SlideShare uma empresa Scribd logo

February 2016 Webinar Series - Best Practices for IoT Security in the Cloud

Transferir como PPTX, PDF
Amazon Web Services
Amazon Web Services

AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. This webinar will introduce the best practices for IoT Security in the cloud and the access control mechanisms used by AWS IoT. These mechanisms can be used to not only securely build and provision devices, but also to integrate devices with other AWS services. This allows you to build interesting, meaningful applications while owning little to no infrastructure. Learning Objectives: Common Internet of Things security issues AWS IoT Security and Access Control Mechanisms Build secure interactions with the AWS Cloud Who Should Attend: Developers, makers

Tecnologia
1 de 90
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. John Burry, AWS Principal Solutions Architect February 25, 2016 Best Practices for IoT Security in the Cloud
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS IoT Security
All things around us are getting connected
All things around us are getting connected
Things will proliferate 2013 2015 2020 Vertical Industry Generic Industry Consumer Automotive Many Some Lots
Connected ≠ Smart Internet 1985 IoT 2015 Gopher HTTP FTP MQTT NNTP CoAP Telnet XMPP Archie AQMP
In reality, it is even more complex Layer Standards Application HTTP, MQTT, AMQP, CoAP, XMPP Network IPv4, IPv6, 6LoWPAN, ZigBee, Z-Wave, Insteon Physical Ethernet, CAN, USB, 802.11, Bluetooth, 802.15.4, SPI
A Simple Goal
But my data isn’t sensitive!
Why do IoT at all? Changes happen in the real world!
The Risk Changes happen in the real world! Bad
The Risk Changes happen in the real world! Bad
Requirements Secure Communications with Things Strong Thing Identity Fine-grained Authorization for: Thing Management Pub/Sub Data Access AWS Service Access
The System DynamoDB LambdaKinesis
The System DynamoDB LambdaKinesis
The System DynamoDB LambdaKinesis
The System DynamoDB LambdaKinesis
Requirements Secure Communications with Things Strong Thing Identity Fine-grained Authorization for: Thing Management Pub/Sub Data Access AWS Service Access
Network Traffic Is Complex 04:07:18.045065 IP 85.119.83.194.1883 > 10.0.0.67.51210: Flags [P.], seq 1586864891:1586864913, ack 820274045, win 227, options [nop,nop,TS val 2390025928 ecr 577393885], length 22 0x0000: 4500 004a 3694 4000 2d06 639e 5577 53c2 0x0010: 0a00 0043 075b c80a 5e95 a2fb 30e4 637d 0x0020: 8018 00e3 66cd 0000 0101 080a 8e74 e6c8 0x0030: 226a 54dd 3214 0007 666f 6f2f 6261 7200 0x0040: 0454 656d 703a 2038 3346
Network Tools Are Up To It MQ Telemetry Transport Protocol Publish Message 0011 0010 = Header Flags: 0x32 (Publish Message) 0011 .... = Message Type: Publish Message (3) .... 0... = DUP Flag: Not set .... .01. = QOS Level: Acknowledged deliver (1) .... ...0 = Retain: Not set Msg Len: 20 Topic: foo/bar Message Identifier: 1 Message: Temp: 83F
Mutual Auth TLS
Mutual Auth TLS
Mutual Auth TLS
Talking to Non-Things DynamoDB LambdaKinesis
AWS Auth + TLS
One Service, Two Protocols MQTT + Mutual Auth TLS AWS Auth + HTTPS Server Auth TLS + Cert TLS + Cert Client Auth TLS + Cert AWS API Keys Confidentiality TLS TLS Protocol MQTT HTTP
Requirements Secure Communications with Things Strong Thing Identity Fine-grained Authorization for: Thing Management Pub/Sub Data Access AWS Service Access
Back To Certs and Keys
AWS-Generated Keypair
AWS-Generated Keypair
AWS-Generated Keypair
