Working on standards can be slow and tedious but there are also rewards: interoperability, open source implementations and high-quality specifications. Based on two examples of ongoing standardization efforts that aim to improve IoT security in the Internet Engineering Task Force (IETF), namely "Authentication and Authorization for Constrained Environments" (ACE) and "Software Updates for Internet of Things" (SUIT), Hannes explains the process and how to get involved.
Measuring the Performance and Energy Cost of Cryptography in IoT DevicesHannes Tschofenig
Communication security technologies, like Transport Layer Security (TLS), are readily available for developers to use to protect their IoT systems. Still, developers are reluctant to use state-of-the-art security technologies due to the impact on performance, code size and RAM, and energy.
What is the impact of encryption algorithms, hash functions, and public key cryptosystems on a specific microcontroller?
Peter Torelli and Hannes Tschofenig introduce a new security benchmark developed by the benchmarking organization EEMBC that allows silicon manufacturers and developers to analyze and select the appropriate microcontroller.
Advancing IoT Communication Security with TLS and DTLS v1.3Hannes Tschofenig
Missing communication security is a common vulnerability in Internet of Things deployments. Addressing this vulnerability is, in theory, relatively easy: with TLS and DTLS, two widely used security protocols are available. They are used to secure web and smart phone apps.
In this talk Hannes Tschofenig explains how the TLS/DTLS 1.3 protocols work and how they differ from previous versions. Hannes also speaks about the performance improvements and how they help in IoT deployments.
Performance of State-of-the-Art Cryptography on ARM-based MicroprocessorsHannes Tschofenig
Position paper for the NIST Lightweight Cryptography Workshop, 20th and 21st July 2015, Gaithersburg, US.
The link to the workshop is available at: http://www.nist.gov/itl/csd/ct/lwc_workshop2015.cfm
Slide deck for talk at IETF#92 (Dallas, March 2015) at the IETF Light-Weight Implementation Guidance (lwig) working group about the performance of cryptographic algorithms on ARM processors.
How to Select Hardware for Internet of Things Systems?Hannes Tschofenig
With the increasing commercial interest in Internet of Things (IoT) the question about a reasonable hardware configuration surfaces again and again.
Peter Aldworth, a hardware engineer with more than 19 years of experience, discusses this topic in a presentation given to the IETF community.
BKK16-200 Designing Security into low cost IO T SystemsLinaro
….Trust and security are essential for the Internet of Things (IoT) to scale. As your product becomes successful, attraction will be high for it to be hacked and, as a consumer, you'll suffer with consequences if security is not baked into the system, at every level. With IoT, we now need to enable an appropriate level of security for low cost IoT designs done by people with little or no security expertise. In this presentation, you will learn how ARM, Linaro and the ARM partnership are securing these low cost IoT endpoints by providing device security, lifecycle security and communication security, without the need for in-depth security experts…
Measuring the Performance and Energy Cost of Cryptography in IoT DevicesHannes Tschofenig
Communication security technologies, like Transport Layer Security (TLS), are readily available for developers to use to protect their IoT systems. Still, developers are reluctant to use state-of-the-art security technologies due to the impact on performance, code size and RAM, and energy.
What is the impact of encryption algorithms, hash functions, and public key cryptosystems on a specific microcontroller?
Peter Torelli and Hannes Tschofenig introduce a new security benchmark developed by the benchmarking organization EEMBC that allows silicon manufacturers and developers to analyze and select the appropriate microcontroller.
Advancing IoT Communication Security with TLS and DTLS v1.3Hannes Tschofenig
Missing communication security is a common vulnerability in Internet of Things deployments. Addressing this vulnerability is, in theory, relatively easy: with TLS and DTLS, two widely used security protocols are available. They are used to secure web and smart phone apps.
In this talk Hannes Tschofenig explains how the TLS/DTLS 1.3 protocols work and how they differ from previous versions. Hannes also speaks about the performance improvements and how they help in IoT deployments.
Performance of State-of-the-Art Cryptography on ARM-based MicroprocessorsHannes Tschofenig
Position paper for the NIST Lightweight Cryptography Workshop, 20th and 21st July 2015, Gaithersburg, US.
The link to the workshop is available at: http://www.nist.gov/itl/csd/ct/lwc_workshop2015.cfm
Slide deck for talk at IETF#92 (Dallas, March 2015) at the IETF Light-Weight Implementation Guidance (lwig) working group about the performance of cryptographic algorithms on ARM processors.
How to Select Hardware for Internet of Things Systems?Hannes Tschofenig
With the increasing commercial interest in Internet of Things (IoT) the question about a reasonable hardware configuration surfaces again and again.
Peter Aldworth, a hardware engineer with more than 19 years of experience, discusses this topic in a presentation given to the IETF community.
BKK16-200 Designing Security into low cost IO T SystemsLinaro
….Trust and security are essential for the Internet of Things (IoT) to scale. As your product becomes successful, attraction will be high for it to be hacked and, as a consumer, you'll suffer with consequences if security is not baked into the system, at every level. With IoT, we now need to enable an appropriate level of security for low cost IoT designs done by people with little or no security expertise. In this presentation, you will learn how ARM, Linaro and the ARM partnership are securing these low cost IoT endpoints by providing device security, lifecycle security and communication security, without the need for in-depth security experts…
OMA Seminar/Webinar, October 27, 2016, "How Developers Can Get the Most Out of IoT Standards and Tools" - Presentation #8 from Juan Perez, Principal Program Manager, Microsoft
"Developing Services with Microsoft’s Azure Platform"
Multiple protocols have been positioned as “the” application-layer messaging protocol for the Internet of Things (IoT) and Machine-to-Machine (M2M) communication. In fact, these protocols address different aspects of IoT messaging and are complementary more than competitive (other than for mindshare). This presentation compares two of these protocols, MQTT and DDS, and shows how they are designed and optimized for different communication requirements.
