SlideShare a Scribd company logo

IoT Security in Action - Boston Sept 2015

Eurotech
Eurotech

The Success Story of Everyware Device Cloud by Eurotech secured with DNSSEC and DANE. Joint presentation by Eurotech and Verisign

Business
1 of 23
Download to read offline
IoT Security in Action The Success Story of Everyware Device Cloud by Eurotech, secured with DNSSEC and DANE Andrea Ceiner, Eurotech Andrew Cathrow, Verisign IoT Security – Boston, September 2015
This presentation has been prepared by Eurotech S.p.A. (or “Eurotech”). The information contained in this presentation does nor purport to be comprehensive. Neither Eurotech nor any of its officers, employees, advisers or agents accepts any responsibility for/or makes any representation or warranty, express or implied, as to the truth, fullness, accuracy or completeness of the information in this presentation (or whether any information has been omitted from the presentation) or any other information relating to Eurotech, its subsidiaries or associated companies, whether written, oral or in a visual or electric form, transmitted or made available. The distribution of this document in other jurisdictions may be restricted by law, and persons into whose possession this document comes should inform themselves about, and observe, any such restrictions. No reliance may be placed for any purposes whatsoever on the information contained in this document or any other material discussed during this presentation, or on its completeness, accuracy or fairness. The information in this document and any other material discussed at this presentation is subject to verification, completion and change. The information and opinions contained in this document are provided as at the date of the presentation and are subject to change without notice. Some of the information is still in draft form and will only be finalized. By attending the presentation you agree to be bound by the foregoing terms. Trademarks or Registered Trademarks are the property of their respective owners. Disclaimer
• 1.Security • 2.Enterprise • 3.Consumer Privacy. • 4.Data • 5.Storage Management • 6.Server Technologies • 7.Data Center Network Gartner’s Seven Potential IoT Challenges
Enemies Everywhere, Many Reasons … Attackers / Hackers Targets Reasons… •Financial •Business •Political •Intangible Attackers Profiles: • Hackers • Cracker/Criminals • Script Kiddies • Competitors •Organizations/Govs Targets • Quality, Performance, Availability • Reputation • Know-How, Intellectual Property • Resources
Anatomy of an IoT Solution Transforming Bits of Data at the Edge of the Network into Actionable Information in the Business Users’ Hands @ Things Gateways / Smart Devices IoT / OT Platform Application
Requirements for IoT SECURITY at SCALE Efficiently Managed Low Cost Increased Trust Globally Interoperable
M2M / IoT Security Security Focus Points – Extension with Verisign IoT Device Cloud Security • Authentication • PKI Management • Trusted execution environment • Network security / Firewall • Access Control IoT Device Security • Certified Identity • Service discovery • Trusted execution environment • Network security / Firewall • Secure Boot IoT / OT Platform Things Application Gateways / Smart Devices Communication Security • Authentication • Encryption • Man-in-the-middle Protection • Message Integrity
M2M / IoT Security Strong Authentication / Trust Anchors / Verification @ Things Gateways / Smart Devices IoT / OT Platform Application Global DNS
IoT Security: ineffective implementation Why use PKI for Device Identification & Authentication API keys as credential MAC address as identifier Device ID hardcoded on device or configuration file
Trusted Authentication Why PKI based Authentication using DNS ? Public Key Infrastruture (PKI) • Trusted and well established technology • But the scale of IoT introduces new problems and amplifies old issues Managability at scale $$$$$$ $$$$$$ $$$$$$ Cost of Certificates Security Revocation and reissuance “Too many CAs” problem
