SlideShare une entreprise Scribd logo
1  sur  24
Télécharger pour lire hors ligne
Security IN 
the Internet of Things 
Victor Ake 
Victor.Ake@ForgeRock.com 
CTO Office/Co-Founder
2 
About me 
! 26 years experience in the IT Industry. 
! As a System Engineer, Networking, 
Security, Identity Relationship 
Management. Ericsson, IBM, 3Com, 
Sun Microsystems, ForgeRock 
! Co-Founder of FORGEROCK 
! CTO Office 
http://www.forgerock.com
3 
World Wide Web 
Mobile Internet 
Internet of things 
Image Source: Kelsey Austin. https://www.flickr.com/photos/kelseyrage/15362515989
4 
Despite the wave 
Information is the common key deliverable 
Telemetry (Health, Rockets, 
Energy, Aviation, etc) 
Device Identification 
Sensed Information 
Metered information 
Forget the HONEY! 
Source: Meadows R (2012) Understanding the Flight of the Bumblebee. PLoS Biol 10(9)
5 
Increasing Amount OF 
Security, 
Privacy & 
Safety 
Concerns
6 
Top barriers to iot and m2m adoption 
Source: Infonetics, January 2014.
7 
Security and privacy 
Data in Transit 
Data 
Access 
ACCESS 
Access 
Data 
Things MOBILE/ 
gateway 
CLOUD ENterprise 
Data 
Data 
ACCESS
8 
challenges 
Low friction human interaction 
Unique device identification 
Device Authenticity 
Device-user association 
Nature of the data 
Security vs Comfort / RISK vs REWARD 
Image Source: Sharkawi Che Din. https://www.flickr.com/photos/sharkawi3d/15374262331/
9 
More challenges 
Limited encryption capabilities 
Limited resources (RAM/ROM) 
Limited clock synchronization 
Firmware must be upgraded from time to time 
Image Soruce: Massimo Piccoli. https://www.flickr.com/photos/massimo_piccoli/12680390774/
10 
IoT security design rules 
" Build Security in, it can not be added later 
" Keep security mechanisms simple 
" Use existing standards 
" Obscurity does not provide security 
Image source: http://cdn.blickers.com/wp-content/uploads/2013/12/Leonardo-da-vinci2.jpg
11 
IoT security design rules 
" Encrypt sensitive data at rest and in transit 
" Use well-studied cryptographic building blocks 
" Identity and Access Management must be part 
of the design 
" Develop a realistic threat model 
Image source: http://cdn.blickers.com/wp-content/uploads/2013/12/Leonardo-da-vinci2.jpg
12 
Common Security Issues
13 
secure Web, Mobile and Cloud 
Interface 
" Do not allow default credentials 
" Assume device accessed Internally and Externally 
" Credentials should not be stored in plain text nor 
travel in unencrypted channels 
" Protect against account enumeration & implement 
account lockout 
" Protect against XSS, CSRF, SQLi 
" Implement an IAM/IRM system
14 
Implement an IAM/IRM System 
Identity creation, 
Authentication 
& 
Authorization
15 
Provisioning Device Identity 
IDM System 
I’m an Authentic device 
I’m unique (D) Verify authenticity 
Register me and registers device 
PKI (SE)
Register user, AuthN, claim ownership 
16 
Register me 
I own device D 
I allow device D to 
send data on my 
behalf to service S1 
for 1 day 
Verify identity of user, 
Register user, 
Authenticate user 
Proof possession of 
Device 
Create Relationship 
User-device 
Generates OAuth2 Token 
Provision Refresh and 
Access Token to device 
Authenticate 
Store R & A 
Tokens 
AM System 
PKI (SE)
17 
Device send data on behalf of user 
AM System 
Send Data (OAuth2 Token) 
Verify Device, OAuth2 
Access Token validity and 
Scope (authorization) 
PKI (SE) 
Refresh Token 
Associate data to Alice 
…. Token expired 
Negotiate new Access token 
Store A.Token New Access Token
18 
User shares data, revokes tokens 
AM with UMA 
System 
Authenticate 
I want to Share my data 
with My Insurance Company 
…. Lost my device 
Revoke token 
HTTP, MQTT, SASL 
PKI (SE)
19 
Network Services 
" Ensure only necessary ports are open 
" Ensure services are not vulnerable to buffer 
overflow and fuzzing attacks 
" Ensure services are not vulnerable to DoS attacks
20 
Transport encryption 
" Ensure data and credentials are encrypted while in 
transit 
" Use secure encrypted channels 
" Use good key lengths and good algorithms 
(Elliptic Curve provides efficient encrypting) 
" Protect against replay attacks
21 
Privacy as part of the design 
" Collect only the minimum necessary data for the 
functionality of the device 
" Ensure any sensitive data collected is properly 
protected with encryption 
" Ensure the device properly protects personal data 
Photo Source: Brian M (OCDBri): https://www.flickr.com/photos/ocdbri/14438661513
22 
Software/Firmware 
" Ensure your firmware does not contain hardcoded 
credentials or sensitive data 
" Use a secure channel to transmit the firmware during 
upgrades 
" Ensure the update is signed and verified before 
allowing the update 
" Do not send the public key with the firmware, use a 
hash 
" Ensure your SVN/GIT repositories do not contain the 
private keys
23 
Physical Security 
" Ensure physical access to your device is 
controlled 
" Accessible USB or SD ports can be a weakness 
" Can it be easily disassembled to access the 
internal storage (RAM/ROM) 
" If local data is sensitive, consider encrypting the 
data 
Image Source: http://conflictresearchgroupintl.com/wp-content/uploads/2014/03/How-to-Look-Like-a-Bouncer1.jpg
24 
Thank You! 
Security in the Internet of 
Things 
FORGEROCK.COM | LEGAL INFORMATION 
Victor Ake 
Victor.Ake@ForgeRock.com 
CTO Office

