connecting iot appliances
play

Connecting IoT appliances securely to the cloud (eap-noob) Tuomas - PowerPoint PPT Presentation

Mar 12, 2024 •343 likes •528 views

Connecting IoT appliances securely to the cloud (eap-noob) Tuomas Aura, Aalto University, Finland joint work with Mohit Sethi, Ericsson, and others Connecting devices to cloud Cloud IoT appliances Internet User Authenticated key

  1. Connecting IoT appliances securely to the cloud (eap-noob) Tuomas Aura, Aalto University, Finland joint work with Mohit Sethi, Ericsson, and others

  2. Connecting devices to cloud Cloud IoT appliances Internet User • Authenticated key exchange? • Goals: learn peer identity, create a secure connection • Device pairing? • Physical access to device – but only at one end • No pre-established credentials • Possibly no pre-established identities or trusted parties

  3. Wireless network access Cloud IoT appliances Wireless LAN Internet • Wireless access credentials? • Before the device can connect to the cloud, it needs Internet access

  4. Device ownership IoT appliances ? • Which cloud service owns the device? • Which cloud-service user owns the device? • For example, consider a device that a university secretary just bought at the gadget superstore

  5. Scalability • Up to thousands of smart appliances • Installers are untrained staff and consumers • Some devices redeployed regularly

  6. Existing configuration methods • Consumer methods: • User enters network and cloud credentials • Automatic entry: bar code, blinking LED, sound • WPS + static QR code printed on the device (?) • Scalable industry methods: • Device certificates + register of purchased devices + (D)TLS • Outsourced management

  7. EAP-NOOB • EAP method for nimble out-of-band (OOB) authentication of cloud-connected IoT appliances • New IoT appliance has no owner or domain, no credentials for cloud or Wi-Fi • What EAP-NOOB does: (1) connect the device to access network (2) register the device to AAA/cloud server • Security from a single user-assisted out-of-band message between peer device and AAA server (Generalization of EAP method from Ubicomp 2014)

  8. EAP-NOOB: user experience aalto.fi aalto.fi aalto.fi Cloud account login

  9. EAP-NOOB Remote AAA IoT appliances (in cloud) Wireless AP Local AAA Scan Trust

  10. EAP-NOOB Remote AAA IoT appliances (in cloud) Wireless AP Local AAA Scan Trust EAP in-band

  11. EAP-NOOB Remote AAA IoT appliances (in cloud) Wireless AP Local AAA Scan Trust EAP in-band OOB Web page Output / API / Input User-assisted OOB channel

  12. EAP-NOOB protocol – high level view • Protocol for new devices: 1. Initial exchange in-band : ECDH over EAP 2. Out-of-band step : one user-assisted message, in either direction 3. Completion exchange in-band : authentication and key confirmation over EAP • OOB step should not be not repeated. Reconnect exchange for rekeying, algorithm upgrade etc.

  13. EAP-NOOB in the background aalto.fi 1. EAP-NOOB initial exchange aalto.fi aalto.fi 2. OOB message 3. EAP-NOOB completion Cloud account login

  14. Creative use of EAP • No preconfigured credentials or other relation for AAA server or peer device • Peer with no input UI may probe all wireless networks around it for EAP-NOOB support • Initial exchange and completion are in different EAP conversations to allow OOB step • Initial NAI is always “noob@eap - noob.net” • Must configure trust between access network and AAA/cloud server for “@eap - noob.net”

  15. EAP-NOOB security details • Authentication protocol details (with OOB from peer to server): • Initial ECDH without authentication • OOB message contains secret N oob and fingerprint H oob • MAC with N oob authenticates ECDH key in both directions • Additionally, H oob authenticates ECDH key to AAA server • Knowing N oob authorizes the server and user to take control of the peer device • OOB channel should protect both secrecy and integrity • Double protection: failure of one of these does not cause complete loss of security

  16. Deploying EAP-NOOB • The EAP method must be implemented in AAA/cloud server and peer devices • Our implementation: Linux wpa_supplicant (device) and hostapd (server) • No changes to the Authenticator (AP) • No new code in access-network AAA server • Realm-to-server mapping for “@eap - noob.net” • User accounts at the AAA/cloud server • No phone app needed for QR codes • Requires WPA2-Enterprise to be used at home

  17. Ongoing work • IETF Internet-Draft: draft-aura-eap-noob • The Eduroam case: • How to use your device while roaming? • How to configure new device while roaming? • Server-to-device OOB and device discovery • Which devices does the cloud offer to the user? • OOB channel message formats • Protocol verification • Complexity mainly from two OOB directions • Simple Promela model exists, more to do

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TESTING OF GAS APPLIANCES FLOW & GAS APPLIANCES LABORATORY MECHANICAL & AUTOMOTIVE

TESTING OF GAS APPLIANCES FLOW & GAS APPLIANCES LABORATORY MECHANICAL & AUTOMOTIVE

TESTING OF GAS APPLIANCES FLOW & GAS APPLIANCES LABORATORY MECHANICAL & AUTOMOTIVE SECTION (MAST ) Domestic Gas Cooker Register at Online Application System MANUFACTURERS ( Foreign/Importer ) MANUFACTURERS (Local) (OAS) website

