Internet of Things Security Architecture

Slides:

Advertisements

Similar presentations

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Advertisements

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Your customer as a segment of one That changes every second! Hein Van Der Merwe Chief.

Jim Ferrentino Elizabeth West

1. Real-World Deployment and Best Practices with Oracle Database Vault at Customers: Ross Stores Covidien Kamal Tbeileh Sr. Principal Product Manager,

Virtualization of Fixed Network Functions on the Oracle Fabric Krishna Srinivasan Director, Product Management Oracle Networking Savi Venkatachalapathy.

Beyond Brute Force Strategies for Securely leveraging Mobile Devices Rajesh Pakkath, Sr. Product Manager, Oracle Bob Beach, CIO, Chevron October, 2014.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

High Tech Executive Discussion New Industry Solutions to Shape Your Future Rosh Dawes, Equinix Joseph Ahn: Principal Consultant, Samsung SDS Jaechul Lee:

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle SQL Developer What’s New in Version 4.1 Jeff Smith

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Advanced Metadata Modeling Modeling for the Oracle Business Intelligence Cloud.

Architecting for the Internet of Things

CON Software-Defined Networking in a Hybrid, Open Data Center Krishna Srinivasan Senior Principal Product Strategy Manager Oracle Virtual Networking.

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle SQL Developer For the DBA Jeff Smith

Oracle Fusion Pioneering the Consumerization of the Enterprise

The Safe Harbor The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Milton Smith Sr. Principle Security PM Java Platform Group September 2014 Twitter:

Best Practices for Upgrading Oracle PeopleSoft Environments

Oracle Database 12c Data Protection and Multitenancy on Oracle Solaris 11 Xiaosong Zhu Senior Software Engineer Copyright © 2014, Oracle and/or its affiliates.

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. JD Edwards Summit The Newest JDE Module – Rental Management Joel Sandberg Sales Consultant.

Getting Started with Oracle Compute Cloud

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. JD Edwards Summit Rapid Development of Mobile Applications Darryl Shakespeare Director.

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. JD Edwards Summit PaaS from an Applications Perspective Charles McGuinness Director,

Oracle Confidential – Internal/Restricted/Highly RestrictedCopyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Identity Management.

| Building the Effective Enterprise Conquering Interoperability Tony J Winter – Chief Technology Officer, QAD Building the Effective Enterprise.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 1.

1Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 8 Reporting from Contract.

A New IMS-Like Architecture for Enterprise Applications Reid Stidolph Master Principle Solutions Architect Communications Global Business Unit October.

Oracle E-Business Suite Order Management: Presenting the HTML and Mobile User Experience Durgaprasad Bodapati Director, Product Management Bhavana Sharma.

Oracle Application Express 3.0 Joel R. Kallman Software Development Manager.

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Improving Agility in Product Development and Pricing to Gain a Competitive Edge.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. An Auto-Join Network of Things Wong, H. and Wesson, B. Oracle Confidential – Internal/Restricted/Highly.

Hadoop 2 cluster with Oracle Solaris Zones, ZFS and unified archives Orgad Kimchi - Principal Software Engineer September 29, 2014 Oracle Confidential.

1Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 8 Contract Management.

CON Software-Defined Networking in a Hybrid, Open Data Center Krishna Srinivasan Senior Principal Product Strategy Manager Oracle Virtual Networking.

1Copyright © 2011, Oracle and/or its affiliates. All rights reserved.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 1.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Wireless and Mobile Security

Build Mobile Apps for Oracle E-Business Suite with Oracle Mobile Platform Bruce Bailey Principal Mobile/Social Solutions Consultant Jagadeesh Maira Senior.

RESTful Microservices In Java With Jersey Jakub Podlešák Software Engineer Oracle, Application Server Group September 29, 2014 Copyright © 2014, Oracle.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Planning & Budgeting Cloud Service (PBCS) Overview Business Analytics Product Group.

WebCenter in Education & Research A Transformation in Digital Business Session: CON7709 Golden Gate C3 Room, Marriott Marquis Moderator: Kevin Roebuck,

Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.

© 2012 IBM Corporation IBM Security Systems 1 © 2012 IBM Corporation Cloud Security: Who do you trust? Martin Borrett Director of the IBM Institute for.