Contenu connexe

Tendances

Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITYThe Avi Sharma
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAparna Bhadran
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in SocietyRubal Sagwal
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityNemwos
 
Overview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOverview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOlivier Busolini
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile securityPushkar Pashupat
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...Aladdin Dandis
 

Tendances (20)

IoT Security
IoT SecurityIoT Security
IoT Security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITY
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 
ICS security
ICS securityICS security
ICS security
 
Network security
Network securityNetwork security
Network security
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in Society
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
Information security
Information securityInformation security
Information security
 
IT security
IT securityIT security
IT security
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Overview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOverview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in Cybersecurity
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile security
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...
 

En vedette

The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsLiwei Ren任力偉
 
TOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of ThingsTOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of ThingsChromeInfo Technologies
 
Internet of Things and Security challenges
Internet of Things and Security challengesInternet of Things and Security challenges
Internet of Things and Security challengesAnastasios Economides
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issuesrjain51
 
When IoT Meets Artificial Intelligence
 When IoT Meets Artificial Intelligence When IoT Meets Artificial Intelligence
When IoT Meets Artificial IntelligenceVeselin Pizurica
 
Artificial intelligence and IoT
Artificial intelligence and IoTArtificial intelligence and IoT
Artificial intelligence and IoTVeselin Pizurica
 
AI is the Catalyst of IoT
AI is the Catalyst of IoTAI is the Catalyst of IoT
AI is the Catalyst of IoTAhmed Banafa
 
IoT + Big Data + Cloud + AI Integration Strategy Insights from Patents
IoT + Big Data + Cloud + AI Integration Strategy Insights from PatentsIoT + Big Data + Cloud + AI Integration Strategy Insights from Patents
IoT + Big Data + Cloud + AI Integration Strategy Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Innovation with AWS: IoT, Robotics and AI
Innovation with AWS: IoT, Robotics and AIInnovation with AWS: IoT, Robotics and AI
Innovation with AWS: IoT, Robotics and AIAmazon Web Services
 