Actual Commands $ aws iot create-keys-and-certificate --set-as-active { "certificateArn": "arn:aws:iot:us-east-1:123456972007:cert/d7677b0…SNIP…026d9", "certificatePem": "-----BEGIN CERTIFICATE-----…SNIP…-----END CERTIFICATE-----", "keyPair": { "PublicKey": "-----BEGIN PUBLIC KEY-----…SNIP…-----END PUBLIC KEY-----", "PrivateKey": "-----BEGIN RSA PRIVATE KEY-----…SNIP…-----END RSA PRIVATE KEY-----" }, "certificateId": "d7677b0…SNIP…026d9" }
AWS-Generated Keypair
Client Generated Keypair CSR
Certificate Signing Request Dear Certificate Authority, I’d really like a certificate for %NAME%, as identified by the keypair with public key %PUB_KEY%. If you could sign a certificate for me with those parameters, it’d be super spiffy. Signed (Cryptographically), - The holder of the private key
Client Generated Keypair CSR
Client Generated Keypair CSR
Client Generated Keypair CSR
Client Generated Keypair
Client Generated Keypair
Client Generated Keypair
Actual Commands $ openssl genrsa –out ThingKeypair.pem 2048 Generating RSA private key, 2048 bit long modulus ....+++ ...+++ e is 65537 (0x10001) $ openssl req -new –key ThingKeypair.pem –out Thing.csr ----- Country Name (2 letter code) [XX]:US State or Province Name (full name) []:NY Locality Name (eg, city) [Default City]:New York Organization Name (eg, company) [Default Company Ltd]:ACME Organizational Unit Name (eg, section) []:Makers Common Name (eg, your name or your server's hostname) []:John Smith Email Address []:jsmith@acme.com
Actual Commands $ aws iot create-certificate-from-csr --certificate-signing-request file://Thing.csr --set-as-active { "certificateArn": "arn:aws:iot:us-east-1:123456972007:cert/b5a396e…SNIP…400877b", "certificatePem": "-----BEGIN CERTIFICATE-----…SNIP…-----END CERTIFICATE-----", "certificateId": "b5a396e…SNIP…400877b" }
Private Key Protection – Test & Dev $ openssl genrsa -out ThingKeypair.pem 2048 Generating RSA private key, 2048 bit long modulus ......................+++ .................................+++ e is 65537 (0x10001) $ ls -l ThingKeypair.pem -rw-rw-r-- 1 ec2-user ec2-user 1679 Sep 25 14:10 ThingKeypair.pem $ chmod 400 ThingKeypair.pem ; ls -l ThingKeypair.pem -r-------- 1 ec2-user ec2-user 1679 Sep 25 14:10 ThingKeypair.pem
Private Key Protection – Software Threats chroot SELinux OTP Fuses
Private Key Protection – Hardware Threats TPMs Smartcards Locks and Boxes FIPS-style hardware
Identity Revocation $ aws iot list-certificates { "certificateDescriptions": [ { "certificateArn": "arn:aws:iot:us-east-1:123456972007:cert/d7677b0…SNIP…026d9", "status": "ACTIVE", "certificateId": "d7677b0…SNIP…026d9" "lastModifiedDate": 1443070900.491, "certificatePem": "-----BEGIN CERTIFICATE-----…SNIP…-----END CERTIFICATE-----", "ownedBy": "123456972007", "creationDate": 1443070900.491 } ] }
Identity Revocation $ aws iot update-certificate --certificate-id "d7677b0…SNIP…026d9" --new-status REVOKED $ aws iot list-certificates { "certificateDescriptions": [ { "certificateArn": "arn:aws:iot:us-east-1:123456972007:cert/d7677b0…SNIP…026d9", "status": "REVOKED", "certificateId": "d7677b0…SNIP…026d9" "lastModifiedDate": 1443192020.792, "certificatePem": "-----BEGIN CERTIFICATE-----…SNIP…-----END CERTIFICATE-----", "ownedBy": "123456972007", "creationDate": 1443070900.491 } ] }
Requirements Secure Communications with Things Strong Thing Identity Fine-grained Authorization for: Thing Management Pub/Sub Data Access AWS Service Access
Managing Things DynamoDB LambdaKinesis