IoT is one of the biggest topics in IT system today.
In this session, we will discuss how we can achieve an effective IoT system on OpenStack.
Firstly we'll describe IoT use cases, and summarize some generic requirements for IoT backend.
Secondly, we'll present our reference design of IoT backend on OpenStack IaaS.
Finally, we'll discuss the result of fit and gap analysis of OpenStack itself as a platform for IoT backend.
This session includes following items.
* What kind of components we need to enable IoT backend
* How to design and create network model to gather up all data from distributed sources
* How to support flexible data gathering, storing and processing of massive data
* How to achieve multi-tenanty required for IoT platform
https://openstacksummitoctober2015tokyo.sched.org/event/0ca80f968b4e1e3dd23137405a7deb15#.VjSxm2s3LJA
IoT projects in Eclipse Foundation using LwM2M (IoT World 2017 Workshop)Open Mobile Alliance
Presentation delivered during the Internet of Things World, Santa Clara pre-event workshop by Ian Skerrett – VP of Marketing, Eclipse Foundation
Eclipse IoT Foundation provides the technology needed to build IoT Devices, Gateways and Cloud Platforms. Eclipse has several IoT projects you will learn about in this presentation:
● What IoT projects are being developed in Eclipse Foundation
● What are Leshan and Wakaama projects and how they are related to LwM2M
● What Eclipse tools are available and how they can be obtained
● What is next for Eclipse Foundation
OMA is the organization that develops and maintains the device management protocol, OMA Lightweight M2M (LwM2M). During OMA’s presentation, you will learn:
● What is LwM2M architecture, interfaces, functions and operations
● The different organizations that interface with OMA to create the LwM2M ecosystem
● How LwM2M works
● Why LwM2M is secure
● What is next for OMA LwM2M
Dominating Industrie 4.0 with Secure Software Licensingteam-WIBU
The future of the industry is digital and intelligent, powered by know-how expressed in software that enables collaborative robotics, Big Data and analytics, IIoT and M2M, augmented and virtual reality, and 3D printing. Collaboration between the makers of innovative solution and manufacturing companies promotes the dissemination of the Automation 4.0 culture, the understanding of its implications for competitiveness, and the implementation of successful use cases. At the core of the new infrastructure, we find Cyber Security 4.0 and Digital Business 4.0, both facilitated by CodeMeter Embedded 2.0.
The brand new generation of CodeMeter Embedded provides a broad spectrum of new features:
- An extremely compact footprint: the technology is modular, so it’s your choice how to combine the modules you need and build a fully customized solution for your project.
- Established compatibility with embedded systems and PLCs to cover the complete gamut of intelligent devices you intend to deploy.
- Wider compatibility with platforms and operating systems; if you use a mainstream system, including ARM, Intel, and PPC, we deliver the corresponding libraries to you; if you use more exotic platforms, the source code is directly available to you.
- Compatibility with the complete array of Wibu-Systems’ hardware and software secure elements: CmDongles, CmActLicenses, and CmLAN (License Server in a Network).
- Compatibility with CodeMeter Runtime: no need to pick different solutions for complex architectures; CodeMeter covers all options at once.
- Compatibility with CodeMeter Protection Suite, because top notch encryption is the starting point of all communication.
- Compatibility with CodeMeter License Central: once security is in place, you can get on with creating, distributing, and managing your embedded software licenses and start monetizing your business.
Watch the webinar:
https://youtu.be/-eTiIwlejtY
OPC UA Security: Native and Add-on Solutionsteam-WIBU
The Industrial Internet of Things has set the stage for the convergence of Operations Technology (OT) and Information Technology (IT), that is, the plant floor and the higher-level IT infrastructure. One of the many aspects of this transitional journey is represented by M2M communications.
OPC UA is a multi-platform, plug & play Information Exchange Standard for industrial smart automation and cloud networking. It standardizes communications within machines, between machines, and from machines to smart systems, securely networked with IoT architectures.
As a member of the OPC Foundation, Wibu-Systems has been an early adopter of the OPC UA standard in Industrie 4.0 projects like IUNO, the German national reference project for IT security in Industrie 4.0, S4SmartPro, the key finder prototype production line of SmartFactoryKL, and OpSit, the optimal use of smart items technologies in healthcare.
As recently pointed out in the Industrial Internet Security Framework as well, it is endpoints, i.e. the device or cloud-based components that have interfaces for network communication, that are particularly vulnerable in a world of cyber-physical systems connected to open networks. The Unified Automation ANSI C based and High Performance OPC UA SDKs, powered by CodeMeter Embedded, fully support the OPC UA defined Security Profiles and configurations and provide even stronger security for modern M2M communications. Secret information, like RSA private keys, certificates, and trust lists, is stored in a hardware secure element and protected from theft and tampering attacks. In a time when intellectual property is shifting in the value chain from hardware to software, manufacturers now also have new opportunities to capitalize on their software and offer feature-based, time-based, version-based, or pay-per-use models to scale up their offerings, expand their market share, and produce recurrent revenues.
