SlideShare a Scribd company logo
1 of 39
Download to read offline
A reference architecture for IoT: 
How to create a resilient, secure IoT cloud 
Paul Fremantle 
CTO, WSO2 (paul@wso2.com) 
PhD researcher, Portsmouth 
University 
(paul.fremantle@port.ac.uk) 
@pzfreo #wso2
Firstly, does security even matter?
IoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architecture
My three rules for IoT security 
• 1. Don’t be stupid 
• 2. Be smart 
• 3. Think about what’s different
My three rules for IoT security 
• 1. Don’t be stupid 
– The basics of Internet security haven’t gone away 
• 2. Be smart 
– Use the best practice from the Internet 
• 3. Think about what’s different 
– What are the unique challenges of your device?
http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/
So what is different about IoT? 
• The longevity of the device 
– Updates are harder (or impossible) 
• The size of the device 
– Capabilities are limited – especially around crypto 
• The fact there is a device 
– Usually no UI for entering userids and passwords 
• The data 
– Often highly personal 
• The mindset 
– Appliance manufacturers don’t think like security experts 
– Embedded systems are often developed by grabbing existing 
chips, designs, etc
Physical Hacks 
A Practical Attack on the MIFARE Classic: 
http://www.cs.ru.nl/~flaviog/publications/Attack.MIFARE.pdf 
Karsten Nohl and Henryk Plotz. MIFARE, Little Security, Despite Obscurity
IoT World - creating a secure robust IoT reference architecture
Or try this at home? 
http://freo.me/1g15BiG
Hardware recommendations 
• Don’t rely on obscurity
Hardware recommendations 
• Don’t rely on obscurity 
• Don’t rely on obscurity 
• Don’t rely on obscurity 
• Don’t rely on obscurity 
• Don’t rely on obscurity 
• Don’t rely on obscurity 
• Don’t rely on obscurity
Hardware Recommendation #2 
• Unlocking a single device should risk only that 
device’s data
The Network
Direct network vs Gateway model
Crypto on small devices 
• Practical Considerations and Implementation Experiences in Securing 
Smart Object Networks 
– http://tools.ietf.org/html/draft-aks-crypto-sensors-02
Key distribution
Ubertooth 
http://ubertooth.sourceforge.net/ 
https://www.usenix.org/conference/woot13/ 
workshop-program/presentation/ryan
IoT World - creating a secure robust IoT reference architecture
IDENTITY IS THE NEW PERIMETER
Passwords 
• Passwords suck for humans 
• They suck even more for devices
IoT World - creating a secure robust IoT reference architecture
Why Federated Identity for IoT? 
• Can enable a meaningful consent mechanism 
for sharing of device data 
• Giving a device a token to use on API calls 
better than giving it a password 
– Revokable 
– Granular 
• May be relevant for both 
– Device to cloud 
– Cloud to app
More information 
http://pzf.fremantle.org/2013/11/using-oauth- 
20-with-mqtt.html 
http://siot-workshop.org/
IoT World - creating a secure robust IoT reference architecture
Reference Architecture for the Internet of Things 
http://freo.me/iotra
Re-active vs Realtime Pro-Active 
Web Architecture 
• Re-active 
• 10k-100k connections 
• Pull-based 
• Human interactions 
• Some APIs 
• Creating Big Data 
IoT Architecture 
• Push-based 
• 100k-1m connections 
• No human interaction 
• Autonomic 
• API driven 
• Creating even bigger 
datasets
Real time stream processing 
1 million events/s on 4 servers in Amazon EC2
30 
Analytics
Identity Management
Device Management 
(Generally available Q1/2015)
APIs and API Management 
eBay handles 6 billion messages a day through WSO2 
That is 4 million a minute
* 
Develop Once – Deploy Everywhere 
Public WSO2 
Cloud 
Hybrid/Private 
PaaS 
Managed 
Cloud 
On AWS 
On-Premise
DOESN’T EVERYONE SAY “JUST USE 
MY OPEN PLATFORM”?
Really Actually Open 
• 100% Open Source (no bait and switch!) 
• Heterogenous 
• Polyglot 
• Interoperable 
• Modular and based on OSGi 
• Extensible 
• API-driven 
https://www.flickr.com/photos/jmarty/
Summary 
• Think about security from the start 
• Build a federated and secure model of Identity 
for Things 
• Create Autonomic models that deliver value 
that surprises and delights customers 
• Use Big Data Analytics and the Lambda 
Architecture to understand your customers 
• Be Open!
IoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architecture

