Linux Founda+on Collabora+on Summit: OIC Security. Ned Smith Intel
|
|
- Karen Patterson
- 6 years ago
- Views:
Transcription
1 Linux Founda+on Collabora+on Summit: OIC Security Ned Smith Intel 1
2 IoT A Metaphor for Pelagic Compu+ng What do I mean by pelagic compu;ng? Other Controller Larval slipper lobster riding on salp chain* Actuator Ctenophore* Sensor Venus Girdle* Real simple structures that can connect to other structures to form more complex structures that are autonomous or semi- autonomous *SRC: 2
3 IoT is also about Clouds Cloud Compu;ng Analy;cs Monitoring Informing Cloud compu;ng essen;ally means Unlimited storage, compute power and availability Pelagic + Cloud compu;ng implies Pelagic behaviors may be monitored and analyzed over long periods and Cloud analy;cs may inform pelagic controllers making them smarter 3 Pelagic Compu;ng Security objective: Enable intended pelagic interactions while preventing unintended interactions
4 OIC Terminology A Device is an OIC stack instance Devices implement Client & Server roles Devices have Resources and perform Ac;ons Resources have AVributes, Proper;es and Interfaces OIC Device OIC Client Actions Resource Access Request OIC Device OIC Server Access Control Resources Sensor Controller Actuator OIC Server OIC Client OIC Server Access Control Actions Access Control Resources Resources Intermediary is a role that combines client & server 4
5 Security Significance of OIC Layering Security seman;cs are managed at OIC Resource layer Resource level access is enforced at the Resource layer Device level access is enforced at the OIC Exchange layer Keys reside at the Resource layer Device ownership may be derived using network layer or other hardware May be vendor specific! OIC Clients OIC Servers Containerization (e.g. JSON) COAP E2E Protection (e.g. DTLS) OIC Resource Layer OIC Resources OIC Exchange Layer Message Protection Other Message Exchange... OIC Network Abstraction Layer OIC Intermediaries Other E2E Protection... UDP/IP BLE Network Layer 5
6 How To Dis+nguish Intended vs. Unintended? Access control granularity has four scoping levels Group, Device, Resource and AVribute OIC scripts specify interac;on paverns Peer- peer, Observer, Subscribe- no;fy, etc... Authoring tools are privileged They specify intended mul;- device interac;ons #%RAML 0.8 +tle: OIC Light set /Collec+on01: type: oic.collec+on get: responses: applica+on/json: Device1 Example Resources Device2 schema: { "$schema": "hyp://json- schema.org/schema", #%RAML 0.8 +tle: OIC Light "rt": { "type": "string", "required":true }, "if": { "type": "string", "required":true }, "resourceref": { "link": { "type": URI" } } } example: { "rt": "oic.collec+on", "if": "oic.if.b", "resourcelinks": { href": Device2/oic/Light01", href": Device3/oic/Light02 } } /Light01: type: oic.light get: responses: applica+on/json: schema: Light example: { on": True", } } Informs Example ACL OIC Server acl0 Device1 /oic/light01 Read 6
7 Access Control Model Responding Device Local Resource(s) /oic/d /oic/light/3... acl(s) service(s) cred(s) Subject(s) DeviceID CredID Resource(s) SvcType SubjectID Permission LocalCred RoleID Period RemoteCred CredType Recurrence PublicData PrivateData Allow Access Access Control Layer DTLS Layer Network Abstraction Layer Request Access End Point DTLS Session 3 Requesting Device 1 2 7
8 Device and Group Level Access Pair- wise keys enable device level access DTLS Device Client IP/UDP/CoAP Insecure port=def 5683 Device Server Device_ID_1 Secure port=def 5684 Shared group key enables group level access /oic/sec/cred structure may contain pairwise and group keys Pairwise keys may be used to provision group key e.g. dra\- keoh- tls- mul;cast- security- 00 Device_ID_2 8
9 Mediated Creden+al Provisioning Device 1 Device 2 Credential Provisioning Service 1. Discover Provisioning service (optional) (oic.sec.cps) 2. Open DTLS w/ oic.sec.cps PSK 3. Discover Provisioning service (optional) 4. Open DTLS w/ oic.sec.cps PSK 5. GET/oic/sec/cred [{ device2 : cred2...}] 7. GET/oic/sec/cred [{ device1 : cred1...}] 6. Generate keys for Devices 1 and 2 8. POST /oic/sec/cred [{ device1 : cred1...}] 9. POST /oic/sec/cred [{ device2 : cred2...}] 10. RSP RSP