In this presentation, we are going to navigate you through a journey of exploration that will touch upon:
* The elements of innovation in smart manufacturing
* The connection requirements for M2M in the IIoT age
* The building blocks of the OPC Unified Architecture
* Use cases that are accelerating the rise of Smart Factories
* The integration of CodeMeter in the OPC UA standard
* The OPC UA security extension for endpoints
Working with Windows, Linux, macOS, or Android? With minimal embedded controllers up to massive cloud infrastructures? OPC UA and CodeMeter are equally suited, scalable, and secure, and most of all integrated in a streamlined fashion to provide the ultimate technology in access control, authentication, and encryption.
Watch the webinar: https://youtu.be/r3CHB42OJ-o
An end-to-end standard oneM2M infrastructure for the Smart Home - Andre Bottaromfrancis
OSGi Community Event 2015
A new world of applications emerges in the home from the growing variety of things – devices, sensors, actuators – potentially available. Several application domains are considered, e.g., security, energy efficiency, comfort, ambient assisted living, multimedia communication. The Smart Home is slowly taking off.</p>
Several actors exploit a new technical and economic opportunity to catalyze this market. This opportunity is based on the re-use of the infrastructure that telecom operators have deployed for today classic Internet and TV services. It raises technical and business challenges: Telecom operators have to open their home infrastructure to third-party applications while guaranteeing application security and consistency to all home business actors using this infrastructure.
Telecom operators have to open APIs at least two levels of their architecture: APIs in the cloud and APIs on an embedded device environment. This end-to-end infrastructure between the home network and service platforms has also to provide security at several levels, especially a consistent access right management.
The presentation will provide a vision of an open end-to-end architecture providing APIs in the cloud and in a home box to host any application and connect to any device in the Home. Among the standard organizations and industrial alliances, oneM2M standard specifications are making a reference architecture emerge. The implementation of oneM2M standard features in OSGi technology will be detailed, especially the end-to-end access right management discriminating both applications and users when accessing devices.
This infrastructure is currently prototyped thanks to the integration of open source software bricks provided by <a>Open the Box</a>, <a>Eclipse SmartHome</a> and <a>Eclipse OM2M</a> open initiatives.
Zach Shelby, Chief Nerd and co-founder of Sensinode, gives a high-level tutorial of the new OMA Lightweight M2M standard for Device Management, Network Mangement and Application Data for the Internet of Things. This new CoAP and DTLS based standard provides a complete system interface solution for M2M devices and services.
Example application providing guidelines for using the Cryptography Device Library framework.
Showcase DPDK cryptodev framework performance with a real world use case scenario.
Author: Georgi Tkachuk
What's the Right Messaging Standard for the IoT?Angelo Corsaro
Different messaging and data sharing standards, such as AMQP, CoAP, DDS, MQTT, and REST have been proposed as candidate for addressing the data sharing challenges of the Internet of Things (IoT) and the Industrial Internet (I2).
In technical forums and social media there is no lack of passionate discussions that praise the merits of one standard over the other. Yet, to date, there are little or perhaps no analysis that look at the details of the different standards and perform an in depth, qualitative, analytic and empirical evaluation.
This presentation, will (1) introduce the key standards that are being proposed for the Internet of Things and the Industrial Internet, such as AMQP, CoAP, DDS, MQTT and REST, (2) present a qualitative comparison that highlights the different features provided by the various standards, (3) present an analytic comparison looking at the efficiency and scalability of the various protocols and (3) report the results of an empirical evaluation comparing the actual performances of the various standards.
Cloud native architecture is emerging for Telecom workloads. To support these emerging trends, Intel is targeting enhancements to the Dataplane Development Kit (DPDK). The enhancements would target network service mesh with dedicated sidecar accelerators and the mechanism to build the mesh dynamically.
Speaker: Gerald Rogers. Gerald Rogers is a Principal Engineer in the Network Products Group focused on virtual switching, network function virtualization and Data Plane Development Kit (DPDK). After joining Intel in 2005, Gerald has worked as a software engineer and architect in the embedded and networking groups. For the past 7 years Gerald has led the network virtual switching software and hardware acceleration effort to drive Intel architecture into the networking and telecommunications industry. Gerald holds a Bachelor’s degree in Electrical Engineering and a Master’s degree in Computer Science, and has 20 years of experience in the networking and telecommunications industry.
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...Paris Open Source Summit
La mise-à-jour de firmwares "Over-The-Air" sur microcontrôleur a toujours été un sujet ambitieux et pourtant primordial pour sécuriser une application IoT. Le système d'exploitation RIOT (https://riot-os.org) fournit désormais les briques logicielles pour réaliser des mise-à-jour de firmware en utilisant des protocoles standards et sécurisés de bout-en-bout.
OMA Seminar/Webinar, October 27, 2016, "How Developers Can Get the Most Out of IoT Standards and Tools" - Presentation #8 from Juan Perez, Principal Program Manager, Microsoft
"Developing Services with Microsoft’s Azure Platform"
Multiple protocols have been positioned as “the” application-layer messaging protocol for the Internet of Things (IoT) and Machine-to-Machine (M2M) communication. In fact, these protocols address different aspects of IoT messaging and are complementary more than competitive (other than for mindshare). This presentation compares two of these protocols, MQTT and DDS, and shows how they are designed and optimized for different communication requirements.
IoT is one of the biggest topics in IT system today.
In this session, we will discuss how we can achieve an effective IoT system on OpenStack.
Firstly we'll describe IoT use cases, and summarize some generic requirements for IoT backend.
Secondly, we'll present our reference design of IoT backend on OpenStack IaaS.
Finally, we'll discuss the result of fit and gap analysis of OpenStack itself as a platform for IoT backend.
This session includes following items.