Managing Things DynamoDB LambdaKinesis { "Version": "2012-10-17", "Statement": [ { "Sid": ”ManageCerts", "Action": [ "iot:CreateCertificateAndKeys", "iot:CreateCertificateFromCsr", "iot:DescribeCertificate", "iot:UpdateCertificate", "iot:DeleteCertificate", "iot:ListCertificates” ], "Effect": "Allow", "Resource": "*" } ] }
Managing Things DynamoDB LambdaKinesis { "Version": "2012-10-17", "Statement": [ { "Sid": "RevokeOneThing", "Action": [ "iot:UpdateCertificate" ], "Effect": "Allow", "Resource": "arn:aws:iot:us-east-1:123456972007:cert/d7677b0…SNIP…026d9", "Condition": { "IpAddress": { "aws:SourceIp": "192.168.42.54" } } } ] }
Identity Federation DynamoDB LambdaKinesis
Requirements Secure Communications with Things Strong Thing Identity Fine-grained Authorization for: Thing Management Pub/Sub Data Access AWS Service Access
Data Access Control – AWS APIs DynamoDB LambdaKinesis
Data Access Control – AWS APIs DynamoDB LambdaKinesis { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "iot:Connect" ], "Resource":"*" }, { "Effect":"Allow", "Action":[ "iot:GetThingShadow" ], "Resource":[ "arn:aws:iot:us-east-1:123456972007:thing/MyThing"] }, { "Effect":"Allow", "Action":[ "iot:Publish" ], "Resource":[ "arn:aws:iot:us-east-1:123456972007: topic/$aws/things/MyThing/shadow/update"] } ] }
Mobile Users as Things DynamoDB LambdaKinesis
Mobile Users as Things DynamoDB LambdaKinesis { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "iot:Connect" ], "Resource":"*" }, { "Effect":"Allow", "Action":[ "iot:GetThingShadow" ], "Resource":[ "arn:aws:iot:us-east-1:123456972007: thing/${cognito-identity.amazonaws.com:aud}"] }, { "Effect":"Allow", "Action":[ "iot:Publish" ], "Resource":[ "arn:aws:iot:us-east-1:123456972007:topic/$aws/things/ ${cognito-identity.amazonaws.com:aud}/shadow/update"] } ] }
Data Access Control - MQTT DynamoDB LambdaKinesis
Data Access Control - MQTT DynamoDB LambdaKinesis { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "iot:Connect" ], "Resource":"*" }, { "Effect":"Allow", "Action":[ "iot:Publish" ], "Resource":[ "arn:aws:iot:us-east-1:123456972007: topic/$aws/things/MyThing/shadow/update"] }, { "Effect":"Allow", "Action":[ "iot:Subscribe", "iot:Receive" ], "Resource":[ "arn:aws:iot:us-east-1:123456972007: topicfilter/$aws/things/MyThing/shadow/*" ] } ] }
Actual Commands $ cat MyThingPolicy.json { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "iot:Connect" ], "Resource":"*" }, { "Effect":"Allow", "Action":[ "iot:Publish" ], "Resource":["arn:aws:iot:us-east-1:123456972007: topic/$aws/things/MyThing/shadow/update"] }, { "Effect":"Allow", "Action":[ "iot:Subscribe", "iot:Receive" ], "Resource":["arn:aws:iot:us-east-1:123456972007: topicfilter/$aws/things/MyThing/shadow/*" ] } ] }
Actual Commands $ aws iot create-policy --policy-name MyThingPolicy --policy-document file://MyThingPolicy.json { "policyName": "MyThingPolicy", "policyArn": "arn:aws:iot:us-east-1:123456972007:policy/MyThingPolicy", "policyDocument": "...SNIP...", "policyVersionId": "1" } $ aws iot attach-principal-policy --principal "arn:aws:iot:us-east-1:123456972007:cert/b5a396e…SNIP…400877b” --policy-name "MyThingPolicy"
Protocol Convergence MQTT + Mutual Auth TLS AWS Auth + HTTPS Server Auth TLS + Cert TLS + Cert Client Auth TLS + Cert AWS API Keys Confidentiality TLS TLS Protocol MQTT HTTP Identification AWS ARNs AWS ARNs Authorization AWS Policy AWS Policy