10 Ad- hoc Pair- wise Creden+al Nego+a+on Device 1 Device 2 Device 3 Registration Service 1. Ad-hoc Discovery (optional) 2. Mediated Discovery (optional) 3. Open DTLS w/ Diffie-Hellman 5. Instantiate d1.cred2; cred.type = 1 (PSK) 6. Instantiate d2.cred1; cred.type = 1 (PSK) 4. DH session keys used as pair-wise PSK for Devices 1 and POST /oic/sec/cred [{ device2 : cred2...}] 8.Verify d1.cred2 = cred2 9. RSP POST /oic/sec/cred [{ device1 : cred1...}] 12. RSP Verify d2.cred1 = cred1 10
11 ACL Resource An ACL is a resource with the following defini;on Subject Resource Permission Period Recurrence UUID (Device or Group), Role Example ACL policies URI Path C,R,W,E,D Start- Stop Time (RFC5545) Recurrence PaVern (RFC5545) Subject Resource Permission Period Recurrence UUID1, UUID2 /oic/sh/light/3 0h001F (C,R,W,E,D) T180000Z/ T070000Z RRULE:FREQ=WEEKL Y;UNTIL= T070000Z UUID3 /oic/d 0h0001 (R) - - oic.sec.role.admin /oic/sec/acl/0 0h001F
12 OIC Client DevID_1 GET /oic/d OIC Device DevID_2 PUT /oic/light/1 RSP 2.04 (DevID_1) OIC Stack (DevID_2) Resource Access Example acl0 DevID_1 /oic/d Read acl1 DevID_2, _3 OIC Server [{ /oic/d, Model, T, Mfg Date, 1/1/2015 }] /oic/light/1 Read, Write 9-5 Daily /oic/d AVributes Model Mfg Date [{ /oic/light/1, On- Off, Off, DimLevel, 80 }] /oic/light/0 AVributes On-Off DimLevel /oic/light/1 AVributes On-Off DimLevel Access is blocked if no ACL present Device level access evaluated before evalua;ng resource access Resource level access applies to resource named in ACL Resource references may be fully qualified (e.g. <deviceid>/oic/light/1) 12
13 AYribute Access Example Example Resource Defini;ons: {"$schema": " "id": " oic.thing#", "definitions": { "oic.thing": { "type": "object", "properties": { Attribute-1 { type : type1 } Attribute-2 { type : type2 }... } } } Opaque to OIC } Stack {"$schema": " "type": collection", resources": { Attribute-1, Attribute-2 } Single Attribute... Resource can definitions : { have ACL Policy oic.rsrcatt-1 : { type : object, properties : { Attribute-1 { type : type1 } }... oic.rsrcatt-2 : { type : object, properties : { Attribute-2 { type : type2 } }... OIC Server acl0 DevID_1 /oic/rsrcatt-1 Read acl1 DevID_1 /oic/rsrcatt-2 Write AVributes are opaque to OIC stack AVribute level access can be achieve using collec;ons Where a resource is created containing a single avribute ACL policy can be created for the new resource 13
14 Establishing Device Ownership Device ownership determines how / if the device is provisioned Taking / transferring ownership securely requires device manufacturer support Just Works Mode Switch Random PIN Pre-provisioned PIN Pre-provisioned Credential * OIC members are working to standardize methods for establishing device ownership *Source: hvp://blog.atmel.com/2014/08/12/the- abcs- of- ecdsa- part- 2/ 14
15 Device Owner Transfer with Signed Diffie- Hellman Device (A) Device (B) CoAP g a GID DTLS Embedded Key A [g b Cert B Sig B (g b g a )] SMK SigRL Cer;ficate Key B SMK SK MK = KDF(g ab ) Handshake Layer [g a GID AVesta;onID Sig A (g a g b )] SMK (SK, MK) session key Record Layer Network Abstrac;on Layer UDP/IP... Can establish device owner over- the- air Can be implemented in DTLS ciphersuites Can be privacy preserving (e.g. TPM EK / DAA) Can avest device trust proper;es Provably secure against iden;ty misbinding avacks Resul;ng symmetric keys are good for performance 15
16 Conclusion OIC security mechanisms support pelagic compu;ng models Autonomous and semi- autonomous opera;on Ad- hoc device interac;ons Fric;onless access control for intended device interac;ons Added fric;on when device interac;ons are unintended An;cipates device grouping and composi;on Aligned key management with IoT use models 16
17 Call to Ac+on OIC is working to deliver interoperable security for IoT Membership in OIC will ensure your IoT solu;ons benefit from interoperability goal Your contribu;ons to IOTIVITY will help realize secure IoT solu;ons quicker 17
18 Ques+ons? 18
19 Overview of EPID EPID pub-key Message Message, EPID Signature Sign Verify pvt-key 1 pvt-key 2 pvt-key n EPID Signature True / False EPID can be seen as a privacy preserving signature scheme One group public key corresponds to mul;ple private keys Each private key can be used to generate a signature Signatures can be verified using the group public key EPID is standardized in ISO/IEC Scalable manufacturing in high volume circuits 19
Embedded Linux Conference: OIC Security Model and Vision. Ned Smith Intel
Embedded Linux onference: Security Model and Vision Ned Smith ntel 1 Day- in- the- Life Scenario Ad- hoc ollaborabon Temporary ntegrabon 2 h7p://www.thankyouverymuchinc.com h7p://smarthomeautoma@onva.com