* What kind of components we need to enable IoT backend
* How to design and create network model to gather up all data from distributed sources
* How to support flexible data gathering, storing and processing of massive data
* How to achieve multi-tenanty required for IoT platform
https://openstacksummitoctober2015tokyo.sched.org/event/0ca80f968b4e1e3dd23137405a7deb15#.VjSxm2s3LJA
IoT projects in Eclipse Foundation using LwM2M (IoT World 2017 Workshop)Open Mobile Alliance
Presentation delivered during the Internet of Things World, Santa Clara pre-event workshop by Ian Skerrett – VP of Marketing, Eclipse Foundation
Eclipse IoT Foundation provides the technology needed to build IoT Devices, Gateways and Cloud Platforms. Eclipse has several IoT projects you will learn about in this presentation:
● What IoT projects are being developed in Eclipse Foundation
● What are Leshan and Wakaama projects and how they are related to LwM2M
● What Eclipse tools are available and how they can be obtained
● What is next for Eclipse Foundation
OMA is the organization that develops and maintains the device management protocol, OMA Lightweight M2M (LwM2M). During OMA’s presentation, you will learn:
● What is LwM2M architecture, interfaces, functions and operations
● The different organizations that interface with OMA to create the LwM2M ecosystem
● How LwM2M works
● Why LwM2M is secure
● What is next for OMA LwM2M
Dominating Industrie 4.0 with Secure Software Licensingteam-WIBU
The future of the industry is digital and intelligent, powered by know-how expressed in software that enables collaborative robotics, Big Data and analytics, IIoT and M2M, augmented and virtual reality, and 3D printing. Collaboration between the makers of innovative solution and manufacturing companies promotes the dissemination of the Automation 4.0 culture, the understanding of its implications for competitiveness, and the implementation of successful use cases. At the core of the new infrastructure, we find Cyber Security 4.0 and Digital Business 4.0, both facilitated by CodeMeter Embedded 2.0.
The brand new generation of CodeMeter Embedded provides a broad spectrum of new features:
- An extremely compact footprint: the technology is modular, so it’s your choice how to combine the modules you need and build a fully customized solution for your project.
- Established compatibility with embedded systems and PLCs to cover the complete gamut of intelligent devices you intend to deploy.
- Wider compatibility with platforms and operating systems; if you use a mainstream system, including ARM, Intel, and PPC, we deliver the corresponding libraries to you; if you use more exotic platforms, the source code is directly available to you.
- Compatibility with the complete array of Wibu-Systems’ hardware and software secure elements: CmDongles, CmActLicenses, and CmLAN (License Server in a Network).
- Compatibility with CodeMeter Runtime: no need to pick different solutions for complex architectures; CodeMeter covers all options at once.
- Compatibility with CodeMeter Protection Suite, because top notch encryption is the starting point of all communication.
- Compatibility with CodeMeter License Central: once security is in place, you can get on with creating, distributing, and managing your embedded software licenses and start monetizing your business.
Watch the webinar:
https://youtu.be/-eTiIwlejtY
OPC UA Security: Native and Add-on Solutionsteam-WIBU
The Industrial Internet of Things has set the stage for the convergence of Operations Technology (OT) and Information Technology (IT), that is, the plant floor and the higher-level IT infrastructure. One of the many aspects of this transitional journey is represented by M2M communications.
OPC UA is a multi-platform, plug & play Information Exchange Standard for industrial smart automation and cloud networking. It standardizes communications within machines, between machines, and from machines to smart systems, securely networked with IoT architectures.
As a member of the OPC Foundation, Wibu-Systems has been an early adopter of the OPC UA standard in Industrie 4.0 projects like IUNO, the German national reference project for IT security in Industrie 4.0, S4SmartPro, the key finder prototype production line of SmartFactoryKL, and OpSit, the optimal use of smart items technologies in healthcare.
As recently pointed out in the Industrial Internet Security Framework as well, it is endpoints, i.e. the device or cloud-based components that have interfaces for network communication, that are particularly vulnerable in a world of cyber-physical systems connected to open networks. The Unified Automation ANSI C based and High Performance OPC UA SDKs, powered by CodeMeter Embedded, fully support the OPC UA defined Security Profiles and configurations and provide even stronger security for modern M2M communications. Secret information, like RSA private keys, certificates, and trust lists, is stored in a hardware secure element and protected from theft and tampering attacks. In a time when intellectual property is shifting in the value chain from hardware to software, manufacturers now also have new opportunities to capitalize on their software and offer feature-based, time-based, version-based, or pay-per-use models to scale up their offerings, expand their market share, and produce recurrent revenues.
In this presentation, we are going to navigate you through a journey of exploration that will touch upon:
* The elements of innovation in smart manufacturing
* The connection requirements for M2M in the IIoT age
* The building blocks of the OPC Unified Architecture
* Use cases that are accelerating the rise of Smart Factories
* The integration of CodeMeter in the OPC UA standard
* The OPC UA security extension for endpoints
Working with Windows, Linux, macOS, or Android? With minimal embedded controllers up to massive cloud infrastructures? OPC UA and CodeMeter are equally suited, scalable, and secure, and most of all integrated in a streamlined fashion to provide the ultimate technology in access control, authentication, and encryption.
Watch the webinar: https://youtu.be/r3CHB42OJ-o
An end-to-end standard oneM2M infrastructure for the Smart Home - Andre Bottaromfrancis
OSGi Community Event 2015
A new world of applications emerges in the home from the growing variety of things – devices, sensors, actuators – potentially available. Several application domains are considered, e.g., security, energy efficiency, comfort, ambient assisted living, multimedia communication. The Smart Home is slowly taking off.</p>
Several actors exploit a new technical and economic opportunity to catalyze this market. This opportunity is based on the re-use of the infrastructure that telecom operators have deployed for today classic Internet and TV services. It raises technical and business challenges: Telecom operators have to open their home infrastructure to third-party applications while guaranteeing application security and consistency to all home business actors using this infrastructure.