Trusted Authentication Why PKI based Authentication using DNS ? DNS-based Authentication of Named Entities (DANE): public standard (IETF RFC 6698) Key/certificate management and revocation: effective and easier Compatible with IoT scale and costs Based on Open Standards and Open Source No Lock-in
Authentication & Authorization Everyware Device Cloud integrated with DNSSEC/DANE Ship the Devices towards their final destination3.Shipment over-the-air DISCOVERY  PROVISION  A&A 4.Power ON the Device realtime metrics, events and remotely management within a secure always-on session 5.Device & Data Management Registering Broker Services (Provisioning and Messaging) into the Authoritative DNS 1.Cloud Setup First gateway/device initialization by Manufacturer2.Gateway (ESF) Setup
4. Power ON the Device Over-the-air DISCOVERY  PROVISION  A&A Here I am, this is my ID … Authenticate me and Authorize me please ! A&A (Birth) WHO IS MY BROKER ? Broker Discovery GIVE ME MY CONFIGURATION PLEASE !Device Provision
STEP 1 - Cloud Services Setup Registering Broker Services onto Authoritative DNS Secure DNS provisioning API - Authoritative DNS - Validating Recursive DNS HTTPS POST Provisioning & Messaging Broker Services 1 2 Broker Service: PROVISIONING Broker Service: MESSAGING
STEP 2 – M2M Gateway (ESF) Setup First gateway/device initialization by Manufacturer HTTPS + 2FA login 2 1 Gateway (ESF) SetUP •Network configuration •Domain Name •Broker Services (Provisioning; Messaging) •Validating Recursive DNS Server •Internal temporary Credentials Create a Provision Request (Pending)
STEP 3 - Shipment Ship Devices to Customer Device Manufacturer Customer
STEP 4 – Power ON the device 4.1 Broker Services DISCOVERY Tiaki 1 HTTPS: DISCOVERY (lookup PTR and associated SRV and TXT Resource Records within a DNS zone) 2 PTR & SRV for Provisioning & Messaging Broker Services Broker Service: PROVISIONING Broker Service: MESSAGING Switch ON the Device Secure DNS Query - Authoritative DNS - Validating Recursive DNS
STEP 4 – Power ON the device 4.2 Device Provision 2 1 MQTTS: CONNECT with INTERNAL credentials Internal Authentication & Procesing only if there is a Pending Provision Request for that Device Provision Request Pending 3 4 MQTTS: DEV ID (CN) 5 6 HTTPS: GET DEV ID (CN) Secure DNS provisioning API - Authoritative DNS - Validating Recursive DNS Generates Certificate (with DEV ID CN) & Publish it to Cloud HTTPS: Propagate Self- signed Certificate
STEP 4 – Power ON the device 4.3 Device Authentication & Authorization (BIRTH event) 2 1 MQTTS: publish TLS+Self-Signed Certificate 3 Authorize the Device Secure DNS Queries - Authoritative DNS - Validating Recursive DNS HTTPS get authentication
STEP 5 – Device & Data Management MQTT+SSL bidirectional messages over TLS Session MQTTS: publish device events and data-metrics MQTTS: publish SW Updates, Device Commands, Device Configuration, … Always-on session
STEP 4 – Power ON the device 4.4 Device Revoke HTTPS Remove Certificate & PropagateNOT Authenticated 3 HTTPS: DISABLE Device 5 1 Block messages from device4 2 mailto/twitter/sms: NOTIFY Unauthenticated Device - Authoritative DNS - Validating Recursive DNS Secure DNS provisioning APISecure DNS Queries
M2M / IoT Security Holistic Approach is required… The confidentiality, integrity, and availability of our customers’ data and IoT infrastructure is of the utmost importance to Eurotech, as it is maintaining our customers’ trust and confidence. That’s why we make M2M/IoT communications SECURE and RELIABLE over INSECURE and UNRELIABLE NETWORKS & MALICIOUS environment. M2M Communication Infrastructure Device Firmware / Application Business Application Sensors & Device Hardware Business Application Integration 1 2 3 4 5 6 7 8 8 8
Thank You