More informationProvisioning IoT with Web NFC. Zoltan Kis Intel
Provisioning IoT with Web NFC Zoltan Kis (@zolkis), Intel Background JavaScript APIs for IoTivity, Soletta W3C Web NFC editor Web access to hardware Earlier: Network management (DSL) Mesh radio networks
More informationOCF Security Specification
OCF Security Specification VERSION 1.3.0 November 2017 CONTACT admin@openconnectivity.org Copyright Open Connectivity Foundation, Inc. 2016-2017. All Rights Reserved. 1 LEGAL DISCLAIMER 2 3 4 5 6 7 8 9
More informationOIC SECURITY SPECIFICATION V1.1.1
1 2 OIC SECURITY SPECIFICATION V1.1.1 Open Connectivity Foundation (OCF) admin@openconnectivity.org Copyright Open Connectivity Foundation, Inc. 2017. All rights Reserved 0 3 4 5 6 7 8 9 10 11 12 13 14
More informationIoTivity: The Open Connectivity Foundation and the IoT Challenge
IoTivity: The Open Connectivity Foundation and the IoT Challenge Thiago Macieira Embedded Linux Conference / Open IoT Summit Berlin, October 2016 Who am I? 2 3 About the Open Connectivity Foundation 4
More informationOCF Specification Overview Core Technology Specification. OCF 2.0 Release June 2018
OCF Specification Overview Core Technology Specification OCF 2.0 Release June 2018 Core Framework Topics Outline (1 of 2) Objectives RESTful Architecture OCF Roles Resources Basic Operations Organization
More informationIoTivity Provisioning Manager Design Specification v0.1d
IoTivity Provisioning Manager Design Specification v0.1d Contributing Authors (alphabetical order): Ashwini Kumar Chul Lee Randeep Singh Sandeep Sharma WooChul Shim 1 Table of Contents Background... 3
More informationARCHITECTURING AND SECURING IOT PLATFORMS JANKO ISIDOROVIC MAINFLUX
ARCHITECTURING AND SECURING IOT PLATFORMS JANKO ISIDOROVIC CEO @ MAINFLUX Outline Internet of Things (IoT) Common IoT Project challenges - Networking - Power Consumption - Computing Power - Scalability
More informationIOTIVITY INTRODUCTION
IOTIVITY INTRODUCTION Martin Hsu Intel Open Source Technology Center 1 Content may contain references, logos, trade or service marks that are the property of their respective owners. Agenda Overview Architecture
More informationA Proposed Standard for Entity Attestation draft-mandyam-eat-00. Laurence Lundblade. November 2018
A Proposed Standard for Entity Attestation draft-mandyam-eat-00 Laurence Lundblade November 2018 1 EAT Overall System Entity (e.g., Chip, Device ) Immutable private key for signing. Stored securely on
More informationTizen/Artik IoT Lecture Chapter 16. IoTivity Provisioning Manager
1 Tizen/Artik IoT Lecture Chapter. IoTivity Provisioning Manager Sungkyunkwan University Contents Provisioning Manager Roles Architecture Ownership Transfer Method Just Work Discovery and Set Ownership
More informationOCF Overview & Introduction. HGI Symposium, Venice March 2016
OCF Overview & Introduction HGI Symposium, Venice March 2016 OCF Basics The Open Connectivity Foundation(OCF) defines a common communication framework that connects and intelligently manages the flow of
More informationNETCONF WG IETF 96 (Berlin)
Zero Touch Provisioning for NETCONF/RESTCONF Call Home dra>-ie@-netconf-zerotouch-09 NETCONF WG IETF 96 (Berlin) Recap At IETF 95, we reviewed a significantly updated dra> and its 4 open issues. 2 issues
More informationOCF 2.0 Clarify 10 parts on Section 7 SecWG CR2473. Legal Disclaimer
Template version: 1.0 page 1 OCF 2.0 Clarify 10 parts on Section 7 SecWG CR2473 Legal Disclaimer THIS IS A DRAFT SPECIFICATION DOCUMENT ONLY AND HAS NOT BEEN ADOPTED BY THE OPEN CONNECTIVITY FOUNDATION.
More informationOCF Core Specification Extension
OCF Core Specification Extension OCF Cloud VERSION 2.0 March 2018 CONTACT admin@openconnectivity.org Copyright Open Connectivity Foundation, Inc. 2018. All Rights Reserved. 2 3 4 5 6 7 8 9 10 11 12 13
More informationOCF Fundamentals. Ravi Subramaniam Principal Engineer, Intel Corporation
OCF Fundamentals Ravi Subramaniam Principal Engineer, Intel Corporation 1 Fundamental Fundamentals OCF Resource Model Mapping onto Comms Transports 2 Many kinds of devices OIC Scope (current) Controller
More informationIoTivity Big Picture. MyeongGi Jeong Software R&D Center
IoTivity Big Picture MyeongGi Jeong 2016.11.17 Software R&D Center Contents Overview Features Messaging Security Service Q&A Copyright c 2016 SAMSUNG ELECTRONICS. ALL RIGHTS RESERVED Overview IoTivity?