More Related Content

What's hot

Using FIWARE and Microsoft Azure for the development of IoT solutions
Using FIWARE and Microsoft Azure for the development of IoT solutionsUsing FIWARE and Microsoft Azure for the development of IoT solutions
Using FIWARE and Microsoft Azure for the development of IoT solutionsDunavNET
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of ThingsForgeRock
 
WSO2Con USA 2015: WSO2 Platform for IoT
WSO2Con USA 2015: WSO2 Platform for IoTWSO2Con USA 2015: WSO2 Platform for IoT
WSO2Con USA 2015: WSO2 Platform for IoTWSO2
 
Anonymous Individual Integration for IoT
Anonymous Individual Integration for IoTAnonymous Individual Integration for IoT
Anonymous Individual Integration for IoTPaul Fremantle
 
Devising a practical approach to the Internet of Things
Devising a practical approach to the Internet of ThingsDevising a practical approach to the Internet of Things
Devising a practical approach to the Internet of ThingsGordon Haff
 
Null mumbai-iot top 10
Null mumbai-iot top 10Null mumbai-iot top 10
Null mumbai-iot top 10Nitesh Malviya
 
A Pragmatic Reference Architecture for The Internet of Things
A Pragmatic Reference Architecture for The Internet of ThingsA Pragmatic Reference Architecture for The Internet of Things
A Pragmatic Reference Architecture for The Internet of ThingsRick G. Garibay
 
IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 Tonex
 
Creator IoT Framework
Creator IoT FrameworkCreator IoT Framework
Creator IoT FrameworkPaul Evans
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNitesh Malviya
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsDesign World
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the EnterpriseDaniel Miessler
 
The use case for Cassandra at Ping Identity
The use case for Cassandra at Ping IdentityThe use case for Cassandra at Ping Identity
The use case for Cassandra at Ping IdentityPing Identity
 

What's hot (20)

IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
 
Using FIWARE and Microsoft Azure for the development of IoT solutions
Using FIWARE and Microsoft Azure for the development of IoT solutionsUsing FIWARE and Microsoft Azure for the development of IoT solutions
Using FIWARE and Microsoft Azure for the development of IoT solutions
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of Things
 
WSO2Con USA 2015: WSO2 Platform for IoT
WSO2Con USA 2015: WSO2 Platform for IoTWSO2Con USA 2015: WSO2 Platform for IoT
WSO2Con USA 2015: WSO2 Platform for IoT
 
Anonymous Individual Integration for IoT
Anonymous Individual Integration for IoTAnonymous Individual Integration for IoT
Anonymous Individual Integration for IoT
 
Devising a practical approach to the Internet of Things
Devising a practical approach to the Internet of ThingsDevising a practical approach to the Internet of Things
Devising a practical approach to the Internet of Things
 
Null mumbai-iot top 10
Null mumbai-iot top 10Null mumbai-iot top 10
Null mumbai-iot top 10
 
A Pragmatic Reference Architecture for The Internet of Things
A Pragmatic Reference Architecture for The Internet of ThingsA Pragmatic Reference Architecture for The Internet of Things
A Pragmatic Reference Architecture for The Internet of Things
 
IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
 
Creator IoT Framework
Creator IoT FrameworkCreator IoT Framework
Creator IoT Framework
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
 
IOT Security
IOT SecurityIOT Security
IOT Security
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmware
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the Enterprise
 
IoT architecture
IoT architectureIoT architecture
IoT architecture
 
Owasp top 10
Owasp top 10 Owasp top 10
Owasp top 10
 
The use case for Cassandra at Ping Identity
The use case for Cassandra at Ping IdentityThe use case for Cassandra at Ping Identity
The use case for Cassandra at Ping Identity
 

Similar to IoT World - creating a secure robust IoT reference architecture

WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2
 
Your Thing is pwnd - Security Challenges for the Internet of Things
Your Thing is pwnd - Security Challenges for the Internet of ThingsYour Thing is pwnd - Security Challenges for the Internet of Things
Your Thing is pwnd - Security Challenges for the Internet of ThingsWSO2
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatDuo Security
 
Security challenges for internet of things
Security challenges for internet of thingsSecurity challenges for internet of things
Security challenges for internet of thingsMonika Keerthi
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014Brian Knopf
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...AI Frontiers
 
The Insecurity of Industrial Things
The Insecurity of Industrial ThingsThe Insecurity of Industrial Things
The Insecurity of Industrial ThingsSenrio
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerProduct of Things
 
IoT – Breaking Bad
IoT – Breaking BadIoT – Breaking Bad
IoT – Breaking BadNUS-ISS
 