Recommended

Iot Security
Iot SecurityIot Security
Iot Security
MAITREYA MISRA
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
Ulf Mattsson
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
Frank Siepmann
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9
Arvind Tiwary
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
CableLabs
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
Leonardo De Moura Rocha Lima
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Charalampos Doukas
 

Recommended

Iot Security
Iot SecurityIot Security
Iot Security
MAITREYA MISRA
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
Ulf Mattsson
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
Frank Siepmann
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9
Arvind Tiwary
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
CableLabs
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
Leonardo De Moura Rocha Lima
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Charalampos Doukas
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
EC-Council
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
Security Innovation
 
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
David Glover
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security Elements
Eurotech
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
Intel® Software
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things Security
Tutun Juhana
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
Leonardo De Moura Rocha Lima
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Design World
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of Things
ForgeRock
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prusty
amarprusty
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
Radouane Mrabet
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
CAS
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITY
The Avi Sharma
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay Kumar
OWASP Delhi
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
CableLabs
 
Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open Standards
George Fletcher
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Stanford School of Engineering
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Denim Group
 
IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019
Tonex
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
Amit Rohatgi
 
Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...
Barry Greene
 
Query-name Minimization and Authoritative Server Behavior
Query-name Minimization and Authoritative Server BehaviorQuery-name Minimization and Authoritative Server Behavior
Query-name Minimization and Authoritative Server Behavior
Shumon Huque
 

More Related Content

What's hot

IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
EC-Council
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Stanford School of Engineering
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Denim Group
 
IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019
Tonex
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
Amit Rohatgi
 

What's hot (20)

IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
 
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security Elements
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things Security
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of Things
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prusty
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITY
 
IoT Security by Sanjay Kumar
IoT Security by Sanjay KumarIoT Security by Sanjay Kumar
IoT Security by Sanjay Kumar
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
 
Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open Standards
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
 
IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
 

Viewers also liked

Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...
Barry Greene
 
Approaches to application request throttling
Approaches to application request throttlingApproaches to application request throttling
Approaches to application request throttling
Maarten Balliauw
 
150928 - Verisign Public DNS
150928 - Verisign Public DNS150928 - Verisign Public DNS
150928 - Verisign Public DNS
Michael Kaczmarek
 
BIND’s New Security Feature: DNSRPZ - the "DNS Firewall"
BIND’s New Security Feature: DNSRPZ - the "DNS Firewall"BIND’s New Security Feature: DNSRPZ - the "DNS Firewall"
BIND’s New Security Feature: DNSRPZ - the "DNS Firewall"
Barry Greene
 

Viewers also liked (20)

Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...
 
Query-name Minimization and Authoritative Server Behavior
Query-name Minimization and Authoritative Server BehaviorQuery-name Minimization and Authoritative Server Behavior
Query-name Minimization and Authoritative Server Behavior
 
Hands-on getdns Tutorial
Hands-on getdns TutorialHands-on getdns Tutorial
Hands-on getdns Tutorial
 
I Have the Power(View)
I Have the Power(View)I Have the Power(View)
I Have the Power(View)
 
TTÜ Geeky Weekly
TTÜ Geeky WeeklyTTÜ Geeky Weekly
TTÜ Geeky Weekly
 
DNS and Troubleshooting DNS issues in Linux
DNS and Troubleshooting DNS issues in LinuxDNS and Troubleshooting DNS issues in Linux
DNS and Troubleshooting DNS issues in Linux
 
Approaches to application request throttling
Approaches to application request throttlingApproaches to application request throttling
Approaches to application request throttling
 
Network security
Network securityNetwork security
Network security
 
150928 - Verisign Public DNS
150928 - Verisign Public DNS150928 - Verisign Public DNS
150928 - Verisign Public DNS
 
IDNOG - 2014
IDNOG - 2014IDNOG - 2014
IDNOG - 2014
 
BIND’s New Security Feature: DNSRPZ - the "DNS Firewall"
BIND’s New Security Feature: DNSRPZ - the "DNS Firewall"BIND’s New Security Feature: DNSRPZ - the "DNS Firewall"
BIND’s New Security Feature: DNSRPZ - the "DNS Firewall"
 
A Designated ENUM DNS Zone Provisioning Architecture
A Designated ENUM DNS Zone Provisioning ArchitectureA Designated ENUM DNS Zone Provisioning Architecture
A Designated ENUM DNS Zone Provisioning Architecture
 
PostgreSQL DBA Neler Yapar?
PostgreSQL DBA Neler Yapar?PostgreSQL DBA Neler Yapar?
PostgreSQL DBA Neler Yapar?
 
Creating Domain Specific Languages in Python
Creating Domain Specific Languages in PythonCreating Domain Specific Languages in Python
Creating Domain Specific Languages in Python
 
PostgreSQL Hem Güçlü Hem Güzel!
PostgreSQL Hem Güçlü Hem Güzel!PostgreSQL Hem Güçlü Hem Güzel!
PostgreSQL Hem Güçlü Hem Güzel!
 