More informationSmart City, Internet of Things, Security and Privacy
Smart City, Internet of Things, Security and Privacy Peter Waher Abstract. This course contains a series of lectures and practical laboratory assignments spanning four days that provide the participants
More information2013 Cisco and/or its affiliates. All rights reserved. 1
2013 Cisco and/or its affiliates. All rights reserved. 1 Building the Internet of Things Jim Green - CTO, Data & Analytics Business Group, Cisco Systems Brian McCarson Sr. Principal Engineer & Sr. System
More informationCloud-Based Commissioning of Constrained Devices using Permissioned Blockchains
Proceedings of ACM IoT Privacy, Trust & Security - IoTPTS 2016 Xi'an, China, May 2016 Cloud-Based Commissioning of Constrained Devices using Permissioned Blockchains ABSTRACT Thomas Hardjono MIT Connection
More informationCSCE 813 Internet Security Final Exam Preview
CSCE 813 Internet Security Final Exam Preview Professor Lisa Luo Fall 2017 Coverage All contents! Week1 ~ Week 15 The nature of the exam: 12 questions: 3 multiple choices questions 1 true or false question
More informationRESTful Design for Internet of Things Systems
RESTful Design for Internet of Things Systems dra8- keranen- t2trg- rest- iot- 00 Ari Keränen with MaGhias Kovatsch & Klaus Hartke W3C Web of Things IG October 30 th 2015, Sapporo,
More informationOCF 2.0 Clarify OCF CPLAttributes Extension, Section X, add Security OIDs, remove credid, update security profiles - Security WG CR 2529/2549
Template version: 1.2 page 1 OCF 2.0 Clarify OCF CPLAttributes Extension, Section 9.3.2.1.X, add Security OIDs, remove credid, update security profiles - Security WG CR 2529/2549 Legal Disclaimer THIS
More informationONEM2M INDUSTRY DAY ALAN SOLOWAY, QUALCOMM. 12 July 2017
ONEM2M INDUSTRY DAY ALAN SOLOWAY, QUALCOMM 12 July 2017 Time Isolated Aggregated Massively Connected Cloud / Data Centres Rich Devices / Gateways Constrained Devices The architecture will need to achieve
More informationPrivacy, Discovery, and Authentication for the Internet of Things
Privacy, Discovery, and Authentication for the Internet of Things David J. Wu Ankur Taly Asim Shankar Dan Boneh Stanford University Google Google Stanford University The Internet of Things (IoT) Lots of
More informationCredential Management for Internet of Things Devices
Credential Management for Internet of Things Devices Internet Protocol for Smart Objects (IPSO) Alliance Editors: Hannes Tschofenig, ARM Limited Ned Smith, Intel Contributors: Mark Baugher, Consultant
More informationOCF 2.3 RBSTG: Bridging Security Editorial Cleanup Sec WG CR Legal Disclaimer
Template version: 1.2 page 1 2.3 RBSTG: Bridging Security Editorial Cleanup Sec WG CR 2685 Legal Disclaimer THIS IS A DRAFT SPECIFICATION DOCUMENT ONLY AND HAS NOT BEEN ADOPTED BY THE OPEN CONNECTIVITY
More informationDigital Trust Ecosystem
Digital Trust Ecosystem IoT Risks and Solutions Chris Edwards CTO - Intercede What s the Problem? Billions of devices Millions of services Mixed closed / open trust networks Devices transferring between
More informationPrivacy, Discovery, and Authentication for the Internet of Things
Privacy, Discovery, and Authentication for the Internet of Things David J. Wu Ankur Taly Asim Shankar Dan Boneh Stanford University Google Google Stanford University The Internet of Things (IoT) Lots of
More informationSecurity and Privacy in the Internet of Things : Antonio F. Skarmeta
Security and Privacy in the Internet of Things : Antonio F. Skarmeta University of Murcia (UMU) SPAIN Motivation Security and privacy concerns were always there but we need to move from
More informationTCG Compliance TNC IF-MAP Metadata for Network Security Compliance Test Plan
TCG Compliance TNC IF-MAP Metadata for Network Security Compliance Test Plan 0 Revision 11 10 March 2011 Published Contact: admin@trustedcomputinggroup.org Copyright TCG 2006-2011 Copyright 2006-2011 Trusted
More informationTizen/Artik IoT Lecture Chapter 13. IoTivity Cloud
1 Tizen/Artik IoT Lecture Chapter 13. IoTivity Cloud Sungkyunkwan University Contents 2 IoTivity Cloud Architecture Features IoTivity Cloud SW Stack IoTivity Cloud in Resource Model Source Tree IoTivity
More informationOCF 2.0 Semantic Tagging ATG CR1970. Legal Disclaimer
Template version: 1.0 page 1 OCF 2.0 Semantic Tagging ATG CR1970 Legal Disclaimer THIS IS A DRAFT SPECIFICATION DOCUMENT ONLY AND HAS NOT BEEN ADOPTED BY THE OPEN CONNECTIVITY FOUNDATION. THIS DRAFT DOCUMENT
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationOCF Specification Introduction and Overview. June 2018
OCF Specification Introduction and Overview June 2018 Table of Contents Summary of OCF2.0 additions/improvements with respect to OCF1.3 Technical Principles for an Internet of Things Ecosystem Introduction
More informationAttestation Service for Intel Software Guard Extensions (Intel SGX): API Documentation. Revision: 3.0
Attestation Service for Intel Software Guard Extensions (Intel SGX): API Documentation Revision: 3.0 1 1 Abbreviations... 4 2 Attestation Service for Intel SGX... 5 Supported environments... 5 Authentication...
