we believe that we are on the verge of the internet of
play

We believe that we are on the verge of the Internet of Things - PowerPoint PPT Presentation

Feb 24, 2023 •153 likes •661 views

We believe that we are on the verge of the Internet of Things explosion. Now is the time to make sure that IoT incorporates everything weve learned about digital security and infrastructure resiliency over the last 20 years of the Internet.

  1. We believe that we are on the verge of the Internet of Things explosion. Now is the time to make sure that IoT incorporates everything we’ve learned about digital security and infrastructure resiliency over the last 20 years of the Internet. 1

  2. SECURITY BEGINS WITH IDENTITY

  3. IDENTITY User name and password

  4. IDENTITY Smartcard

  5. IDENTITY Biometrics

  6. IDENTITY Certificate

  7. IDENTITY AE5021 B3209A API KEY FEA409

  8. IDENTITY TRUST

  9. IDENTITY TRUST

  10. IDENTITY APPLYING THESE MECHANISMS TO IOT AND M2M

  11. IDENTITY PROGRAMMATIC PHYSICAL AE5021 B3209A FEA409

  12. IDENTITY PROGRAMMATIC PHYSICAL AE5021 B3209A FEA409

  13. CERTIFICATES PUBLIC KEY INFRASTRUCTURE (PKI) l Trusted and well established technology l Allows for mutual authentication l Can be used for message signing

  14. CERTIFICATES

  15. CERTIFICATES

  16. CERTIFICATES

  17. CERTIFICATES $$$$$ $$$$$ COST $$$$$

  18. CERTIFICATES $$$$$ $$$$$ COST $$$$$

  19. CERTIFICATES SECURITY

  20. CERTIFICATES CERTIFICATE AUTHORITY SECURITY - Revocation Certificate Online Revocation Certificate List Status Protocol

  21. CERTIFICATES CERTIFICATE AUTHORITY SECURITY - Revocation Certificate Online Revocation Certificate List Status Protocol

  22. CERTIFICATES CERTIFICATE AUTHORITY SECURITY - Revocation Certificate Online Revocation Certificate List Status Protocol

  23. CERTIFICATES CERTIFICATE AUTHORITY SECURITY - TRUST

  24. CERTIFICATES CERTIFICATE AUTHORITIES SECURITY - TRUST

  25. CERTIFICATES CERTIFICATE AUTHORITIES SECURITY - TRUST Certificate Authority A device123.example.com Certificate Authority B device123.example.com

  26. CERTIFICATES MANAGEMENT

  27. CERTIFICATES INTEROPERABILITY FOO.COM BAR.COM CERTIFICATE CERTIFICATE AUTHORITY AUTHORITY

  28. CERTIFICATES INTEROPERABILITY FOO.COM BAR.COM CERTIFICATE CERTIFICATE AUTHORITY AUTHORITY

  29. CHALLENGES How do we deploy PKI at Internet of Things scale. l Keep cost low l Be interoperable l Deploy at scale l Improve security

  30. DANE

  31. DNS-BASED AUTHENTICATION OF NAMED ENTITIES

  32. DNSSEC Provides a secure global registry l Highly scalable

  33. DNSSEC Provides a secure global registry l Highly scalable l Globally distributed

  34. DNSSEC Provides a secure global registry l Highly scalable l Globally distributed l Resilient

  35. DNSSEC Provides a secure global registry l Highly scalable l Globally distributed l Resilient l Standards based

  36. DNSSEC Provides a secure global registry l Highly scalable l Globally distributed l Resilient l Standards based l Ubiquitous

  37. DNSSEC Provides a secure global registry l Highly scalable l Globally distributed l Resilient l Standards based l Ubiquitous l Secure

  38. DNSSEC . root key Provides a secure global registry .com key l Secure .example.com key l Cryptographically signed l Supports delegation zone.example.com … .... … .... … ....

  39. DANE RFC 6698 - establishes new record types for DNS Allows publishing of certificate data in DNS Data integrity validated by cryptographic signature zone.example.com … .... … .... … ....

