SlideShare a Scribd company logo

CIS14: Handling Identity in AllJoyn 14.06

CloudIDSummit, profile picture
CloudIDSummit

The document discusses security and identity in embedded systems and the AllJoyn distributed messaging bus. It describes several incidents where lack of security in embedded systems led to safety issues. It then explains how AllJoyn uses various encryption methods like RSA keys, SRP, and ECDHE to authenticate devices and secure communication over the distributed bus. These methods provide features like certificate-based identity, password or PIN-based pairing, and pre-shared keys to secure connections without requiring a trusted authority.

Technology
1 of 23
Downloaded 13 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Iden%ty  &  Security  In  AllJoyn  14.06   Tim  Kellogg   Saturday,  July  19  2014  
hAps://github.com/tkellogg/alljoyn-­‐examples     hAps://github.com/tkellogg/alljoyn-­‐core/tree/ master/alljoyn_core/src     hAp://www.slideshare.net/kellogh/security-­‐ iden%ty-­‐in-­‐alljoyn-­‐1406    
Embedded  Security  
Mitsubishi  EMI  Incident  (2003)   •  Brakes  disabled  when  given  1000-­‐10000x  legal   levels  of  EMI  radia%on   •  Car  thinks  brakes  are  locked,  so  it  releases   •  All  within  limits  required  by  law  
Slammer  Worm  (2003)   •  Nuclear  plant  safety  monitoring  disabled  for  5   hours   •  “The  business  value  of  access  to  the  data   within  the  control  center  worth  the  risk  of   open  connec%ons  between  the  control  center   and  the  corporate  network”   •  Unpatched  MSSQL  Server  
Hello,  my  name  is  Bruce  Schneier  and  I   think  routers  are  super  duper  easy  to   hack,  mostly  because  you  nerds  never   patch  the  so`ware   hAps://www.schneier.com/essays/archives/2014/01/ the_internet_of_thin.html  
University  of  Washington  Study  (2010)   “We  demonstrate  that  an  aAacker  who  is  able   to  infiltrate  virtually  any  Electronic  Control  Unit   (ECU)  can  leverage  this  ability  to  completely   circumvent  a  broad  array  of  safety-­‐cri%cal   systems”   hAp://www.autosec.org/pubs/cars-­‐ oakland2010.pdf    
Hey,  check  it  out!  I   made  my  own   encryp%on  algorithm  
CIS14: Handling Identity in AllJoyn 14.06
Embedded  Needs  “Rails”   •  So`ware  Updates   •  Security  &  Iden%ty   •  Communica%on   •  Media  Streaming   •  User  Interfaces  
Distributed  Bus  
Distributed  Bus  
Security  
Auth  Listeners   •  ALLJOYN_RSA_KEYX  –  X.509  cer%ficates   •  ALLJOYN_SRP_KEYX  –  Show  Random  PIN   •  ALLJOYN_SRP_LOGON  –  preset  U/P  table   •  ALLJOYN_ECDHE_NULL   •  ALLJOYN_ECDHE_PSK     •  ALLJOYN_ECDHE_ECDSA  –  DSA  
ALLJOYN_RSA_KEYX   •  RSA  =  Asymmetric  key  encryp%on   •  X.509  cer%ficates   – Trusted  Cer%ficate  Authority  
SRP_KEYX  &  SRP_LOGON   •  Threshold  Cryptography   •  No  trust  required  to  establish  a  secure   connec%on   •  LOGON  =  Username  &  Password   •  KEYX  =  A  PIN  is  displayed  
ALLJOYN_SRP_KEYX  
ECDHE   •  Ellip%c  Curve  (EC)  Cryptography   •  DHE  =  Diffie-­‐Hellman  key  Exchange   – Symmetric  key  encryp%on  
ALLJOYN_ECDHE_NULL   •  Ellip%c  Curve  Encryp%on   •  No  verifica%on  of  iden%ty  
ALLJOYN_ECDHE_PSK   •  PSK  =  Pre-­‐Shared  Key   •  Service  already  has  the  client’s  public  key   •  A  password  may  also  be  used  
ALLJOYN_ECDHE_ECDSA   •  ECDSA  –  Ellip%c  Curve  Digital  Signature   Algorithm   •  Cer%ficate  shows  iden%ty  
CIS14: Handling Identity in AllJoyn 14.06
Ques%ons?     @kellogh       Prac%cal  Internet  of  Things  