Telecom operators have to open APIs at least two levels of their architecture: APIs in the cloud and APIs on an embedded device environment. This end-to-end infrastructure between the home network and service platforms has also to provide security at several levels, especially a consistent access right management.
The presentation will provide a vision of an open end-to-end architecture providing APIs in the cloud and in a home box to host any application and connect to any device in the Home. Among the standard organizations and industrial alliances, oneM2M standard specifications are making a reference architecture emerge. The implementation of oneM2M standard features in OSGi technology will be detailed, especially the end-to-end access right management discriminating both applications and users when accessing devices.
This infrastructure is currently prototyped thanks to the integration of open source software bricks provided by <a>Open the Box</a>, <a>Eclipse SmartHome</a> and <a>Eclipse OM2M</a> open initiatives.
Zach Shelby, Chief Nerd and co-founder of Sensinode, gives a high-level tutorial of the new OMA Lightweight M2M standard for Device Management, Network Mangement and Application Data for the Internet of Things. This new CoAP and DTLS based standard provides a complete system interface solution for M2M devices and services.
Example application providing guidelines for using the Cryptography Device Library framework.
Showcase DPDK cryptodev framework performance with a real world use case scenario.
Author: Georgi Tkachuk
What's the Right Messaging Standard for the IoT?Angelo Corsaro
Different messaging and data sharing standards, such as AMQP, CoAP, DDS, MQTT, and REST have been proposed as candidate for addressing the data sharing challenges of the Internet of Things (IoT) and the Industrial Internet (I2).
In technical forums and social media there is no lack of passionate discussions that praise the merits of one standard over the other. Yet, to date, there are little or perhaps no analysis that look at the details of the different standards and perform an in depth, qualitative, analytic and empirical evaluation.
This presentation, will (1) introduce the key standards that are being proposed for the Internet of Things and the Industrial Internet, such as AMQP, CoAP, DDS, MQTT and REST, (2) present a qualitative comparison that highlights the different features provided by the various standards, (3) present an analytic comparison looking at the efficiency and scalability of the various protocols and (3) report the results of an empirical evaluation comparing the actual performances of the various standards.
Cloud native architecture is emerging for Telecom workloads. To support these emerging trends, Intel is targeting enhancements to the Dataplane Development Kit (DPDK). The enhancements would target network service mesh with dedicated sidecar accelerators and the mechanism to build the mesh dynamically.
Speaker: Gerald Rogers. Gerald Rogers is a Principal Engineer in the Network Products Group focused on virtual switching, network function virtualization and Data Plane Development Kit (DPDK). After joining Intel in 2005, Gerald has worked as a software engineer and architect in the embedded and networking groups. For the past 7 years Gerald has led the network virtual switching software and hardware acceleration effort to drive Intel architecture into the networking and telecommunications industry. Gerald holds a Bachelor’s degree in Electrical Engineering and a Master’s degree in Computer Science, and has 20 years of experience in the networking and telecommunications industry.
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...Paris Open Source Summit
La mise-à-jour de firmwares "Over-The-Air" sur microcontrôleur a toujours été un sujet ambitieux et pourtant primordial pour sécuriser une application IoT. Le système d'exploitation RIOT (https://riot-os.org) fournit désormais les briques logicielles pour réaliser des mise-à-jour de firmware en utilisant des protocoles standards et sécurisés de bout-en-bout.
HiveMQ + Kafka: The ideal solution for IoT MQTT data integrationMargarethaErber
Many companies want to move MQTT data between IoT devices and Kafka clusters connected to back-end enterprise systems. However, connecting thousands or even millions of IoT devices over unreliable networks and providing end-to-end persistent messaging guarantees can create some challenges.
HiveMQ has created a solution that allows for easy bi-direction MQTT message flow between IoT devices and Kafka clusters.
This presentation describes the technical challenges of connecting IoT devices to Apache Kafka and how the HiveMQ Kafka solution solves these problems.
4 Paradigm Shifts for the Connected Car of the FutureHiveMQ
The automotive industry is undergoing substantial changes as new technologies for connected cars, autonomous vehicles and electric vehicles are creating new customer expectations. To keep up with the pace, the automotive industry needs to move away from the concept of a car being just a blockbox towards a new world of always-on connectivity and integrated vehicle-to-cloud computing.
In this webinar, automotive experts from HiveMQ and ESR Labs discuss four key paradigm changes that need to happen for the automotive industry to remain competitive and deliver customer experience of the future. The session also shows how modern software technologies like MQTT, Kafka, domain modeling, and cloud computing will accelerate time to market for new automotive features and improve the customer experience.
About the Speakers.
Dominik Obermaier is CTO and co-founder of HiveMQ. He is a member of the OASIS Technical Committee and is part of the standardization committee for MQTT 3.1.1 and MQTT 5. He is the co-author of the book 'The Technical Foundations of IoT' and a frequent speaker on IoT, MQTT, and messaging.
Daniel Himmelein is Software Architect and Engineer at ESR Labs with strong background in operating systems, distributed systems and computer networks. Works mainly on automotive series projects for German OEMs. He is the creator of the Mindroid application frameworks.
