Hello, Dishwasher! The Looming Identity Crisis on the Internet of Things

ca Securecenter

Hello, Dishwasher! The Looming Identity Crisis on the Internet of Things

K. Scott Morrison

SCX12S #CAWorld

CA TechnologiesSVP & Distinguished Engineer

Hello, Dishwasher.

© 2014 CA. ALL RIGHTS RESERVED.3 © 2014 CA. ALL RIGHTS RESERVED.

Hello, Scott

SVP & Distinguished Engineer

[email protected]

@KScottMorrison

slideshare.net/CAinc

linkedin.com/KScottMorrison

ca.com

K. Scott Morrison

You Know Who I Am…


But Who Is The Dishwasher?

© 2014 CA. ALL RIGHTS RESERVED.

Where Do I Put My Password?


Identity Is Approaching Critical Mass

Average Number Of Online IDs 26

Ave Number of Facebook Friends 336To

day Internet Users 2.4B

“People Have Identity”

Things20

20

Phones, Tablets and Laptops 7.3B

“Things Have Identity”

26.0BInternet users Internet World Stats Q1 2012: http://www.internetworldstats.com/stats.htm Internet accounts Experian July 2012: http://www.bbc.com/news/technology-18866347Facebook Pew Research: http://www.pewresearch.org/fact-tank/2014/02/03/6-new-facts-about-facebook/


Abstract

Scott MorrisonCA Technologies

Distinguished Engineer

In this session, you will learn:

How IoT will affect our everyday lives, extending from our home, to our car and into our workspace.

Why things need identity—and what form this identity should take.

The 5 top security risks in the Internet of Things.

How you can manage and mitigate these risks.

What we can learn from classic IAM, and what we must do differently.


ChangeAgent


API

pplicationrogrammingnterface



While we are talking…

7

Approximate number of global web pages


For Example:

GET http://services.layer7.com/staff/Scott


For Example:

{"firstName": ”Scott ","lastName" : ”Morrison",”title" : “CTO”,"address" :{

"streetAddress": ”405-1100 Melville","city" : ”Vancouver",”prov" : ”BC","postalCode" : ”V6E 4A6"

},"phoneNumber":[

{"type" : ”office","number": ”605 681-9377"

},{"type" : ”home","number": ”604 555-4567"

}]

}

http://services.layer7.com/staff/Scott


Did you check the weather today?


API

17 © 2014 CA. ALL RIGHTS RESERVED.

The Apps On Your Phone Are A Glimpse Into the Future Of Enterprise IT



Mobile is empowering to the individual.

19 © 2014 CA. ALL RIGHTS RESERVED.

Mobile is also about relationships.


Mobile identity remains hard.


User

AppsDevices

Mobile taught us the importance of contextual identity.


Mobility defines our relationship to things.


And mobile is the controller of the things.


Cloud

The emerging IoT architecture leverages APIs.

Things

APIs

Mobile control tier

Lots of brands on this page. OK with that?

IoT Provider

Gateway


Identity in IoT follows mobility.


Demonstration: How OAuth Works



Tokens are well

suited for machines



Bootstrap trust by embedding tokens…..

0AD4C23A00B…


And let OAuth and OpenID connect take over.

API

Authorization Server


How does classical IAM fit in all of this?

Highly centralized and hierarchal

Centralized, legacy LDAP directory

Internally focused identity life cycle

SAML-style federation

Login-centric reporting


Classical IAM misses what OAuth was really about.

The Old Enterprise The New Hybrid Enterprise

This is the secret to scale and agile federation


Centralized identity management has reached its limit for growth.

IoT identity is:

Decentralized Peer-to-peer Empowered identity owners



What is it we are missing?

Change in roles

Shift in responsibility

The need to be agile

Responding to modern risk profiles


What must IoT identity look like?

Token Centric– OAUth, OpenID Connect

Automatic, scalable rules of engagement– Unlicensed Mobile Access

Rich identity context

Continuous authentication– Anytime step up, plus reactionary clients


What must IoT identity look like? (cont.)

Cloud-scale identity persistence– Hadoop and NOSQL Databases

Federated risk management– Broad visibility and situational awareness

Modern, big-data driven reporting


Want To See IoT Identity For Real?

DEMO STATION SPECIFIC DEMO

IoT Micro CA API Gateway on Raspberry PI

IoTAutomatic door unlock using beacon, phone,

and corporate identity

InnovationDevice to device, app to app single sign on and

application context transfer using CA Mobile

Access Gateway

IoTStreaming video from drone running through

CA API Gateway


For More Information

To learn more about Security,

please visit:

http://bit.ly/10WHYDm

Insert appropriate screenshot and text overlayfrom following “More Info Graphics” slide here;

ensure it links to correct pageSecurity






For Informational Purposes Only

© 2014 CA. All rights reserved. All trademarks referenced herein belong to their respective companies.

This presentation provided at CA World 2014 is intended for information purposes only and does not form any type of warranty. Some of the specific slides with customer references relate to customer's specific use and experience of CA products and solutions so actual results may vary.

Terms of this Presentation

Hello, Dishwasher! The Looming Identity Crisis on the Internet of Things

Technology

Transcript of Hello, Dishwasher! The Looming Identity Crisis on the Internet of Things