Make “The Edge" the centre of your security/privacy

Slides:

Advertisements

Similar presentations

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Advertisements

Internet, Intranet and Extranets

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Software Solutions for Product Developers Copyright 2005 Software Technologies Group, Inc. All Rights Reserved. An Overview of ZigBee The Power of the.

 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.

1 EEEM048- Internet of Things Lecture 1- Introduction Dr Payam Barnaghi, Dr Chuan H Foh Centre for Communication Systems Research Electronic Engineering.

Consolidating M2M Data Streams in Flexible Scalable Edge Nodes The Multi Service Gateway Concept in M2M / Internet of Things (IoT) Solutions Robert Andres.

A Paradigm Shift for the Internet of Things Today sensing and actuation is expensive and static with little or no economies of scale. μPnP changes the.

Internet of Things. IoT Novel paradigm – Rapidly gaining ground in the wireless scenario Basic idea – Pervasive presence around us a variety of things.

Internet of Things. Creating Our Future Together.

Discussion on oneM2M and OSGi Interworking Group Name: ARC Source: Jessie, Huawei, Meeting Date: Agenda Item:

Virtual Private Networks

SDN & NFV Driving Additional Value into Managed Services.

With Office 365, Collaborative Solution by Qorus Streamlines Document Assembly and Enhances Productivity for Any Business-Critical Documents OFFICE 365.

The Internet of Things for Health Care

Secure Connected Infrastructure

Connected Infrastructure

Lecture 7: Internet of Things

The Revolutionary Benefits Of Blockchain

ICON Signals Event Alert Notification Platform Overview March 28, 2017

WorkDiff Mobile, Scenario-Based Collaboration Solution WorkDiff Allows Users to Work Differently While Using Familiar Functions of Microsoft Office 365.

By: Raza Usmani SaaS, PaaS & TaaS By: Raza Usmani

Internet of Things 1.

StreetSmart Mobile Workforce App Incorporates Microsoft Office 365 Outlook Add-In for Improved Field Worker Scheduling and Streamlined Invoicing OFFICE.

Internet, Intranet and Extranets

Secure Hyperconnectivity with TeamViewer and Windows technologies

46elks Add-In for Microsoft Office 365 Excel Makes it Easy to Add SMS and Voice to Any Website or App – Just Install, Select Numbers, and Hit Send OFFICE.

Establishing RD&D Foundation for Smart Grid Center: Reference Design for Residential Information Gateways David M. Auslander Mechanical Engineering, UC.

SmartHOTEL Planner Add-In for Outlook: Office 365 Integration Enhances Room Planning, Booking, and Guest Management for Small Hotels and B&Bs OFFICE 365.

Boomerang Adds Smart Calendar Assistant and Reminders to Office 365 That Increase Productivity and Simplify Meeting Scheduling OFFICE 365 APP BUILDER.

Internet, Intranet and Extranets

Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.

in All Office 365 Apps for Enterprise Companies

Booklet365 Office 365 Outlook Add-In Makes Easy Work of Managing Schedules for Fitness Gyms, Sports Associations, Trainers, and Their Customers Partner.

20th CJK UNIOT-WG (Smart IPv6 Networking)

Connected Infrastructure

National Mining University

That Saves Money and Preserves Opportunities

SocialBoards Self-Service, Multichannel Support Ticket Notifications in Microsoft Office 365 Groups Help Customer Care Teams to Provide Better Care OFFICE.

Internet, Intranet and Extranets

High Secured Inter-Cloud Connectivity via Public Networks

MetaShare, Powered by Azure, Gives SharePoint a User-Friendly, Intuitive User Interface and Added App Features with No Added Administrative Tasks OFFICE.

It’s About Time – ScheduleMe Outlook Add-In for Office 365 Enables Users to Schedule Meetings Easily with People Outside of Your Organization Partner Logo.

With IvSign, Office 365 Users Can Digitally Sign Word Documents in the Cloud from Any Device Without Having to Install Any Digital Certificates OFFICE.

Identity Processor Secures IoT Systems

Organization for the Advancement of Structured Information Standards

ForceManager Integrates with Office 365 Outlook Mail, Calendar, Contacts, Word, and Excel for a Smart, Fast, Intuitive Mobile CRM Sales Solution OFFICE.

