idy w14 identity based security and privacy for the internet of things

2020-03-01 59浏览

  • 1.#RSAC
  • 2.
  • 3.
  • 4.
  • 5.#RSAC
  • 6.
  • 7.
  • 8.Thing Thing
  • 9.
  • 10.Thing Thing Thing Thing Edge Edge Gateway Gateway
  • 11.
  • 12.Business Intelligence Rules / Analytics Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture
  • 13.Business Intelligence Rules / Analytics Business Intelligence Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture Cut costs Create value
  • 14.Business Intelligence Rules / Analytics Rules / Analytics Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture Find information in data then act
  • 15.Business Intelligence Rules / Analytics Device Management Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture Maintain Things
  • 16.Business Intelligence Rules / Analytics Directory / Registry Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture Enrol Authorized Users & Things
  • 17.Business Intelligence Rules / Analytics Authentication & Authorization Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture Set and Enforce Policy
  • 18.Business Intelligence Rules / Analytics Cloud Gateway Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture Ingest data from known sources
  • 19.Business Intelligence Rules / Analytics Edge Gateway Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture Connect Local Things
  • 20.Business Intelligence Rules / Analytics Thing Identity Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture Secure Thing to Cloud Relationship
  • 21.Business Intelligence Rules / Analytics Code Protection Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture Protect Application Secrets & Integrity
  • 22.Business Intelligence Rules / Analytics Operating System Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture Privilege Separation
  • 23.Business Intelligence Rules / Analytics Comms Module Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture Secure Communication
  • 24.Business Intelligence Rules / Analytics Embedded Firmware Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture Secure Boot Runtime Integrity
  • 25.Business Intelligence Rules / Analytics Silicon Chip Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture Resist Tampering
  • 26.Business Intelligence Rules / Analytics Security Blocks Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture Embedded Cryptography
  • 27.Business Intelligence Rules / Analytics Processor Architecture Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture Isolate Sensitive Assets
  • 28.#RSAC
  • 29.Business Intelligence Social Traffic Hack Rules / Analytics Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture \
  • 30.Business Intelligence Rules / Analytics Device Management Directory / Registry AuthN & AuthZ Thermostat Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture \
  • 31.Business Intelligence Rules / Analytics Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Stranded Driver Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture \
  • 32.Business Intelligence Rules / Analytics Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Mirai botnet Code Protection Operating System Open ports Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture \
  • 33.Business Intelligence Rules / Analytics Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity ZLL shared signing key Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture \
  • 34.Business Intelligence Rules / Analytics Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module KRACK Embedded Firmware Silicon Chip Security Blocks Processor Architecture \
  • 35.Business Intelligence Rules / Analytics Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture \ Debug
  • 36.Business Intelligence Rules / Analytics Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture \ ROCA
  • 37.Business Intelligence Side channel analysis or fault injection Rules / Analytics Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Code Protection Operating System Comms Module Embedded Firmware Silicon Chip \ Security Blocks Processor Architecture CLKSCREW, SPECTRE
  • 38.secure “Things are only impossible until they are not”
  • 39.
  • 40.Safety = Safety(Security)
  • 41.