OpenDNS Enterprise Web Content Filtering
OpenDNS Enterprise Web Content FilteringOpenDNS Enterprise Web Content Filtering
OpenDNS Enterprise Web Content Filtering
 
Managing Postgres with Ansible
Managing Postgres with AnsibleManaging Postgres with Ansible
Managing Postgres with Ansible
 
DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016
 
Remediating Violated Customers
Remediating Violated CustomersRemediating Violated Customers
Remediating Violated Customers
 
Indusrty Strategy For Action
Indusrty Strategy For ActionIndusrty Strategy For Action
Indusrty Strategy For Action
 

Similar to IoT Security in Action - Boston Sept 2015

Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...
Brianna Johnson
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
Oliver Pfaff
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Abhinav Biswas
 
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Dan Griffin
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
DevOps.com
 
Issa fi xs briefing
Issa fi xs briefingIssa fi xs briefing
Issa fi xs briefing
Federation for Identity and Cross-Credentialing Systems (FiXs)
 
Widepoint orc thales webinar 111313d - nov 2013
Widepoint orc thales webinar 111313d - nov 2013Widepoint orc thales webinar 111313d - nov 2013
Widepoint orc thales webinar 111313d - nov 2013
Federation for Identity and Cross-Credentialing Systems (FiXs)
 

Similar to IoT Security in Action - Boston Sept 2015 (20)

How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
 
Io t security and azure sphere
Io t security and azure sphereIo t security and azure sphere
Io t security and azure sphere
 
Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...
 
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxOralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solution
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
 
WISekey IoT Technologies Presentation
WISekey IoT Technologies PresentationWISekey IoT Technologies Presentation
WISekey IoT Technologies Presentation
 
Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile Authentication
 
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
 
Securing broker less publish subscribe systems using identity-based encryption
Securing broker less publish subscribe systems using identity-based encryptionSecuring broker less publish subscribe systems using identity-based encryption
Securing broker less publish subscribe systems using identity-based encryption
 
Issa fi xs briefing
Issa fi xs briefingIssa fi xs briefing
Issa fi xs briefing
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best Practices
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
 
Best Practices with IoT Security - February Online Tech Talks
Best Practices with IoT Security - February Online Tech TalksBest Practices with IoT Security - February Online Tech Talks
Best Practices with IoT Security - February Online Tech Talks
 
0th PPT - BLOCKCHAIN-CBE (1).ppt
0th PPT - BLOCKCHAIN-CBE (1).ppt0th PPT - BLOCKCHAIN-CBE (1).ppt
0th PPT - BLOCKCHAIN-CBE (1).ppt
 
Widepoint orc thales webinar 111313d - nov 2013
Widepoint orc thales webinar 111313d - nov 2013Widepoint orc thales webinar 111313d - nov 2013
Widepoint orc thales webinar 111313d - nov 2013
 

More from Eurotech

Automatic People and Passenger Counters
Automatic People and Passenger CountersAutomatic People and Passenger Counters
Automatic People and Passenger Counters
Eurotech
 
Vivere del Cambiamento: tracciare la rotta verso l'industria 4.0
Vivere del Cambiamento: tracciare la rotta verso l'industria 4.0Vivere del Cambiamento: tracciare la rotta verso l'industria 4.0
Vivere del Cambiamento: tracciare la rotta verso l'industria 4.0
Eurotech
 
L’IoT industriale e i vantaggi competitivi della trasformazione digitale
L’IoT industriale e i vantaggi competitivi della trasformazione digitale L’IoT industriale e i vantaggi competitivi della trasformazione digitale
L’IoT industriale e i vantaggi competitivi della trasformazione digitale
Eurotech
 
Reshaping Business Through IoT: Key Technology Factors to Consider
Reshaping Business Through IoT: Key Technology Factors to ConsiderReshaping Business Through IoT: Key Technology Factors to Consider
Reshaping Business Through IoT: Key Technology Factors to Consider
Eurotech
 
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the RescueIndustrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Eurotech
 
IoT the driver of Business Innovation: better products, new services and...
IoT the driver of Business Innovation: better products, new services and...IoT the driver of Business Innovation: better products, new services and...
IoT the driver of Business Innovation: better products, new services and...
Eurotech
 

More from Eurotech (20)

Integrating electrical systems easily – accelerating the path towards sustain...
Integrating electrical systems easily – accelerating the path towards sustain...Integrating electrical systems easily – accelerating the path towards sustain...
Integrating electrical systems easily – accelerating the path towards sustain...
 
