Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet of Things Security Architecture

Published byDonald Godbey Modified over 9 years ago

Similar presentations

Presentation on theme: "Internet of Things Security Architecture"— Presentation transcript:

1 Internet of Things Security Architecture
This is a Title Slide with Java FY15 Theme slide ideal for including the Java Theme with a brief title, subtitle and presenter information. To customize this slide with your own picture: Right-click the slide area and choose Format Background from the pop-up menu. From the Fill menu, click Picture and texture fill. Under Insert from: click File. Locate your new picture and click Insert. To copy the Customized Background from Another Presentation on PC Click New Slide from the Home tab's Slides group and select Reuse Slides. Click Browse in the Reuse Slides panel and select Browse Files. Double-click the PowerPoint presentation that contains the background you wish to copy. Check Keep Source Formatting and click the slide that contains the background you want. Click the left-hand slide preview to which you wish to apply the new master layout. Apply New Layout (Important): Right-click any selected slide, point to Layout, and click the slide containing the desired layout from the layout gallery. Delete any unwanted slides or duplicates. To copy the Customized Background from Another Presentation on Mac Click New Slide from the Home tab's Slides group and select Insert Slides from Other Presentation… Navigate to the PowerPoint presentation file that contains the background you wish to copy. Double-click or press Insert. This prompts the Slide Finder dialogue box. Make sure Keep design of original slides is unchecked and click the slide(s) that contains the background you want. Hold Shift key to select multiple slides. Apply New Layout (Important): Click Layout from the Home tab's Slides group, and click the slide containing the desired layout from the layout gallery. Noel Poore Architect Java Platform Group September 29, 2014 Copyright © 2014, Oracle and/or its affiliates. All rights reserved.

2 Oracle IoT Architecture
A quick overview…

3 Oracle IoT Architecture
IoT Cloud Service Non-Java Device 3rd Party Device Cloud Endpoint Management Oracle Database (12c) Business Intelligence Cloud Service IoT Cloud Service Gateway Non-Java Device Java Device WWAN 3G Network Firewall Messaging Proxy Oracle Event Processing Custom App Non-Java Device Device Management Dispatcher REST/JMS Integration Cloud Service Users Oracle Confidential – Internal/Restricted/Highly Restricted

4 Oracle IoT Architecture
IoT Cloud Service Non-Java Device 3rd Party Device Cloud Endpoint Management Oracle Database (12c) Business Intelligence Cloud Service Data IoT Cloud Service Gateway Non-Java Device Java Device WWAN 3G Network Firewall Messaging Proxy Oracle Event Processing Custom App Non-Java Device Device Management Dispatcher REST/JMS Integration Cloud Service Users Oracle Confidential – Internal/Restricted/Highly Restricted

5 Oracle IoT Architecture
IoT Cloud Service Non-Java Device 3rd Party Device Cloud Endpoint Management Oracle Database (12c) Business Intelligence Cloud Service Data IoT Cloud Service Gateway Non-Java Device Control Java Device WWAN 3G Network Firewall Messaging Proxy Oracle Event Processing Custom App Non-Java Device Device Management Dispatcher REST/JMS Integration Cloud Service Users Oracle Confidential – Internal/Restricted/Highly Restricted

6 What do we need to secure?
Access to devices and applications From anywhere in the IoT network And to the data they generate Whether that data is in motion or at rest A body temperature sensor and a thermostat both measure temperature But you must be able to secure them differently Especially on e.g. a multi-tenant home gateway

7 IoT Security Threats Defending the device cloud…

8 Threat Modeling for IoT
Large, complex systems Unattended devices Connected via the public internet Many different threats to consider Correspondingly broad spectrum of countermeasures

9 IoT Threats DDoS Deny business operations Loss of revenue
An overview… DDoS Deny business operations Loss of revenue Compliance and safety concerns Before we can secure something we need to understand some of the threat

10 IoT Threats Reconnaissance Physical network, PCAPs Devices, cameras
An overview… Reconnaissance Physical network, PCAPs Devices, cameras Servers, applications Surveillance for cross-compromise

11 IoT Threats Info Disclosure
An overview… Info Disclosure Exfiltrate logs, app metadata, crypto keys, URL parameters SSL/TLS attacks Session hijacking

12 IoT Threats Device Spoof/MITM Rogue CA, forged keys
An overview… Device Spoof/MITM Rogue CA, forged keys No Transport Encryption Failed/Improper (De)provisioning

13 IoT Threats Poor Management Inappropriate security policy
An overview… Poor Management Inappropriate security policy Unauthorized access Bad privilege assigments Lack of security patching

14 IoT Security Model High level overview…

15 Scalability Down to very small devices To large numbers of devices
Can’t be too resource intensive To large numbers of devices Performance Comprehensibility & manageability To different risk profiles One size doesn’t fit all

16 Basic Principles Use standards wherever possible Defense in depth
All IoT applications run in a secure container All code is signed and only trusted code will be executed All communications are encrypted and authenticated All access to resources (devices, REST APIs, …) must be authenticated and authorized

17 Endpoint Identity Management
All endpoints (devices and applications) must be enrolled before they may participate in the IoT system The endpoint must either authenticate itself directly, or be vouched for by a previously enrolled gateway Configurable delegation of trust for different use cases Enrollment creates a unique endpoint identity and a trust relationship Safe end-of-life process

18 Security Policies Enrollment policy Compliance policy Endpoint policy
Do you want this endpoint in your system? Compliance policy Do you still want this endpoint in your system? Endpoint policy What actions is this endpoint authorized to perform

19 Enrollment Policies Direct enrollment Indirect enrollment
How many enrollment attempts are allowed? Time period before onboarding expires? Time period when enrollment allowed? Indirect enrollment Configurable delegation of trust to gateways E.g. is a gateway allowed to onboard and enroll new devices? How many devices of what types? Which/how many application endpoints are allowed?

