Security & Identity in AllJoyn 14.06

•Download as PPTX, PDF•

6 likes•2,819 views

My presentation for Cloud Identity Summit 2014. I will be talking about the security and identity features that AllJoyn offers in it's 14.06 release.

Software

Identity & Security In AllJoyn 14.06
Tim Kellogg
Saturday, July 19 2014

https://github.com/tkellogg/alljoyn-examples
https://github.com/tkellogg/alljoyn-
core/tree/master/alljoyn_core/src

Mitsubishi EMI Incident (2003)
• Brakes disabled when given 1000-10000x legal
levels of EMI radiation
• Car thinks brakes are locked, so it releases
• All within limits required by law

Slammer Worm (2003)
• Nuclear plant safety monitoring disabled for 5
hours
• “The business value of access to the data
within the control center worth the risk of
open connections between the control center
and the corporate network”
• Unpatched MSSQL Server

Hello, my name is Bruce Schneier and I
think routers are super duper easy to
hack, mostly because you nerds never
patch the software
https://www.schneier.com/essays/archives/2014/01/the
_internet_of_thin.html

University of Washington Study (2010)
“We demonstrate that an attacker who is able to
infiltrate virtually any Electronic Control Unit
(ECU) can leverage this ability to completely
circumvent a broad array of safety-critical
systems”
http://www.autosec.org/pubs/cars-
oakland2010.pdf

Hey, check it out! I
made my own
encryption algorithm

Embedded Needs “Rails”
• Software Updates
• Security & Identity
• Communication
• Media Streaming
• User Interfaces

Auth Listeners
• ALLJOYN_RSA_KEYX – X.509 certificates
• ALLJOYN_SRP_KEYX – Show Random PIN
• ALLJOYN_SRP_LOGON – preset U/P table
• ALLJOYN_ECDHE_NULL
• ALLJOYN_ECDHE_PSK
• ALLJOYN_ECDHE_ECDSA – DSA

ALLJOYN_RSA_KEYX
• RSA = Asymmetric key encryption
• X.509 certificates
– Trusted Certificate Authority

SRP_KEYX & SRP_LOGON
• Threshold Cryptography
• No trust required to establish a secure
connection
• LOGON = Username & Password
• KEYX = A PIN is displayed

ECDHE
• Elliptic Curve (EC) Cryptography
• DHE = Diffie-Hellman key Exchange
– Symmetric key encryption

ALLJOYN_ECDHE_NULL
• Elliptic Curve Encryption
• No verification of identity

ALLJOYN_ECDHE_PSK
• PSK = Pre-Shared Key
• Service already has the client’s public key
• A password may also be used

ALLJOYN_ECDHE_ECDSA
• ECDSA – Elliptic Curve Digital Signature
Algorithm
• Certificate shows identity

Questions?
@kellogh
Practical Internet of Things

Similar to Security & Identity in AllJoyn 14.06

Through the Eyes of the Attacker: Designing Embedded Systems Exploits for Industrial Control Systems In 2017 a malware framework dubbed TRITON (also referred to as TRISIS or HatMan) was discovered targeting a petrochemical plant in Saudi Arabia. TRITON was designed to compromise the Schneider Electric Triconex line of Safety Instrumented Systems (SIS), potentially in order to cause physical damage. TRITON is the most complex publicly known ICS attack framework to date and the first publicly known one to target safety controllers. While the functionality of the malware is understood, little is known about the complexity of developing such an implant. The goal of this talk is to provide the audience with a “through the eyes of the attacker” experience in designing advanced embedded systems exploits & implants for Industrial Control Systems (ICS). Attendees will learn about the background of the TRITON incident, the process of reverse-engineering and exploiting ICS devices and developing implants and OT payloads as part of a cyber-physical attack and will be provided with details on real-world ICS vulnerabilities and implant strategies. In the first part of the talk we will provide an introduction to ICS attacks in general and the TRITON incident in particular. We will outline the danger of TRITON being repurposed by copycats and estimate the complexity and development cost of such offensive ICS capabilities. In the second and third parts of the talk we will discuss the process of exploiting ICS devices to achieve code execution and developing ICS implants and OT payloads. We will discuss real-world ICS vulnerabilities and present several implant scenarios such as arbitrary code execution backdoors (as used in TRITON), pin configuration attacks, protocol handler hooking to spoof monitored signal values, suppressing interrupts & alarm functionality, preventing implant removal and control logic restoration and achieving cross-boot persistence. We will discuss several possible OT payload scenarios and how these could be implemented on ICS devices such as the Triconex safety controllers. In the final part of the talk we'll wrap up our assessment of the complexity & cost of developing offensive ICS capabilities such as the TRITON attack and offer recommendations to defenders and ICS vendors.

