IPv4 to IPv6 network transformation
IPv4 to IPv6 network transformationIPv4 to IPv6 network transformation
IPv4 to IPv6 network transformation
 
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the RescueIndustrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
 
Open source building blocks for the Internet of Things - Jfokus 2013
Open source building blocks for the Internet of Things - Jfokus 2013Open source building blocks for the Internet of Things - Jfokus 2013
Open source building blocks for the Internet of Things - Jfokus 2013
 
Test Execution Infrastructure for IoT Quality analysis
Test Execution Infrastructure for IoT Quality analysisTest Execution Infrastructure for IoT Quality analysis
Test Execution Infrastructure for IoT Quality analysis
 
Using open source for IoT
Using open source for IoTUsing open source for IoT
Using open source for IoT
 
Pushing Data from S7-1200 to Cloud
Pushing Data from S7-1200 to CloudPushing Data from S7-1200 to Cloud
Pushing Data from S7-1200 to Cloud
 
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
 
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
 
Io t standard_bis_arpanpal
Io t standard_bis_arpanpalIo t standard_bis_arpanpal
Io t standard_bis_arpanpal
 
Integrating Things and the smart mobile phone capabilities
Integrating Things and the smart mobile phone capabilitiesIntegrating Things and the smart mobile phone capabilities
Integrating Things and the smart mobile phone capabilities
 
this is a power point presentation on chat application
this is a power point presentation on chat applicationthis is a power point presentation on chat application
this is a power point presentation on chat application
 
COMP8045 - Project Report v.1.3
COMP8045 - Project Report v.1.3COMP8045 - Project Report v.1.3
COMP8045 - Project Report v.1.3
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT Gateway
 
Authentication system with Decentralized chat app
Authentication system with Decentralized chat appAuthentication system with Decentralized chat app
Authentication system with Decentralized chat app
 

More from Paul Fremantle

IoT and Blockchains - enhancing security and privacy
IoT and Blockchains - enhancing security and privacyIoT and Blockchains - enhancing security and privacy
IoT and Blockchains - enhancing security and privacy
Paul Fremantle
 
Anonymous Individual Integration for IoT
Anonymous Individual Integration for IoTAnonymous Individual Integration for IoT
Anonymous Individual Integration for IoT
Paul Fremantle
 
Web API Management meets the Internet of Things
Web API Management meets the Internet of ThingsWeb API Management meets the Internet of Things
Web API Management meets the Internet of Things
Paul Fremantle
 
Apache Stratos - Building a PaaS using OSGi and Equinox
Apache Stratos - Building a PaaS using OSGi and EquinoxApache Stratos - Building a PaaS using OSGi and Equinox
Apache Stratos - Building a PaaS using OSGi and Equinox
Paul Fremantle
 
Beyond Economics - Cloud as a Business Enabler
Beyond Economics - Cloud as a Business EnablerBeyond Economics - Cloud as a Business Enabler
Beyond Economics - Cloud as a Business Enabler
Paul Fremantle
 
Evolution of PaaS
Evolution of PaaSEvolution of PaaS
Evolution of PaaS
Paul Fremantle
 
The Evolution of Integration
The Evolution of IntegrationThe Evolution of Integration
The Evolution of Integration
Paul Fremantle
 
High Volume Web API Management with the WSO2 ESB
High Volume Web API Management with the WSO2 ESBHigh Volume Web API Management with the WSO2 ESB
High Volume Web API Management with the WSO2 ESB
Paul Fremantle
 
Stratos Open PaaS OSCON 2011
Stratos Open PaaS OSCON 2011Stratos Open PaaS OSCON 2011
Stratos Open PaaS OSCON 2011
Paul Fremantle
 
Stratos and PaaS for London Java Community
Stratos and PaaS for London Java CommunityStratos and PaaS for London Java Community
Stratos and PaaS for London Java Community
Paul Fremantle
 
Understanding Platform as a Service
Understanding Platform as a ServiceUnderstanding Platform as a Service
Understanding Platform as a Service
Paul Fremantle
 
Making Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and MeteredMaking Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and Metered
Paul Fremantle
 
Building Cloud Native Software
Building Cloud Native SoftwareBuilding Cloud Native Software
Building Cloud Native Software
Paul Fremantle
 