The World’s first Public Chain

Get Enterprise-Grade Call Handling and Control for Microsoft Office 365 and Skype for Business with the Bridge Boss-Admin Executive Console OFFICE 365.

LP+365 App Transforms Office 365 into a Learning Management System That Promotes Digital Literacy and Encourages All Students to Develop Together OFFICE.

Chat Refs: RFC 1459 (IRC).

PLUG-N-HARVEST ID: H2020-EU

Built on the Powerful Microsoft Office 365 Platform, My Intranet Boosts Efficiency with Support of Daily Tasks, Internal Communications and Collaboration.

Little Sister® And A New Smart City Standard Proposal

The Jamespot for Office 365 Application Attaches Business Processes to Docs and Syncs Them to OneDrive to Simplify Collaboration and Sharing OFFICE 365.

Securing the Internet of Things: Key Insights and Best Practices Across the Industry Theresa Bui Revon IoT Cloud Strategy.

Lecture 4: Internet of Things

Blockchain technology at Change Healthcare

BluVault Provides Secure and Cost-Effective Cloud Endpoint Backup and Recovery Using Power of Microsoft OneDrive Business and Microsoft Azure OFFICE 365.

Office 365 and Microsoft Project Integrations for HULAK Project Management Software Enable Teams to Remain Productive and Within Budget OFFICE 365 APP.

LitwareHR v2: an S+S reference application

Privacy Recommendation PAR Proposal

Resilient Information Architecture Platform for Smart Grid

Reportin Integrates with Microsoft Office 365 to Provide an End-to-End Platform for Financial Teams That Simplifies Report Creation and Management OFFICE.

We secure the communication

Blockchains and Smart Contracts for the Internet of Things

Windows Azure Hybrid Architectures and Patterns

Internet of Things (IoT)

Global One Communications

Presentation transcript:

Make “The Edge" the centre of your security/privacy Stuart Mendelsohn, Peter Waher Lilsis AB

a contribution to a new smart city standard An overview… © Lilsis AB 2018

Contents Why is a new standard needed? Proposed solution The danger of encryption “backdoors”. Architecture A platform Proof of concept Smart City standard contribution Conclusion. © Lilsis AB 2018

Why? © Lilsis AB 2018

"I don't know that much about cyber, but I do think that's the number one problem with mankind.“ Warren Buffett Cyber Threats © Lilsis AB 2018

What about threats to your privacy? Do you want bank details and personal health information public? Do you want your car tracked by unknowns? Do you want your smart electricity meter to tell thieves when you are away? And a lot more potential breaches… No? That’s where our technology can be used! © Lilsis AB 2018

How Far Can the Surveillance Economy Go? Harvard Business Review Uninformed Consent – Leslie K. John https://hbr.org/cover-story/2018/09/uninformed-consent © Lilsis AB 2018

Proposed solution © Lilsis AB 2018

So Let’s use a more secure internet protocol stack with extra encryption Based on XMPP and add extra encryption. “Edge” architecture, all hardware can be “on premise”. Encrypted database, IoT Gateway and backup included. © Lilsis AB 2018

XMPP - the Extensible Messaging and Presence Protocol Core specifications are developed at the Internet Engineering Task Force (IETF) - see RFC 6120, RFC 6121, and RFC 7622 (along with a WebSocket binding defined in RFC 7395). See IEEE P1451-99 Standard for Harmonization of Internet of Things (IoT) Devices and Systems. © Lilsis AB 2018

The danger of encryption “backdoors” © Lilsis AB 2018

At this point I better mention Backdoors! Maiden Castle, England is around 2000 years old © Lilsis AB 2018

Imposing Defences but… Front Door Back Door © Lilsis AB 2018

The Romans Attacked via the back door Mass graves show the results of the Roman attack. Back Door © Lilsis AB 2018

The moral is… Backdoors are dangerous! We haven't put backdoors in, not for us or anyone else. © Lilsis AB 2018

architecture © Lilsis AB 2018

PEER-TO-PEER SECURE Architecture Privacy by Design. Recommended for the GDPR. Attach a drone A smart home could be a peer PEER-TO-PEER SECURE Architecture © Lilsis AB 2018

SIMPLIFIED Architecture - based on xmpp XMPP Broker XMPP Communication Distributed Object Database Browser UI Distributed Object Database IoT Gateway IoT Gateway © Lilsis AB 2018