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)Jackson Shaw
 
Privacy and Security in the Internet of Things
Privacy and Security in the Internet of ThingsPrivacy and Security in the Internet of Things
Privacy and Security in the Internet of ThingsJeff Katz
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_finalPacSecJP
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things:  The Expanded Security Perimeter Spirent: The Internet of Things:  The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Sailaja Tennati
 
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)Rui Miguel Feio
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Duo Security
 
Geek Night 15.0 - Touring the Dark-Side of the Internet
Geek Night 15.0 - Touring the Dark-Side of the InternetGeek Night 15.0 - Touring the Dark-Side of the Internet
Geek Night 15.0 - Touring the Dark-Side of the InternetGeekNightHyderabad
 
Pulga, a Tiny Open-Source MQTT Broker for Flexible and Secure IoT Deployments
Pulga, a Tiny Open-Source MQTT Broker for Flexible and Secure IoT DeploymentsPulga, a Tiny Open-Source MQTT Broker for Flexible and Secure IoT Deployments
Pulga, a Tiny Open-Source MQTT Broker for Flexible and Secure IoT DeploymentsEyes of Things
 
Iot Security: Smart... or haunted home?
Iot Security: Smart... or haunted home?Iot Security: Smart... or haunted home?
Iot Security: Smart... or haunted home?NaLUG
 

Similar to IoT World - creating a secure robust IoT reference architecture (20)

WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
 
Your Thing is pwnd - Security Challenges for the Internet of Things
Your Thing is pwnd - Security Challenges for the Internet of ThingsYour Thing is pwnd - Security Challenges for the Internet of Things
Your Thing is pwnd - Security Challenges for the Internet of Things
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
 
Security challenges for internet of things
Security challenges for internet of thingsSecurity challenges for internet of things
Security challenges for internet of things
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
 
The Insecurity of Industrial Things
The Insecurity of Industrial ThingsThe Insecurity of Industrial Things
The Insecurity of Industrial Things
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
 
IoT overview 2014
IoT overview 2014IoT overview 2014
IoT overview 2014
 
IoT – Breaking Bad
IoT – Breaking BadIoT – Breaking Bad
IoT – Breaking Bad
 
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
 
Privacy and Security in the Internet of Things
Privacy and Security in the Internet of ThingsPrivacy and Security in the Internet of Things
Privacy and Security in the Internet of Things
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_final
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things:  The Expanded Security Perimeter Spirent: The Internet of Things:  The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter
 
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
 
Geek Night 15.0 - Touring the Dark-Side of the Internet
Geek Night 15.0 - Touring the Dark-Side of the InternetGeek Night 15.0 - Touring the Dark-Side of the Internet
Geek Night 15.0 - Touring the Dark-Side of the Internet
 
Pulga, a Tiny Open-Source MQTT Broker for Flexible and Secure IoT Deployments
Pulga, a Tiny Open-Source MQTT Broker for Flexible and Secure IoT DeploymentsPulga, a Tiny Open-Source MQTT Broker for Flexible and Secure IoT Deployments
Pulga, a Tiny Open-Source MQTT Broker for Flexible and Secure IoT Deployments
 
Iot Security: Smart... or haunted home?
Iot Security: Smart... or haunted home?Iot Security: Smart... or haunted home?
Iot Security: Smart... or haunted home?
 

More from Paul Fremantle

IoT and Blockchains - enhancing security and privacy
IoT and Blockchains - enhancing security and privacyIoT and Blockchains - enhancing security and privacy
IoT and Blockchains - enhancing security and privacyPaul Fremantle
 
Web API Management meets the Internet of Things
Web API Management meets the Internet of ThingsWeb API Management meets the Internet of Things
Web API Management meets the Internet of ThingsPaul Fremantle
 
Apache Stratos - Building a PaaS using OSGi and Equinox
Apache Stratos - Building a PaaS using OSGi and EquinoxApache Stratos - Building a PaaS using OSGi and Equinox
Apache Stratos - Building a PaaS using OSGi and EquinoxPaul Fremantle
 
Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Paul Fremantle
 
Beyond Economics - Cloud as a Business Enabler
Beyond Economics - Cloud as a Business EnablerBeyond Economics - Cloud as a Business Enabler
Beyond Economics - Cloud as a Business EnablerPaul Fremantle
 
The Evolution of Integration
The Evolution of IntegrationThe Evolution of Integration
The Evolution of IntegrationPaul Fremantle
 
High Volume Web API Management with the WSO2 ESB
High Volume Web API Management with the WSO2 ESBHigh Volume Web API Management with the WSO2 ESB
High Volume Web API Management with the WSO2 ESBPaul Fremantle
 