Requirements Secure Communications with Things Strong Thing Identity Fine-grained Authorization for: Thing Management Pub/Sub Data Access AWS Service Access
Rules and Services DynamoDB LambdaKinesis
Actual Commands $ cat ThingRoleTrustPolicy.json { "Version":"2012-10-17", "Statement":[ { "Sid":"", "Effect":"Allow", "Principal":{ "Service":"iot.amazonaws.com" }, "Action":"sts:AssumeRole" } ] }
Actual Commands $ aws iam create-role --role-name thing-actions-role --assume-role-policy-document file://ThingRoleTrustPolicy.json { "Role": { "AssumeRolePolicyDocument": …SNIP… "RoleId": "AROAIQ4HBGG7V7F27E32K", "CreateDate": "2015-09-27T16:29:56.438Z", "RoleName": "thing-actions-role", "Path": "/", "Arn": "arn:aws:iam::123456972007:role/thing-actions-role" } }
Actual Commands $ cat ThingRolePolicy.json { "Version": "2012-10-17", "Statement": [ { "Sid": "DDBAccess", "Action": [ "dynamodb:PutItem", "dynamodb:UpdateItem" ], "Effect": "Allow", "Resource": "arn:aws:dynamodb:us-east-1:123456972007:table/MyThingTable" }, ] }
Actual Commands $ aws iam create-policy --policy-name thing-role-policy --policy-document file://ThingRolePolicy.json { "Policy": { "PolicyName": "thing-role-policy", "CreateDate": "2015-09-27T16:32:17.998Z", "AttachmentCount": 0, "IsAttachable": true, "PolicyId": "ANPAINCEAOD5EEXOLZWAI", "DefaultVersionId": "v1", "Path": "/", "Arn": "arn:aws:iam::123456972007:policy/thing-role-policy", "UpdateDate": "2015-09-27T16:32:17.998Z" } } $ aws iam attach-role-policy --role-name "thing-actions-role" --policy-arn "arn:aws:iam::123456972007:policy/thing-role-policy"
Building AWS Things
Industrial Example Manufacturer End UserVendor Key Pair Certificate App
Key Pair Certificate App Industrial Example Manufacturer End UserVendor
Industrial Example Key Pair Certificate App Manufacturer End UserVendor
Industrial Example Key Pair Certificate App Manufacturer End UserVendor
Consumer Example
Consumer Example Key Pair Certificate App Manufacturer Vendor
Consumer Example Key Pair Certificate App Manufacturer Vendor
Consumer Example Key Pair Certificate App Manufacturer End UserVendor
Claiming a Thing service.awsthermostat.com
Claiming a Thing service.awsthermostat.com
Claiming a Thing service.awsthermostat.com
Claiming a Thing service.awsthermostat.com
Claiming a Thing service.awsthermostat.com { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "iot:Connect" ], "Resource":"*" }, { "Effect":"Allow", "Action":[ "iot:Publish" ], "Resource":[ "arn:aws:iot:us-east-1:123456972007:topic/$aws/things /%COGNITO_ID%/shadow/update" ] }, "Effect:"Allow", "Action":[ "iot:Subscribe", "iot:Receive" ], "Resource":[ "arn:aws:iot:us-east-1:123456972007:topicfilter/$aws /things/%COGNITO_ID%/shadow/*" ] } ] }
Using a Thing { "Version": "2012-10-17", "Statement": [{ "Effect":"Allow", "Action":[ "iot:Connect" ], "Resource":"*" }, { "Effect": "Allow", "Action": [ "iot:Publish" ], "Resource": [ "arn:aws:iot:us-east-1:123456972007: topic/$aws/things/${cognito-identity.amazonaws.com:aud}/shadow/update" ] }, { "Effect": "Allow", "Action": [ "iot:Subscribe", "iot:Receive" ], "Resource": [ "arn:aws:iot:us-east-1:123456972007: topicfilter/$aws/things/${cognito-identity.amazonaws.com:aud}/shadow/*" ] }] }
Consumer Example Key Pair Certificate App Manufacturer End UserVendor
Requirements Secure Communications with Things Strong Thing Identity Fine-grained Authorization for: Thing Management Pub/Sub Data Access AWS Service Access
Two Secure Protocols
Bootstrapping Identity CSR
Flexible, Consistent Access Control DynamoDB LambdaKinesis
Thank you!