481 views • 22 slides
Autumn @ Connecting with God Connecting with God What are you ashamed of .. Family

Autumn @ Connecting with God Connecting with God What are you ashamed of .. Family

Connecting Autumn @ Connecting with God Connecting with God What are you ashamed of .. Family Education Pornography Relationships Children Body Job Unemployment Connecting with God We all have shame.. Bren Brown : The 1-2-3 of

435 views • 18 slides
T URN OFF THE LIGHTS ? Melanie Derby and Emily Porter-Goff y y

T URN OFF THE LIGHTS ? Melanie Derby and Emily Porter-Goff y y

T URN OFF THE LIGHTS ? Melanie Derby and Emily Porter-Goff y y http://www.lightbulbmarket.com/product/050260_60-Watt-A-19-Philips-Light-Bulb Today Buy appliances Test energy usage of small appliances of small appliances T IME

335 views • 7 slides
Customing Android: Looking inside the droids belly Embedded Android Appliances What do I mean by

Customing Android: Looking inside the droids belly Embedded Android Appliances What do I mean by

Customing Android: Looking inside the droids belly Embedded Android Appliances What do I mean by Appliances? appliance / pl ns/ Noun A device designed to perform a specific task, typically a domestic one. Digital Signage

1.04k views • 55 slides
Hacking Appliances: Ironic exploits in security products Ben Williams 9:22 AM Proposition

Hacking Appliances: Ironic exploits in security products Ben Williams 9:22 AM Proposition

9:22 AM Hacking Appliances: Ironic exploits in security products Ben Williams 9:22 AM Proposition There is a temptation to think of Security Appliances as impregnable fortresses, this is definitely a mistake. Security Appliance (noun) -

1.1k views • 63 slides
1 Committed to Connecting the World Committed to Connecting the World Regulatory Responses

1 Committed to Connecting the World Committed to Connecting the World Regulatory Responses

Committed to Connecting the World Committed to Connecting the World 14 th Global Symposium for Regulators Why Does Competition Matter? Capitalizing on the potential of the digital world Puts pressure on incumbent operators Disrupts

700 views • 3 slides
1 Committed to Connecting the World Committed to Connecting the World RIA: main challenges RIA

1 Committed to Connecting the World Committed to Connecting the World RIA: main challenges RIA

Committed to Connecting the World Committed to Connecting the World 14 th Global Symposium for Regulators What is RIA? Capitalizing on the potential of the digital world A systemic approach to critically assessing the positive and

413 views • 3 slides
1 High Speed UK Connecting the Nation, Connecting the North: The Only Way is Woodhead High

1 High Speed UK Connecting the Nation, Connecting the North: The Only Way is Woodhead High

1 High Speed UK Connecting the Nation, Connecting the North: The Only Way is Woodhead High Speed UK Connecting the Nation Who are we? Colin Elliff BSc CEng MICE Civil Engineering Principal, HSUK Quentin Macdonald

899 views • 85 slides
Special Gas Venting Systems Proper System Design for Category IV Appliances Special Gas Venting

Special Gas Venting Systems Proper System Design for Category IV Appliances Special Gas Venting

Special Gas Venting Systems Proper System Design for Category IV Appliances Special Gas Venting Systems National Fuel Gas Code (NFPA 54/ ANSI Z223.1) Definition Gas vent for venting listed Category II, III, and IV appliances Venting

691 views • 48 slides
1 Committed to Connecting the World Committed to Connecting the World Monitoring deployment and

1 Committed to Connecting the World Committed to Connecting the World Monitoring deployment and

Committed to Connecting the World Committed to Connecting the World 14 th Global Symposium for Regulators Results-oriented performance management Capitalizing on the potential of the digital world Key performance indicators measure in

266 views • 3 slides
Connecting Families in Bath & North East Somerset Paula Bromley Connecting Families Manager

Connecting Families in Bath & North East Somerset Paula Bromley Connecting Families Manager

15/01/13 Connecting Families in Bath & North East Somerset Paula Bromley Connecting Families Manager Connecting Families Overview Connecting Families - Overview Prospect European Social Fund Troubled Families Unit Department of

340 views • 6 slides
Connecting the world through English... Welcome to New College Group Why NCG Vision Connecting

Connecting the world through English... Welcome to New College Group Why NCG Vision Connecting

Connecting the world through English... Welcome to New College Group Why NCG Vision Connecting the world through English. Mission We provide the finest education by inspiring our students to achieve their goals through academic excellence.