More informationDelegated Authenticated Authorization for Constrained Environments
Delegated Authenticated Authorization for Constrained Environments Stefanie Gerdes, Olaf Bergmann, Carsten Bormann {gerdes bergmann cabo}@tzi.org Universität Bremen NPSec 14, 2014-10-21 Motivation Smart
More informationKey Nego(a(on Protocol & Trust Router
Key Nego(a(on Protocol & Trust Router dra6- howle:- radsec- knp ABFAB, IETF 80 31 March, Prague. Introduc(on The ABFAB architecture does not require any par(cular AAA strategy for connec(ng RPs to IdPs.
More informationSecuring IoT applications with Mbed TLS Hannes Tschofenig Arm Limited
Securing IoT applications with Mbed TLS Hannes Tschofenig Agenda Theory Threats Security services Hands-on with Arm Keil MDK Pre-shared secret-based authentication (covered in webinar #1) TLS Protocol
More informationRethinking Path Valida/on. Russ White
Rethinking Path Valida/on Russ White Reality Check Right now there is no US Government mandate to do anything A mandate in the origin authen9ca9on area is probably immanent A mandate in the path valida9on
More informationAuth. Key Exchange. Dan Boneh
Auth. Key Exchange Review: key exchange Alice and want to generate a secret key Saw key exchange secure against eavesdropping Alice k eavesdropper?? k This lecture: Authenticated Key Exchange (AKE) key
More informationScalable and Interoperable DDS Security
Scalable and Interoperable DDS Security Angelo CORSARO, Ph.D. Chief Technology Officer OMG DDS Sig Co-Chair PrismTech angelo.corsaro@prismtech.com DDS Security Approaches Trusted Environment Most DDS-based
More informationRequest for Comments: 5422 Category: Informational H. Zhou Cisco Systems March 2009
Network Working Group Request for Comments: 5422 Category: Informational N. Cam-Winget D. McGrew J. Salowey H. Zhou Cisco Systems March 2009 Dynamic Provisioning Using Flexible Authentication via Secure
More informationIoT security based on the DPK platform
Zz S E C U M O B I. WHITE PAPER IoT security based on the DPK platform Powered by Ethereum David Khoury Elie Kfoury ABSTRACT Public key distribution remains one of the main security weaknesses in many
More informationDTLS- based Mul/cast Security for Low- Power and Lossy Networks (LLNs) dra$- keoh- dice- mul/cast- security
DTLS- based Mul/cast Security for Low- Power and Lossy Networks (LLNs) dra$- keoh- dice- mul/cast- security Sandeep S. Kumar, Sye Loong Keoh, Oscar Garcia- Morchon, Esko Dijk IETF88 Nov 4, 2013, Berlin
More informationPanel 1 Service Platform and Network Infrastructure for Ubiquitous Services
Panel 1 Platform and Network Infrastructure for Ubiquitous s Wolfgang Kellerer DoCoMo Euro-Labs Munich, Germany WWRF WG2 ( Architecture) Vice Chair DoCoMo Communications Landsberger Str. 312 80687 Munich
More informationAssessing interoperability in Internet of Things ecosystems
Assessing interoperability in Internet of Things ecosystems Lars Bendik Dølvik Applied Computer Science Submission date: June 2017 Supervisor: Rune Hjelsvold, IDI Norwegian University of Science and Technology
More informationOCF 2.0 Constrained Device Support OIC 1.1 Core Technology WG CR Legal Disclaimer
Template version: 1.2 page 1 OCF 2.0 Constrained Device Support OIC 1.1 Core Technology WG CR 2413 Legal Disclaimer THIS IS A DRAFT SPECIFICATION DOCUMENT ONLY AND HAS NOT BEEN ADOPTED BY THE OPEN CONNECTIVITY
More informationObject Oriented Design (OOD): The Concept
Object Oriented Design (OOD): The Concept Objec,ves To explain how a so8ware design may be represented as a set of interac;ng objects that manage their own state and opera;ons 1 Topics covered Object Oriented
More informationTizen/Artik IoT Lecture Chapter 14. IoTivity Easy Setup Manager
1 Tizen/Artik IoT Lecture Chapter 14. IoTivity Easy Setup Manager Sungkyunkwan University Contents Easy Setup Use Cases Device Roles Easy Setup Resource Model Provisioning Resource WiFi Resource DevConf
More informationInteroperability Frameworks for RIOT-OS
Interoperability Frameworks for RIOT-OS @Mattia_Antonini m.antonini@create-net.org Università degli Studi INTEROPERABILITY Berlin, 15th July 2016 Stack Base Layer Service Layer Implementations Official
More informationThe ElGamal Public- key System