Why the Internet of Things needs AI & interoperability to succeed
Why the Internet of Things needs AI & interoperability to succeedWhy the Internet of Things needs AI & interoperability to succeed
Why the Internet of Things needs AI & interoperability to succeedNuance Communications
 
IoT Cloud architecture
IoT Cloud architectureIoT Cloud architecture
IoT Cloud architectureMachinePulse
 
cloud security using Fog Computing
cloud security using Fog Computingcloud security using Fog Computing
cloud security using Fog Computingarchana lisbon
 
Fog computing
Fog computingFog computing
Fog computingAnkit_ap
 

En vedette (20)

The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
 
TOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of ThingsTOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of Things
 
Internet of Things and Security challenges
Internet of Things and Security challengesInternet of Things and Security challenges
Internet of Things and Security challenges
 
A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOT
 
The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security Issues
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issues
 
When IoT Meets Artificial Intelligence
 When IoT Meets Artificial Intelligence When IoT Meets Artificial Intelligence
When IoT Meets Artificial Intelligence
 
Artificial intelligence and IoT
Artificial intelligence and IoTArtificial intelligence and IoT
Artificial intelligence and IoT
 
AI is the Catalyst of IoT
AI is the Catalyst of IoTAI is the Catalyst of IoT
AI is the Catalyst of IoT
 
How AI connect dots for IoT
How AI connect dots for IoTHow AI connect dots for IoT
How AI connect dots for IoT
 
Understanding the Internet of Things Protocols
Understanding the Internet of Things ProtocolsUnderstanding the Internet of Things Protocols
Understanding the Internet of Things Protocols
 
IoT + Big Data + Cloud + AI Integration Strategy Insights from Patents
IoT + Big Data + Cloud + AI Integration Strategy Insights from PatentsIoT + Big Data + Cloud + AI Integration Strategy Insights from Patents
IoT + Big Data + Cloud + AI Integration Strategy Insights from Patents
 
Innovation with AWS: IoT, Robotics and AI
Innovation with AWS: IoT, Robotics and AIInnovation with AWS: IoT, Robotics and AI
Innovation with AWS: IoT, Robotics and AI
 
Why the Internet of Things needs AI & interoperability to succeed
Why the Internet of Things needs AI & interoperability to succeedWhy the Internet of Things needs AI & interoperability to succeed
Why the Internet of Things needs AI & interoperability to succeed
 
IoT Cloud architecture
IoT Cloud architectureIoT Cloud architecture
IoT Cloud architecture
 
Face detection issues
Face detection issuesFace detection issues
Face detection issues
 
cloud security using Fog Computing
cloud security using Fog Computingcloud security using Fog Computing
cloud security using Fog Computing
 
Latest Thesis Topics for Fog computing
Latest Thesis Topics for Fog computingLatest Thesis Topics for Fog computing
Latest Thesis Topics for Fog computing
 
Fog computing
Fog computingFog computing
Fog computing
 

Similaire à Security in the Internet of Things

SFScon 21 - Stefano Della Valle - The role of DLTs in advanced IoT platform
SFScon 21 - Stefano Della Valle  - The role of DLTs in advanced IoT platformSFScon 21 - Stefano Della Valle  - The role of DLTs in advanced IoT platform
SFScon 21 - Stefano Della Valle - The role of DLTs in advanced IoT platformSouth Tyrol Free Software Conference
 
Big data, Security, or Privacy in IoT: Choice is Yours
Big data, Security, or Privacy in IoT: Choice is YoursBig data, Security, or Privacy in IoT: Choice is Yours
Big data, Security, or Privacy in IoT: Choice is YoursDilum Bandara
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantVladimir Jirasek
 
Health Information Privacy and Security (October 30, 2019)
Health Information Privacy and Security (October 30, 2019)Health Information Privacy and Security (October 30, 2019)
Health Information Privacy and Security (October 30, 2019)Nawanan Theera-Ampornpunt
 