Recomendados

(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
Amazon Web Services
 
Deep Dive on AWS IoT
Deep Dive on AWS IoTDeep Dive on AWS IoT
Deep Dive on AWS IoT
Amazon Web Services
 
AWS January 2016 Webinar Series - Getting Started with AWS IoT
AWS January 2016 Webinar Series - Getting Started with AWS IoTAWS January 2016 Webinar Series - Getting Started with AWS IoT
AWS January 2016 Webinar Series - Getting Started with AWS IoT
Amazon Web Services
 
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
Amazon Web Services
 
Amazon AWS IoT 利用 AWS IoT 開發智慧家居解決方案
Amazon AWS IoT 利用 AWS IoT 開發智慧家居解決方案Amazon AWS IoT 利用 AWS IoT 開發智慧家居解決方案
Amazon AWS IoT 利用 AWS IoT 開發智慧家居解決方案
CAVEDU Education
 
(MBL313) NEW! AWS IoT: Understanding Hardware Kits, SDKs, & Protocols
(MBL313) NEW! AWS IoT: Understanding Hardware Kits, SDKs, & Protocols(MBL313) NEW! AWS IoT: Understanding Hardware Kits, SDKs, & Protocols
(MBL313) NEW! AWS IoT: Understanding Hardware Kits, SDKs, & Protocols
Amazon Web Services
 
AWS IoT introduction
AWS IoT introductionAWS IoT introduction
AWS IoT introduction
承翰 蔡
 
Deep Dive: AWS IOT
Deep Dive: AWS IOTDeep Dive: AWS IOT
Deep Dive: AWS IOT
Amazon Web Services
 

Recomendados

(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
Amazon Web Services
 
Deep Dive on AWS IoT
Deep Dive on AWS IoTDeep Dive on AWS IoT
Deep Dive on AWS IoT
Amazon Web Services
 
AWS January 2016 Webinar Series - Getting Started with AWS IoT
AWS January 2016 Webinar Series - Getting Started with AWS IoTAWS January 2016 Webinar Series - Getting Started with AWS IoT
AWS January 2016 Webinar Series - Getting Started with AWS IoT
Amazon Web Services
 
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
Amazon Web Services
 
Amazon AWS IoT 利用 AWS IoT 開發智慧家居解決方案
Amazon AWS IoT 利用 AWS IoT 開發智慧家居解決方案Amazon AWS IoT 利用 AWS IoT 開發智慧家居解決方案
Amazon AWS IoT 利用 AWS IoT 開發智慧家居解決方案
CAVEDU Education
 
(MBL313) NEW! AWS IoT: Understanding Hardware Kits, SDKs, & Protocols
(MBL313) NEW! AWS IoT: Understanding Hardware Kits, SDKs, & Protocols(MBL313) NEW! AWS IoT: Understanding Hardware Kits, SDKs, & Protocols
(MBL313) NEW! AWS IoT: Understanding Hardware Kits, SDKs, & Protocols
Amazon Web Services
 
AWS IoT introduction
AWS IoT introductionAWS IoT introduction
AWS IoT introduction
承翰 蔡
 
Deep Dive: AWS IOT
Deep Dive: AWS IOTDeep Dive: AWS IOT
Deep Dive: AWS IOT
Amazon Web Services
 
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
Amazon Web Services Korea
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
Amazon Web Services
 
Introduction to AWS IoT
Introduction to AWS IoTIntroduction to AWS IoT
Introduction to AWS IoT
Amazon Web Services
 
AWS October Webinar Series - Getting Started with AWS IoT
AWS October Webinar Series - Getting Started with AWS IoTAWS October Webinar Series - Getting Started with AWS IoT
AWS October Webinar Series - Getting Started with AWS IoT
Amazon Web Services
 
Advanced AWS Security Workshop
Advanced AWS Security WorkshopAdvanced AWS Security Workshop
Advanced AWS Security Workshop
Amazon Web Services
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
Amazon Web Services
 
AWS Re:Invent - Securing HIPAA Compliant Apps in AWS
AWS Re:Invent - Securing HIPAA Compliant Apps in AWSAWS Re:Invent - Securing HIPAA Compliant Apps in AWS
AWS Re:Invent - Securing HIPAA Compliant Apps in AWS
Control Group
 
AWS IoT Webinar
AWS IoT WebinarAWS IoT Webinar
AWS IoT Webinar
Amazon Web Services
 
Srv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTSrv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoT
Amazon Web Services
 
IoT Apps with AWS IoT and Websockets
IoT Apps with AWS IoT and Websockets IoT Apps with AWS IoT and Websockets
IoT Apps with AWS IoT and Websockets
Amazon Web Services
 
