Upload
kellogh
View
420
Download
5
Tags:
Embed Size (px)
DESCRIPTION
My presentation for Cloud Identity Summit 2014. I will be talking about the security and identity features that AllJoyn offers in it's 14.06 release.
Citation preview
Identity & Security In AllJoyn 14.06
Tim KelloggSaturday, July 19 2014
https://github.com/tkellogg/alljoyn-examples
https://github.com/tkellogg/alljoyn-core/tree/master/alljoyn_core/src
Embedded Security
Mitsubishi EMI Incident (2003)• Brakes disabled when given 1000-10000x legal
levels of EMI radiation• Car thinks brakes are locked, so it releases• All within limits required by law
Slammer Worm (2003)• Nuclear plant safety monitoring disabled for 5
hours• “The business value of access to the data within
the control center worth the risk of open connections between the control center and the corporate network”
• Unpatched MSSQL Server
Hello, my name is Bruce Schneier and I think routers are super duper easy to hack, mostly because you nerds never
patch the software
https://www.schneier.com/essays/archives/2014/01/the_internet_of_thin.html
University of Washington Study (2010)“We demonstrate that an attacker who is able to
infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a
broad array of safety-critical systems”http://www.autosec.org/pubs/cars-oakland2010.
Hey, check it out! I made my own
encryption algorithm
Embedded Needs “Rails”• Software Updates• Security & Identity• Communication• Media Streaming• User Interfaces
Distributed Bus
Distributed Bus
Security
Auth Listeners• ALLJOYN_RSA_KEYX – X.509 certificates• ALLJOYN_SRP_KEYX – Show Random PIN• ALLJOYN_SRP_LOGON – preset U/P table• ALLJOYN_ECDHE_NULL• ALLJOYN_ECDHE_PSK • ALLJOYN_ECDHE_ECDSA – DSA
ALLJOYN_RSA_KEYX• RSA = Asymmetric key encryption• X.509 certificates– Trusted Certificate Authority
SRP_KEYX & SRP_LOGON• Threshold Cryptography• No trust required to establish a secure
connection• LOGON = Username & Password• KEYX = A PIN is displayed
ALLJOYN_SRP_KEYX
ECDHE• Elliptic Curve (EC) Cryptography• DHE = Diffie-Hellman key Exchange– Symmetric key encryption
ALLJOYN_ECDHE_NULL• Elliptic Curve Encryption• No verification of identity
ALLJOYN_ECDHE_PSK• PSK = Pre-Shared Key• Service already has the client’s public key• A password may also be used
ALLJOYN_ECDHE_ECDSA• ECDSA – Elliptic Curve Digital Signature
Algorithm• Certificate shows identity
Questions?
@kellogh
Practical Internet of Things