Stratos Open PaaS OSCON 2011
Stratos Open PaaS OSCON 2011Stratos Open PaaS OSCON 2011
Stratos Open PaaS OSCON 2011Paul Fremantle
 
Stratos and PaaS for London Java Community
Stratos and PaaS for London Java CommunityStratos and PaaS for London Java Community
Stratos and PaaS for London Java CommunityPaul Fremantle
 
Understanding Platform as a Service
Understanding Platform as a ServiceUnderstanding Platform as a Service
Understanding Platform as a ServicePaul Fremantle
 
Making Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and MeteredMaking Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and MeteredPaul Fremantle
 
Building Cloud Native Software
Building Cloud Native SoftwareBuilding Cloud Native Software
Building Cloud Native SoftwarePaul Fremantle
 
Building Innovation with Open Source Approaches
Building Innovation with Open Source ApproachesBuilding Innovation with Open Source Approaches
Building Innovation with Open Source ApproachesPaul Fremantle
 
Three SOA Case Studies
Three SOA Case StudiesThree SOA Case Studies
Three SOA Case StudiesPaul Fremantle
 
Fast SOA with Apache Synapse
Fast SOA with Apache SynapseFast SOA with Apache Synapse
Fast SOA with Apache SynapsePaul Fremantle
 
REST vs WS-*: Myths Facts and Lies
REST vs WS-*: Myths Facts and LiesREST vs WS-*: Myths Facts and Lies
REST vs WS-*: Myths Facts and LiesPaul Fremantle
 

More from Paul Fremantle (17)

IoT and Blockchains - enhancing security and privacy
IoT and Blockchains - enhancing security and privacyIoT and Blockchains - enhancing security and privacy
IoT and Blockchains - enhancing security and privacy
 
Web API Management meets the Internet of Things
Web API Management meets the Internet of ThingsWeb API Management meets the Internet of Things
Web API Management meets the Internet of Things
 
Apache Stratos - Building a PaaS using OSGi and Equinox
Apache Stratos - Building a PaaS using OSGi and EquinoxApache Stratos - Building a PaaS using OSGi and Equinox
Apache Stratos - Building a PaaS using OSGi and Equinox
 
Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2
 
Beyond Economics - Cloud as a Business Enabler
Beyond Economics - Cloud as a Business EnablerBeyond Economics - Cloud as a Business Enabler
Beyond Economics - Cloud as a Business Enabler
 
Evolution of PaaS
Evolution of PaaSEvolution of PaaS
Evolution of PaaS
 
The Evolution of Integration
The Evolution of IntegrationThe Evolution of Integration
The Evolution of Integration
 
High Volume Web API Management with the WSO2 ESB
High Volume Web API Management with the WSO2 ESBHigh Volume Web API Management with the WSO2 ESB
High Volume Web API Management with the WSO2 ESB
 
Stratos Open PaaS OSCON 2011
Stratos Open PaaS OSCON 2011Stratos Open PaaS OSCON 2011
Stratos Open PaaS OSCON 2011
 
Stratos and PaaS for London Java Community
Stratos and PaaS for London Java CommunityStratos and PaaS for London Java Community
Stratos and PaaS for London Java Community
 
Understanding Platform as a Service
Understanding Platform as a ServiceUnderstanding Platform as a Service
Understanding Platform as a Service
 
Making Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and MeteredMaking Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and Metered
 
Building Cloud Native Software
Building Cloud Native SoftwareBuilding Cloud Native Software
Building Cloud Native Software
 
Building Innovation with Open Source Approaches
Building Innovation with Open Source ApproachesBuilding Innovation with Open Source Approaches
Building Innovation with Open Source Approaches
 
Three SOA Case Studies
Three SOA Case StudiesThree SOA Case Studies
Three SOA Case Studies
 
Fast SOA with Apache Synapse
Fast SOA with Apache SynapseFast SOA with Apache Synapse
Fast SOA with Apache Synapse
 
REST vs WS-*: Myths Facts and Lies
REST vs WS-*: Myths Facts and LiesREST vs WS-*: Myths Facts and Lies
REST vs WS-*: Myths Facts and Lies
 

Recently uploaded

LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfmchristianalwyn
 
world Tuberculosis day ppt 25-3-2024.pptx
world Tuberculosis day ppt 25-3-2024.pptxworld Tuberculosis day ppt 25-3-2024.pptx
world Tuberculosis day ppt 25-3-2024.pptxnaveenithkrishnan
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024Jan Löffler
 
Niche Domination Prodigy Review Plus Bonus
Niche Domination Prodigy Review Plus BonusNiche Domination Prodigy Review Plus Bonus
Niche Domination Prodigy Review Plus BonusSkylark Nobin
 
