Con8823 access management for the internet of things-final
-
Upload
oracleidm -
Category
Technology
-
view
688 -
download
0
description
Transcript of Con8823 access management for the internet of things-final
Access Management for the Internet of ThingsKanishk MahajanPrincipal Product ManagerOracle Identity & Access Management
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.2
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
3
Program Agenda
Introducing Identity for the Internet Of Things
Security Challenges for the Internet of Things
Oracle Access Management 11gR2- Securing access for the
Internet of Things
Customer Case Study
Demo
Q&A
4
Introducing Identity for the Internet of Things
5
• Refers to the general idea of things, including everyday objects that are:• Readable/recognizable• Locatable/Addressable• Controllable• Communicable
Internet of Things
Internet Of Things
6
• Identity as a communication endpoint:• User• Service• Device• Software Module• Sensor
• User identities are tied to Things based on:• Interaction• Context
Composite Identities
Identity for the Internet Of Things
7
• Connect, Communicate, Share• Use public or private social
networks• Link physical and virtual
Things, services, devices, APIs
• Allow reacting to events
Social Networks
Identity for the Internet of Things
8
• Securing Autonomous Independent Things• Context Aware Authentication• Securing Communication
• Person to Thing Communication
• Thing to Thing Communication
Securing the “Smart Toaster”
Identity for the Internet of Things
9
Security Challenges for the Internet of Things
10
Security is a Barrier for Adoption of IoT
40% Of embedded systems and applications developers have
not proactively addressed security in existing
development projects
30% Median CAGR growth (2011-2014) in shipments of security solutions for industrial
automation, medical devices, consumer electronics, automotive and retail
Source: VDC ResearchStrategic Insights 2012: Embedded Software & Tools Market,
Security Development & Runtime Solutions
“The horizontal evolution of M2M will require full end-to-end security. Significant efforts need to be invested into M2M application security in order for the M2M market to fully evolve. Whether this is through open source initiatives or standards development, the demand for increased M2M application security will have to be answered, and sooner rather than later.” ABI Research, M2M Dream Challenged by Alarming Security Concerns, Feb 2013
11
Challenges in IoT Security• Typical challenges for IoT service
providers• What protection measures are possible as thousands of
intelligent things cooperate with other real and virtual entities in random and unpredictable ways?
• How do you ensure security given IoT’s highly distributed nature and use of fragile technologies, such as limited-function embedded devices?
• How do you leverage investments in existing internet security technologies for the highly fragmented IoT networks?
• How can you define and enable trust in a dynamic IoT network with weak trust links between network nodes?
Acc
ess
Co
ntr
ol
12
Key IoT Security Requirements
• Mutual authentication between devices and server
• Confidentiality of data transfer over multi-protocol networks
• Device data management• Governance of trust relationships
in IoT networks• Device applications provisioning
& management
Onboarding & Enrollment
Authentication & Authorization
Device Metadata & Control
Policy & Key Management
Application Management & Provisioning
13
Oracle IoT Security Solution
DMZ Intranet
Oracle Access Manager
With M&S and Adaptive AccessOAM Protected
Resources
Oracle Unified Gateway
HT
TP
/SM
TP
/CO
AP
/
RE
ST
/OA
UT
H
Short Range Networks (BT, Zigbee, Serial)
Oracle Identity Governance
Non-IP protocol
Device Enrollment
Device Operations
App
App
Overview
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.14
Oracle Access Management Securing Access for the Internet of Things
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.15
Private social network that connects customers with their cars, their dealership, and with the manufacturer
– Customers can choose to extend their network to family, friends, and others using public social networks such as Twitter and Facebook
Vehicle Telematics allows the cars to communicate with customers, the manufacturer and the dealership
Vehicle Telematics and a Social Network for Cars
Internet Of Things – Use Case
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.16
Access Management 11gR2 – Securing Social Access
Turns social integration into an administrator action
Provides out-of-the-box support for leading social providers
Provides increased levels of assurance as user progresses to more secure services
Simplifies registration and single sign-on from multiple providers
SOCIAL LOGIN
SIMPLE & SECURE
Step-up
authentication
FederationTick-box
configuration
OAUTHSimplified
Registration
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.17
SOCIAL LOGIN
SIMPLE & SECURE
Securing Internet of Things using OAM 11gR2 SocialSecuring a Social Network for Cars
Federation
OAUTH
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.18 18
Oracle Mobile & Social Access Management Deployment Architecture
Corporate DMZ Corporate Network
HTTP/REST/SOAP/OAuth Clients
Oracle Adaptive Access Manager
Mobile and Social
OAM Agent
SOAP/REST and Legacy Web Services
Remote Token Request