To watch the webinar recording:
https://www.hivemq.com/webinars/the-four-paradigm-shifts-for-the-connected-car-of-the-future/
Breaking Extreme Networks WingOS: How to own millions of devices running on A...Priyanka Aash
"Extreme network's embedded WingOS (Originally created by Motorola) is an operating system used in several wireless devices such as access points and controllers. This OS is being used in Motorola devices, Zebra devices and Extreme network's devices. This research started focusing in an access point widely used in many Aircrafts by several worldwide airlines but ended up in something bigger in terms of devices affected as this embedded operating system is not only used in AP's for Aircrafts but also in Healthcare, Government, Transportation, Smart cities, small to big enterprises... and more.
Based on public information, we will see how vulnerable devices are actively used (outdoors) in big cities around the world. But also in Universities, Hotels,Casinos, Big companies, Mines, Hospitals and provides the Wi-Fi access for places such as the New york City Subway.
In this presentation we will show with technical details how several critical vulnerabilities were found in this embedded OS. First we will introduce some internals and details about the OS and then we will show the techniques used to reverse engineering the mipsN32 ABI code for the Cavium Octeon processor. It will be discussed how some code was emulated to detect how a dynamic password is generated with a cryptographic algorithm for a root shell backdoor. Besides, it will be shown how some protocols used by some services were reverse engineered to find unauthenticated heap and stack overflow vulnerabilities that could be exploitable trough Wireless or Ethernet connection.
This OS also uses a proprietary layer 2/3 protocol called MiNT. This protocol is used for communication between WingOS devices through VLAN or IP. This protocol was also reverse engineered and remote heap/stack overflow vulnerabilities were found on services using this protocol and will be shown. As a live demonstration, 2 devices will be used to exploit a remote stack overflow chaining several vulnerabilities as the attacker could do inside an aircraft (or other scenarios) through the Wi-Fi. As there are not public shellcodes for mipsN32 ABI, the particularities of creating a Shellcode for mipsN32 ABI will be also discussed."
" Breaking Extreme Networks WingOS: How to own millions of devices running on...PROIDEA
Extreme network's embedded WingOS (Originally created by Motorola) is an operating system used in several wireless devices such as access points and controllers. This OS is being used in Motorola devices, Zebra devices and Extreme network's devices. This research started focusing in an access point widely used in many Aircrafts by several worldwide airlines but ended up in something bigger in terms of devices affected as this embedded operating system is not only used in AP's for Aircrafts but also in Healthcare, Government, Transportation, Smart cities, small to big enterprises... and more. Based on public information, we will see how vulnerable devices are actively used (outdoors) in big cities around the world. But also in Universities, Hotels,Casinos, Big companies, Mines, Hospitals and provides the Wi-Fi access for places such as the New york City Subway. In this presentation we will show with technical details how several critical vulnerabilities were found in this embedded OS. First we will introduce some internals and details about the OS and then we will show the techniques used to reverse engineering the mipsN32 ABI code for the Cavium Octeon processor. It will be discussed how some code was emulated to detect how a dynamic password is generated with a cryptographic algorithm for a root shell backdoor. Besides, it will be shown how some protocols used by some services were reverse engineered to find unauthenticated heap and stack overflow vulnerabilities that could be exploitable trough Wireless or Ethernet connection. This OS also uses a proprietary layer 2/3 protocol called MiNT. This protocol is used for communication between WingOS devices through VLAN or IP. This protocol was also reverse engineered and remote heap/stack overflow vulnerabilities were found on services using this protocol and will be shown. As a demonstration, 2 devices will be used to exploit a remote stack overflow chaining several vulnerabilities as the attacker could do inside an aircraft (or other scenarios) through the Wi-Fi. As there are not public shellcodes for mipsN32 ABI, the particularities of creating a Shellcode for mipsN32 ABI will be also discussed.
HiveMQ Cloud - The Cloud Native IoT Messaging LayerDominik Obermaier
HiveMQ Cloud is a new fully managed MQTT cloud platform from HiveMQ. This new cloud-native service simplifies the deployment and management of MQTT brokers used in production.
In this webinar, we will introduce the HiveMQ Cloud and how it delivers MQTT broker clusters that are ready for production scalability and reliability. We will also demonstrate how easy it is to set up a HiveMQ Cloud cluster and our the HiveMQ Control Center can be used to observe the MQTT messaging traffic that flows through the cluster.
Our speaker for this webinar are Dominik Obermaier, CTO and Co-Founder of HiveMQ and Magi Erber, HiveMQ Product Manager.
Recording can be found here: https://www.youtube.com/watch?v=2fJMDWSgNUY
MQTT has become the de-facto standard communication protocol for IoT deployments. For operating those IoT deployments there are multiple options. This presentation highlights the available options and what you have to consider with the different options. It also introduces HiveMQ Cloud - the new cloud native IoT messaging service of HiveMQ - and how it delivers MQTT broker clusters that are ready for production scalability and reliability.
MicroEJ OS is a scalable Operating System for resource-constrained embedded and IoT devices, optimized for a wide range of hardware architectures.
With MicroEJ OS, OEMs use proven methods that cut software development time and cost. They create software that delivers incredible user experience and adjusts to Internet business needs.
MicroEJ development tools enable device manufacturers to deliver differentiating firmware using MicroEJ SDK.
How do APIs and IoT relate? The answer is not as simple as merely adding an API on top of a dumb device, but rather about understanding the architectural patterns for implementing an IoT fabric. There are typically two or three trends:
Exposing the device to a management framework
Exposing that management framework to a business centric logic
Exposing that business layer and data to end users.
This last trend is the IoT stack, which involves a new shift in the separation of what stuff happens, where data lives and where the interface lies. For instance, it's a mix of architectural styles between cloud, APIs and native hardware/software configurations.