Enabling supply chain flexibility and IoT scale with zero touch provisioning
Enabling supply chain flexibility and IoT scale with zero touch provisioningEnabling supply chain flexibility and IoT scale with zero touch provisioning
Enabling supply chain flexibility and IoT scale with zero touch provisioning
 
Automatic People and Passenger Counters
Automatic People and Passenger CountersAutomatic People and Passenger Counters
Automatic People and Passenger Counters
 
Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation
 
IoT Solutions Made Simple with Everyware IoT
IoT Solutions Made Simple with Everyware IoTIoT Solutions Made Simple with Everyware IoT
IoT Solutions Made Simple with Everyware IoT
 
Intelligent IoT gateway: pushing analytics at the edge
Intelligent IoT gateway: pushing analytics at the edgeIntelligent IoT gateway: pushing analytics at the edge
Intelligent IoT gateway: pushing analytics at the edge
 
Eclipse kura in industry 4.0 david woodard
Eclipse kura in industry 4.0 david woodardEclipse kura in industry 4.0 david woodard
Eclipse kura in industry 4.0 david woodard
 
Building IoT Mashups for Industry 4.0 with Eclipse Kura and Kura Wires
Building IoT Mashups for Industry 4.0 with Eclipse Kura and Kura WiresBuilding IoT Mashups for Industry 4.0 with Eclipse Kura and Kura Wires
Building IoT Mashups for Industry 4.0 with Eclipse Kura and Kura Wires
 
OSGi and Java in Industrial IoT
OSGi and Java in Industrial IoTOSGi and Java in Industrial IoT
OSGi and Java in Industrial IoT
 
IoT Solutions for Smart Energy Smart Grid and Smart Utility Applications
IoT Solutions for Smart Energy Smart Grid and Smart Utility ApplicationsIoT Solutions for Smart Energy Smart Grid and Smart Utility Applications
IoT Solutions for Smart Energy Smart Grid and Smart Utility Applications
 
Vivere del Cambiamento: tracciare la rotta verso l'industria 4.0
Vivere del Cambiamento: tracciare la rotta verso l'industria 4.0Vivere del Cambiamento: tracciare la rotta verso l'industria 4.0
Vivere del Cambiamento: tracciare la rotta verso l'industria 4.0
 
Real World IoT Architectures and Projects with Eclipse IoT
Real World IoT Architectures and Projects with Eclipse IoTReal World IoT Architectures and Projects with Eclipse IoT
Real World IoT Architectures and Projects with Eclipse IoT
 
L’IoT industriale e i vantaggi competitivi della trasformazione digitale
L’IoT industriale e i vantaggi competitivi della trasformazione digitale L’IoT industriale e i vantaggi competitivi della trasformazione digitale
L’IoT industriale e i vantaggi competitivi della trasformazione digitale
 
Reshaping Business Through IoT: Key Technology Factors to Consider
Reshaping Business Through IoT: Key Technology Factors to ConsiderReshaping Business Through IoT: Key Technology Factors to Consider
Reshaping Business Through IoT: Key Technology Factors to Consider
 
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the RescueIndustrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
 
Eurotech and Red Hat collaboration simplifies Internet of Things integration ...
Eurotech and Red Hat collaboration simplifies Internet of Things integration ...Eurotech and Red Hat collaboration simplifies Internet of Things integration ...
Eurotech and Red Hat collaboration simplifies Internet of Things integration ...
 
Real World IoT Architecture Use Cases
Real World IoT Architecture Use CasesReal World IoT Architecture Use Cases
Real World IoT Architecture Use Cases
 
Simplify Internet of Things with an Intelligent Gateway
Simplify Internet of Things with an Intelligent GatewaySimplify Internet of Things with an Intelligent Gateway
Simplify Internet of Things with an Intelligent Gateway
 
Internet of Things: a reality check
Internet of Things: a reality check Internet of Things: a reality check
Internet of Things: a reality check
 
IoT the driver of Business Innovation: better products, new services and...
IoT the driver of Business Innovation: better products, new services and...IoT the driver of Business Innovation: better products, new services and...
IoT the driver of Business Innovation: better products, new services and...
 