More Related Content

PDF
CIS14: Identity at Scale: Building from the Ground Up
CloudIDSummit
 
PDF
CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the Sta...
CloudIDSummit
 
PDF
CIS13: Identity Tech Overview: Less Pain, More Gain
CloudIDSummit
 
PDF
CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
CloudIDSummit
 
PDF
CIS14: NSTIC: Identity Enables a New Digital Relationship
CloudIDSummit
 
PDF
CIS14: PingOne IDaaS: What You Need to Know
CloudIDSummit
 
PDF
CIS14: Spinning New Threads with Existing Identity Systems
CloudIDSummit
 
PDF
CIS14: Authorization: It's What's for Dessert
CloudIDSummit
 
CIS14: Identity at Scale: Building from the Ground Up
CloudIDSummit
 
CIS13: The Good, The Bad, and the Government: Wrangling Attributes in the Sta...
CloudIDSummit
 
CIS13: Identity Tech Overview: Less Pain, More Gain
CloudIDSummit
 
CIS14: Bringing Crypto Back: Web Authentication without Bearer Tokens
CloudIDSummit
 
CIS14: NSTIC: Identity Enables a New Digital Relationship
CloudIDSummit
 
CIS14: PingOne IDaaS: What You Need to Know
CloudIDSummit
 
CIS14: Spinning New Threads with Existing Identity Systems
CloudIDSummit
 
CIS14: Authorization: It's What's for Dessert
CloudIDSummit
 

Viewers also liked (11)

PDF
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CloudIDSummit
 
PDF
2014 07-19 id cloud summit
CloudIDSummit
 
PDF
CIS14: Authentication: Who are You? You are What You Eat
CloudIDSummit
 
PDF
CIS14: Case Study: Using a Federated Identity Service for Faster Application ...
CloudIDSummit
 
PDF
CIS14: Best Practices You Must Apply to Secure Your APIs
CloudIDSummit
 
PDF
CIS14: NSTIC - Identity and Access Management Collaborative Approaches to Nov...
CloudIDSummit
 
PDF
CIS13: APIs, Identity, and Securing the Enterprise
CloudIDSummit
 
PDF
CIS14: Early Peek at PingFederate Administrative REST API
CloudIDSummit
 
PDF
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CloudIDSummit
 
PDF
CIS14: Physical and Logical Access Control Convergence
CloudIDSummit
 
PDF
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, an...
CloudIDSummit
 
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CloudIDSummit
 
2014 07-19 id cloud summit
CloudIDSummit
 
CIS14: Authentication: Who are You? You are What You Eat
CloudIDSummit
 
CIS14: Case Study: Using a Federated Identity Service for Faster Application ...
CloudIDSummit
 
CIS14: Best Practices You Must Apply to Secure Your APIs
CloudIDSummit
 
CIS14: NSTIC - Identity and Access Management Collaborative Approaches to Nov...
CloudIDSummit
 
CIS13: APIs, Identity, and Securing the Enterprise
CloudIDSummit
 
CIS14: Early Peek at PingFederate Administrative REST API
CloudIDSummit
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CloudIDSummit
 
CIS14: Physical and Logical Access Control Convergence
CloudIDSummit
 
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, an...
CloudIDSummit
 
Ad

Similar to CIS14: Handling Identity in AllJoyn 14.06 (20)

