Presentation is loading. Please wait.

Presentation is loading. Please wait.

IoT Security and Privacy

Published byKarl-Erik Dahlberg Modified over 4 years ago

Similar presentations

Presentation on theme: "IoT Security and Privacy"— Presentation transcript:

1 IoT Security and Privacy
Amazon AWS IoT

2 Learning Outcomes Upon completion of this unit:
Students will the architecture of Amazon AWS IoT Students will master the use of AWS IoT managing IoT devices Students will master programming AWS IoT

3 Outline Introduction Device registry - thing, keys, certificate, policy Security and identity Device gateway – MQTT Rules engine Pricing Example code with MQTT

4 Current AWS Services Computing Storage Networking Analytics Databases
Applications SDK AWS Mobile SDK, API Endpoints, Management Console Offered Services Such services are fully integrated with the rest of AWS offering, are optimized for mobile use cases, are accessible via a single Mobile SDK and share the same scalable, on-demand, global infrastructure of all our other AWS services. Underlying Services Computing Storage Networking Analytics Databases AWS Infrastructure

5 AWS IoT service Beta out in August 2015 Use of standard protocols
SDK, APIs Partnership with different industry sectors Bridge to other AWS Services, such as , SMS, data analystics Bi-Directional / Long lived connections

6 AWS IoT Architecture & Ecosystem
Smart Transportation Smart Health Smart Agriculture AWS IoT Architecture & Ecosystem Solutions Security Regions & Availability Zones Rules Engine API Thing Shadows Pub / Sub Broker Secure Gateway Things Registry C / Java SDK AWS IoT Services AWS IoT IoT Devices

7 AWS IoT - Console Interactive Tutorial

8 AWS IoT AUTHENTICATION AUTHORIZATION AWS Services - - - - -
DEVICE SDK Set of client libraries to connect, authenticate and exchange messages DEVICE GATEWAY Communicate with devices via MQTT and HTTP AUTHENTICATION AUTHORIZATION Secure with mutual authentication and encryption RULES ENGINE Transform messages based on rules and route to AWS Services AWS Services 3rd party Services DEVICE SHADOW Persistent thing state during intermittent connections APPLICATIONS AWS IoT API DEVICE REGISTRY Identity and Management of your things

9 AWS IoT Components Message broker Rules engine
A secure relay between users (subscribers and publishers) Protocols: MQTT, HTTP REST interface Rules engine Rules directing data to other AWS services such as Amazon S3, Amazon DynamoDB, and AWS Lambda Thing Registry (Device Registry) Virtual devices in the cloud, corresponding to physical things Up to three custom attributes for a thing. Association of certificates and MQTT client IDs with a thing

10 AWS IoT Components (Cont’d)
Thing Shadows service Synchronization of states requested by users and at the physical devices (what if the connection is down?) Thing shadow A JSON document storing state information for a thing Device gateway Entry point for physical devices into the cloud Security and identity service Secure communication Secure storage of credentials Identification, authentication and authorization

11 Accessing AWS IoT AWS Command Line Interface (AWS CLI) AWS SDKs
Windows, Mac, and Linux Refer to he AWS Command Line Interface User Guide. AWS SDKs Build your IoT applications using language-specific APIs. Refer to AWS SDKs and Tools. AWS IoT API Libraries Refer to Actions in the AWS IoT API Reference. AWS IoT Thing SDK for C For resource-constrained things, such as rocontrollers.

12 Closely Related AWS Services
Amazon Simple Storage Service (S3) Scalable storage Refer ti Amazon S3. Amazon DynamoDB NoSQL databases. Refer to Amazon DynamoDB. Amazon Kinesis Real-time processing of streaming data. Refer to Amazon Kinesis. AWS Lambda Custom code running on Amazon EC2. Refer to AWS Lambda. Amazon Simple Notification Service (SNS) Notifications through , SMS and others. Refer to Amazon SNS.

13 Outline Introduction Device registry - thing, keys, certificate, policy Security and identity Device gateway – MQTT Rules Engine Pricing Example code with MQTT

14 AWS IoT Device Registry
Identity and Management of your things THING REGISTRY Identity and Management of your things

15 Get Started with AWS IoT and Raspberry Pi
Sign into AWS Management console from IoT Portal Create a Raspberry Pi Thing Create, download and activate Certificate and keys Create a policy Attach the thing and the policy with the certificate Create a rule (optional) Connect Raspberry Pi to AWS IoT

16 AWS IoT Device Registry - Example 1

17 AWS IoT Device Registry - Example 2

18 Outline Introduction Device registry - thing, keys, certificate, policy Security and identity Device gateway – MQTT Rules Engine Pricing Example code with MQTT