Mobile security
Mobile securityMobile security
Mobile securityStefaan
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatDuo Security
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
Using Big Data to Counteract Advanced Threats
Using Big Data to Counteract Advanced ThreatsUsing Big Data to Counteract Advanced Threats
Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloudUlf Mattsson
 
Tokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and ComplianceTokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and ComplianceUlf Mattsson
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsMaxim Salnikov
 
Essay About IS4560 Hacking
Essay About IS4560 HackingEssay About IS4560 Hacking
Essay About IS4560 HackingJessica Deakin
 
Enterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security CasesEnterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security CasesHakan Yüksel
 
Building Trust Despite Digital Personal Devices
Building Trust Despite Digital Personal DevicesBuilding Trust Despite Digital Personal Devices
Building Trust Despite Digital Personal DevicesJavier González
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of securitySejahtera Affif
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applicationsGTestClub
 

Similaire à Security in the Internet of Things (20)

IoT-Device-Security.pptx
IoT-Device-Security.pptxIoT-Device-Security.pptx
IoT-Device-Security.pptx
 
SFScon 21 - Stefano Della Valle - The role of DLTs in advanced IoT platform
SFScon 21 - Stefano Della Valle  - The role of DLTs in advanced IoT platformSFScon 21 - Stefano Della Valle  - The role of DLTs in advanced IoT platform
SFScon 21 - Stefano Della Valle - The role of DLTs in advanced IoT platform
 
Big data, Security, or Privacy in IoT: Choice is Yours
Big data, Security, or Privacy in IoT: Choice is YoursBig data, Security, or Privacy in IoT: Choice is Yours
Big data, Security, or Privacy in IoT: Choice is Yours
 
Mobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistantMobile phone as Trusted identity assistant
Mobile phone as Trusted identity assistant
 
Health Information Privacy and Security (October 30, 2019)
Health Information Privacy and Security (October 30, 2019)Health Information Privacy and Security (October 30, 2019)
Health Information Privacy and Security (October 30, 2019)
 
INT 1010 05-1.pdf
INT 1010 05-1.pdfINT 1010 05-1.pdf
INT 1010 05-1.pdf
 
itmsday2.pptx
itmsday2.pptxitmsday2.pptx
itmsday2.pptx
 
Mobile security
Mobile securityMobile security
Mobile security
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
Using Big Data to Counteract Advanced Threats
Using Big Data to Counteract Advanced ThreatsUsing Big Data to Counteract Advanced Threats
Using Big Data to Counteract Advanced Threats
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloud
 
Tokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and ComplianceTokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and Compliance
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
 
Essay About IS4560 Hacking
Essay About IS4560 HackingEssay About IS4560 Hacking
Essay About IS4560 Hacking
 
Enterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security CasesEnterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security Cases
 
Building Trust Despite Digital Personal Devices
Building Trust Despite Digital Personal DevicesBuilding Trust Despite Digital Personal Devices
Building Trust Despite Digital Personal Devices
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of security
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applications
 

Plus de ForgeRock

Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleForgeRock
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondGet the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondForgeRock
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management  - A Strategic OpportunityIdentity Live Sydney: Identity Management  - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic OpportunityForgeRock
 
Identity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityIdentity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityForgeRock
 
Identity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationIdentity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationForgeRock
 
Identity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationIdentity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationForgeRock
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmForgeRock
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyIdentity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyForgeRock
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication ForgeRock
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live  Sydney:  Building Trust and Privacy in a Connected SocietyIdentity Live  Sydney:  Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected SocietyForgeRock
 
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveGet the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveForgeRock
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewGet the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewForgeRock
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)ForgeRock
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...ForgeRock
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years..  (Identity Live Berlin 2018)BMW Group - Identity Enables the Next 100 Years..  (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)ForgeRock
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...ForgeRock
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...ForgeRock
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...ForgeRock
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication  (Identity Live Berlin 2018)Intelligent Authentication  (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)ForgeRock
 