Building Innovation with Open Source Approaches
Building Innovation with Open Source ApproachesBuilding Innovation with Open Source Approaches
Building Innovation with Open Source Approaches
Paul Fremantle
 
Three SOA Case Studies
Three SOA Case StudiesThree SOA Case Studies
Three SOA Case Studies
Paul Fremantle
 
Fast SOA with Apache Synapse
Fast SOA with Apache SynapseFast SOA with Apache Synapse
Fast SOA with Apache Synapse
Paul Fremantle
 
REST vs WS-*: Myths Facts and Lies
REST vs WS-*: Myths Facts and LiesREST vs WS-*: Myths Facts and Lies
REST vs WS-*: Myths Facts and Lies
Paul Fremantle
 

More from Paul Fremantle (17)

IoT and Blockchains - enhancing security and privacy
IoT and Blockchains - enhancing security and privacyIoT and Blockchains - enhancing security and privacy
IoT and Blockchains - enhancing security and privacy
 
Anonymous Individual Integration for IoT
Anonymous Individual Integration for IoTAnonymous Individual Integration for IoT
Anonymous Individual Integration for IoT
 
Web API Management meets the Internet of Things
Web API Management meets the Internet of ThingsWeb API Management meets the Internet of Things
Web API Management meets the Internet of Things
 
Apache Stratos - Building a PaaS using OSGi and Equinox
Apache Stratos - Building a PaaS using OSGi and EquinoxApache Stratos - Building a PaaS using OSGi and Equinox
Apache Stratos - Building a PaaS using OSGi and Equinox
 
Beyond Economics - Cloud as a Business Enabler
Beyond Economics - Cloud as a Business EnablerBeyond Economics - Cloud as a Business Enabler
Beyond Economics - Cloud as a Business Enabler
 
Evolution of PaaS
Evolution of PaaSEvolution of PaaS
Evolution of PaaS
 
The Evolution of Integration
The Evolution of IntegrationThe Evolution of Integration
The Evolution of Integration
 
High Volume Web API Management with the WSO2 ESB
High Volume Web API Management with the WSO2 ESBHigh Volume Web API Management with the WSO2 ESB
High Volume Web API Management with the WSO2 ESB
 
Stratos Open PaaS OSCON 2011
Stratos Open PaaS OSCON 2011Stratos Open PaaS OSCON 2011
Stratos Open PaaS OSCON 2011
 
Stratos and PaaS for London Java Community
Stratos and PaaS for London Java CommunityStratos and PaaS for London Java Community
Stratos and PaaS for London Java Community
 
Understanding Platform as a Service
Understanding Platform as a ServiceUnderstanding Platform as a Service
Understanding Platform as a Service
 
Making Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and MeteredMaking Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and Metered
 
Building Cloud Native Software
Building Cloud Native SoftwareBuilding Cloud Native Software
Building Cloud Native Software
 
Building Innovation with Open Source Approaches
Building Innovation with Open Source ApproachesBuilding Innovation with Open Source Approaches
Building Innovation with Open Source Approaches
 
Three SOA Case Studies
Three SOA Case StudiesThree SOA Case Studies
Three SOA Case Studies
 
Fast SOA with Apache Synapse
Fast SOA with Apache SynapseFast SOA with Apache Synapse
Fast SOA with Apache Synapse
 
REST vs WS-*: Myths Facts and Lies
REST vs WS-*: Myths Facts and LiesREST vs WS-*: Myths Facts and Lies
REST vs WS-*: Myths Facts and Lies
 

Recently uploaded

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 

Recently uploaded (20)