Recently uploaded

#Mtp-Kit Prices » Qatar. Doha (+27737758557) Abortion Pills For Sale In Doha,...
#Mtp-Kit Prices » Qatar. Doha (+27737758557) Abortion Pills For Sale In Doha,...#Mtp-Kit Prices » Qatar. Doha (+27737758557) Abortion Pills For Sale In Doha,...
#Mtp-Kit Prices » Qatar. Doha (+27737758557) Abortion Pills For Sale In Doha,...
drm1699
 
What is paper chromatography, principal, procedure,types, diagram, advantages...
What is paper chromatography, principal, procedure,types, diagram, advantages...What is paper chromatography, principal, procedure,types, diagram, advantages...
What is paper chromatography, principal, procedure,types, diagram, advantages...
srcw2322l101
 
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
prakheeshc
 
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
nafizanafzal
 
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
Khaled Al Awadi
 
RATINGS OF EACH VIDEO FOR UNI PROJECT IWDSFODF
RATINGS OF EACH VIDEO FOR UNI PROJECT IWDSFODFRATINGS OF EACH VIDEO FOR UNI PROJECT IWDSFODF
RATINGS OF EACH VIDEO FOR UNI PROJECT IWDSFODF
CaitlinCummins3
 
Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312
LR1709MUSIC
 

Recently uploaded (20)

The Vietnam Believer Newsletter_May 13th, 2024_ENVol. 007.pdf
The Vietnam Believer Newsletter_May 13th, 2024_ENVol. 007.pdfThe Vietnam Believer Newsletter_May 13th, 2024_ENVol. 007.pdf
The Vietnam Believer Newsletter_May 13th, 2024_ENVol. 007.pdf
 
#Mtp-Kit Prices » Qatar. Doha (+27737758557) Abortion Pills For Sale In Doha,...
#Mtp-Kit Prices » Qatar. Doha (+27737758557) Abortion Pills For Sale In Doha,...#Mtp-Kit Prices » Qatar. Doha (+27737758557) Abortion Pills For Sale In Doha,...
#Mtp-Kit Prices » Qatar. Doha (+27737758557) Abortion Pills For Sale In Doha,...
 
What is paper chromatography, principal, procedure,types, diagram, advantages...
What is paper chromatography, principal, procedure,types, diagram, advantages...What is paper chromatography, principal, procedure,types, diagram, advantages...
What is paper chromatography, principal, procedure,types, diagram, advantages...
 
Most Visionary Leaders in Cloud Revolution, Shaping Tech’s Next Era - 2024 (2...
Most Visionary Leaders in Cloud Revolution, Shaping Tech’s Next Era - 2024 (2...Most Visionary Leaders in Cloud Revolution, Shaping Tech’s Next Era - 2024 (2...
Most Visionary Leaders in Cloud Revolution, Shaping Tech’s Next Era - 2024 (2...
 
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
 
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
 
Pitch Deck Teardown: Goodcarbon's $5.5m Seed deck
Pitch Deck Teardown: Goodcarbon's $5.5m Seed deckPitch Deck Teardown: Goodcarbon's $5.5m Seed deck
Pitch Deck Teardown: Goodcarbon's $5.5m Seed deck
 
HAL Financial Performance Analysis and Future Prospects
HAL Financial Performance Analysis and Future ProspectsHAL Financial Performance Analysis and Future Prospects
HAL Financial Performance Analysis and Future Prospects
 
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
 
1Q24_EN hyundai capital 1q performance
1Q24_EN hyundai capital 1q performance1Q24_EN hyundai capital 1q performance
1Q24_EN hyundai capital 1q performance
 
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdf
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdfProgress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdf
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdf
 
Understanding Financial Accounting 3rd Canadian Edition by Christopher D. Bur...
Understanding Financial Accounting 3rd Canadian Edition by Christopher D. Bur...Understanding Financial Accounting 3rd Canadian Edition by Christopher D. Bur...
Understanding Financial Accounting 3rd Canadian Edition by Christopher D. Bur...
 
Home Furnishings Ecommerce Platform Short Pitch 2024
Home Furnishings Ecommerce Platform Short Pitch 2024Home Furnishings Ecommerce Platform Short Pitch 2024
Home Furnishings Ecommerce Platform Short Pitch 2024
 
RATINGS OF EACH VIDEO FOR UNI PROJECT IWDSFODF
RATINGS OF EACH VIDEO FOR UNI PROJECT IWDSFODFRATINGS OF EACH VIDEO FOR UNI PROJECT IWDSFODF
RATINGS OF EACH VIDEO FOR UNI PROJECT IWDSFODF
 
Pay after result spell caster (,$+27834335081)@ bring back lost lover same da...
Pay after result spell caster (,$+27834335081)@ bring back lost lover same da...Pay after result spell caster (,$+27834335081)@ bring back lost lover same da...
Pay after result spell caster (,$+27834335081)@ bring back lost lover same da...
 