  40. DANE RFC 6698 - establishes new record types for DNS l Effectively replaces local CA store as means of validating certificates l Allows records to be queried in real time l Allows records to be cached for specific amount of time l Removes the need for CRLs and OCSP l Can work with CA issued certificates or self signed certificates

  41. DNS Registry Device provisioning device1.example.com device2.example.com Device creates public/private keypair device3.example.com device4.example.com Public key is published in DNS device5.example.com … .... deviceX.example.com Sensor Keys

  42. DNS Registry device1.example.com device2.example.com device3.example.com device4.example.com device5.example.com … .... deviceX.example.com Sensor DNS “TLSA” record maps device name to public key Device only needs name does not need published IP address Keys

  43. DNS Registry device1.example.com device2.example.com device3.example.com device4.example.com device5.example.com … .... deviceX.example.com Sensor IoT Platform Sensor initiates TLS connection to IoT Platform Keys

  44. DNS Registry device1.example.com device2.example.com device3.example.com device4.example.com device5.example.com … .... deviceX.example.com Sensor IoT Platform TLS handshake includes device name and public key Keys

  45. DNS Registry device1.example.com device2.example.com device3.example.com device4.example.com device5.example.com … .... Recursive DNS Server deviceX.example.com IoT Platform queries secure DNS for public key for device Sensor IoT Platform Keys

  46. DNS Registry device1.example.com device2.example.com device3.example.com device4.example.com device5.example.com … .... Recursive DNS Server deviceX.example.com IoT Platform retrieves public key from secure DNS Server Sensor IoT Platform Keys

  47. DNS Registry IoT Platform compares device's published key with the key used during negotiation device1.example.com device2.example.com device3.example.com device4.example.com = ? device5.example.com … .... deviceX.example.com Sensor Keys

  48. DNS Registry The keys match so the client certificate is validated device1.example.com device2.example.com device3.example.com device4.example.com device5.example.com … .... deviceX.example.com Sensor Keys

  49. DANE Advantages of DANE l Highly scalable l Economically viable l Highly secure l Limited scope of trust l Instant revocation l Transparency

  50. WHAT NOW ? COMMUNITY ENGAGEMENT Working with the community on DANE enablement across the stack including crypto libraries and common runtime frameworks. FEEDBACK We'd love to talk! email us at iot@verisign.com 50

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Grass Verge Damage Maintenance Responsibility Highway Verge HCC as Highways Authority Amenity

Grass Verge Damage Maintenance Responsibility Highway Verge HCC as Highways Authority Amenity

Grass Verge Damage Maintenance Responsibility Highway Verge HCC as Highways Authority Amenity Verge Hertsmere Borough Council Private Verge Owners www.hertsdirect.org Highway Verges HCC Response Damage Reported - www.Hertsdirect.org

196 views • 5 slides
On the Verge: The Transformation of Long-Term Services and Supports 1 Research Methodology

On the Verge: The Transformation of Long-Term Services and Supports 1 Research Methodology

On the Verge: The Transformation of Long-Term Services and Supports 1 Research Methodology AARP 2 Primary Findings State LTSS States on the verge of transforming the financing and delivery of LTSS Transformations Many plan to or

824 views • 29 slides
Special Parish Liaison meeting Highways verge maintenance John Richardson Head of Community

Special Parish Liaison meeting Highways verge maintenance John Richardson Head of Community

www.nwleics.gov.uk Special Parish Liaison meeting Highways verge maintenance John Richardson Head of Community Services www.nwleics.gov.uk Urban area highway verge improvements T Typically trees, hedges, shrubbery, landscaping etc. i ll t h d

489 views • 9 slides
We are on the verge of the greatest expansion of human culture and economy that has ever been

We are on the verge of the greatest expansion of human culture and economy that has ever been

We are on the verge of the greatest expansion of human culture and economy that has ever been seen. Let us tell you how were going to make that future happen. Welcome to the Deep Space Industries investor overview presentation. Deep Space

404 views • 12 slides
UPPI LEU Walk: Implementation Strategy on the Verge of a Supply Chain Converted to non-HEU

UPPI LEU Walk: Implementation Strategy on the Verge of a Supply Chain Converted to non-HEU