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 

Securing the Internet of Things

  • 1. Securing the Internet of Things Paul Fremantle CTO, WSO2 (paul@wso2.com) PhD researcher, Portsmouth University (paul.fremantle@port.ac.uk) @pzfreo Paul Madsen* Technical Architect, PingIdentity (pmadsen@pingidentity.com) @paulmadsen *Paul M helped me with the initial content, but I take responsibility for anything you don’t like in this slide deck.
  • 2.
  • 3. About me • CTO and Co-Founder WSO2 – Open Source Middleware platform • Part-time PhD looking at security • Working in Apache for 14 years • Working with Cloud, SOA, APIs, MQTT, IoT 3
  • 5.
  • 6.
  • 9.
  • 11. So what is different about IoT? • The longevity of the device – Updates are harder (or impossible) • The size of the device – Capabilities are limited – especially around crypto • The fact there is a device – Usually no UI for entering userids and passwords • The data – Often highly personal • The mindset – Appliance manufacturers don’t think like security experts – Embedded systems are often developed by grabbing existing chips, designs, etc
  • 12. Physical Hacks A Practical Attack on the MIFARE Classic: http://www.cs.ru.nl/~flaviog/publications/Attack.MIFARE.pdf Karsten Nohl and Henryk Plotz. MIFARE, Little Security, Despite Obscurity
  • 13.
  • 14. Or try this at home? http://freo.me/1g15BiG
  • 17. Hardware recommendations • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity
  • 18. Hardware Recommendation #2 • Unlocking a single device should risk only that device’s data
  • 20. Crypto on small devices • Practical Considerations and Implementation Experiences in Securing Smart Object Networks – http://tools.ietf.org/html/draft-aks-crypto-sensors-02
  • 22. ECC is possible (and about fast enough)
  • 23.
  • 24. Crypto Borrowed from Chris Swan: http://www.slideshare.net/cpswan/security-protocols-in-constrained-environments/13
  • 25. Won’t ARM just solve this problem?
  • 26. Cost matters 8 bits $5 retail $1 or less to embed 32 bits $25 retail $?? to embed
  • 29. Datagram Transport Layer Security (DTLS) • UDP based equivalent to TLS • https://tools.ietf.org/html/rfc4347
  • 31.
  • 32. CoAP • Constrained Application Protocol – http://tools.ietf.org/html/draft-ietf-core-coap-18 – REST-like model built on UDP – Californium project coming soon to Eclipse IoT • No authentication or authorization – Relies on DLTS or data in the body
  • 33. MQTT
  • 34. MQTT • Very lightweight messaging protocol – Designed for 8-bit controllers, SCADA, etc – Low power, low bandwidth – Binary header of 2 bytes – Lots of implementations • Mosquitto, Paho, RSMB and Moquette from Eclipse – Clients: • Arduino, Perl, Python, PHP, C, Java, JS/Node.js, .Net, etc • Plus an even lighter-weight version for Zigbee – MQTT-SN (Sensor Network)
  • 35. MQTT • Relies on TLS for confidentiality • Username/Password field
  • 36. Passwords • Passwords suck for humans • They suck even more for devices
  • 38.
  • 39. Why OAuth2? • Widely implemented • Pretty good – Of course there is never 100% agreement – Or certainty with security protocols • Not just HTTP: – http://tools.ietf.org/html/draft-ietf-kitten-sasl- oauth-12 – OAuth2 used with SSL
  • 40.
  • 41.
  • 42. Why FIAM for IoT? • Can enable a meaningful consent mechanism for sharing of device data • Giving a device a token to use on API calls better than giving it a password – Revokable – Granular • May be relevant for both – Device to cloud – Cloud to app
  • 43. Two aspects using OAuth with IoT • On the device – Tokens are good – Limiting the access of the device • On the cloud – Putting users in control of their data – Just good current practice • Demo with MQTT – But not just for MQTT – Also for the cloud, CoAP, and other protocols too
  • 44. Demo components Mosquitto (Open Source MQTT Broker) Acting as “Resource Server” Mosquitto_py_auth mqtt-oauth2.py IdP WSO2 Identity Server ESB Introspection API Refresher.py Arduino CreateToken.py 1 2 3 4 5 6
  • 46. Lessons learnt • MQTT and MPU / I2C code is 97% of Duemilanove – Adding the final logic to do OAuth2 flow pushed it to 99% – No TLS in this demo is a big issue • Different Oauth2 implementations behave differently (e.g. changing the refresh token every time you refresh) • Need to be able to update the scope of token if this will work for long term embedded devices • The refresh flow should not really go via the Resource server – Easy fix • MQTT should have a well defined model for sending a message to just one client (securely)
  • 47. What I haven’t covered enough of
  • 48. Summary • Think about security with your next device • We as a community need to make sure that the next generation of IoT devices are secure • We need to create exemplars – Shields – Libraries – Server software – Standards