Defcon through the_eyes_of_the_attacker_2018_slides

Marina Krotofil

onur-comparch-fall2018-lecture2-rowhammer-afterlecture.pptx

sivasubramanianManic2

Firewall final (fire wall)

JIEMS Akkalkuwa

01_Metasploit - The Elixir of Network Security

Harish Chaudhary

Intrusion Detection Techniques In Mobile Networks

IOSR Journals

The Internet of Things: We've Got to Chat

Duo Security

Linux Operating System is being reverenced by many professionals because of its versatile nature. As many network security professionals ,particularly those of ethical hackers use linux in an extensive way, did we ever observe how and why the number of hackers were enhancing day to day. Not only professionals ,every one are unleashing their hacking potentials with the help of Backtrack5R3 operating system which is a comprehensive tool kit for security auditing. This paper emphasizes on the so called SET (Social Engineering Toolkit).In a pen-testing scenario, alongside uncovering vulnerabilities in the hardware and software systems and exploiting them ,the most effective of all is penetrating the human mind to extract the desire information. Such devious technics are known as social engineering ,and computer based software tools to facilitate this form the basis of Social Engineering Toolkit

Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3

IJERA Editor

In this work, we propose a modified DEFENSE architecture termed as xDEFENSE that can detect and react to hardware attacks in real-time. In the past, several Root of Trust architectures such as DEFENSE and RETC have been proposed to foil attempts by hardware Trojans to leak sensitive information. In a typical Root of Trust architecture scenario, hardware is allowed to access the memory only by responding properly to a challenge requested by the memory guard. However in a recent effort, we observed that these architectures can in fact be susceptible to a variety of threats ranging from denial of service attacks, privilege escalation to information leakage, by injecting a Trojan into the Root of Trust modules such as memory guards and authorized hardware. In our work, we propose a security monitor that monitors all transactions between the authorized hardware, memory guard and memory. It also authenticates these components through the use of Hashed Message Authentication Codes (HMAC) to detect any invalid memory access or denial of service attack by disrupting the challenge-response pairs. The proposed xDEFENSE architecture was implemented on a Xilinx SPARTAN 3 FPGA evaluation board and our results indicate that xDEFENSE requires 143 additional slices as compared to DEFENSE and incurs a monitoring latency of 22ns.

xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions

Vivek Venugopalan

Lecture 6

Education

02 introduction to network security

Joe McCarthy

AN ACCESS CONTROL MODEL OF VIRTUAL MACHINE SECURITY

csandit

Virtualization technology becomes a hot IT technology with the popu-larity of Cloud Computing. However, new security issues arise with it. Specifically, the resources sharing and data communication in virtual machines are most concerned. In this paper an access control model is proposed which combines the Chinese Wall and BLP model. BLP multi-level security model is introduced with corresponding improvement based on PCW (Prioritized Chinese Wall) security model. This model can be used to safely control the resources and event behaviors in virtual machines. Experimental results show its effectiveness and safety.

An access control model of virtual machine security

csandit

AN ACCESS CONTROL MODEL OF VIRTUAL MACHINE SECURITY

cscpconf

Final pres(0704043)

Md. Al-Hasan

Making the case for sandbox v1.1 (SD Conference 2007)

Dinis Cruz

Cybersecurity of Physical Systems

Erin Hillier

Developing a Protection Profile for Smart TV

Seungjoo Kim

Computer security aspects in

Vishnu Suresh

Cyber Security: Trends and Globar War

Nasir Bhutta

Ce hv8 module 05 system hacking

Mehrdad Jingoism

Similar to Security & Identity in AllJoyn 14.06 (20)

Defcon through the_eyes_of_the_attacker_2018_slides

onur-comparch-fall2018-lecture2-rowhammer-afterlecture.pptx

Firewall final (fire wall)