Online Cryptography Course Dan Boneh Public key encryp3on from Diffie- Hellman The ElGamal Public- key System Recap: public key encryp3on: (Gen, E, D) Gen pk sk m c c m E D Recap: public- key encryp3on
More informationIP Based Architecture for the Internet of Things. IPV6 and Related Standards for IoT Interoperability November 20, 2014
IP Based Architecture for the Internet of Things IPV6 and Related Standards for IoT Interoperability November 20, 2014 1 IoT Architecture Problems to Solve Interoperability In the way in which software
More informationAutonomic Mul,- Agents Security System for mul,- layered distributed architectures. Chris,an Contreras
Autonomic Mul,- s Security System for mul,- layered distributed architectures Chris,an Contreras Agenda Introduc,on Mul,- layered distributed architecture Autonomic compu,ng system Mul,- System (MAS) Autonomic
More informationOCF SPECIFICATION INTRODUCTION AND OVERVIEW. November 2017
OCF SPECIFICATION INTRODUCTION AND OVERVIEW November 2017 Table of Contents Technical Principles for an Internet of Things Ecosystem Introduction to the Open Connectivity Foundation OCF Specification Overview
More informationAbstrac(ons for Middleboxes. à StonyBrook
Abstrac(ons for Middleboxes Vyas Sekar Intel Labs à StonyBrook Sylvia Ratnasamy UC Berkeley 1 Need for In- Network Func(ons Changing applica(ons Evolving threats Performance Security Compliance Policy
More informationVortex Whitepaper. Simplifying Real-time Information Integration in Industrial Internet of Things (IIoT) Control Systems
Vortex Whitepaper Simplifying Real-time Information Integration in Industrial Internet of Things (IIoT) Control Systems www.adlinktech.com 2017 Table of Contents 1. Introduction........ P 3 2. Iot and
More informationIETF IPR Some info and considera4ons. Dave Ward March 2009 (some material taken from sob and sbrim)
IETF IPR Some info and considera4ons Dave Ward March 2009 (some material taken from sob and sbrim) Agenda 1. What an Individual contributor understand 2. What a WG needs to understand 3. What is NOT in
More informationCryptography. Lecture 12. Arpita Patra
Cryptography Lecture 12 Arpita Patra Digital Signatures q In PK setting, privacy is provided by PKE q Integrity/authenticity is provided by digital signatures (counterpart of MACs in PK world) q Definition:
More informationAWS Iden)ty And Access Management (IAM) Manohar Rapolu
AWS Iden)ty And Access Management (IAM) Manohar Rapolu Topics Introduc5on Principals Authen5ca5on Authoriza5on Other Key Feature -> Mul5 Factor Authen5ca5on -> Rota5ng Keys -> Resolving Mul5ple Permissions
More informationUnderstand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS
Last Updated: Oct 31, 2017 Understand the TLS handshake Understand client/server authentication in TLS RSA key exchange DHE key exchange Explain certificate ownership proofs in detail What cryptographic
More informationOCF for resource-constrained environments
October 11 13, 2016 Berlin, Germany OCF for resource-constrained environments Kishen Maloor, Intel 1 Outline Introduction Brief background in OCF Core Constrained environment charactertics IoTivity-Constrained
More informationFacing the Challenges of M2M Security and Privacy Phil Hawkes Principal Engineer at Qualcomm Inc. onem2m
Facing the Challenges of M2M Security and Privacy Phil Hawkes Principal Engineer at Qualcomm Inc. phawkes@qti.qualcomm.com onem2m www.onem2m.org 1 Overview onem2m Architecture: a quick review Challenges
More informationBRSKI document status. Authors: Max Pritikin, Michael Richardson and Kent Watsen
BRSKI document status Authors: Max Pritikin, Michael Richardson and Kent Watsen BRSKI document significant editorial changes Version -06: major rewrite of document. We took most content and put it into
More informationLaunch Smart Products With End-to-End Solutions You & Your Customers Can Trust
Solution Brief: Launch Smart Products With End-to-End Solutions You & Your Customers Can Trust DeviceTone, our ready to run "connect, manage and enable" solution for product companies, makes secure connectivity,
More informationApplications of Attestation:
Lecture Secure, Trusted and Trustworthy Computing : IMA and TNC Prof. Dr. Ing. Ahmad Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Winter Term 2011/2012 1 Roadmap: TC
More informationVerifiable Anonymous Identities and Access Control in Permissioned Blockchains
