cis14: handling identity in alljoyn 14.06
Post on 28-Nov-2014
131 Views
Preview:
DESCRIPTION
TRANSCRIPT
Iden%ty & Security In AllJoyn 14.06
Tim Kellogg Saturday, July 19 2014
hAps://github.com/tkellogg/alljoyn-‐examples hAps://github.com/tkellogg/alljoyn-‐core/tree/master/alljoyn_core/src hAp://www.slideshare.net/kellogh/security-‐iden%ty-‐in-‐alljoyn-‐1406
Embedded Security
Mitsubishi EMI Incident (2003) • Brakes disabled when given 1000-‐10000x legal levels of EMI radia%on
• Car thinks brakes are locked, so it releases • All within limits required by law
Slammer Worm (2003) • Nuclear plant safety monitoring disabled for 5 hours
• “The business value of access to the data within the control center worth the risk of open connec%ons between the control center and the corporate network”
• Unpatched MSSQL Server
Hello, my name is Bruce Schneier and I think routers are super duper easy to hack, mostly because you nerds never
patch the so`ware
hAps://www.schneier.com/essays/archives/2014/01/the_internet_of_thin.html
University of Washington Study (2010) “We demonstrate that an aAacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-‐cri%cal
systems” hAp://www.autosec.org/pubs/cars-‐
oakland2010.pdf
Hey, check it out! I made my own
encryp%on algorithm
Embedded Needs “Rails” • So`ware Updates • Security & Iden%ty • Communica%on • Media Streaming • User Interfaces
Distributed Bus
Distributed Bus
Security
Auth Listeners • ALLJOYN_RSA_KEYX – X.509 cer%ficates • ALLJOYN_SRP_KEYX – Show Random PIN • ALLJOYN_SRP_LOGON – preset U/P table • ALLJOYN_ECDHE_NULL • ALLJOYN_ECDHE_PSK • ALLJOYN_ECDHE_ECDSA – DSA
ALLJOYN_RSA_KEYX • RSA = Asymmetric key encryp%on • X.509 cer%ficates – Trusted Cer%ficate Authority
SRP_KEYX & SRP_LOGON • Threshold Cryptography • No trust required to establish a secure connec%on
• LOGON = Username & Password • KEYX = A PIN is displayed
ALLJOYN_SRP_KEYX
ECDHE • Ellip%c Curve (EC) Cryptography • DHE = Diffie-‐Hellman key Exchange – Symmetric key encryp%on
ALLJOYN_ECDHE_NULL • Ellip%c Curve Encryp%on • No verifica%on of iden%ty
ALLJOYN_ECDHE_PSK • PSK = Pre-‐Shared Key • Service already has the client’s public key • A password may also be used
ALLJOYN_ECDHE_ECDSA • ECDSA – Ellip%c Curve Digital Signature Algorithm
• Cer%ficate shows iden%ty
Ques%ons? @kellogh
Prac%cal Internet of Things
top related