19 AWS IoT Security AUTHENTICATION AUTHENTICATION AUTHORIZATION
Secure with mutual authentication and encryption AUTHENTICATION Secure with mutual authentication and encryption

20 Securing and Identifying Things: Mutual Authentication through TLS
Server authentication Server sends its certificate. Then? Client authentication, similar to ssh certificate based authentication Server stores a client’s certificate for later identification Server performs the challenge response protocol to verify that the client has the private key

21 Security, Designed for Connected Devices
MQTT + Mutual Auth TLS AWS Auth + HTTPS Server Auth TLS + Cert Client Auth AWS Access Keys Confidentiality TLS Protocol MQTT HTTP Identification AWS ARNs Authorization AWS Policy Amazon Resource Names (ARNs)

22 Outline Introduction Device registry - thing, keys, certificate, policy Security and identity Device gateway – MQTT Rules Engine Pricing Example code with MQTT

23 Communicate with devices via MQTT and HTTP
AWS IoT Device Gateway DEVICE GATEWAY Communicate with devices via MQTT and HTTP

24 AWS IoT Device Gateway Standard Protocol Support (no lock-in):
MQTT and HTTP Publish/Subscribe Broker with Long- lived bi-directional messages Clients (Devices and Apps) can receive commands and control signals from the cloud Secure by Default Connect securely via X509 Certs and TLS client mutual authentication Highly scalable device gateway Topic Based Architecture (lights/thing-2/color)

25 AWS IoT Device Shadow APPLICATIONS THING SHADOW SHADOW
Persistent thing state during intermittent connections SHADOW Persistent thing state during intermittent connections

26 AWS IoT Shadow Flow Device SDK 1. Device Publishes Current State
3. App requests device’s current state 5. Device Shadow sync’s updated state 4. App requests change the state 6. Device Publishes Current State 7. Device Shadow confirms state change 2. Persist JSON Data Store Device SDK

27 AWS IoT Device Shadow Topics (MQTT)
Thing SDK (C-SDK, JS-SDK) makes it easy to build shadow functionality into a device so it can automatically synchronize the state with the device. Sensor Reported Desired Delta LED1 RED YELLOW LED1 = Yellow TEMP = 60F ACCEL X=1,Y=5,Z=4 TEMP 83F 60F Reserved topics (refer to topics) UPDATE: $aws/things/{thingName}/shadow/update DELTA: $aws/things/{thingName}/shadow/update/delta GET: $aws/things/{thingName}/shadow/get DELETE: $aws/things/{thingName}/shadow/delete AWS IoT Thing Shadow

28 Publish Using JSON JSON (JavaScript Object Notation)
A lightweight data-interchange format Easy for humans to read and write Easy for machines to parse and generate. A thing can send its current state to the Thing Shadows service by sending an MQTT message to the topic $aws/things/myLightBulb/shadow/update { "state": { "reported": { "color": "red" }

29 RESTful API Accessing Shadow
curl is a tool to transfer data from or to a server, using one of the supported protocols including HTTP and HTTPS Delete all data from a thing shadow by setting its state to null curl -H "Content-Type: application/json" -X POST -d '{"state":null}' -k --cert ./a5aedfc048-certificate.pem.crt --key ./a5aedfc048-private.pem.key sensor/shadow curl -H "Content-Type: application/json" -X POST -d '{"state":{"desired":{"motion":"0","time":"hello"}}}' -k --cert ./a5aedfc048- certificate.pem.crt --key ./a5aedfc048-private.pem.key " sensor/shadow" curl -H "Content-Type: application/json" -X POST -d '{"state":{"reported":{"motion":"0","time":"hello"}}}' -k --cert ./a5aedfc048- certificate.pem.crt --key ./a5aedfc048-private.pem.key sensor/shadow

30 Outline Introduction Device registry - thing, keys, certificate, policy Security and identity Device gateway – MQTT Rules Engine Pricing Example code with MQTT

31 Transform messages based on rules and route to AWS Services
AWS IoT Rules Engine RULES ENGINE Transform messages based on rules and route to AWS Services

32 AWS IoT Rules Engine Basics
Name Description SQL Statement Array of Actions SELECT * FROM ‘things/thing-2/color’ WHERE color = ‘red’

33 AWS IoT Rules Engine Actions
AWS Services 3rd Party Services AWS Services 3P Services RULES ENGINE Transform messages based on rules and route to AWS Services

34 Rules - SNS

35 Rule - DynamoDB AWS IoT Sql Reference

36 Outline Introduction Device registry - thing, keys, certificate, policy Security and identity Device gateway – MQTT Rules Engine Pricing Example code with MQTT

37 Pricing - Pay as You Go Free Tier No minimum
$5 per million messages published to, or delivered in US East (N. Virginia), US West (Oregon), EU (Ireland) $8 per million in Asia Pacific (Tokyo) No fees for Rules, Shadows, Deliveries to other AWS Services Free Tier 250,000 Messages Per Month Free for first 12 Months