Hands-on with AWS IoT (November 2016)
Hands-on with AWS IoT (November 2016)Hands-on with AWS IoT (November 2016)
Hands-on with AWS IoT (November 2016)
Julien SIMON
 
Ubiquitous Encryption on AWS - Level 300
Ubiquitous Encryption on AWS - Level 300Ubiquitous Encryption on AWS - Level 300
Ubiquitous Encryption on AWS - Level 300
Amazon Web Services
 
Rackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSRackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWS
Amazon Web Services
 
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013
Jay Zarfoss
 
Moving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaMoving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit Atlanta
Chris Farris
 
Reply Webinar Online - Mastering AWS - IoT Foundations
Reply Webinar Online - Mastering AWS - IoT FoundationsReply Webinar Online - Mastering AWS - IoT Foundations
Reply Webinar Online - Mastering AWS - IoT Foundations
Andrea Mercanti
 
Connecting to AWS IoT
Connecting to AWS IoTConnecting to AWS IoT
Connecting to AWS IoT
Amazon Web Services
 
Deep Dive on AWS IoT Core
Deep Dive on AWS IoT CoreDeep Dive on AWS IoT Core
Deep Dive on AWS IoT Core
Amazon Web Services
 
Internet of Things on AWS
Internet of Things on AWSInternet of Things on AWS
Internet of Things on AWS
Amazon Web Services
 
iNTRODUCTION TO AWS IOT
iNTRODUCTION TO AWS IOTiNTRODUCTION TO AWS IOT
iNTRODUCTION TO AWS IOT
Amazon Web Services
 
Best Practices of IoT Security in the Cloud
Best Practices of IoT Security in the CloudBest Practices of IoT Security in the Cloud
Best Practices of IoT Security in the Cloud
Amazon Web Services
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
Amazon Web Services
 

Mais conteúdo relacionado

Mais procurados

Rackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSRackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWS
Amazon Web Services
 
Deep Dive on AWS IoT Core
Deep Dive on AWS IoT CoreDeep Dive on AWS IoT Core
Deep Dive on AWS IoT Core
Amazon Web Services
 

Mais procurados (20)

AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
 
Introduction to AWS IoT
Introduction to AWS IoTIntroduction to AWS IoT
Introduction to AWS IoT
 
AWS October Webinar Series - Getting Started with AWS IoT
AWS October Webinar Series - Getting Started with AWS IoTAWS October Webinar Series - Getting Started with AWS IoT
AWS October Webinar Series - Getting Started with AWS IoT
 
Advanced AWS Security Workshop
Advanced AWS Security WorkshopAdvanced AWS Security Workshop
Advanced AWS Security Workshop
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
 
AWS Re:Invent - Securing HIPAA Compliant Apps in AWS
AWS Re:Invent - Securing HIPAA Compliant Apps in AWSAWS Re:Invent - Securing HIPAA Compliant Apps in AWS
AWS Re:Invent - Securing HIPAA Compliant Apps in AWS
 
AWS IoT Webinar
AWS IoT WebinarAWS IoT Webinar
AWS IoT Webinar
 
Srv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTSrv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoT
 
IoT Apps with AWS IoT and Websockets
IoT Apps with AWS IoT and Websockets IoT Apps with AWS IoT and Websockets
IoT Apps with AWS IoT and Websockets
 
Hands-on with AWS IoT (November 2016)
Hands-on with AWS IoT (November 2016)Hands-on with AWS IoT (November 2016)
Hands-on with AWS IoT (November 2016)
 
Ubiquitous Encryption on AWS - Level 300
Ubiquitous Encryption on AWS - Level 300Ubiquitous Encryption on AWS - Level 300
Ubiquitous Encryption on AWS - Level 300
 
Rackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSRackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWS
 
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013
 
Moving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaMoving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit Atlanta
 
Reply Webinar Online - Mastering AWS - IoT Foundations
Reply Webinar Online - Mastering AWS - IoT FoundationsReply Webinar Online - Mastering AWS - IoT Foundations
Reply Webinar Online - Mastering AWS - IoT Foundations
 
Connecting to AWS IoT
Connecting to AWS IoTConnecting to AWS IoT
Connecting to AWS IoT
 