RISC-V growth and successes in technology and industry - embedded world 2021RISC-V International
RISC-V International has more than 1,000 members across over 50 countries who are working in hardware, software, services, and various industries for a strong and healthy RISC-V ecosystem. It is projected that by 2025 there will be over 62 billion RISC-V CPU cores and the total market for RISC-V IP and software is expected to grow to over $1b by 2025.
In 2020 alone, we saw successes with newly defined RISC-V accelerator architectures, affordable RISC-V open source small-board computers, development boards for personal computers, and an incredibly fast 64-bit RISC-V Core as the community also ratified key specifications and made advances in security.
As we see the growth of RISC-V into industries such as AI, machine learning, blockchain, 5G, medical, and industrial, we will see the ratifications of new extensions that enable this growth.
Join Kim McMahon, Director of Marketing and Stephano Cetola, Technical Program Manager as we take a look at where RISC-V is going in 2021.
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoTStéphanie Roger
Faites communiquer vos objets connectés avec la solution RIOT !
RIOT est un nano système d'exploitation open source, l’équivalent de Linux, pour l’internet des objets. Grâce aux standards de communication qu'il implémente, il vous permettra de développer facilement et de façon pérenne et sécurisée vos applications pour vos objets communicants et embarqués (agriculture connectée, suivi et gestion de bâtiments intelligents, petits automatismes, usine du futur ...).
Inria, l'institut national de recherche dédié au numérique, qui à French Tech Central connecte les entrepreneurs au meilleur de la recherche publique française, est un des membres co-fondateurs de la communauté mondiale des développeurs RIOT.
HiveMQ + Kafka - The Ideal Solution for IoT MQTT Data IntegrationHiveMQ
Many companies want to move MQTT data between the IoT devices and Kafka clusters connected to back-end enterprise systems. HiveMQ has created a solution that allows for easy bi-direction MQTT message flow between IoT devices and Kafka clusters.
In this webinar, Dominik Obermaier, CTO and Co-founder of HiveMQ, and Magi Erber, Project Manager at HiveMQ, discuss the technical challenges of connecting IoT devices to Kafka and how the HiveMQ Kafka solution solves these problems. Dominik and Magi will walk you through HiveMQ Enterprise Extension for Kafka, which includes support for the Confluent Schema Registry.
This webinar is ideal for any developer or architect who are looking for solutions to connect Kafka with IoT devices.
About the Speakers
Dominik Obermaier is CTO and co-founder of HiveMQ. He is a member of the OASIS Technical Committee and is part of the standardization committee for MQTT 3.1.1 and MQTT 5. He is the co-author of the book 'The Technical Foundations of IoT' and a frequent speaker on IoT, MQTT, and messaging.
Magi Erber is a product manager at HiveMQ. She loves creating software that delights customers and helps them realizing innovative IoT solutions.
To watch the webinar recording: https://www.hivemq.com/webinars/hivemq-plus-kafka-the-ideal-solution-for-iot-mqtt-data-integration/
Software update for IoT: the current state of playChris Simmonds
Many embedded Linux projects have a requirement to update the software on devices in the field. Recent security flaws in basic components such as OpenSSL and bash, combined with the interconnectedness of all things, have highlighted the problem and made it an absolute necessity
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...Weaveworks
Cloud-native applications are increasingly spanning across hybrid and multi-cloud environments such as on-premise data centers, in the cloud (Amazon EKS, Azure AKS, Google Cloud GKE) and at the edge. Customers need to ensure security and resiliency for their cloud-native applications while managing releases through reliable, consistent deployment and runtime policies.
In this session, we’ve partnered with Tetrate to showcase how to effectively manage advanced deployments using Weave GitOps. Managing application configurations by different teams across multiple Kubernetes clusters is made possible with Weave GitOps and Tetrate Service Bridge. Using familiar Git workflows, Weave Policy-as-Code enables application engineers to quickly deliver new features safely.
Join us as we demonstrate the scenarios where:
- All changes to application configuration are managed through Git workflows.
- GitOps provides an extra layer of security by removing the need for direct access to Kubernetes clusters.
- Policy-as-Code guarantees security, resilience and coding standards compliance.
- Tetrate Service Bridge provides dynamic configuration of application workloads and failover across multiple Kubernetes clusters.
Similar to The Role of Standards in IoT Security (20)
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
My name is Hannes Tschofenig and I will speak about the role of standards in IoT security. Standards are important for Arm since we want interoperable solutions between different players in the ecosystem and want those players to develop the technical solutions together. I have been doing standards for almost 20 years now and have contributed to many of the Internet security protocols.
To make this talk more specific I would like to focus on standardization activities in the IETF – the Internet Engineering Task Force. The IETF is known for the development of core Internet protocols, like IP, TCP, HTTP, TLS and so on. The work in the IETF (and also in many other standards developing organizations) is done in groups.
I picked two groups dealing with IoT security, namely ACE and Oauth. These are just two examples but illustrate how standardization activities work and why you should consider participating.
Let me explain you a bit about what the standards developed in these two groups are about. Why should you actually care?
Let me start with the ACE working group. ACE, which standards for Authentication and Authorization for Constrained Environments, tries to solve a fairly simple problem. Take a look at the figure on the left where a technician is trying to configure industrial equipment locally without having to communicate via the Internet. These configuration steps may including retrieving settings, updating them or even installing new software on these devices. Clearly this is a security sensitive task, which has to be subject to access control. Along with access control comes the need to authenticate the person seeking access.