20 Endpoint Policies Specify the allowable interactions between endpoints
And with the data/messages they originate Specified via rules In plain English, the rules allow the following kinds of relationships “Enterprise app x is allowed read access to all pulse oximeter devices” “IoT app y can access all thermostats on the same gateway” “IoT app z can send messages to dispatcher A” Enforced on device gateways as well as in the cloud service

21 Java for Trusted Execution Environment
Brings the benefits of Java to secure hardware Separates credentials and critical cryptographic activities from the rich OS Part of the solution for hardening devices and device gateways The IoT client platform is architected to integrate with TEE or a secure element Storage of sensitive information such as credentials and keys Performing sensitive crypto operations Several TEE sessions this week in the IoT track

22 Another Security Session
Security and the Internet of Things: Preparing for the Internet of Stings [CON5948] Wednesday 11:30am Hilton Golden Gate 6/7/8

23 This is a Safe Harbor Front slide, one of two Safe Harbor Statement slides included in this template. One of the Safe Harbor slides must be used if your presentation covers material affected by Oracle’s Revenue Recognition Policy To learn more about this policy, For internal communication, Safe Harbor Statements are not required. However, there is an applicable disclaimer (Exhibit E) that should be used, found in the Oracle Revenue Recognition Policy for Future Product Communications. Copy and paste this link into a web browser, to find out more information. For all external communications such as press release, roadmaps, PowerPoint presentations, Safe Harbor Statements are required. You can refer to the link mentioned above to find out additional information/disclaimers required depending on your audience.

24

Download ppt "Internet of Things Security Architecture"

Similar presentations

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Your customer as a segment of one That changes every second! Hein Van Der Merwe Chief.

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Your customer as a segment of one That changes every second! Hein Van Der Merwe Chief.
Jim Ferrentino Elizabeth West

Jim Ferrentino Elizabeth West
1. Real-World Deployment and Best Practices with Oracle Database Vault at Customers: Ross Stores Covidien Kamal Tbeileh Sr. Principal Product Manager,

1. Real-World Deployment and Best Practices with Oracle Database Vault at Customers: Ross Stores Covidien Kamal Tbeileh Sr. Principal Product Manager,
Virtualization of Fixed Network Functions on the Oracle Fabric Krishna Srinivasan Director, Product Management Oracle Networking Savi Venkatachalapathy.

Virtualization of Fixed Network Functions on the Oracle Fabric Krishna Srinivasan Director, Product Management Oracle Networking Savi Venkatachalapathy.
Beyond Brute Force Strategies for Securely leveraging Mobile Devices Rajesh Pakkath, Sr. Product Manager, Oracle Bob Beach, CIO, Chevron October, 2014.

Beyond Brute Force Strategies for Securely leveraging Mobile Devices Rajesh Pakkath, Sr. Product Manager, Oracle Bob Beach, CIO, Chevron October, 2014.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
High Tech Executive Discussion New Industry Solutions to Shape Your Future Rosh Dawes, Equinix Joseph Ahn: Principal Consultant, Samsung SDS Jaechul Lee:

High Tech Executive Discussion New Industry Solutions to Shape Your Future Rosh Dawes, Equinix Joseph Ahn: Principal Consultant, Samsung SDS Jaechul Lee:
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle SQL Developer What’s New in Version 4.1 Jeff Smith

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle SQL Developer What’s New in Version 4.1 Jeff Smith
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Advanced Metadata Modeling Modeling for the Oracle Business Intelligence Cloud.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Advanced Metadata Modeling Modeling for the Oracle Business Intelligence Cloud.
Architecting for the Internet of Things

Architecting for the Internet of Things
CON7349 - Software-Defined Networking in a Hybrid, Open Data Center Krishna Srinivasan Senior Principal Product Strategy Manager Oracle Virtual Networking.

CON Software-Defined Networking in a Hybrid, Open Data Center Krishna Srinivasan Senior Principal Product Strategy Manager Oracle Virtual Networking.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle SQL Developer For the DBA Jeff Smith

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle SQL Developer For the DBA Jeff Smith
Oracle Fusion Pioneering the Consumerization of the Enterprise

Oracle Fusion Pioneering the Consumerization of the Enterprise
The Safe Harbor The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated.

The Safe Harbor The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Milton Smith Sr. Principle Security PM Java Platform Group September 2014 Twitter:

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Milton Smith Sr. Principle Security PM Java Platform Group September 2014 Twitter:
Best Practices for Upgrading Oracle PeopleSoft Environments

Best Practices for Upgrading Oracle PeopleSoft Environments
Oracle Database 12c Data Protection and Multitenancy on Oracle Solaris 11 Xiaosong Zhu Senior Software Engineer Copyright © 2014, Oracle and/or its affiliates.

Oracle Database 12c Data Protection and Multitenancy on Oracle Solaris 11 Xiaosong Zhu Senior Software Engineer Copyright © 2014, Oracle and/or its affiliates.

Similar presentations

Ads by Google