Deep Dive on AWS IoT Core
Deep Dive on AWS IoT CoreDeep Dive on AWS IoT Core
Deep Dive on AWS IoT Core
 
Internet of Things on AWS
Internet of Things on AWSInternet of Things on AWS
Internet of Things on AWS
 
iNTRODUCTION TO AWS IOT
iNTRODUCTION TO AWS IOTiNTRODUCTION TO AWS IOT
iNTRODUCTION TO AWS IOT
 

Semelhante a February 2016 Webinar Series - Best Practices for IoT Security in the Cloud

AWS IoT Deep Dive - AWS IoT Web Day
AWS IoT Deep Dive - AWS IoT Web DayAWS IoT Deep Dive - AWS IoT Web Day
AWS IoT Deep Dive - AWS IoT Web Day
AWS Germany
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
Julien Vermillard
 
서버리스 IoT 백엔드 개발 및 구현 사례 : 윤석찬 (AWS 테크에반젤리스트)
서버리스 IoT 백엔드 개발 및 구현 사례 : 윤석찬 (AWS 테크에반젤리스트)서버리스 IoT 백엔드 개발 및 구현 사례 : 윤석찬 (AWS 테크에반젤리스트)
서버리스 IoT 백엔드 개발 및 구현 사례 : 윤석찬 (AWS 테크에반젤리스트)
Amazon Web Services Korea
 
(MBL205) New! Everything You Want to Know About AWS IoT
(MBL205) New! Everything You Want to Know About AWS IoT(MBL205) New! Everything You Want to Know About AWS IoT
(MBL205) New! Everything You Want to Know About AWS IoT
Amazon Web Services
 
Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)
Netwax Lab
 
Introducing AWS IoT - Interfacing with the Physical World - Technical 101
Introducing AWS IoT - Interfacing with the Physical World - Technical 101Introducing AWS IoT - Interfacing with the Physical World - Technical 101
Introducing AWS IoT - Interfacing with the Physical World - Technical 101
Amazon Web Services
 

Semelhante a February 2016 Webinar Series - Best Practices for IoT Security in the Cloud (20)

Best Practices of IoT Security in the Cloud
Best Practices of IoT Security in the CloudBest Practices of IoT Security in the Cloud
Best Practices of IoT Security in the Cloud
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
 
Best Practices of IoT in the Cloud
Best Practices of IoT in the CloudBest Practices of IoT in the Cloud
Best Practices of IoT in the Cloud
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
 
Reply Webinar Online - Mastering AWS - IoT Advanced
Reply Webinar Online - Mastering AWS - IoT AdvancedReply Webinar Online - Mastering AWS - IoT Advanced
Reply Webinar Online - Mastering AWS - IoT Advanced
 
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
 
AWS IoT Deep Dive - AWS IoT Web Day
AWS IoT Deep Dive - AWS IoT Web DayAWS IoT Deep Dive - AWS IoT Web Day
AWS IoT Deep Dive - AWS IoT Web Day
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
 
AWS Innovate: Building an Internet Connected Camera with AWS IoT- Tim Cruse
AWS Innovate: Building an Internet Connected Camera with AWS IoT- Tim CruseAWS Innovate: Building an Internet Connected Camera with AWS IoT- Tim Cruse
AWS Innovate: Building an Internet Connected Camera with AWS IoT- Tim Cruse
 
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech TalksEssential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
 
서버리스 IoT 백엔드 개발 및 구현 사례 : 윤석찬 (AWS 테크에반젤리스트)
서버리스 IoT 백엔드 개발 및 구현 사례 : 윤석찬 (AWS 테크에반젤리스트)서버리스 IoT 백엔드 개발 및 구현 사례 : 윤석찬 (AWS 테크에반젤리스트)
서버리스 IoT 백엔드 개발 및 구현 사례 : 윤석찬 (AWS 테크에반젤리스트)
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
 
Best Practices with IoT Security - February Online Tech Talks
Best Practices with IoT Security - February Online Tech TalksBest Practices with IoT Security - February Online Tech Talks
Best Practices with IoT Security - February Online Tech Talks
 
A Cloud Security Ghost Story Craig Balding
A Cloud Security Ghost Story Craig BaldingA Cloud Security Ghost Story Craig Balding
A Cloud Security Ghost Story Craig Balding
 
(MBL205) New! Everything You Want to Know About AWS IoT
(MBL205) New! Everything You Want to Know About AWS IoT(MBL205) New! Everything You Want to Know About AWS IoT
(MBL205) New! Everything You Want to Know About AWS IoT
 
Essential Capabilities of an IoT Cloud Platform - April 2017 AWS Online Tech ...
Essential Capabilities of an IoT Cloud Platform - April 2017 AWS Online Tech ...Essential Capabilities of an IoT Cloud Platform - April 2017 AWS Online Tech ...
Essential Capabilities of an IoT Cloud Platform - April 2017 AWS Online Tech ...
 