  • 42.Business Intelligence Social Traffic Hack Rules / Analytics Device Management Directory / Registry AuthN & AuthZ Thermostat Cloud Gateway Stranded Driver Edge Gateway Thing Identity Mirai botnet ZLL shared signing key Code Protection Operating System Open ports Comms Module KRACK Embedded Firmware Silicon Chip Security Blocks Processor Architecture \ ROCA Debug CLKSCREW
  • 43.Worried? #RSAC
  • 44.#RSAC
  • 45.Business Intelligence Rules / Analytics Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Strong ID Code Protection Operating System Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture \ Secure by Design Chipset
  • 46.Business Intelligence Rules / Analytics Device Management Directory / Registry AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Strong ID Code Protection Operating System Granular Updates Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture \ Secure by Design Chipset
  • 47.Business Intelligence Rules / Analytics Device Management Directory / Registry Hybrid Identity Access Mgmt AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Strong ID Code Protection Operating System Granular Updates Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture \ Secure by Design Chipset
  • 48.Business Intelligence Assured Intelligence Rules / Analytics Device Management Directory / Registry Hybrid Identity Access Mgmt AuthN & AuthZ Cloud Gateway Edge Gateway Thing Identity Strong ID Code Protection Operating System Granular Updates Comms Module Embedded Firmware Silicon Chip Security Blocks Processor Architecture \ Secure by Design Chipset Clean datawill:“restore […] a democratic system based on knowledge, based on facts and truth”
  • 49.Business Intelligence Rules / Analytics Device Mgmt Device Management Directory / Registry Thing Platform AuthN & AuthZ Cloud Gateway mbed cloud IoT Platform Identity Access Management mbed cloud Edge Gateway Thing Identity Certificate Authority Code Protection eSIM Operating System Comms Module Thing Security Embedded Firmware Silicon Chip mbed cloud provision & mbed OS Trusted Platform Modules mbed uVisor \ Security Blocks ARM Processor Architecture
  • 50.#RSAC IoT Client Application(s) OS Microcontroller + ROM, RAM and FLASH Microcontroller Bus Physical property Digital Conversion Crypto & Keys Network Interface Sensor Tamperproof store Antenna / Cable Identity Data
  • 51.#RSAC Thing Manufacturer Hardware Architecture Design Secure Key Store Secure JTAG Secure Flash Storage Software Development Identity toolkits Trusted Environments Secure Boot Loaders Thing User Plan / Prototype RFIs Vendor Selection
  • 52.#RSAC Thing Manufacturer Hardware Architecture Design Secure Key Store Secure JTAG Secure Flash Storage Software Development Identity toolkits Trusted Environments Secure Boot Loaders Secure Manufacturing Deploy Encrypted software HSM Certificate creation Thing User Plan / Prototype RFIs Vendor Selection Installation Provenance checking Applying Updates Enrol Attestation Registration Authentication
  • 53.#RSAC Thing Manufacturer Hardware Architecture Design Secure Key Store Secure JTAG Secure Flash Storage Software Development Identity toolkits Trusted Environments Secure Boot Loaders Secure Manufacturing Deploy Encrypted software HSM Certificate creation Secure Updates Operate and Maintain Vulnerability tracking Firmware signing Authorized updates Thing User Plan / Prototype RFIs Vendor Selection Installation Provenance checking Applying Updates Secure Updates Availability assessment Authorized patching Enrol Attestation Registration Authentication Operation Authorization Session Establishment Token Binding
  • 54.#RSAC Thing Manufacturer Hardware Architecture Design Secure Key Store Secure JTAG Secure Flash Storage Software Development Identity toolkits Trusted Environments Secure Boot Loaders Secure Manufacturing Deploy Encrypted software HSM Certificate creation Secure Updates Operate and Maintain Vulnerability tracking Firmware signing Authorized updates End-of-Life / Recall Retire Revoke Certificates Notice to Users Thing User Plan / Prototype RFIs Vendor Selection Installation Provenance checking Applying Updates Secure Updates Availability assessment Authorized patching Enrol Attestation Registration Authentication Operation Authorization Session Establishment Token Binding Decommission Deauthorize Deactivate Destroy Identities
  • 55.#RSAC Connectivity IoT Client API Token Inspection Internet Thing Management Device Management Data Governance Authentication Authorization Accounting User Directory Application API Token Inspection Identity Federation Device Registry IoT Platform Gateway Networked Thing Edge Gateway IoT Client IoT Application Device Shadows Data stream processing Storage Analytics Machine Learning IoT Application Gateway
  • 56.#RSAC
  • 57.#RSAC
  • 58.Internet of Things wants YOU
  • 59.#RSAC
  • 60.#RSAC
  • 61.#RSAC