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. JD Edwards Summit Recruit and Learn Solutions Extend HR into the Cloud Marie Scott.

Travel and Transportation General Session and Industry Excellence Awards Vijay Anand, Oracle Sundar Swaminathan, Oracle September 30, 2014 Copyright ©

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 1.

CON8473 – Oracle Distribution of OpenStack Ronen Kofman Director of Product Management Oracle OpenStack September, 2014 Copyright © 2014, Oracle and/or.

Oracle Java Cloud Service Oracle Develop July 2013.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Daddy, what's a middle wear? An incredibly oversimplified explanation of what Middleware.

What is it ? …all via a single, proven Platform-as-a-Service.

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Secure Software Confidentiality Integrity Data Security Authentication

Assessing the Security of the Cloud

Company Overview & Strategy

OpenWorld 2018 How to Combine Data from Source Sites

Charles Phillips screen

Confidential – Oracle Internal/Restricted/Highly Restricted

Project Helidon Deep Dive

Confidential – Oracle Internal/Restricted/Highly Restricted

OpenWorld How to Prepare Data from Business Intelligence Cloud Service

OpenWorld 2018 Oracle API Platform: How to Manage Typical Workflows

Implementing Client Security on Windows 2000 and Windows XP Level 150

Oracle Java SE Subscriptions; Protect Your Investment in Java SE

Presentation transcript:

Internet of Things Security Architecture This is a Title Slide with Java FY15 Theme slide ideal for including the Java Theme with a brief title, subtitle and presenter information. To customize this slide with your own picture: Right-click the slide area and choose Format Background from the pop-up menu. From the Fill menu, click Picture and texture fill. Under Insert from: click File. Locate your new picture and click Insert. To copy the Customized Background from Another Presentation on PC Click New Slide from the Home tab's Slides group and select Reuse Slides. Click Browse in the Reuse Slides panel and select Browse Files. Double-click the PowerPoint presentation that contains the background you wish to copy. Check Keep Source Formatting and click the slide that contains the background you want. Click the left-hand slide preview to which you wish to apply the new master layout. Apply New Layout (Important): Right-click any selected slide, point to Layout, and click the slide containing the desired layout from the layout gallery. Delete any unwanted slides or duplicates. To copy the Customized Background from Another Presentation on Mac Click New Slide from the Home tab's Slides group and select Insert Slides from Other Presentation… Navigate to the PowerPoint presentation file that contains the background you wish to copy. Double-click or press Insert. This prompts the Slide Finder dialogue box. Make sure Keep design of original slides is unchecked and click the slide(s) that contains the background you want. Hold Shift key to select multiple slides. Apply New Layout (Important): Click Layout from the Home tab's Slides group, and click the slide containing the desired layout from the layout gallery. Noel Poore Architect Java Platform Group September 29, 2014 Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

Oracle IoT Architecture A quick overview…

Oracle IoT Architecture IoT Cloud Service Non-Java Device 3rd Party Device Cloud Endpoint Management Oracle Database (12c) Business Intelligence Cloud Service IoT Cloud Service Gateway Non-Java Device Java Device WWAN 3G Network Firewall Messaging Proxy Oracle Event Processing Custom App Non-Java Device Device Management Dispatcher REST/JMS Integration Cloud Service Users Oracle Confidential – Internal/Restricted/Highly Restricted

Oracle IoT Architecture IoT Cloud Service Non-Java Device 3rd Party Device Cloud Endpoint Management Oracle Database (12c) Business Intelligence Cloud Service Data IoT Cloud Service Gateway Non-Java Device Java Device WWAN 3G Network Firewall Messaging Proxy Oracle Event Processing Custom App Non-Java Device Device Management Dispatcher REST/JMS Integration Cloud Service Users Oracle Confidential – Internal/Restricted/Highly Restricted

Oracle IoT Architecture IoT Cloud Service Non-Java Device 3rd Party Device Cloud Endpoint Management Oracle Database (12c) Business Intelligence Cloud Service Data IoT Cloud Service Gateway Non-Java Device Control Java Device WWAN 3G Network Firewall Messaging Proxy Oracle Event Processing Custom App Non-Java Device Device Management Dispatcher REST/JMS Integration Cloud Service Users Oracle Confidential – Internal/Restricted/Highly Restricted