PPTX
Cm9 secure code_training_1day_input sanitization
dcervigni
 
PDF
Track 5 session 2 - st dev con 2016 - security iot best practices
ST_World
 
PDF
44CON 2014 - I Hunt TR-069 Admins: Pwning ISPs Like a Boss, Shahar Tal
44CON
 
PDF
Breaking Smart Speakers: We are Listening to You.
Priyanka Aash
 
PDF
Web-of-Things and Services Security
Oliver Pfaff
 
PDF
DEF CON 23 - CASSIDY LEVERETT LEE - switches get stitches
Felipe Prado
 
PDF
Controlling Access to IBM i Systems and Data
Precisely
 
PPTX
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
 
PDF
Expand Your Control of Access to IBM i Systems and Data
Precisely
 
PPTX
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Aleksandr Timorin
 
PDF
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
PPTX
Information security & ethical hacking
eiti panchkula
 
PPT
Top Ten Proactive Web Security Controls v5
Jim Manico
 
PDF
Pulsar Summit Asia - Running a secure pulsar cluster
Shivji Kumar Jha
 
PDF
Shameful secrets of proprietary network protocols
Slawomir Jasek
 
PDF
DefCamp 2013 - Http header analysis
DefCamp
 
PDF
Rails security: above and beyond the defaults
Matias Korhonen
 
PDF
Cloud Tripwires: fighting stealth with stealth
Cloud Village
 
PDF
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...
Linaro
 
PDF
Cryptography
Sri Manakula Vinayagar Engineering College
 
Cm9 secure code_training_1day_input sanitization
dcervigni
 
Track 5 session 2 - st dev con 2016 - security iot best practices
ST_World
 
44CON 2014 - I Hunt TR-069 Admins: Pwning ISPs Like a Boss, Shahar Tal
44CON
 
Breaking Smart Speakers: We are Listening to You.
Priyanka Aash
 
Web-of-Things and Services Security
Oliver Pfaff
 
DEF CON 23 - CASSIDY LEVERETT LEE - switches get stitches
Felipe Prado
 
Controlling Access to IBM i Systems and Data
Precisely
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
 
Expand Your Control of Access to IBM i Systems and Data
Precisely
 
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Aleksandr Timorin
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
Information security & ethical hacking
eiti panchkula
 
Top Ten Proactive Web Security Controls v5
Jim Manico
 
Pulsar Summit Asia - Running a secure pulsar cluster
Shivji Kumar Jha
 
Shameful secrets of proprietary network protocols
Slawomir Jasek
 
DefCamp 2013 - Http header analysis
DefCamp
 
Rails security: above and beyond the defaults
Matias Korhonen
 
Cloud Tripwires: fighting stealth with stealth
Cloud Village
 
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...
Linaro
 
Cryptography
Sri Manakula Vinayagar Engineering College
 
Ad

More from CloudIDSummit (20)

PPTX
CIS 2016 Content Highlights
CloudIDSummit
 
PPTX
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
CloudIDSummit
 
PDF
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CloudIDSummit
 
PDF
Mobile security, identity & authentication reasons for optimism 20150607 v2
CloudIDSummit
 
PDF
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CloudIDSummit
 
PDF
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CloudIDSummit
 
PDF
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CloudIDSummit
 
PDF
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CloudIDSummit
 
PDF
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CloudIDSummit
 
PDF
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CloudIDSummit
 
PDF
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CloudIDSummit
 
PDF
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CloudIDSummit
 
PDF
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
PDF
CIS 2015 The IDaaS Dating Game - Sean Deuby
CloudIDSummit
 
PDF
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CloudIDSummit
 
PDF
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
CloudIDSummit
 
PDF
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CloudIDSummit
 
PDF
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CloudIDSummit
 
PDF
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CloudIDSummit
 
PDF
CIS 2015 Identity Relationship Management in the Internet of Things
CloudIDSummit
 
CIS 2016 Content Highlights
CloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CloudIDSummit
 

Recently uploaded (20)

PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Cloud computing and distributed systems.
kkkkkhan
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
KodekX | Application Modernization Development
KodekX
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Approach and Philosophy of On baking technology
30anthuong17
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 

CIS14: Handling Identity in AllJoyn 14.06

  • 1. Iden%ty  &  Security  In  AllJoyn  14.06   Tim  Kellogg   Saturday,  July  19  2014  
  • 2. hAps://github.com/tkellogg/alljoyn-­‐examples     hAps://github.com/tkellogg/alljoyn-­‐core/tree/ master/alljoyn_core/src     hAp://www.slideshare.net/kellogh/security-­‐ iden%ty-­‐in-­‐alljoyn-­‐1406    
  • 4. Mitsubishi  EMI  Incident  (2003)   •  Brakes  disabled  when  given  1000-­‐10000x  legal   levels  of  EMI  radia%on   •  Car  thinks  brakes  are  locked,  so  it  releases   •  All  within  limits  required  by  law  
  • 5. Slammer  Worm  (2003)   •  Nuclear  plant  safety  monitoring  disabled  for  5   hours   •  “The  business  value  of  access  to  the  data   within  the  control  center  worth  the  risk  of   open  connec%ons  between  the  control  center   and  the  corporate  network”   •  Unpatched  MSSQL  Server  
  • 6. Hello,  my  name  is  Bruce  Schneier  and  I   think  routers  are  super  duper  easy  to   hack,  mostly  because  you  nerds  never   patch  the  so`ware   hAps://www.schneier.com/essays/archives/2014/01/ the_internet_of_thin.html  
  • 7. University  of  Washington  Study  (2010)   “We  demonstrate  that  an  aAacker  who  is  able   to  infiltrate  virtually  any  Electronic  Control  Unit   (ECU)  can  leverage  this  ability  to  completely   circumvent  a  broad  array  of  safety-­‐cri%cal   systems”   hAp://www.autosec.org/pubs/cars-­‐ oakland2010.pdf    
  • 8. Hey,  check  it  out!  I   made  my  own   encryp%on  algorithm  
  • 10. Embedded  Needs  “Rails”   •  So`ware  Updates   •  Security  &  Iden%ty   •  Communica%on   •  Media  Streaming   •  User  Interfaces  
  • 14. Auth  Listeners   •  ALLJOYN_RSA_KEYX  –  X.509  cer%ficates   •  ALLJOYN_SRP_KEYX  –  Show  Random  PIN   •  ALLJOYN_SRP_LOGON  –  preset  U/P  table   •  ALLJOYN_ECDHE_NULL   •  ALLJOYN_ECDHE_PSK     •  ALLJOYN_ECDHE_ECDSA  –  DSA  
  • 15. ALLJOYN_RSA_KEYX   •  RSA  =  Asymmetric  key  encryp%on   •  X.509  cer%ficates   – Trusted  Cer%ficate  Authority  
  • 16. SRP_KEYX  &  SRP_LOGON   •  Threshold  Cryptography   •  No  trust  required  to  establish  a  secure   connec%on   •  LOGON  =  Username  &  Password   •  KEYX  =  A  PIN  is  displayed  
  • 18. ECDHE   •  Ellip%c  Curve  (EC)  Cryptography   •  DHE  =  Diffie-­‐Hellman  key  Exchange   – Symmetric  key  encryp%on  
  • 19. ALLJOYN_ECDHE_NULL   •  Ellip%c  Curve  Encryp%on   •  No  verifica%on  of  iden%ty  
  • 20. ALLJOYN_ECDHE_PSK   •  PSK  =  Pre-­‐Shared  Key   •  Service  already  has  the  client’s  public  key   •  A  password  may  also  be  used  
  • 21. ALLJOYN_ECDHE_ECDSA   •  ECDSA  –  Ellip%c  Curve  Digital  Signature   Algorithm   •  Cer%ficate  shows  iden%ty  
  • 23. Ques%ons?     @kellogh       Prac%cal  Internet  of  Things