01_Metasploit - The Elixir of Network Security

Intrusion Detection Techniques In Mobile Networks

The Internet of Things: We've Got to Chat

Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3

xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions

Lecture 6

02 introduction to network security

AN ACCESS CONTROL MODEL OF VIRTUAL MACHINE SECURITY

An access control model of virtual machine security

AN ACCESS CONTROL MODEL OF VIRTUAL MACHINE SECURITY

Final pres(0704043)

Making the case for sandbox v1.1 (SD Conference 2007)

Cybersecurity of Physical Systems

Developing a Protection Profile for Smart TV

Computer security aspects in

Cyber Security: Trends and Globar War

Ce hv8 module 05 system hacking

More from kellogh

Biological networks like cells, neurons, and ant colonies have a lot in common with distributed systems, but they have even more in common with sensor networks and heterogeneous home automation systems. They all have to deal with distributed consensus and self-organization problems, but biological and sensor networks have to deal with downright hostile nodes. In this presentation are a couple examples of how we can learn from biology to build a better Internet of Things.

Biologically Inspired Internet of Things

kellogh

Why HTTP Won't Work For The Internet of Things (Dreamforce 2014)

kellogh

Functional Programming and Concurrency Patterns in Scala

kellogh

Programming The Arduino Due in Rust

kellogh

Why HTTP Won't Work For The Internet of Things

kellogh

Comparing CoAP vs MQTT

kellogh

Scaling MQTT With Apache Kafka

kellogh

Internet of things, lafayette tech

kellogh

More from kellogh (8)

Biologically Inspired Internet of Things

Why HTTP Won't Work For The Internet of Things (Dreamforce 2014)

Functional Programming and Concurrency Patterns in Scala

Programming The Arduino Due in Rust

Why HTTP Won't Work For The Internet of Things

Comparing CoAP vs MQTT

Scaling MQTT With Apache Kafka

Internet of things, lafayette tech

Recently uploaded

InShot proinshot.com stands tall among its peers as the ultimate video editing app, offering simplicity, versatility, and power in one package. With its intuitive interface and comprehensive feature set, InShot caters to both beginners and seasoned editors alike. Whether you're creating content for social media, YouTube, or personal projects, InShot empowers you to unleash your creativity and transform your videos into captivating masterpieces. Join the millions of users who trust InShot https://www.proinshot.com/ for all their video editing needs and discover the difference for yourself!

Exploring the Best Video Editing App.pdf

proinshot.com

+971565801893 Mtp-Kit (500MG) Prices » Dubai [(+971565801893**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Leen Whatsapp +971565801893 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971565801893''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971565801893' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Clinic in Abu Dhabi, United Arab Emirates.+971565801893

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...

Health

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

10 Trends Likely to Shape Enterprise Technology in 2024

Mind IT Systems

In the realm of real-time applications, Large Language Models (LLMs) have long dominated language-centric tasks, while tools like OpenCV have excelled in the visual domain. However, the future (maybe) lies in the fusion of LLMs and deep learning, giving birth to the revolutionary concept of Large Action Models (LAMs). Imagine a world where AI not only comprehends language but mimics human actions on technology interfaces. For example, the Rabbit r1 device presented at CES 2024, driven by an AI operating system and LAM, brings this vision to life. It executes complex commands, leveraging GUIs with unprecedented ease. In this presentation, join me on a journey as a software engineer tinkering with WebRTC, Janus, and LLM/LAMs. Together, we’ll evaluate the current state of these AI technologies, unraveling the potential they hold for shaping the future of real-time applications.

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications

Alberto González Trastoy

Define the academic and professional writing..pdf

PearlKirahMaeRagusta1

How To Troubleshoot Collaboration Apps for the Modern Connected Worker

ThousandEyes

Model Call Girl Services in Delhi reach out to us at 🔝 9953056974 🔝✔️✔️ Our agency presents a selection of young, charming call girls available for bookings at Oyo Hotels. Experience high-class escort services at pocket-friendly rates, with our female escorts exuding both beauty and a delightful personality, ready to meet your desires. Whether it's Housewives, College girls, Russian girls, Muslim girls, or any other preference, we offer a diverse range of options to cater to your tastes. We provide both in-call and out-call services for your convenience. Our in-call location in Delhi ensures cleanliness, hygiene, and 100% safety, while our out-call services offer doorstep delivery for added ease. We value your time and money, hence we kindly request pic collectors, time-passers, and bargain hunters to refrain from contacting us. Our services feature various packages at competitive rates: One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call Full night for more than 1 person: Contact us at 🔝 9953056974 🔝. for details Operating 24/7, we serve various locations in Delhi, including Green Park, Lajpat Nagar, Saket, and Hauz Khas near metro stations. For premium call girl services in Delhi 🔝 9953056974 🔝. Thank you for considering us!