System detail - showing two peers and Broker Application Smart Contract Application Application Applications /APIs DOD-E Distributed Object Database (Encrypted) IoT Gateway IoT Gateway Secure Communication Layer IoT Harmonization Layer (IEEE) XMPP XMPP Broker Federation System Components © Lilsis AB 2018

reduced attack surfaces, Scaleable, Resilient Local to Global © Lilsis AB 2018

Federation – Global, Scalable, resilient © Lilsis AB 2018

A platform © Lilsis AB 2018 This Photo by Unknown Author is licensed under CC BY

It’s A platform Smart contracts without blockchain, Yay! Low cost of ownership Write scripts APIs Applications The unique architecture supports smart contracts Smart contracts without blockchain, Yay! © Lilsis AB 2018

Proof of concept © Lilsis AB 2018

Lilsis AB and Secure Private Social Network with end-to-end encryption. Trust based (whitelist) with strong control over who sees your data. You can instantly revoke access to your data. For Machines (IoT Gateway) and People. Machines can be members of a social network group. Multi-protocol support for flexibility. Modular software design, scriptable with APIs. Control your devices and provision services, using IEEE IoT Harmonization. Browser UI for ease of customization and localization. Create your own corporate look and feel. Social network groups define access rights and privileges. Works on low cost PC hardware (2GB compute stick tested). Full back up and restore, encrypted database included! Option to have all hardware on premise for maximum security. Low energy too! © Lilsis AB 2018

demo UI Prototype (You can configure your own) Embed Video Functions as a Social Network for Machines and People © Lilsis AB 2018

Chatting with sensors?!... Yes we can! This is the Little Sister® client (Testsister) asking for more information about the node it is chatting with (by typing /). The reply This client has two nodes: actuator Sensor. Device ID I get the readout of the light sensor (it was at night) it’s 0.92% It’s not moved Readout complete….that’s all it has to display. © Lilsis AB 2018

What was the name of that Client (Raspberry PI)? Chatting with a raspberry pi client “smclab2 full XMPP address is: smclab2@extas.is I select node 2 (the sensor connected to the Raspberry Pi) by typing “2” smclab2 replies and acknowledges I have selected “node sensor”. As we have seen the topology has two nodes, we select the sensor. © Lilsis AB 2018

Let’s read the sensor in the daytime Now that I have selected node 2, I can ask for a readout. I just need to type “?” This is the device id The light sensor reading is now 29.16%….well it is morning in Stockholm in November! The sensor is not in motion.. © Lilsis AB 2018

Access Denied! – Actuator Access control example Fine tuning sensor/actuator access allows you to assign access to different utility companies, for example. Now I select node 1 It’s the actuator node, node 1. I have already accessed node 2, (light sensor). I ask for a readout. I just type “?” Access denied – I don’t have access to node 1 even though I can see it. © Lilsis AB 2018

Smart city standard contribution © Lilsis AB 2018

with support from Sweden’s Internet foundation (IIS) Peter Waher’s smart City standard Contribution Builds on what we have developed so far. © Lilsis AB 2018

New Smart City Standard contribution - Project scope Funded by IIS (Sweden’s Internet Foundation) https://www.iis.se/ Five main areas of Peter Waher’s project: 1) Protocol Harmonization (over technical and protocol boundaries) 2) Interoperability 3) Identification (Strong identities, trust based whitelist). 4) Provisioning. 5) Market for sensor data and operations. Smart contracts. (Example: buy access to live HD drone data) © Lilsis AB 2018

USE Cases ? Smart Factory Smart People Smart Home Smart Community City Drones Smart Infrastructure Smart Transport ? USE Cases © Lilsis AB 2018

conclusion © Lilsis AB 2018

More information and IoT Labs! The project will culminate with some presentations and IoT Labs at Goto 10, the IIS meeting place. Located at the IIS offices, Hammarby Kaj 10D, SE-12030 Stockholm. https://www.goto10.se/evenemang/smart-city-lecture-1-how-to-build-a-smart-city/ More information and IoT Labs! © Lilsis AB 2018

Thank You! Questions? Stuart Mendelsohn Peter Waher Lilsis AB, Stockholm, Sweden. Little Sister® is a registered trademark of Lilsis AB. www.littlesister.se info@littlesister.se Press Release (Swedish)