we believe that we are on the verge of the internet of
play

We believe that we are on the verge of the Internet of Things - PowerPoint PPT Presentation

Feb 24, 2023 •153 likes •661 views

We believe that we are on the verge of the Internet of Things explosion. Now is the time to make sure that IoT incorporates everything weve learned about digital security and infrastructure resiliency over the last 20 years of the Internet.

  1. We believe that we are on the verge of the Internet of Things explosion. Now is the time to make sure that IoT incorporates everything we’ve learned about digital security and infrastructure resiliency over the last 20 years of the Internet. 1

  2. SECURITY BEGINS WITH IDENTITY

  3. IDENTITY User name and password

  4. IDENTITY Smartcard

  5. IDENTITY Biometrics

  6. IDENTITY Certificate

  7. IDENTITY AE5021 B3209A API KEY FEA409

  8. IDENTITY TRUST

  9. IDENTITY TRUST

  10. IDENTITY APPLYING THESE MECHANISMS TO IOT AND M2M

  11. IDENTITY PROGRAMMATIC PHYSICAL AE5021 B3209A FEA409

  12. IDENTITY PROGRAMMATIC PHYSICAL AE5021 B3209A FEA409

  13. CERTIFICATES PUBLIC KEY INFRASTRUCTURE (PKI) l Trusted and well established technology l Allows for mutual authentication l Can be used for message signing

  14. CERTIFICATES

  15. CERTIFICATES

  16. CERTIFICATES

  17. CERTIFICATES $$$$$ $$$$$ COST $$$$$

  18. CERTIFICATES $$$$$ $$$$$ COST $$$$$

  19. CERTIFICATES SECURITY

  20. CERTIFICATES CERTIFICATE AUTHORITY SECURITY - Revocation Certificate Online Revocation Certificate List Status Protocol

  21. CERTIFICATES CERTIFICATE AUTHORITY SECURITY - Revocation Certificate Online Revocation Certificate List Status Protocol

  22. CERTIFICATES CERTIFICATE AUTHORITY SECURITY - Revocation Certificate Online Revocation Certificate List Status Protocol

  23. CERTIFICATES CERTIFICATE AUTHORITY SECURITY - TRUST

  24. CERTIFICATES CERTIFICATE AUTHORITIES SECURITY - TRUST

  25. CERTIFICATES CERTIFICATE AUTHORITIES SECURITY - TRUST Certificate Authority A device123.example.com Certificate Authority B device123.example.com

  26. CERTIFICATES MANAGEMENT

  27. CERTIFICATES INTEROPERABILITY FOO.COM BAR.COM CERTIFICATE CERTIFICATE AUTHORITY AUTHORITY

  28. CERTIFICATES INTEROPERABILITY FOO.COM BAR.COM CERTIFICATE CERTIFICATE AUTHORITY AUTHORITY

  29. CHALLENGES How do we deploy PKI at Internet of Things scale. l Keep cost low l Be interoperable l Deploy at scale l Improve security

  30. DANE

  31. DNS-BASED AUTHENTICATION OF NAMED ENTITIES

  32. DNSSEC Provides a secure global registry l Highly scalable

  33. DNSSEC Provides a secure global registry l Highly scalable l Globally distributed

  34. DNSSEC Provides a secure global registry l Highly scalable l Globally distributed l Resilient

  35. DNSSEC Provides a secure global registry l Highly scalable l Globally distributed l Resilient l Standards based

  36. DNSSEC Provides a secure global registry l Highly scalable l Globally distributed l Resilient l Standards based l Ubiquitous

  37. DNSSEC Provides a secure global registry l Highly scalable l Globally distributed l Resilient l Standards based l Ubiquitous l Secure

  38. DNSSEC . root key Provides a secure global registry .com key l Secure .example.com key l Cryptographically signed l Supports delegation zone.example.com … .... … .... … ....

  39. DANE RFC 6698 - establishes new record types for DNS Allows publishing of certificate data in DNS Data integrity validated by cryptographic signature zone.example.com … .... … .... … ....