Verifiable Anonymous Identities and Access Control in Permissioned Blockchains Thomas Hardjono MIT Internet Trust Consortium Massachusetts Institute of Technology Cambridge, MA 02139, USA Email: hardjono@mit.edu
More informationM2M / IoT Security. Eurotech`s Everyware IoT Security Elements Overview. Robert Andres
M2M / IoT Security Eurotech`s Everyware IoT Security Elements Overview Robert Andres 23. September 2015 The Eurotech IoT Approach : E2E Overview Application Layer Analytics Mining Enterprise Applications
More informationSecuring IoT with the ARM mbed ecosystem
Securing IoT with the ARM mbed ecosystem Xiao Sun / Senior Applications Engineer / ARM ARM mbed Connect / Shenzhen, China December 5, 2016 Lots of interest in IoT security Researchers are looking into
More informationAn Overview of the User Services Platform (USP) (Broadband Forum TR-369)
An Overview of the User Services Platform (USP) (Broadband Forum TR-369) Prepared especially for technical people - most meaningless marketing terms have been removed What we re going to talk about TR-069
More informationM2MD Communications Gateway: fast, secure, efficient
Solution Brief M2MD Communications Gateway: fast, secure, efficient G+D Mobile Security and M2MD enable automakers to improve user experience through fast, secure and efficient cellular automotive connectivity.
More informationNetwork Encryption 3 4/20/17
The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server
More informationOCF 2.3 Bridging Spec Framework CRs BTG CRs 2614, 2615, & Legal Disclaimer
Template version: 1.2 page 1 OCF 2.3 Bridging Spec Framework CRs BTG CRs 2614, 2615, & 2666 Legal Disclaimer THIS IS A DRAFT SPECIFICATIO DOCUMET OL AD HAS OT BEE ADOPTED B THE OPE COECTIVIT FOUDATIO.
More informationConnecting the Unconnected: IoT Made Simple
Connecting the Unconnected: IoT Made Simple Max Amordeluso Head of Solutions Architecture AWS EU/EC @maxamorde Internet of Things Internet of Things Why so much interest? Smarter Products That Get Better
More informationIntroducing Hardware Security Modules to Embedded Systems
Introducing Hardware Security Modules to Embedded Systems for Electric Vehicles charging according to ISO/IEC 15118 V1.0 2017-03-17 Agenda Hardware Trust Anchors - General Introduction Hardware Trust Anchors
More informationBuilding a Big IaaS Cloud. David /
Building a Big IaaS Cloud David Nalley @ke4qqq ke4qqq@apache.org / david@gnsa.us #whoami Recovering Sysadmin F/LOSS contributor Committer on Apache CloudStack Assumptions You have a need for an IaaS compute
More informationIRP - the Identity Registration Protocol L AW R E N C E E. HUGHES CO- F O U N D E R AND C TO S I X S CAPE C O M M U N I C ATIONS, P TE. LTD.
IRP - the Identity Registration Protocol L AW R E N C E E. HUGHES CO- F O U N D E R AND C TO S I X S CAPE C O M M U N I C ATIONS, P TE. LTD. L HUGHES@SIXSC APE.COM The IPv4 Internet is Broken By the mid-1990
More informationDelegated Access Control Extension
Delegated Access Control Extension Version 1.1f "Publication of this Working Draft for review and comment has been approved by the Cloud Storage Technical Working Group. This draft represents a "best effort"
More informationCisco Kinetic Data Control Module
WHITEPAPER DATA CONTROL MODULE Cisco Kinetic Data Control Module Enforcing policy and getting the right data to the right applications at the right time Table of Contents Executive summary... 3 Introduction...
More informationSecurity Monitoring of LwM2M Protocol
Security Monitoring of LwM2M Protocol Technical Report FIT-TR-2017-16 Ondřej Ryšavý Marek Rychlý Ondřej Ryšavý Technical Report no. FIT-TR-2017-16 Faculty of Information Technology Brno University of Technology
More informationResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models Xiao Sun Senior Application Engineer ARM Tech Symposia China 2015 November 2015 Evolution from M2M to IoT M2M Silos of Things Standards Security
More informationTrusted Computing Group
Trusted Computing Group Backgrounder May 2003 Copyright 2003 Trusted Computing Group (www.trustedcomputinggroup.org.) All Rights Reserved Trusted Computing Group Enabling the Industry to Make Computing
More informationChallenges. Distribution. Discovery. Security. Usability. Governance. Unreliable messaging. Physical objects. Dealing with places.
