Practical Identity in the

IoT Era

Morteza Ansari

•  Trustworthiness Integrity Tamperproof Anti-cloning

•  Device identity & identity context

•  Provisioning & associated life cycle

•  Authorization and access

•  Bridging modern & legacy

•  …

System Integrator Owner Operator

OEM

OEM System Integrator

Owner

Operator

App

…

App App

Operator System Integrator

OEM

OEM System Integrator

Owner

Operator

…

App App

Operator System Integrator

OEM

OEM System Integrator

Owner

Operator

…

✓ Read diagnostic data ✓ Run diagnostic routines ✗ Read movement ✗ Write movement ? Update firmware

✓ Read diagnostic data ✓ Run diagnostic routines ✗ Read movement ✗ Write movement ✗ Read program ? Update firmware

✓ Read diagnostic data ✓ Run diagnostic routines ✗ Read movement ✗ Write movement ✗ Read program ? Update firmware

✓ Read diagnostic data ✓ Run diagnostic routines ✗ Read movement ✗ Write movement ✗ Read program ? Update firmware

✓ Read diagnostic data ✓ Run diagnostic routines ✗ Read movement ✗ Write movement ✗ Read program ? Update firmware

✓ Read diagnostic data ✓ Run diagnostic routines ✗ Read movement ✗ Write movement ✗ Read program ? Update firmware

✓ Read diagnostic data ✓ Run diagnostic routines ✗ Read movement ✗ Write movement ✗ Read program ? Update firmware

✓ Read diagnostic data ✓ Run diagnostic routines ✗ Read movement ✗ Write movement ✗ Read program ? Update firmware

Location

Network

Trustworthiness

Calibration

Health

…

•  Bridging legacy & modern

•  Not all devices are created equal

•  Life expectancy of industrial devices

•  IT vs. OT

•  Access: Remote locations Unreliable connectivity Low bandwidth Very complex failure scenarios

•  Privacy!

•  Too static, too fragile, too vulnerable

•  Device identity context

•  Risk based policies

•  Dynamic & continuous identity

•  Standardization

•  Identity life cycle

•  Identity ó security