LDAP
Secondary Authentication
Oracle Access Manager
Directory Services
Oracle Enterprise Gateway
Web Services Manager Service Bus
Context Aware Authorizationand Data Redaction
OES PDP
OES PDP
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.19
Securing Internet of Things using OAM 11gR2 Mobile and GatewaySecuring Vehicle Telematics
REST/SOAP
Oracle Application GatewayOracle Mobile & Social
HT
TP
/ RE
ST
/ SO
AP
/ OA
uth
Clie
nts
Manufacturer
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.20
A Refrigerator actively manages its energy consumption by securely communicating with the electric utility company
– automatically moves its defrost cycle to a non-peak time based on response from the utility company
Smart Home Appliances
Internet Of Things – Use Case
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.21
OAuth Server– Provides OAuth Authorization Server, Resource
Server and Client– Supports 3-legged and 2-legged OAuth– Shares same client framework as Mobile & Social– Provides OAuth user profile service and custom
scope definition
Oracle Access Management – OAuth 2.0 Server
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.22
① The requesting service (OAuth Client) preregisters with the OAuth Authorization Server and receives client credentials
② The requesting service uses its client credentials to connect to a resource server
③ The Resource server validates the clients credentials and provides the requested content
Service to Service
2-legged OAuth
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.23
0. Pre-register with the OAuth Az Server (OAM)
Refrigerator (OAuth Client)
Electric Utility Company (Resource Server)
Authorization Server (OAM 11gR2)
0. Client Credentials
1 Authenticate with Client Credentials2. Access Token
3. Access Token
Client must request token from OAM token endpoint after successful authn
OAM must sign the access token
Resource Server validates the token against OAM
Securing Internet of Things using OAM 11gr2 OAuth 2.0ServiceSecuring Smart Home Appliances
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.24
Use a mobile device as a remote control hub to monitor and manage interconnected devices and Things
Mobile Access to Things
Internet Of Things – Use Case
25
Example Login Flow – Native App with OAM
Client App(Mobile)
Request Access Token
Security App (Mobile)
- If valid token in local credential store, return token to App, else continue below.
- Present login page
- Accept username/password
- Extracts device attributes and ID contexts
- Makes authentication call with user/password, device attributes and device tokens
Mobile and Social Server(Server)
- Validates device tokens
- Registers Device/App if unregistered
- Authenticates with OAM Server
- Publishes ID context to OAM Server and OES for authorization decisions
- Invokes OAAM for risk analysis
- Responds User/Access Tokens
- Stores User/Access Token
- Returns token to Client App
Use token to make calls to
server application
protected by OAM
12 3
4
5
Oracle SDK
26Copyright © 2012, Oracle and/or its affiliates. All right
Oracle Access Management Client SDKsNative Libraries for iOS, Android and JAVA
Store/Access Keys, Tokens, Handles and other secure data
Access Mobile Device Information (OS, Carrier, Geolocation, IP/MAC)
Support KBA, OTP via Email and SMS
Manage Single Sign-on
Quickly build security into your mobile applications
27Copyright © 2012, Oracle and/or its affiliates. All right
Mobile AuthenticationFlexible Options for Devices, Applications and Users
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.28
Securing Internet of Things using OAM 11gr2 Mobile ServiceSecuring Mobile Access to Things
Device RegistrationDevice Registration
Lost & Stolen DevicesLost & Stolen Devices
GPS/WIFI Location AwarenessGPS/WIFI Location Awareness
Device Fingerprinting & TrackingDevice Fingerprinting & Tracking
Risk-based KBA & OTPRisk-based KBA & OTP
Transactional risk analysisTransactional risk analysis
29Copyright © 2012, Oracle and/or its affiliates. All right
Customer Case Study
30Copyright © 2012, Oracle and/or its affiliates. All right
Demo
31Copyright © 2011, Oracle and/or its affiliates. All right
Questions
32Copyright © 2011, Oracle and/or its affiliates. All right
Other Identity Management SessionsCON8836 Thursday 09/26,
11:00AM
Moscone West, Room 2018
Leveraging the Cloud to simplify your Identity Management implementation
Guru Shashikumar, Oracle
CON 4342 Thursday 09/26, 12:30PM
Moscone West, Room 2018
Identity Services in the New GM IT GM
CON9024 Thursday 09/26, 2:00PM
Moscone West, Room 2018
Next Generation Optimized Directory - Oracle Unified Directory
Etienne Remillon, Oracle
CON8902 Thursday, 09/26 2:00PM
Marriot Marquis – Golden Gate C3
Developing Secure Mobile Applications
Mark Wilcox, Oracle
CON8826 Thursday, 09/26, 3:30PM
Moscone West, Room 2018
Zero Capital Investment by leveraging Identity Management as a Service
Mike Neuenschwander, Oracle
33
Oracle Fusion MiddlewareBusiness Innovation Platform for the Enterprise and Cloud
Complete and Integrated
Best-in-class
Open standards
On-premise and Cloud Foundation for Oracle
Fusion Applications and Oracle Cloud
User Engagement
Identity Management
Business Process
Management
Content Management
Business Intelligence
Service Integration Data Integration
Development Tools
Cloud Application Foundation
Enterprise Management
Web Social Mobile
34
35