UPPI LEU Walk: Implementation Strategy on the Verge of a Supply Chain Converted to non-HEU Medical Isotopes 2017 Mo-99 T OPICAL M EETING ON M OLYBDENUM -99 P RODUCTION T ECHNOLOGY D EVELOPMENT S EPTEMBER 10-13, 2017 M ONTREAL M ARRIOTT C HATEAU C

574 views • 26 slides
Beyond the Higgs Boson Particle Physics at the Verge of More Discoveries? Matthias Neubert

Beyond the Higgs Boson Particle Physics at the Verge of More Discoveries? Matthias Neubert

Cluster of Excellence Precision Physics, Fundamental Interactions and Structure of Matter Beyond the Higgs Boson Particle Physics at the Verge of More Discoveries? Matthias Neubert Mainz Institute for Theoretical Physics (MITP) and PRISMA

545 views • 40 slides
Distributed Resources By Bryce Yonker on the Verge For CEDMC Nov 2020 Mission: Promote and

Distributed Resources By Bryce Yonker on the Verge For CEDMC Nov 2020 Mission: Promote and

Distributed Resources By Bryce Yonker on the Verge For CEDMC Nov 2020 Mission: Promote and accelerate grid innovation Focus: We provide information, community and expertise to help leaders create pathways for electric grid modernization via

490 views • 10 slides
On the Verge of a Biologics Golden Age David Meininger Executive Director, Molecular Discovery

On the Verge of a Biologics Golden Age David Meininger Executive Director, Molecular Discovery

On the Verge of a Biologics Golden Age David Meininger Executive Director, Molecular Discovery Department of Protein Sciences, Merck & Co., Inc. Biologics: Bringing Innovation to Merck From Virgils Fourth Eclogue Novus ordo seclorum Now

759 views • 27 slides
No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your favourite team? Do you use the internet to watch music videos? Do you use the Internet to read the news? Do you use the Internet to play games? Shared

997 views • 51 slides
Banks on the verge of a crisis: phase transitions and hysteresis in banking systems Tomaso Aste 1

Banks on the verge of a crisis: phase transitions and hysteresis in banking systems Tomaso Aste 1

Banks on the verge of a crisis: phase transitions and hysteresis in banking systems Tomaso Aste 1 , 2 1 Department of Computer Science, University College London, 2 Systemic Risk Centre, London School of Economics and Political Sciences

762 views • 27 slides
MENA Information Security Conference 2017 On the Verge : Combating Cyber Threats leveraging Threat

MENA Information Security Conference 2017 On the Verge : Combating Cyber Threats leveraging Threat

MENA Information Security Conference 2017 On the Verge : Combating Cyber Threats leveraging Threat Intelligence, Faster Detection & Automated Response Adaptive Security Strategy for SOC Ramy AlDamati Principle CyberSecurity Solution

680 views • 31 slides
Verge of Retirement Firings Do Not Nullify Section 1114 Protections July/August 2005 Mark G.

Verge of Retirement Firings Do Not Nullify Section 1114 Protections July/August 2005 Mark G.

Verge of Retirement Firings Do Not Nullify Section 1114 Protections July/August 2005 Mark G. Douglas Retiree benefit plans have featured prominently in recent headlines as cash-strapped airlines such as United Airlines, US Air, Midwest Air and

212 views • 10 slides
Respecting Privacy with Look alike data sets Tim Garnsey - Director - Verge Labs

Respecting Privacy with Look alike data sets Tim Garnsey - Director - Verge Labs

YOW! Data Respecting Privacy with Look alike data sets Tim Garnsey - Director - Verge Labs Data is the new oil Clive Humby What makes refining hard? 1. Corporate competitive advantage 2. Peoples privacy Competitive

322 views • 18 slides
Creating Web Farms with Linux (Linux High Availability and Scalability) Horms (Simon Horman)

Creating Web Farms with Linux (Linux High Availability and Scalability) Horms (Simon Horman)

Creating Web Farms with Linux (Linux High Availability and Scalability) Horms (Simon Horman) horms@verge.net.au October 2000 http://verge.net.au/linux/has/ http://ultramonkey.sourceforge.net/ Introduction: In the Begining May 1998:

670 views • 56 slides
Creating Web Farms with Linux (Linux High Availability and Scalability) Horms (Simon Horman)