  40. DANE RFC 6698 - establishes new record types for DNS l Effectively replaces local CA store as means of validating certificates l Allows records to be queried in real time l Allows records to be cached for specific amount of time l Removes the need for CRLs and OCSP l Can work with CA issued certificates or self signed certificates

  41. DNS Registry Device provisioning device1.example.com device2.example.com Device creates public/private keypair device3.example.com device4.example.com Public key is published in DNS device5.example.com … .... deviceX.example.com Sensor Keys

  42. DNS Registry device1.example.com device2.example.com device3.example.com device4.example.com device5.example.com … .... deviceX.example.com Sensor DNS “TLSA” record maps device name to public key Device only needs name does not need published IP address Keys

  43. DNS Registry device1.example.com device2.example.com device3.example.com device4.example.com device5.example.com … .... deviceX.example.com Sensor IoT Platform Sensor initiates TLS connection to IoT Platform Keys

  44. DNS Registry device1.example.com device2.example.com device3.example.com device4.example.com device5.example.com … .... deviceX.example.com Sensor IoT Platform TLS handshake includes device name and public key Keys

  45. DNS Registry device1.example.com device2.example.com device3.example.com device4.example.com device5.example.com … .... Recursive DNS Server deviceX.example.com IoT Platform queries secure DNS for public key for device Sensor IoT Platform Keys

  46. DNS Registry device1.example.com device2.example.com device3.example.com device4.example.com device5.example.com … .... Recursive DNS Server deviceX.example.com IoT Platform retrieves public key from secure DNS Server Sensor IoT Platform Keys

  47. DNS Registry IoT Platform compares device's published key with the key used during negotiation device1.example.com device2.example.com device3.example.com device4.example.com = ? device5.example.com … .... deviceX.example.com Sensor Keys

  48. DNS Registry The keys match so the client certificate is validated device1.example.com device2.example.com device3.example.com device4.example.com device5.example.com … .... deviceX.example.com Sensor Keys

  49. DANE Advantages of DANE l Highly scalable l Economically viable l Highly secure l Limited scope of trust l Instant revocation l Transparency

  50. WHAT NOW ? COMMUNITY ENGAGEMENT Working with the community on DANE enablement across the stack including crypto libraries and common runtime frameworks. FEEDBACK We'd love to talk! email us at iot@verisign.com 50

Recommend

Grass Verge Damage Maintenance Responsibility Highway Verge HCC as Highways Authority Amenity

Grass Verge Damage Maintenance Responsibility Highway Verge HCC as Highways Authority Amenity

Grass Verge Damage Maintenance Responsibility Highway Verge HCC as Highways Authority Amenity Verge Hertsmere Borough Council Private Verge Owners www.hertsdirect.org Highway Verges HCC Response Damage Reported - www.Hertsdirect.org

196 views • 5 slides
On the Verge: The Transformation of Long-Term Services and Supports 1 Research Methodology

On the Verge: The Transformation of Long-Term Services and Supports 1 Research Methodology

On the Verge: The Transformation of Long-Term Services and Supports 1 Research Methodology AARP 2 Primary Findings State LTSS States on the verge of transforming the financing and delivery of LTSS Transformations Many plan to or

825 views • 29 slides
Special Parish Liaison meeting Highways verge maintenance John Richardson Head of Community

Special Parish Liaison meeting Highways verge maintenance John Richardson Head of Community

www.nwleics.gov.uk Special Parish Liaison meeting Highways verge maintenance John Richardson Head of Community Services www.nwleics.gov.uk Urban area highway verge improvements T Typically trees, hedges, shrubbery, landscaping etc. i ll t h d

489 views • 9 slides
We are on the verge of the greatest expansion of human culture and economy that has ever been

We are on the verge of the greatest expansion of human culture and economy that has ever been

We are on the verge of the greatest expansion of human culture and economy that has ever been seen. Let us tell you how were going to make that future happen. Welcome to the Deep Space Industries investor overview presentation. Deep Space

404 views • 12 slides
UPPI LEU Walk: Implementation Strategy on the Verge of a Supply Chain Converted to non-HEU

UPPI LEU Walk: Implementation Strategy on the Verge of a Supply Chain Converted to non-HEU