Unlocking Growth The Power of Outsourcing for CPA Firms
Unlocking Growth The Power of Outsourcing for CPA FirmsUnlocking Growth The Power of Outsourcing for CPA Firms
Unlocking Growth The Power of Outsourcing for CPA Firms
 
South Africa's 10 Most Influential CIOs to Watch.pdf
South Africa's 10 Most Influential CIOs to Watch.pdfSouth Africa's 10 Most Influential CIOs to Watch.pdf
South Africa's 10 Most Influential CIOs to Watch.pdf
 
Navigating Tax Season with Confidence Streamlines CPA Firms
Navigating Tax Season with Confidence Streamlines CPA FirmsNavigating Tax Season with Confidence Streamlines CPA Firms
Navigating Tax Season with Confidence Streamlines CPA Firms
 
Moradia Isolada com Logradouro; Detached house with patio in Penacova
Moradia Isolada com Logradouro; Detached house with patio in PenacovaMoradia Isolada com Logradouro; Detached house with patio in Penacova
Moradia Isolada com Logradouro; Detached house with patio in Penacova
 
Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312
 

IoT Security in Action - Boston Sept 2015

  • 1. IoT Security in Action The Success Story of Everyware Device Cloud by Eurotech, secured with DNSSEC and DANE Andrea Ceiner, Eurotech Andrew Cathrow, Verisign IoT Security – Boston, September 2015
  • 2. This presentation has been prepared by Eurotech S.p.A. (or “Eurotech”). The information contained in this presentation does nor purport to be comprehensive. Neither Eurotech nor any of its officers, employees, advisers or agents accepts any responsibility for/or makes any representation or warranty, express or implied, as to the truth, fullness, accuracy or completeness of the information in this presentation (or whether any information has been omitted from the presentation) or any other information relating to Eurotech, its subsidiaries or associated companies, whether written, oral or in a visual or electric form, transmitted or made available. The distribution of this document in other jurisdictions may be restricted by law, and persons into whose possession this document comes should inform themselves about, and observe, any such restrictions. No reliance may be placed for any purposes whatsoever on the information contained in this document or any other material discussed during this presentation, or on its completeness, accuracy or fairness. The information in this document and any other material discussed at this presentation is subject to verification, completion and change. The information and opinions contained in this document are provided as at the date of the presentation and are subject to change without notice. Some of the information is still in draft form and will only be finalized. By attending the presentation you agree to be bound by the foregoing terms. Trademarks or Registered Trademarks are the property of their respective owners. Disclaimer
  • 3. • 1.Security • 2.Enterprise • 3.Consumer Privacy. • 4.Data • 5.Storage Management • 6.Server Technologies • 7.Data Center Network Gartner’s Seven Potential IoT Challenges
  • 4. Enemies Everywhere, Many Reasons … Attackers / Hackers Targets Reasons… •Financial •Business •Political •Intangible Attackers Profiles: • Hackers • Cracker/Criminals • Script Kiddies • Competitors •Organizations/Govs Targets • Quality, Performance, Availability • Reputation • Know-How, Intellectual Property • Resources
  • 5. Anatomy of an IoT Solution Transforming Bits of Data at the Edge of the Network into Actionable Information in the Business Users’ Hands @ Things Gateways / Smart Devices IoT / OT Platform Application
  • 6. Requirements for IoT SECURITY at SCALE Efficiently Managed Low Cost Increased Trust Globally Interoperable
  • 7. M2M / IoT Security Security Focus Points – Extension with Verisign IoT Device Cloud Security • Authentication • PKI Management • Trusted execution environment • Network security / Firewall • Access Control IoT Device Security • Certified Identity • Service discovery • Trusted execution environment • Network security / Firewall • Secure Boot IoT / OT Platform Things Application Gateways / Smart Devices Communication Security • Authentication • Encryption • Man-in-the-middle Protection • Message Integrity
  • 8. M2M / IoT Security Strong Authentication / Trust Anchors / Verification @ Things Gateways / Smart Devices IoT / OT Platform Application Global DNS