Creating Web Farms with Linux (Linux High Availability and Scalability) Horms (Simon Horman)

Creating Web Farms with Linux (Linux High Availability and Scalability) Horms (Simon Horman) horms@verge.net.au December 2001 For Presentation in Tokyo, Japan http://verge.net.au/linux/has/ http://ultramonkey.org/ Introduction This

533 views • 25 slides
Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet Server Client Attack vectors MAN DNS LAN Client Internet Back Bone Router Networking WWW overview MITM (Man In The Middle) 3 2 4 5 LAN

244 views • 23 slides
Cryptography (+ Web Security): Certificates Spring 2015

Cryptography (+ Web Security): Certificates Spring 2015

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography (+ Web Security): Certificates Spring 2015 Franziska (Franzi) Roesner

505 views • 21 slides
Analysis of the HTTPS Certificate Ecosystem Zakir Durumeric, James Kasten, Michael Bailey, J.

Analysis of the HTTPS Certificate Ecosystem Zakir Durumeric, James Kasten, Michael Bailey, J.

Analysis of the HTTPS Certificate Ecosystem Zakir Durumeric, James Kasten, Michael Bailey, J. Alex Halderman University of Michigan Analysis of the HTTPS Certificate Ecosystem Zakir Durumeric HTTPS and TLS How does HTTPS and the CA ecosystem

449 views • 24 slides
CYBER SECURITY By Sachin Dedhia CISA, CEH, ISO 27001 L.A., Ethical Hacker & Digital

CYBER SECURITY By Sachin Dedhia CISA, CEH, ISO 27001 L.A., Ethical Hacker & Digital

CYBER SECURITY By Sachin Dedhia CISA, CEH, ISO 27001 L.A., Ethical Hacker & Digital Forensics Expert Founder Skynet Secure Solutions , skynetsecure.com Email : Sachin@skynetsecure.com Phone : 91- 9867700095 Web Conference Security

828 views • 11 slides
Cyber Risk Research at CCRS Jennifer Copic Research Assistant Cambridge Centre for Risk Studies

Cyber Risk Research at CCRS Jennifer Copic Research Assistant Cambridge Centre for Risk Studies

Cambridge Centre for Risk Studies Advisory Board Research Showcase 24 January 2017 Cyber Risk Research at CCRS Jennifer Copic Research Assistant Cambridge Centre for Risk Studies Largest Cyber Data Exfiltration Event: Yahoo August 2013

296 views • 18 slides
Certificates A ubiquitous form of authentication Generally used with public key

Certificates A ubiquitous form of authentication Generally used with public key

Certificates A ubiquitous form of authentication Generally used with public key cryptography A signed electronic document proving you are who you claim to be Often used to help distribute other keys Lecture 5 Page 1 CS 236

339 views • 29 slides
PKI: Public Key Infrastructure What is it, and why should I care? Conference on Higher Education

PKI: Public Key Infrastructure What is it, and why should I care? Conference on Higher Education

PKI: Public Key Infrastructure What is it, and why should I care? Conference on Higher Education Wes Hubert Computing in Kansas Information Services June 3, 2004 The University of Kansas Why? PKI adoption will continue growing to support

1.28k views • 46 slides
Revocaton protocols of WebPKI and Revocaton Transparency Nikita Korzhitskii Niklas Carlsson

Revocaton protocols of WebPKI and Revocaton Transparency Nikita Korzhitskii Niklas Carlsson

Revocaton protocols of WebPKI and Revocaton Transparency Nikita Korzhitskii Niklas Carlsson Lifecycle of a typical WebPKI certfcate www.liu.se Certificate Certificate Authority Server 1. Issuance www.liu.se Hello 2. Use Certificate

377 views • 10 slides
Verifying the SET Protocol G Bella & L C Paulson Cambridge F Massacci Siena P Tramontano

Verifying the SET Protocol G Bella & L C Paulson Cambridge F Massacci Siena P Tramontano

Verifying the SET Protocol G Bella & L C Paulson Cambridge F Massacci Siena P Tramontano Rome Inductive Protocol Verification Define systems operational semantics Include honest parties and an attacker Model each

465 views • 22 slides

More recommend