Unreliable messaging Distribution Discovery Physical objects Asynchrony Dealing with places Delay tolerance Challenges Power source? Data services Security Identifying Integrity Autonomy Usability Provenance
More informationAWS IoT Overview. July 2016 Thomas Jones, Partner Solutions Architect
AWS IoT Overview July 2016 Thomas Jones, Partner Solutions Architect AWS customers are connecting physical things to the cloud in every industry imaginable. Healthcare and Life Sciences Municipal Infrastructure
More informationAuthenticating People and Machines over Insecure Networks
Authenticating People and Machines over Insecure Networks EECE 571B Computer Security Konstantin Beznosov authenticating people objective Alice The Internet Bob Password= sesame Password= sesame! authenticate
More informationInteragency Advisory Board Meeting Agenda, Wednesday, December 5, 2012
Interagency Advisory Board Meeting Agenda, Wednesday, December 5, 2012 1. Opening Remarks 2. The State Identity Credential and Access Management Guidance and Roadmap (SICAM) (Chad Grant, NASCIO) 3. PIV
More informationAbout FIPS, NGE, and AnyConnect
About FIPS, NGE, and AnyConnect, on page 1 Configure FIPS for the AnyConnect Core VPN Client, on page 4 Configure FIPS for the Network Access Manager, on page 5 About FIPS, NGE, and AnyConnect AnyConnect
More informationInternet of Things: An Introduction
Internet of Things: An Introduction IoT Overview and Architecture IoT Communication Protocols Acknowledgements 1.1 What is IoT? Internet of Things (IoT) comprises things that have unique identities and
More informationFirmware Updates for Internet of Things Devices
Firmware Updates for Internet of Things Devices Brendan Moran, Milosch Meriac, Hannes Tschofenig Drafts: draft-moran-suit-architecture draft-moran-suit-manifest 1 WHY DO WE CARE? 2 IoT needs a firmware
More informationBuilding firmware update: The devil is in the details
Building firmware update: The devil is in the details Atsushi Haruta, IoT Services Group, Arm Arm Tech Symposia Japan 2017 Arm Mbed: Secure device management Application Cloud Mbed Cloud Secure, scalable,
More informationDocument Databases: MongoDB
NDBI040: Big Data Management and NoSQL Databases hp://www.ksi.mff.cuni.cz/~svoboda/courses/171-ndbi040/ Lecture 9 Document Databases: MongoDB Marn Svoboda svoboda@ksi.mff.cuni.cz 28. 11. 2017 Charles University
More informationThe Web of Things. Breakout session on service descriptions. Dave Raggett, W3C 1/27
The Web of Things Breakout session on service descriptions Dave Raggett, W3C 1/27 The Web of Things A huge variety of potential application domains including... 2/27 Perils of Fragmentation Advances in
More informationSMKI Code of Connection
SMKI Code of Connection DCC Public Page 1 of 12 Contents 1 Connection Mechanism... 4 1.1 Browser Policy... 4 2 SMKI Services interfaces... 5 2.1 SMKI Services interfaces via DCC Gateway Connection... 5
More informationMetadata Zoo Dataset Metadata Rebecca Koskela Execu4ve Director, DataONE
Metadata Zoo Dataset Metadata Rebecca Koskela Execu4ve Director, DataONE eurocris September 9, 2013 Outline Data Challenges Metadata Solu=on DataONE addressing the Data Challenge Enabling Scien=fic Discovery
More informationAccess Control. CMPSC Spring 2012 Introduction Computer and Network Security Professor Jaeger.
Access Control CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Access Control Describe the permissions available to computing processes
More informationInternet of Things 2018/2019
Internet of Things 2018/2019 Discovering the Things Johan Lukkien with slides by Milosh Stolikj John Carpenter, 1982 1 Guiding questions What does service discovery entail, and what are relevant criteria
More informationA Two-Fold Authentication Mechanism for Network Security
Asian Journal of Engineering and Applied Technology ISSN 2249-068X Vol. 7 No. 2, 2018, pp. 86-90 The Research Publication, www.trp.org.in A Two-Fold for Network Security D. Selvamani 1 and V Selvi 2 1
More informationSecuring IoT applications with Mbed TLS Hannes Tschofenig
Securing IoT applications with Mbed TLS Hannes Tschofenig Part#2: Public Key-based authentication March 2018 Munich Agenda For Part #2 of the webinar we are moving from Pre-Shared Secrets (PSKs) to certificated-based
More informationCon$nuous Audi$ng and Risk Management in Cloud Compu$ng
Con$nuous Audi$ng and Risk Management in Cloud Compu$ng Marcus Spies Chair of Knowledge Management LMU University of Munich Scien$fic / Technical Director of EU Integrated Research Project MUSING Cloud
More informationSHAKEN Governance Model and Cer4ficate Management Overview
SHAKEN Governance Model and Cer4ficate Management Overview ATIS- 1000080 8/2/17 1 STI- PA STI- CA Service Provider Code Token ACME SP- KMS Public Key STI- CR SKS Private Key STI- AS STI- VS 8/2/17 2 STI-
More information