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptxA_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptxjayshuklatrainer
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdfShreedeep Rayamajhi
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Shubham Pant
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxnaveenithkrishnan
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteMavein
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsRoxana Stingu
 
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpressssuser166378
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSedrianrheine
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilitiesalihassaah1994
 

Recently uploaded (15)

LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
 
world Tuberculosis day ppt 25-3-2024.pptx
world Tuberculosis day ppt 25-3-2024.pptxworld Tuberculosis day ppt 25-3-2024.pptx
world Tuberculosis day ppt 25-3-2024.pptx
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
 
Niche Domination Prodigy Review Plus Bonus
Niche Domination Prodigy Review Plus BonusNiche Domination Prodigy Review Plus Bonus
Niche Domination Prodigy Review Plus Bonus
 
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptxA_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptx
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a Website
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
 
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpress
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilities
 

IoT World - creating a secure robust IoT reference architecture

  • 1. A reference architecture for IoT: How to create a resilient, secure IoT cloud Paul Fremantle CTO, WSO2 (paul@wso2.com) PhD researcher, Portsmouth University (paul.fremantle@port.ac.uk) @pzfreo #wso2
  • 2. Firstly, does security even matter?
  • 5. My three rules for IoT security • 1. Don’t be stupid • 2. Be smart • 3. Think about what’s different
  • 6. My three rules for IoT security • 1. Don’t be stupid – The basics of Internet security haven’t gone away • 2. Be smart – Use the best practice from the Internet • 3. Think about what’s different – What are the unique challenges of your device?
  • 8. So what is different about IoT? • The longevity of the device – Updates are harder (or impossible) • The size of the device – Capabilities are limited – especially around crypto • The fact there is a device – Usually no UI for entering userids and passwords • The data – Often highly personal • The mindset – Appliance manufacturers don’t think like security experts – Embedded systems are often developed by grabbing existing chips, designs, etc
  • 9. Physical Hacks A Practical Attack on the MIFARE Classic: http://www.cs.ru.nl/~flaviog/publications/Attack.MIFARE.pdf Karsten Nohl and Henryk Plotz. MIFARE, Little Security, Despite Obscurity
  • 11. Or try this at home? http://freo.me/1g15BiG
  • 12. Hardware recommendations • Don’t rely on obscurity
  • 13. Hardware recommendations • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity • Don’t rely on obscurity
  • 14. Hardware Recommendation #2 • Unlocking a single device should risk only that device’s data
  • 16. Direct network vs Gateway model
  • 17. Crypto on small devices • Practical Considerations and Implementation Experiences in Securing Smart Object Networks – http://tools.ietf.org/html/draft-aks-crypto-sensors-02
  • 21. IDENTITY IS THE NEW PERIMETER
  • 22. Passwords • Passwords suck for humans • They suck even more for devices
  • 24. Why Federated Identity for IoT? • Can enable a meaningful consent mechanism for sharing of device data • Giving a device a token to use on API calls better than giving it a password – Revokable – Granular • May be relevant for both – Device to cloud – Cloud to app
  • 25. More information http://pzf.fremantle.org/2013/11/using-oauth- 20-with-mqtt.html http://siot-workshop.org/
  • 27. Reference Architecture for the Internet of Things http://freo.me/iotra
  • 28. Re-active vs Realtime Pro-Active Web Architecture • Re-active • 10k-100k connections • Pull-based • Human interactions • Some APIs • Creating Big Data IoT Architecture • Push-based • 100k-1m connections • No human interaction • Autonomic • API driven • Creating even bigger datasets
  • 29. Real time stream processing 1 million events/s on 4 servers in Amazon EC2
  • 32. Device Management (Generally available Q1/2015)
  • 33. APIs and API Management eBay handles 6 billion messages a day through WSO2 That is 4 million a minute
  • 34. * Develop Once – Deploy Everywhere Public WSO2 Cloud Hybrid/Private PaaS Managed Cloud On AWS On-Premise
  • 35. DOESN’T EVERYONE SAY “JUST USE MY OPEN PLATFORM”?
  • 36. Really Actually Open • 100% Open Source (no bait and switch!) • Heterogenous • Polyglot • Interoperable • Modular and based on OSGi • Extensible • API-driven https://www.flickr.com/photos/jmarty/
  • 37. Summary • Think about security from the start • Build a federated and secure model of Identity for Things • Create Autonomic models that deliver value that surprises and delights customers • Use Big Data Analytics and the Lambda Architecture to understand your customers • Be Open!