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE

9953056974 Low Rate Call Girls In Saket, Delhi NCR

Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...

OnePlan Solutions

A great deal of attention in medical devices has shifted towards cybersecurity with the ratification of section 524B of the FD&C act. This new law enables the FDA to enforce cybersecurity controls in any medical device that is capable of networked communications or that has software. In this webinar we will recap the process for managing vulnerabilities, identify categories of vulnerabilities and solutions and more.

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...

ICS

In an era where security concerns are paramount, the integration of artificial intelligence (AI) into CCTV cameras has revolutionized surveillance capabilities. One of the most significant advancements is the ability to achieve real-time threat detection, enabling immediate responses to potential security breaches. This blog explores how AI is reshaping surveillance through real-time threat detection and the implications of this technology.

Optimizing AI for immediate response in Smart CCTV

shikhaohhpro

Investing in AI transformation today The modern business advantage: Uncovering deep insights with AI Organizations around the world have come to recognize AI as the transformative technology that enables them to gain real business advantage. AI’s ability to organize vast quantities of data allows those who implement it to uncover deep business insights, augment human expertise, drive operational efficiency, transform their products, and better serve their customers

Microsoft AI Transformation Partner Playbook.pdf

Willy Marroquin (WillyDevNET)

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf

VishalKumarJha10

Diamond Application Development Crafting Solutions with Precision

SolGuruz

Azure Native Qumulo scales elastically for common High Performance Compute (HPC) workloads based on application requirements for: Financial Services, Automotive, Genomics / Life Sciences, Media and Entertainment, Energy, Oil and Gas, etc. Performance can be dialed UP (and back down) much higher than the examples shown here. These slides offer a glimpse into ANQ's HPC capabilities, although at a smaller scale. We invite YOU to do your own testing (with a free ANQ trial) and work with us to test your HPC workloads in Azure.

Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf

ryanfarris8

Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid

Philip Schwarz

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live Booking Contact Details :- WhatsApp Chat :- [+91-9999965857 ] The Best Call Girls Delhi At Your Service Russian Call Girls Delhi Doing anything intimate with can be a wonderful way to unwind from life's stresses, while having some fun. These girls specialize in providing sexual pleasure that will satisfy your fetishes; from tease and seduce their clients to keeping it all confidential - these services are also available both install and outcall, making them great additions for parties or business events alike. Their expert sex skills include deep penetration, oral sex, cum eating and cum eating - always respecting your wishes as part of the experience (29-April-2024(PSS)

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live

Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf

kalichargn70th171

Data spaces in distributed environments should be allowed to evolve in agile ways providing data space owners with large flexibility about which data they store. Agility and heterogeneity, however, jeopardize data exchanges because representations may build on varying ontologies and data consumers may not rely on the semantic correctness of their queries in the context of semantically heterogeneous, evolving data spaces. Graph data spaces are one example of a powerful model for representing and querying data whose semantics may change over time. To assert and enforce conditions on individual graph data spaces, shape languages (e.g SHACL) have been developed. We investigate the question of how querying and programming can be guarded by reasoning over SHACL constraints in a distributed setting and we sketch a picture of how a future landscape based on semantically heterogeneous data spaces might look like.

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...

Steffen Staab

Craft an AI & Machine Learning Pitch with our Editable Professional PowerPoint Template. Ignite your AI & Machine Learning pitch with our cutting-edge PowerPoint template tailored for the industry. Perfect for AI conferences, investor presentations, sales pitches to tech-focused companies, training sessions, and educational programs. - 20+ editable slides: Get a variety of options to choose from for your presentation. - Time-saving solution: Download, replace text/images with a few clicks. - User-friendly customization: Easy to use and personalize. - Modern and attractive design: Captivating visuals, sleek layout. - Tailored to your requirements: Fully alterable for customization. - Well-organized slides: Complete control over content. - Thematic specificity: Reflects healthcare industry with relevant graphics. - Showcase your business idea: Communicate value proposition effectively.

