Post Quantum Cryptography – The Impact on Identity
Rise of the (smart) Machines IRM Summit
1. Rise of the (smart) Machines
IRM Summit November 2014
Remy Pottier Director of Strategy ARM
remy.pottier@arm.com
1
2. The IoT Opportunity Gap The IoT Opportunity is much larger
Analysts predictions for
connected devices (2020):
30 billion?
50 billion?
75 billion?
Reach
Time
The IoT Market is growing
Not new concept , it’s been around for >20
years1
Connected things > world population (6.8B)
Today
Silos of Things
1 Weiser, Mark (1991) “the Computer for the 21st Century”
The term Internet of Things was proposed by Kevin Ashton in 1998
MCUs radios sensors
Over 3 Billion
ARM® Cortex® -M devices shipped in 2013
by leading semiconductor companies
4. Change the relationship between user, devices and services Functional Becomes IOT Little Data /Leveraging “Big Data” enables services revolution
Functional
Little Data
6. Problems to solve for OEM today – similar across verticals
Develop the Things and then …
Connect
Data management, device management
Service development and deployment
Security
Integration
Differentiate and innovate
7. Problems to solve for Market Development/Acceleration
Interoperable Data
and Objects
Internet Of Things
Reach
Sharing
SaaS
M2M
Applications
Internet / broadband
Mobile Telephony
Open User, Service, Device Identities Relationship
Fixed Telephony Networks
Mobile internet
Internet of Things
Today
Silos of Things Everything nearly connects
Scale needs interoperability Interoperability needs Standards
Relationship needs Trust
Trust needs Identities & Security
9. Network
Level
Internet
Level
Web Level
Application Level
“I” for IP (and Web) protocols to the edge
EXI | XML | JSON payload
6LoWPAN | IPv6 | IPv4
UDP | TCP
802.11 MAC/PHY
3GPP | LTE
DTLS | TLS
CoAP | HTTP
ZigBee
Network Layer
ZigBee App Layer
REST APIs
ZigBee Cluster Lib
BT MAC/PHY
Host Control I/F
L2CAP | IP | UDP
Security Manager
GATT profiles
Application layer
Bluetooth
ZigBee
WiFi
Cellular
IEEE 802.15.4 MAC / PHY
Thread
IP / Web IoT Application
Device Management
Web to the edge
Constrained networks
10. I for Identity
Identity in the physical world and digital world
Devices can have multiple identities basic, cryptographic (serial number, reference number, MAC
address, shared secret, crypto key,..)
Web-scale connectivity
Can we use IPv6 for providing a unique IP address to IoT?
Yes! It’s IoT-friendly by design2
Key problems to solve:
Identity management
Authentication
Authorization
Secure the Id
2. The Internet of Everything through IPv6: An Analysis of Challenges, Solutions and Opportunities
Antonio J. Jara, Latif Ladid, Antonio Skarmeta - http://ipv6forum.com/iot/images/jowua-v4n3-6.pdf
11. I for Identity Relationship
The trust relationship is: user trusts the App (and vice versa), App trusts the device
(and vice versa)
This is ok for “Silos of Things” but what about these use cases:
Device sharing/ networking
Data sharing
One to many relationship
Ownership transfer (time based, ..)
3rd party apps
….. SSO
FIM
Federation
12. Data Sharing use case!
Gym
Cycling
Running
Machine ID
Personal ID
Start Time
Stop Time
Distance
Exercise Profile
Heart Rate
Bicycle ID
Personal ID
Start Time
Stop Time
GPS Mapping
Personal ID
Start Time
Stop Time
GPS Mapping
Heart Rate
Bluetooth
Cellular
Network
WiFi
WiFi
Gym
Machine Utilization
Equipment Owner
Machine Depreciation
Service Contract
Predictive Maintenance
Personal @ Gym
Trainer / exercise regime portal
Personal @ Facebook
Share with selected friends
Health Provider
Doctor / Dietician
Hospital
Track post-surgical recovery
Multiple Streams
Gym + Personal
High data bandwidth
for machine monitoring
WiFi
Internet /
Cloud
Personal Planner
Mash-up / Multiple streams data
Personal Reward
Goal achievement
Weight
Device ID
Personal ID
Date / Time
Scale (Kg/Lbs)
WiFi
Internet
Gym Network
Home Network
Personal Area Network
Network
TRUST?
RESSOURCES
USERS
12
13. Enabling Trusted Relationship between Identities
“Normal” Thingteractions
Own, share, use directly
User Service
Identity and Access Management
Privacy, ownership management
Device Service
Security End to End
Cloud Service
• Personal cloud
• Professional cloud
• Private / dedicated cloud
User identity
• Me
• Friends /Colleagues
• Maintenance department …
Things Identity
• Serial #
• Unique Id
Need to establish trust in an untrusted environment?
Cryptographers have been doing this for a long time
14. Let’s go step by step!
Device to Service end to end security and User Access Control to services
Web scale user Identity
and Access control
15. and then
IRM
IETF -ACE
FIDO
KANTARA-UMA
…..
OR
More Technologies and Standards required
16. Summary
IoT silicon opportunity – 30..75B devices by 2020
Mostly small devices woven into the fabric of our physical and digital lives
Internet / Web protocols can scale to meet the needs of IoT
Security is essential – and the standards are already in place
Every device needs a secure key store and basic crypto support
Establish a trusted relationship between devices, applications and users
The result: Trustworthy IoT at Web scale!
17. Thank You
The trademarks featured in this presentation are registered and/or unregistered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. Any other marks featured may be trademarks of their respective owners