cis14: handling identity in alljoyn 14.06
DESCRIPTION
Tim Kellogg, 2lemetry How to use the consumer-facing Internet of Things framework and open-source project called AllJoyn, which takes care of many aspects surrounding heterogeneous ecosystems of devices, with an understanding of security and identity features and implications.TRANSCRIPT
![Page 1: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/1.jpg)
Iden%ty & Security In AllJoyn 14.06
Tim Kellogg Saturday, July 19 2014
![Page 2: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/2.jpg)
hAps://github.com/tkellogg/alljoyn-‐examples hAps://github.com/tkellogg/alljoyn-‐core/tree/master/alljoyn_core/src hAp://www.slideshare.net/kellogh/security-‐iden%ty-‐in-‐alljoyn-‐1406
![Page 3: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/3.jpg)
Embedded Security
![Page 4: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/4.jpg)
Mitsubishi EMI Incident (2003) • Brakes disabled when given 1000-‐10000x legal levels of EMI radia%on
• Car thinks brakes are locked, so it releases • All within limits required by law
![Page 5: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/5.jpg)
Slammer Worm (2003) • Nuclear plant safety monitoring disabled for 5 hours
• “The business value of access to the data within the control center worth the risk of open connec%ons between the control center and the corporate network”
• Unpatched MSSQL Server
![Page 6: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/6.jpg)
Hello, my name is Bruce Schneier and I think routers are super duper easy to hack, mostly because you nerds never
patch the so`ware
hAps://www.schneier.com/essays/archives/2014/01/the_internet_of_thin.html
![Page 7: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/7.jpg)
University of Washington Study (2010) “We demonstrate that an aAacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-‐cri%cal
systems” hAp://www.autosec.org/pubs/cars-‐
oakland2010.pdf
![Page 8: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/8.jpg)
Hey, check it out! I made my own
encryp%on algorithm
![Page 9: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/9.jpg)
![Page 10: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/10.jpg)
Embedded Needs “Rails” • So`ware Updates • Security & Iden%ty • Communica%on • Media Streaming • User Interfaces
![Page 11: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/11.jpg)
Distributed Bus
![Page 12: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/12.jpg)
Distributed Bus
![Page 13: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/13.jpg)
Security
![Page 14: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/14.jpg)
Auth Listeners • ALLJOYN_RSA_KEYX – X.509 cer%ficates • ALLJOYN_SRP_KEYX – Show Random PIN • ALLJOYN_SRP_LOGON – preset U/P table • ALLJOYN_ECDHE_NULL • ALLJOYN_ECDHE_PSK • ALLJOYN_ECDHE_ECDSA – DSA
![Page 15: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/15.jpg)
ALLJOYN_RSA_KEYX • RSA = Asymmetric key encryp%on • X.509 cer%ficates – Trusted Cer%ficate Authority
![Page 16: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/16.jpg)
SRP_KEYX & SRP_LOGON • Threshold Cryptography • No trust required to establish a secure connec%on
• LOGON = Username & Password • KEYX = A PIN is displayed
![Page 17: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/17.jpg)
ALLJOYN_SRP_KEYX
![Page 18: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/18.jpg)
ECDHE • Ellip%c Curve (EC) Cryptography • DHE = Diffie-‐Hellman key Exchange – Symmetric key encryp%on
![Page 19: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/19.jpg)
ALLJOYN_ECDHE_NULL • Ellip%c Curve Encryp%on • No verifica%on of iden%ty
![Page 20: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/20.jpg)
ALLJOYN_ECDHE_PSK • PSK = Pre-‐Shared Key • Service already has the client’s public key • A password may also be used
![Page 21: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/21.jpg)
ALLJOYN_ECDHE_ECDSA • ECDSA – Ellip%c Curve Digital Signature Algorithm
• Cer%ficate shows iden%ty
![Page 22: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/22.jpg)
![Page 23: CIS14: Handling Identity in AllJoyn 14.06](https://reader034.vdocuments.mx/reader034/viewer/2022042713/5478b0e75906b55d048b45ae/html5/thumbnails/23.jpg)
Ques%ons? @kellogh
Prac%cal Internet of Things