AI & Machine Learning Presentation Template

Presentation.STUDIO

Recently uploaded (20)

Exploring the Best Video Editing App.pdf

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

10 Trends Likely to Shape Enterprise Technology in 2024

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications

Define the academic and professional writing..pdf

How To Troubleshoot Collaboration Apps for the Modern Connected Worker

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE

Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...

Optimizing AI for immediate response in Smart CCTV

Microsoft AI Transformation Partner Playbook.pdf

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf

Diamond Application Development Crafting Solutions with Precision

Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf

Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...

AI & Machine Learning Presentation Template

Security & Identity in AllJoyn 14.06

1. Identity & Security In AllJoyn 14.06 Tim Kellogg Saturday, July 19 2014

2. https://github.com/tkellogg/alljoyn-examples https://github.com/tkellogg/alljoyn- core/tree/master/alljoyn_core/src

3. Embedded Security

4. Mitsubishi EMI Incident (2003) • Brakes disabled when given 1000-10000x legal levels of EMI radiation • Car thinks brakes are locked, so it releases • All within limits required by law

5. Slammer Worm (2003) • Nuclear plant safety monitoring disabled for 5 hours • “The business value of access to the data within the control center worth the risk of open connections between the control center and the corporate network” • Unpatched MSSQL Server

6. Hello, my name is Bruce Schneier and I think routers are super duper easy to hack, mostly because you nerds never patch the software https://www.schneier.com/essays/archives/2014/01/the _internet_of_thin.html

7. University of Washington Study (2010) “We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems” http://www.autosec.org/pubs/cars- oakland2010.pdf

8. Hey, check it out! I made my own encryption algorithm

10. Embedded Needs “Rails” • Software Updates • Security & Identity • Communication • Media Streaming • User Interfaces

11. Distributed Bus

12. Distributed Bus

13. Security

14. Auth Listeners • ALLJOYN_RSA_KEYX – X.509 certificates • ALLJOYN_SRP_KEYX – Show Random PIN • ALLJOYN_SRP_LOGON – preset U/P table • ALLJOYN_ECDHE_NULL • ALLJOYN_ECDHE_PSK • ALLJOYN_ECDHE_ECDSA – DSA

15. ALLJOYN_RSA_KEYX • RSA = Asymmetric key encryption • X.509 certificates – Trusted Certificate Authority

16. SRP_KEYX & SRP_LOGON • Threshold Cryptography • No trust required to establish a secure connection • LOGON = Username & Password • KEYX = A PIN is displayed

17. ALLJOYN_SRP_KEYX

18. ECDHE • Elliptic Curve (EC) Cryptography • DHE = Diffie-Hellman key Exchange – Symmetric key encryption

19. ALLJOYN_ECDHE_NULL • Elliptic Curve Encryption • No verification of identity

20. ALLJOYN_ECDHE_PSK • PSK = Pre-Shared Key • Service already has the client’s public key • A password may also be used

21. ALLJOYN_ECDHE_ECDSA • ECDSA – Elliptic Curve Digital Signature Algorithm • Certificate shows identity

22.

23. Questions? @kellogh Practical Internet of Things

Editor's Notes

* David-Besse nuclear power plant Safety monitoring disabled for 5 hours FirstEnergy – received unsecured monitoring information
Make care ignore driver input Completely erase all evidence of tampering Unidentified make and model from 2009
Open source Lots of Partners Share methods, algorithms, and testing The irony: Maybe OSS projects are more successful because we’re asked to do them a favor http://www.forbes.com/sites/sap/2011/11/16/do-me-a-favor-so-youll-like-me-the-reverse-psychology-of-likeability/
Cluster tree mesh network
Go over code https://github.com/tkellogg/alljoyn-examples/blob/master/secure/service/src/org/alljoyn/bus/samples/secureservice/
Shared Remote Password
Authenticates
A common (public) secret is combined with private secrets
Like OpenSSH

Security & Identity in AllJoyn 14.06

Recommended

Recommended

More Related Content

Similar to Security & Identity in AllJoyn 14.06

Similar to Security & Identity in AllJoyn 14.06 (20)

More from kellogh

More from kellogh (8)

Recently uploaded

Recently uploaded (20)

Security & Identity in AllJoyn 14.06

Editor's Notes