Plus de ForgeRock (20)

Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
 
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and BeyondGet the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
Get the Exact Identity Solution You Need - In the Cloud - AWS and Beyond
 
Identity Live Sydney: Identity Management - A Strategic Opportunity
Identity Live Sydney: Identity Management  - A Strategic OpportunityIdentity Live Sydney: Identity Management  - A Strategic Opportunity
Identity Live Sydney: Identity Management - A Strategic Opportunity
 
Identity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity CapabilityIdentity Live Singapore: Transform Your Cybersecurity Capability
Identity Live Singapore: Transform Your Cybersecurity Capability
 
Identity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote PresentationIdentity Live Singapore 2018 Keynote Presentation
Identity Live Singapore 2018 Keynote Presentation
 
Identity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote PresentationIdentity Live Sydney 2018 Keynote Presentation
Identity Live Sydney 2018 Keynote Presentation
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'Em
 
Identity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected SocietyIdentity Live Singapore: Building Trust & Privacy in a Connected Society
Identity Live Singapore: Building Trust & Privacy in a Connected Society
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication
 
Identity Live Sydney: Building Trust and Privacy in a Connected Society
Identity Live  Sydney:  Building Trust and Privacy in a Connected SocietyIdentity Live  Sydney:  Building Trust and Privacy in a Connected Society
Identity Live Sydney: Building Trust and Privacy in a Connected Society
 
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep DiveGet the Exact Identity Solution you Need in the Cloud - Deep Dive
Get the Exact Identity Solution you Need in the Cloud - Deep Dive
 
Get the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - OverviewGet the Exact Identity Solution You Need - In the Cloud - Overview
Get the Exact Identity Solution You Need - In the Cloud - Overview
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)
 
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
Steinberg - Customer identity as the cornerstone of our approach to digitaliz...
 
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years..  (Identity Live Berlin 2018)BMW Group - Identity Enables the Next 100 Years..  (Identity Live Berlin 2018)
BMW Group - Identity Enables the Next 100 Years.. (Identity Live Berlin 2018)
 
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
Trust is Everything - The Future of Identity and the ForgeRock Platform (Iden...
 
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
Silo Busters- The Value of User and Data Centricity beyond IoT Devices (Ident...
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication  (Identity Live Berlin 2018)Intelligent Authentication  (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)
 

Dernier

COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 

Dernier (20)

COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 

Security in the Internet of Things

  • 1. Security IN the Internet of Things Victor Ake Victor.Ake@ForgeRock.com CTO Office/Co-Founder
  • 2. 2 About me ! 26 years experience in the IT Industry. ! As a System Engineer, Networking, Security, Identity Relationship Management. Ericsson, IBM, 3Com, Sun Microsystems, ForgeRock ! Co-Founder of FORGEROCK ! CTO Office http://www.forgerock.com
  • 3. 3 World Wide Web Mobile Internet Internet of things Image Source: Kelsey Austin. https://www.flickr.com/photos/kelseyrage/15362515989
  • 4. 4 Despite the wave Information is the common key deliverable Telemetry (Health, Rockets, Energy, Aviation, etc) Device Identification Sensed Information Metered information Forget the HONEY! Source: Meadows R (2012) Understanding the Flight of the Bumblebee. PLoS Biol 10(9)
  • 5. 5 Increasing Amount OF Security, Privacy & Safety Concerns
  • 6. 6 Top barriers to iot and m2m adoption Source: Infonetics, January 2014.
  • 7. 7 Security and privacy Data in Transit Data Access ACCESS Access Data Things MOBILE/ gateway CLOUD ENterprise Data Data ACCESS
  • 8. 8 challenges Low friction human interaction Unique device identification Device Authenticity Device-user association Nature of the data Security vs Comfort / RISK vs REWARD Image Source: Sharkawi Che Din. https://www.flickr.com/photos/sharkawi3d/15374262331/
  • 9. 9 More challenges Limited encryption capabilities Limited resources (RAM/ROM) Limited clock synchronization Firmware must be upgraded from time to time Image Soruce: Massimo Piccoli. https://www.flickr.com/photos/massimo_piccoli/12680390774/
  • 10. 10 IoT security design rules " Build Security in, it can not be added later " Keep security mechanisms simple " Use existing standards " Obscurity does not provide security Image source: http://cdn.blickers.com/wp-content/uploads/2013/12/Leonardo-da-vinci2.jpg
  • 11. 11 IoT security design rules " Encrypt sensitive data at rest and in transit " Use well-studied cryptographic building blocks " Identity and Access Management must be part of the design " Develop a realistic threat model Image source: http://cdn.blickers.com/wp-content/uploads/2013/12/Leonardo-da-vinci2.jpg
  • 13. 13 secure Web, Mobile and Cloud Interface " Do not allow default credentials " Assume device accessed Internally and Externally " Credentials should not be stored in plain text nor travel in unencrypted channels " Protect against account enumeration & implement account lockout " Protect against XSS, CSRF, SQLi " Implement an IAM/IRM system
  • 14. 14 Implement an IAM/IRM System Identity creation, Authentication & Authorization
  • 15. 15 Provisioning Device Identity IDM System I’m an Authentic device I’m unique (D) Verify authenticity Register me and registers device PKI (SE)
  • 16. Register user, AuthN, claim ownership 16 Register me I own device D I allow device D to send data on my behalf to service S1 for 1 day Verify identity of user, Register user, Authenticate user Proof possession of Device Create Relationship User-device Generates OAuth2 Token Provision Refresh and Access Token to device Authenticate Store R & A Tokens AM System PKI (SE)
  • 17. 17 Device send data on behalf of user AM System Send Data (OAuth2 Token) Verify Device, OAuth2 Access Token validity and Scope (authorization) PKI (SE) Refresh Token Associate data to Alice …. Token expired Negotiate new Access token Store A.Token New Access Token
  • 18. 18 User shares data, revokes tokens AM with UMA System Authenticate I want to Share my data with My Insurance Company …. Lost my device Revoke token HTTP, MQTT, SASL PKI (SE)
  • 19. 19 Network Services " Ensure only necessary ports are open " Ensure services are not vulnerable to buffer overflow and fuzzing attacks " Ensure services are not vulnerable to DoS attacks
  • 20. 20 Transport encryption " Ensure data and credentials are encrypted while in transit " Use secure encrypted channels " Use good key lengths and good algorithms (Elliptic Curve provides efficient encrypting) " Protect against replay attacks
  • 21. 21 Privacy as part of the design " Collect only the minimum necessary data for the functionality of the device " Ensure any sensitive data collected is properly protected with encryption " Ensure the device properly protects personal data Photo Source: Brian M (OCDBri): https://www.flickr.com/photos/ocdbri/14438661513
  • 22. 22 Software/Firmware " Ensure your firmware does not contain hardcoded credentials or sensitive data " Use a secure channel to transmit the firmware during upgrades " Ensure the update is signed and verified before allowing the update " Do not send the public key with the firmware, use a hash " Ensure your SVN/GIT repositories do not contain the private keys
  • 23. 23 Physical Security " Ensure physical access to your device is controlled " Accessible USB or SD ports can be a weakness " Can it be easily disassembled to access the internal storage (RAM/ROM) " If local data is sensitive, consider encrypting the data Image Source: http://conflictresearchgroupintl.com/wp-content/uploads/2014/03/How-to-Look-Like-a-Bouncer1.jpg
  • 24. 24 Thank You! Security in the Internet of Things FORGEROCK.COM | LEGAL INFORMATION Victor Ake Victor.Ake@ForgeRock.com CTO Office