UPPI LEU Walk: Implementation Strategy on the Verge of a Supply Chain Converted to non-HEU Medical Isotopes 2017 Mo-99 T OPICAL M EETING ON M OLYBDENUM -99 P RODUCTION T ECHNOLOGY D EVELOPMENT S EPTEMBER 10-13, 2017 M ONTREAL M ARRIOTT C HATEAU C

574 views • 26 slides
Beyond the Higgs Boson Particle Physics at the Verge of More Discoveries? Matthias Neubert

Beyond the Higgs Boson Particle Physics at the Verge of More Discoveries? Matthias Neubert

Cluster of Excellence Precision Physics, Fundamental Interactions and Structure of Matter Beyond the Higgs Boson Particle Physics at the Verge of More Discoveries? Matthias Neubert Mainz Institute for Theoretical Physics (MITP) and PRISMA

545 views • 40 slides
Distributed Resources By Bryce Yonker on the Verge For CEDMC Nov 2020 Mission: Promote and

Distributed Resources By Bryce Yonker on the Verge For CEDMC Nov 2020 Mission: Promote and

Distributed Resources By Bryce Yonker on the Verge For CEDMC Nov 2020 Mission: Promote and accelerate grid innovation Focus: We provide information, community and expertise to help leaders create pathways for electric grid modernization via

491 views • 10 slides
On the Verge of a Biologics Golden Age David Meininger Executive Director, Molecular Discovery

On the Verge of a Biologics Golden Age David Meininger Executive Director, Molecular Discovery

On the Verge of a Biologics Golden Age David Meininger Executive Director, Molecular Discovery Department of Protein Sciences, Merck & Co., Inc. Biologics: Bringing Innovation to Merck From Virgils Fourth Eclogue Novus ordo seclorum Now

759 views • 27 slides
No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your favourite team? Do you use the internet to watch music videos? Do you use the Internet to read the news? Do you use the Internet to play games? Shared

997 views • 51 slides
Banks on the verge of a crisis: phase transitions and hysteresis in banking systems Tomaso Aste 1

Banks on the verge of a crisis: phase transitions and hysteresis in banking systems Tomaso Aste 1

Banks on the verge of a crisis: phase transitions and hysteresis in banking systems Tomaso Aste 1 , 2 1 Department of Computer Science, University College London, 2 Systemic Risk Centre, London School of Economics and Political Sciences

762 views • 27 slides
MENA Information Security Conference 2017 On the Verge : Combating Cyber Threats leveraging Threat

MENA Information Security Conference 2017 On the Verge : Combating Cyber Threats leveraging Threat

MENA Information Security Conference 2017 On the Verge : Combating Cyber Threats leveraging Threat Intelligence, Faster Detection & Automated Response Adaptive Security Strategy for SOC Ramy AlDamati Principle CyberSecurity Solution

680 views • 31 slides
Verge of Retirement Firings Do Not Nullify Section 1114 Protections July/August 2005 Mark G.

Verge of Retirement Firings Do Not Nullify Section 1114 Protections July/August 2005 Mark G.

Verge of Retirement Firings Do Not Nullify Section 1114 Protections July/August 2005 Mark G. Douglas Retiree benefit plans have featured prominently in recent headlines as cash-strapped airlines such as United Airlines, US Air, Midwest Air and

212 views • 10 slides
Respecting Privacy with Look alike data sets Tim Garnsey - Director - Verge Labs

Respecting Privacy with Look alike data sets Tim Garnsey - Director - Verge Labs

YOW! Data Respecting Privacy with Look alike data sets Tim Garnsey - Director - Verge Labs Data is the new oil Clive Humby What makes refining hard? 1. Corporate competitive advantage 2. Peoples privacy Competitive

322 views • 18 slides
Creating Web Farms with Linux (Linux High Availability and Scalability) Horms (Simon Horman)

Creating Web Farms with Linux (Linux High Availability and Scalability) Horms (Simon Horman)

Creating Web Farms with Linux (Linux High Availability and Scalability) Horms (Simon Horman) horms@verge.net.au October 2000 http://verge.net.au/linux/has/ http://ultramonkey.sourceforge.net/ Introduction: In the Begining May 1998:

670 views • 56 slides
Creating Web Farms with Linux (Linux High Availability and Scalability) Horms (Simon Horman)

Creating Web Farms with Linux (Linux High Availability and Scalability) Horms (Simon Horman)

Creating Web Farms with Linux (Linux High Availability and Scalability) Horms (Simon Horman) horms@verge.net.au December 2001 For Presentation in Tokyo, Japan http://verge.net.au/linux/has/ http://ultramonkey.org/ Introduction This

533 views • 25 slides
Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet Server Client Attack vectors MAN DNS LAN Client Internet Back Bone Router Networking WWW overview MITM (Man In The Middle) 3 2 4 5 LAN

244 views • 23 slides
How do you Improve on the Internet? The eXpressive Internet Architecture: The Internet has been

How do you Improve on the Internet? The eXpressive Internet Architecture: The Internet has been

5/15/2012 How do you Improve on the Internet? The eXpressive Internet Architecture: The Internet has been tremendously successful From Architecture to Network Has sustained tremendous growth g Supports very diverse set of applications

484 views • 10 slides
IOC: Internet of Composites IOC: Internet of Composites IOC: Internet of Composites IOC: Internet

IOC: Internet of Composites IOC: Internet of Composites IOC: Internet of Composites IOC: Internet

IOC: Internet of Composites IOC: Internet of Composites IOC: Internet of Composites IOC: Internet of Composites Robert Bjekovic, University of applied sciences Ravensburg Weingarten, Weingarten, Germany Michael Elwert, University of applied

351 views • 32 slides
Enabling the Internet of Everything with 3G The Internet of Everything The Next Era of

Enabling the Internet of Everything with 3G The Internet of Everything The Next Era of

Enabling the Internet of Everything with 3G The Internet of Everything The Next Era of Networking and Computing, Where Everything Is Intelligently Connected Family device layout. Think weve done in past. Add in printer, electric meter,

397 views • 22 slides
Good morning! Internet, Web, Intranets, and Extranets Use and Functioning of the Internet

Good morning! Internet, Web, Intranets, and Extranets Use and Functioning of the Internet

Good morning! Internet, Web, Intranets, and Extranets Use and Functioning of the Internet Internet is international scope with users on every continent Asians make up 40% of Internet population Europeans about 20% North America

1.01k views • 56 slides
Internet Atlas: A Geographical Database of the Physical Internet Active Internet Measurement

Internet Atlas: A Geographical Database of the Physical Internet Active Internet Measurement

Internet Atlas: A Geographical Database of the Physical Internet Active Internet Measurement Systems Workshop (AIMS) February 6-8, 2013 Ram Durairajan Computer Sciences University of Wisconsin Motivation rkrish@cs.wisc.edu 2

505 views • 33 slides
History of the Internet Pat Morin COMP 2405 Outline Origins of the Internet Internet

History of the Internet Pat Morin COMP 2405 Outline Origins of the Internet Internet

History of the Internet Pat Morin COMP 2405 Outline Origins of the Internet Internet timeline from 1970s until today The Internet today 2 Origins of the Internet J.C.R. Licklider of MIT in August 1962 wrote about the

562 views • 13 slides
BUDGET JUNE 2010 WEBINAR Goodman Jones LLP Graeme Blair, Tax Partner 020 7874 8835

BUDGET JUNE 2010 WEBINAR Goodman Jones LLP Graeme Blair, Tax Partner 020 7874 8835

BUDGET JUNE 2010 WEBINAR Goodman Jones LLP Graeme Blair, Tax Partner 020 7874 8835 graeme.blair@goodmanjones.com Richard Verge, Senior Tax Manager 020 7874 8856 richard.verge@goodmanjones.com 25 June 2010 These are presentational slides

680 views • 39 slides
Internet routing is based on routing protocols that collect the input data No off-line route

Internet routing is based on routing protocols that collect the input data No off-line route

Introduction to Routing in Internet Internet basics IPv4 and ICMP Internet Addressing ARP - Address Resolution Protocol Routing Information (Distance Vector ) Protocol Principles 3-1 S-38.121 S-02 Rka, NB Internet routing is based on

214 views • 18 slides

More recommend