What do we need to secure? Access to devices and applications From anywhere in the IoT network And to the data they generate Whether that data is in motion or at rest A body temperature sensor and a thermostat both measure temperature But you must be able to secure them differently Especially on e.g. a multi-tenant home gateway

IoT Security Threats Defending the device cloud…

Threat Modeling for IoT Large, complex systems Unattended devices Connected via the public internet Many different threats to consider Correspondingly broad spectrum of countermeasures

IoT Threats DDoS Deny business operations Loss of revenue An overview… DDoS Deny business operations Loss of revenue Compliance and safety concerns Before we can secure something we need to understand some of the threat

IoT Threats Reconnaissance Physical network, PCAPs Devices, cameras An overview… Reconnaissance Physical network, PCAPs Devices, cameras Servers, applications Surveillance for cross-compromise

IoT Threats Info Disclosure An overview… Info Disclosure Exfiltrate logs, app metadata, crypto keys, URL parameters SSL/TLS attacks Session hijacking

IoT Threats Device Spoof/MITM Rogue CA, forged keys An overview… Device Spoof/MITM Rogue CA, forged keys No Transport Encryption Failed/Improper (De)provisioning

IoT Threats Poor Management Inappropriate security policy An overview… Poor Management Inappropriate security policy Unauthorized access Bad privilege assigments Lack of security patching

IoT Security Model High level overview…

Scalability Down to very small devices To large numbers of devices Can’t be too resource intensive To large numbers of devices Performance Comprehensibility & manageability To different risk profiles One size doesn’t fit all

Basic Principles Use standards wherever possible Defense in depth All IoT applications run in a secure container All code is signed and only trusted code will be executed All communications are encrypted and authenticated All access to resources (devices, REST APIs, …) must be authenticated and authorized

Endpoint Identity Management All endpoints (devices and applications) must be enrolled before they may participate in the IoT system The endpoint must either authenticate itself directly, or be vouched for by a previously enrolled gateway Configurable delegation of trust for different use cases Enrollment creates a unique endpoint identity and a trust relationship Safe end-of-life process

Security Policies Enrollment policy Compliance policy Endpoint policy Do you want this endpoint in your system? Compliance policy Do you still want this endpoint in your system? Endpoint policy What actions is this endpoint authorized to perform

Enrollment Policies Direct enrollment Indirect enrollment How many enrollment attempts are allowed? Time period before onboarding expires? Time period when enrollment allowed? Indirect enrollment Configurable delegation of trust to gateways E.g. is a gateway allowed to onboard and enroll new devices? How many devices of what types? Which/how many application endpoints are allowed?

Endpoint Policies Specify the allowable interactions between endpoints And with the data/messages they originate Specified via rules In plain English, the rules allow the following kinds of relationships “Enterprise app x is allowed read access to all pulse oximeter devices” “IoT app y can access all thermostats on the same gateway” “IoT app z can send messages to dispatcher A” Enforced on device gateways as well as in the cloud service

Java for Trusted Execution Environment Brings the benefits of Java to secure hardware Separates credentials and critical cryptographic activities from the rich OS Part of the solution for hardening devices and device gateways The IoT client platform is architected to integrate with TEE or a secure element Storage of sensitive information such as credentials and keys Performing sensitive crypto operations Several TEE sessions this week in the IoT track

Another Security Session Security and the Internet of Things: Preparing for the Internet of Stings [CON5948] Wednesday 11:30am Hilton Golden Gate 6/7/8

This is a Safe Harbor Front slide, one of two Safe Harbor Statement slides included in this template. One of the Safe Harbor slides must be used if your presentation covers material affected by Oracle’s Revenue Recognition Policy To learn more about this policy, e-mail: Revrec-americasiebc_us@oracle.com For internal communication, Safe Harbor Statements are not required. However, there is an applicable disclaimer (Exhibit E) that should be used, found in the Oracle Revenue Recognition Policy for Future Product Communications. Copy and paste this link into a web browser, to find out more information. http://my.oracle.com/site/fin/gfo/GlobalProcesses/cnt452504.pdf For all external communications such as press release, roadmaps, PowerPoint presentations, Safe Harbor Statements are required. You can refer to the link mentioned above to find out additional information/disclaimers required depending on your audience.