271 views • 24 slides
Kitchen Appliances Philips Airfyer - Trade Presentation Updated Q4 2013 1 Agenda Marketplace

Kitchen Appliances Philips Airfyer - Trade Presentation Updated Q4 2013 1 Agenda Marketplace

Kitchen Appliances Philips Airfyer - Trade Presentation Updated Q4 2013 1 Agenda Marketplace Trends Consumer Update Product Review Retailer Review/Recommendations Confidential 2 Marketplace Trends Philips Kitchen Appliances has over 80

604 views • 25 slides
Cinekid - content research Connecting with a writer connecting work with a speaker Overvieuw

Cinekid - content research Connecting with a writer connecting work with a speaker Overvieuw

Cinekid - content research Connecting with a writer connecting work with a speaker Overvieuw Ruairi Glynn Director Architecture Lab Eye Catcher Pips-lab Workshop in Marloeke van der VR technology Vlught / storytelling Dirk Vis

412 views • 10 slides
Connecting declarative software tools Declarative tools [for] connecting software Salvador Lucas

Connecting declarative software tools Declarative tools [for] connecting software Salvador Lucas

Connecting declarative software tools Declarative tools [for] connecting software Salvador Lucas Dep. de Sistemas Informticos y Computacin Universidad Politcnica de Valencia slucas@dsic.upv.es Summary Connecting declarative software

634 views • 42 slides
Aim Aim I can identify appliances that run on electricity. I can describe how Thomas

Aim Aim I can identify appliances that run on electricity. I can describe how Thomas

Aim Aim I can identify appliances that run on electricity. I can describe how Thomas Edisons inventions changed peoples lives. Success Criteria Success Criteria Statement 1 Lorem ipsum dolor sit amet, consectetur adipiscing

808 views • 8 slides
A Parallel Interest Matching Algorithm for Distributed- Memory Systems Elvis Liu Georgios

A Parallel Interest Matching Algorithm for Distributed- Memory Systems Elvis Liu Georgios

A Parallel Interest Matching Algorithm for Distributed- Memory Systems Elvis Liu Georgios Theodoropoulos Outline Introduction Distributed Virtual Environments (DVE) Interest Management Parallel Interest Matching Algorithm

526 views • 28 slides
Virtual Textures Dealing with Enormous Texture-Based Resources Anders Scheel Nielsen 1 Anders

Virtual Textures Dealing with Enormous Texture-Based Resources Anders Scheel Nielsen 1 Anders

Virtual Textures Dealing with Enormous Texture-Based Resources Anders Scheel Nielsen 1 Anders Scheel Nielsen Textures 2 Anders Scheel Nielsen Textures 3 Anders Scheel Nielsen Mipmaps 4 Anders Scheel Nielsen Mipmaps 5 Anders Scheel

966 views • 78 slides
Application of Satellite and Ozonesonde Data to the Study of Nighttime Tropospheric Ozone Impacts

Application of Satellite and Ozonesonde Data to the Study of Nighttime Tropospheric Ozone Impacts

Application of Satellite and Ozonesonde Data to the Study of Nighttime Tropospheric Ozone Impacts and Relationship to Air Quality Greg Osterman Jet Propulsion Laboratory CMAS Meeting - October 25, 2011 Investigators AURA 2010 Proposal

534 views • 27 slides
MIGRAINE MANAGEMENT Joanna G. Katzman, M.D.,M.S.P.H. Associate Professor, Department of

MIGRAINE MANAGEMENT Joanna G. Katzman, M.D.,M.S.P.H. Associate Professor, Department of

MIGRAINE MANAGEMENT Joanna G. Katzman, M.D.,M.S.P.H. Associate Professor, Department of Neurosurgery UNM Pain Center and Project ECHO Pain University of New Mexico Disclosure The presenter has no financial relationship to this program.

360 views • 25 slides
Photograph We keep this love in a photograph We made these memories for ourselves Where our eyes

Photograph We keep this love in a photograph We made these memories for ourselves Where our eyes

Photograph We keep this love in a photograph We made these memories for ourselves Where our eyes are never closing Hearts are never broken And time's forever frozen still Photographs are a way of seeing. Photographs are also a way of

598 views • 15 slides
Service Management for Smart Spaces (Intermediate T alk) Milad Khanibeik Supervisor: Prof.

Service Management for Smart Spaces (Intermediate T alk) Milad Khanibeik Supervisor: Prof.

A Master Thesis on: Service Management for Smart Spaces (Intermediate T alk) Milad Khanibeik Supervisor: Prof. Dr.-Ing. Georg Carle Advisor: Marc-Oliver Pahl, Dipl.-Inform. April 2014 1 Structure of the Presentation Smart Space

372 views • 22 slides
Universidades & Participao: Da excluso utopia? Uma verdade cientfica no

Universidades & Participao: Da excluso utopia? Uma verdade cientfica no

Universidades & Participao: Da excluso utopia? Uma verdade cientfica no triunfa pela persuaso de seus oponentes e por faz-los enxergar a luz, mas sim porque esses oponentes finalmente morrem, dando lugar a uma nova

533 views • 31 slides
CI:IRL By Beth Tucker Long Who am I? Beth Tucker Long (@e3betht) Editor in Chief

CI:IRL By Beth Tucker Long Who am I? Beth Tucker Long (@e3betht) Editor in Chief

CI:IRL By Beth Tucker Long Who am I? Beth Tucker Long (@e3betht) Editor in Chief php[architect] magazine Freelancer under Treeline Design, LLC Stay at home mom User group organizer Madison PHP Audience

846 views • 50 slides

More recommend