Security & Identity in AllJoyn 14.06

Identity & Security In AllJoyn 14.06 Tim Kellogg Saturday, July 19 2014

https://github.com/tkellogg/alljoyn-examples https://github.com/tkellogg/alljoyn- core/tree/master/alljoyn_core/src

Embedded Security

Mitsubishi EMI Incident (2003) Brakes disabled when given 1000-10000x legal levels of EMI radiation Car thinks brakes are locked, so it releases All within limits required by law

Slammer Worm (2003) Nuclear plant safety monitoring disabled for 5 hours The business value of access to the data within the control center worth the risk of open connections between the control center and the corporate network Unpatched MSSQL Server

Hello, my name is Bruce Schneier and I think routers are super duper easy to hack, mostly because you nerds never patch the software https://www.schneier.com/essays/archives/2014/01/the _internet_of_thin.html

University of Washington Study (2010) We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems http://www.autosec.org/pubs/cars- oakland2010.pdf

Hey, check it out! I made my own encryption algorithm

Embedded Needs Rails Software Updates Security & Identity Communication Media Streaming User Interfaces

Distributed Bus

Security

Auth Listeners ALLJOYN_RSA_KEYX X.509 certificates ALLJOYN_SRP_KEYX Show Random PIN ALLJOYN_SRP_LOGON preset U/P table ALLJOYN_ECDHE_NULL ALLJOYN_ECDHE_PSK ALLJOYN_ECDHE_ECDSA DSA

ALLJOYN_RSA_KEYX RSA = Asymmetric key encryption X.509 certificates Trusted Certificate Authority

SRP_KEYX & SRP_LOGON Threshold Cryptography No trust required to establish a secure connection LOGON = Username & Password KEYX = A PIN is displayed

ALLJOYN_SRP_KEYX

ECDHE Elliptic Curve (EC) Cryptography DHE = Diffie-Hellman key Exchange Symmetric key encryption

ALLJOYN_ECDHE_NULL Elliptic Curve Encryption No verification of identity

ALLJOYN_ECDHE_PSK PSK = Pre-Shared Key Service already has the clients public key A password may also be used

ALLJOYN_ECDHE_ECDSA ECDSA Elliptic Curve Digital Signature Algorithm Certificate shows identity

Questions? @kellogh Practical Internet of Things

Security & Identity in AllJoyn 14.06

Software

tkelloggalljoyn

www

github

Transcript of Security & Identity in AllJoyn 14.06

Jornada Formativa Qualcomm y Movilforum: Alljoyn

How Intel Security Ensures Identity Protection

EPLANNEWS forVersion2.6 Status: 14.06 .EPLAN NEWS forVersion2.6 Status: 14.06.2016 Findingusedstructureidentifiersthroughthesearchresultslist

Intelligence IBM Security Identity Governance IBM Security Identity Governance and Intelligence ServiceNow

Future of Identity, Data, and Wearable Security

Security and Mutual SSL Identity Authentication for IoT ... Security and Mutual SSL Identity Authentication

Building Universal Windows Apps with AllJoyn

Information Security & Identity Theft - Banking with .Information Security & Identity Theft What

Open Source Introduction to AllJoyn Project

FIDO Alliance – Security and Identity

Security and Privacy of Using AllJoyn IoT Framework at Home and rdc.fel.cvut.cz/download/publications

ONEM2M SERVICE LAYER PLATFORM –INITIAL – AllJoyn Home G/W TV Vital Checker Fridge Server Application in the Smartphone Hospital Application AllJoyn oneM2M Network Architecture

Chosen-Ciphertext Security from Identity-Based Encryption

Information Security & Identity Theft - Federal Student Aid .Information Security & Identity Theft

BLSTK REPLAY N°10 - Semaine du 14.06 au 20.06

NYC Identity Summit Business Day: Continuous Security

Security Issues on Identity Card in Malaysia

Alljoyn Technical Overview Training

A HIGHER LEVEL OF SECURITY. - .a higher level of security. cloud security ... identity management

Identity, Security and XML Web Services