38 Outline Introduction Device registry - thing, keys, certificate, policy Security and identity Device gateway – MQTT Rules Engine Pricing Example code with MQTT

39 Example code: publish motion sensor data to AWS IoT

40

41 References AWS IoT developer guide, 2016
Onur ŞALK, Amazon Web Services IoT, November 02, 2015 Get Started with AWS IoT and Raspberry Pi, Oct. 18, 2015 ‪AWS January 2016 Webinar Series - Getting Started with AWS IoT‬, Jan 26, 2016 AWS Identity and Access Management User Guide, 2016 paho-mqtt 1.1, 2016 Introducing JSON, 2016

Download ppt "IoT Security and Privacy"

Similar presentations

© 2010 VMware Inc. All rights reserved Amazon Web Services.

© 2010 VMware Inc. All rights reserved Amazon Web Services.
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
Nikolay Tomitov Technical Trainer SoftAcad.bg.  What are Amazon Web services (AWS) ?  What’s cool when developing with AWS ?  Architecture of AWS 

Nikolay Tomitov Technical Trainer SoftAcad.bg.  What are Amazon Web services (AWS) ?  What’s cool when developing with AWS ?  Architecture of AWS 
Amazon EC2 Quick Start adapted from EC2_GetStarted.html.

Amazon EC2 Quick Start adapted from EC2_GetStarted.html.
Bizfss File Sync and Sharing Solution, Built on Microsoft Azure, Allows Businesses to Sync, Share, Back Up Using Their Own Cloud Storage MICROSOFT AZURE.

Bizfss File Sync and Sharing Solution, Built on Microsoft Azure, Allows Businesses to Sync, Share, Back Up Using Their Own Cloud Storage MICROSOFT AZURE.
Securely Synchronize and Share Enterprise Files across Desktops, Web, and Mobile with EasiShare on the Powerful Microsoft Azure Cloud Platform MICROSOFT.

Securely Synchronize and Share Enterprise Files across Desktops, Web, and Mobile with EasiShare on the Powerful Microsoft Azure Cloud Platform MICROSOFT.
Mailjet and Microsoft Azure Offer All-in-One Email Infrastructure and Deliverability while Saving IT and Enterprise Time and Money with Scalability MICROSOFT.

Mailjet and Microsoft Azure Offer All-in-One Infrastructure and Deliverability while Saving IT and Enterprise Time and Money with Scalability MICROSOFT.
Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.

Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.
Smart Syncing: Travelers Get News, Information, and Entertainment along with Free Internet via WiFi COMPANY PROFILE: SIENN With a team across Europe, SIENN.

Smart Syncing: Travelers Get News, Information, and Entertainment along with Free Internet via WiFi COMPANY PROFILE: SIENN With a team across Europe, SIENN.
Deploying Docker Datacenter on AWS © 2016, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Deploying Docker Datacenter on AWS © 2016, Amazon Web Services, Inc. or its affiliates. All rights reserved.
ShepHertz App42 Platform on Microsoft Azure Offers an Omnichannel Platform for Complete Digitization and Marketing Solution for Enterprises MICROSOFT AZURE.

ShepHertz App42 Platform on Microsoft Azure Offers an Omnichannel Platform for Complete Digitization and Marketing Solution for Enterprises MICROSOFT AZURE.
By:- Punith Sharma Ashwath D S Adithya S Srimatha B V

By:- Punith Sharma Ashwath D S Adithya S Srimatha B V
Mobile Application Solution

Mobile Application Solution
Connected Infrastructure

Connected Infrastructure
Microservice Bus Tutorial Huabing Zhao

Microservice Bus Tutorial Huabing Zhao
AWS Simple Icons v AWS Simple Icons: Usage Guidelines

AWS Simple Icons v AWS Simple Icons: Usage Guidelines
AuraPortal Cloud Helps Empower Organizations to Organize and Control Their Business Processes via Applications on the Microsoft Azure Cloud Platform MICROSOFT.

AuraPortal Cloud Helps Empower Organizations to Organize and Control Their Business Processes via Applications on the Microsoft Azure Cloud Platform MICROSOFT.
Univa Grid Engine Makes Work Management Automatic and Efficient, Accelerates Deployment of Cloud Services with Power of Microsoft Azure MICROSOFT AZURE.

Univa Grid Engine Makes Work Management Automatic and Efficient, Accelerates Deployment of Cloud Services with Power of Microsoft Azure MICROSOFT AZURE.
Amazon Web Services (aws)

Amazon Web Services (aws)
Connected Living Connected Living What to look for Architecture

Connected Living Connected Living What to look for Architecture

Similar presentations

Ads by Google