  • 9. IoT Security: ineffective implementation Why use PKI for Device Identification & Authentication API keys as credential MAC address as identifier Device ID hardcoded on device or configuration file
  • 10. Trusted Authentication Why PKI based Authentication using DNS ? Public Key Infrastruture (PKI) • Trusted and well established technology • But the scale of IoT introduces new problems and amplifies old issues Managability at scale $$$$$$ $$$$$$ $$$$$$ Cost of Certificates Security Revocation and reissuance “Too many CAs” problem
  • 11. Trusted Authentication Why PKI based Authentication using DNS ? DNS-based Authentication of Named Entities (DANE): public standard (IETF RFC 6698) Key/certificate management and revocation: effective and easier Compatible with IoT scale and costs Based on Open Standards and Open Source No Lock-in
  • 12. Authentication & Authorization Everyware Device Cloud integrated with DNSSEC/DANE Ship the Devices towards their final destination3.Shipment over-the-air DISCOVERY  PROVISION  A&A 4.Power ON the Device realtime metrics, events and remotely management within a secure always-on session 5.Device & Data Management Registering Broker Services (Provisioning and Messaging) into the Authoritative DNS 1.Cloud Setup First gateway/device initialization by Manufacturer2.Gateway (ESF) Setup
  • 13. 4. Power ON the Device Over-the-air DISCOVERY  PROVISION  A&A Here I am, this is my ID … Authenticate me and Authorize me please ! A&A (Birth) WHO IS MY BROKER ? Broker Discovery GIVE ME MY CONFIGURATION PLEASE !Device Provision
  • 14. STEP 1 - Cloud Services Setup Registering Broker Services onto Authoritative DNS Secure DNS provisioning API - Authoritative DNS - Validating Recursive DNS HTTPS POST Provisioning & Messaging Broker Services 1 2 Broker Service: PROVISIONING Broker Service: MESSAGING
  • 15. STEP 2 – M2M Gateway (ESF) Setup First gateway/device initialization by Manufacturer HTTPS + 2FA login 2 1 Gateway (ESF) SetUP •Network configuration •Domain Name •Broker Services (Provisioning; Messaging) •Validating Recursive DNS Server •Internal temporary Credentials Create a Provision Request (Pending)
  • 16. STEP 3 - Shipment Ship Devices to Customer Device Manufacturer Customer
  • 17. STEP 4 – Power ON the device 4.1 Broker Services DISCOVERY Tiaki 1 HTTPS: DISCOVERY (lookup PTR and associated SRV and TXT Resource Records within a DNS zone) 2 PTR & SRV for Provisioning & Messaging Broker Services Broker Service: PROVISIONING Broker Service: MESSAGING Switch ON the Device Secure DNS Query - Authoritative DNS - Validating Recursive DNS
  • 18. STEP 4 – Power ON the device 4.2 Device Provision 2 1 MQTTS: CONNECT with INTERNAL credentials Internal Authentication & Procesing only if there is a Pending Provision Request for that Device Provision Request Pending 3 4 MQTTS: DEV ID (CN) 5 6 HTTPS: GET DEV ID (CN) Secure DNS provisioning API - Authoritative DNS - Validating Recursive DNS Generates Certificate (with DEV ID CN) & Publish it to Cloud HTTPS: Propagate Self- signed Certificate
  • 19. STEP 4 – Power ON the device 4.3 Device Authentication & Authorization (BIRTH event) 2 1 MQTTS: publish TLS+Self-Signed Certificate 3 Authorize the Device Secure DNS Queries - Authoritative DNS - Validating Recursive DNS HTTPS get authentication
  • 20. STEP 5 – Device & Data Management MQTT+SSL bidirectional messages over TLS Session MQTTS: publish device events and data-metrics MQTTS: publish SW Updates, Device Commands, Device Configuration, … Always-on session
  • 21. STEP 4 – Power ON the device 4.4 Device Revoke HTTPS Remove Certificate & PropagateNOT Authenticated 3 HTTPS: DISABLE Device 5 1 Block messages from device4 2 mailto/twitter/sms: NOTIFY Unauthenticated Device - Authoritative DNS - Validating Recursive DNS Secure DNS provisioning APISecure DNS Queries
  • 22. M2M / IoT Security Holistic Approach is required… The confidentiality, integrity, and availability of our customers’ data and IoT infrastructure is of the utmost importance to Eurotech, as it is maintaining our customers’ trust and confidence. That’s why we make M2M/IoT communications SECURE and RELIABLE over INSECURE and UNRELIABLE NETWORKS & MALICIOUS environment. M2M Communication Infrastructure Device Firmware / Application Business Application Sensors & Device Hardware Business Application Integration 1 2 3 4 5 6 7 8 8 8