On the left you see the technical realization the working group has chosen to use: In our scenario the tablet used by the technician would obtain a token from a backend server, potentially ahead of time. Since that server needs to authenticate the technician, and to determine access rights to various industrial appliances different information sources (shown as databases here) have to be available. Once the authorization decision has been made a token is generated and provided to the tablet of the technician. This token is then used when the technician accesses the industrial equipment.
For some of you this pattern may be familiar from Oauth, which is widely used on the web and with smart phone apps.
The industrial sector is obviously not the only use case for this type of communication model. In 2015 I presented an early ACE prototype that showcased a doorlock. It used Oauth, rather than the optimizations describe later. It does, however, illustrate the point of other use cases where this technology can be applied. (FYI: the picture shows an enterprise door lock system, which I can be controlled via Bluetooth Low Energy. I used a Nordic chip for BLE. Since that chip was quite limited it connected it using SPI to a application processor, which was played by a K64F.)
The second group I would like to talk about is the SUIT working group, which defines a standard for software updates for IoT devices. Needless to say that software updates are quite important. Many IoT devices lack a software update mechanism entirely and others fail to provide a good security solution, as these examples show. When I attended DefCon this year I learned about an IoT device hack where IoT devices from a Chinese manufacturer had a software update solution (which is good) but unfortunately the update mechanism wasn’t properly secured, which allowed a whitehat hacker to compromise the devices. More dramatic is the case of devices that used a device management solution called TR69, which was implemented incorrectly in many devices. This lead to a compromise in millions of routers and other higher-end IoT devices like Internet-connected printers.
So, how does the standardized solution work?
Look at the memory layout of a typical microcontroller where a bootloader is responsible for selecting which firmware image to boot. The firmware images on the device are placed in different memory regions, or slots.
When an update server makes a new firmware image available it needs to be conveyed to the IoT device. Along with the firmware image there is manifest which contains meta-data about the firmware image and an end-to-end security wrapper, which protects the firmware image against modifications and is optionally encrypted.
A device receiving a firmware update would start to verify the received manifest and decrypt the firmware image. If verified correctly it would be activated as the current version and the bootloader would start it.
Work in the IETF tends to make use of building blocks and here is the list of building blocks used in the ACE and the SUIT working group.
Two building blocks are common between the two working groups, namely the binary encoding format CBOR, which is a more efficient way of encoding information than JSON (or XML). Along with it comes a security wrapper providing digital signatures, MACs and encryption functionality called COSE.
The ACE work additionally borrows from Oauth. For efficient encoding of the tokens the CBOR Web Token standard is used. Those tokens are, for security reasons, linked with a key. This turns them into proof-of-possession tokens, which are conceptually similar to Kerberos tickets or certificates, just with a more modern encoding and extra functionality.
Re-using building blocks helps to lower the implementation effort and for IoT devices this also results in reduced flash memory usage.
These building blocks may also be useful in your development activities.
Let us talk a bit about why this work got started, which is similar to how other activities happen.
In the ACE case various companies saw the need to come up with fine-grained access control solutions. I talked about the industrial control solution and also the home automation solution. There are, however, many more documented in RFC 7744. I co-chaired the group in the foundational days where lots of different solutions were proposed.
In the end, the Oauth-based approach explained earlier was selected as the way forward.
The SUIT case is different and more recent. With the security problems in the IoT sector companies realized that there has to be some work on firmware updates. Previously companies just created their own, proprietary solutions. This is time consuming and there is obviously little code to re-use. We worked on the IoT device management solution LwM2M, which allows the transport of the firmware image from the update server to the device. We wanted an enhanced solution that also offers e2e security. After we helped to form the working group we submitted our solution to the group. Of course, discussions led to many changes, including changes to the encoding format. In the end, we will have a solution that addresses a wider range of use cases.
Where are we with the work now? This is an important question since the stage of development determines whether results are already readily available or whether input can be provided. A big benefit of standardization work is that interested parties can actually contribute their ideas as well.
In ACE we have been optimizing Oauth and the specification are already in a later stage of development. The specs are freely available, which is not true for all SDOs. The so-called working group last call has been started. Interoperability test events have also taken place already and we have released a product, called SDA.
For SUIT the work is still at an earlier stage but the architecture and the information model has been worked out. The manifest specification is still in discussion. For hackathons one of my co-worker has developed a custom board, which allows us to implement various scenarios in a convenient manner. It supports multiple MCUs, has BLE/WiFi/NFC support, and comes with a secure element.
In the IETF we implement code alongside the specification work. A group of IETF participants have participated in various hackathons, which we all won. As you can see, we are not just doing boring specification work but also have a lot of fun at these events. I bring some hardware along and we get stuff working in a short period of time.
You may be wondering how you could make use of this work yourself?
This slide lists lots of pointers to open source specifications. Open source and open standardization is complementary. But in the IETF open source is often part of the specification development and we have contributed also a number of open source implementations. In this list, for example, you can find pointers to the COSE implementation we realized as well as code for manifest generation. With our Mbed TLS open source code we have also made implementations for cryptographic libraries available that can be used on embedded devices.
Click through the links to see what code help you advance your product development along.
You may want to also contribute and there are various ways.
Of course, you can join the standardization work itself. The discussion lists are open and everyone can join. You can download and review the specifications. The open source projects also welcome your input. If you want to push it even further you could contribute your ideas as specifications. Attend a hackathon and the next one will take place in the upcoming IETF meeting in Bangkok. You can also join from remote.
Finally, I encourage you to check out our Secure Device Access / SDA solution, which is part of Arm Pelion.
I hope to see you in some of the standardization groups. With that I would like to thank you for your attention.