以Device Shadows與Rules Engine串聯實體世界
以Device Shadows與Rules Engine串聯實體世界以Device Shadows與Rules Engine串聯實體世界
以Device Shadows與Rules Engine串聯實體世界
 
Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)
 
Introducing AWS IoT - Interfacing with the Physical World - Technical 101
Introducing AWS IoT - Interfacing with the Physical World - Technical 101Introducing AWS IoT - Interfacing with the Physical World - Technical 101
Introducing AWS IoT - Interfacing with the Physical World - Technical 101
 
The Lifecycle of an AWS IoT Thing
The Lifecycle of an AWS IoT ThingThe Lifecycle of an AWS IoT Thing
The Lifecycle of an AWS IoT Thing
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Último

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Último (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

February 2016 Webinar Series - Best Practices for IoT Security in the Cloud

  • 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. John Burry, AWS Principal Solutions Architect February 25, 2016 Best Practices for IoT Security in the Cloud
  • 2. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS IoT Security
  • 3. All things around us are getting connected
  • 4. All things around us are getting connected
  • 5. Things will proliferate 2013 2015 2020 Vertical Industry Generic Industry Consumer Automotive Many Some Lots
  • 6. Connected ≠ Smart Internet 1985 IoT 2015 Gopher HTTP FTP MQTT NNTP CoAP Telnet XMPP Archie AQMP
  • 7. In reality, it is even more complex Layer Standards Application HTTP, MQTT, AMQP, CoAP, XMPP Network IPv4, IPv6, 6LoWPAN, ZigBee, Z-Wave, Insteon Physical Ethernet, CAN, USB, 802.11, Bluetooth, 802.15.4, SPI
  • 9. But my data isn’t sensitive!
  • 10. Why do IoT at all? Changes happen in the real world!
  • 13. Requirements Secure Communications with Things Strong Thing Identity Fine-grained Authorization for: Thing Management Pub/Sub Data Access AWS Service Access
  • 18. Requirements Secure Communications with Things Strong Thing Identity Fine-grained Authorization for: Thing Management Pub/Sub Data Access AWS Service Access
  • 19. Network Traffic Is Complex 04:07:18.045065 IP 85.119.83.194.1883 > 10.0.0.67.51210: Flags [P.], seq 1586864891:1586864913, ack 820274045, win 227, options [nop,nop,TS val 2390025928 ecr 577393885], length 22 0x0000: 4500 004a 3694 4000 2d06 639e 5577 53c2 0x0010: 0a00 0043 075b c80a 5e95 a2fb 30e4 637d 0x0020: 8018 00e3 66cd 0000 0101 080a 8e74 e6c8 0x0030: 226a 54dd 3214 0007 666f 6f2f 6261 7200 0x0040: 0454 656d 703a 2038 3346
  • 20. Network Tools Are Up To It MQ Telemetry Transport Protocol Publish Message 0011 0010 = Header Flags: 0x32 (Publish Message) 0011 .... = Message Type: Publish Message (3) .... 0... = DUP Flag: Not set .... .01. = QOS Level: Acknowledged deliver (1) .... ...0 = Retain: Not set Msg Len: 20 Topic: foo/bar Message Identifier: 1 Message: Temp: 83F
  • 25. AWS Auth + TLS
  • 26. One Service, Two Protocols MQTT + Mutual Auth TLS AWS Auth + HTTPS Server Auth TLS + Cert TLS + Cert Client Auth TLS + Cert AWS API Keys Confidentiality TLS TLS Protocol MQTT HTTP
  • 27. Requirements Secure Communications with Things Strong Thing Identity Fine-grained Authorization for: Thing Management Pub/Sub Data Access AWS Service Access
  • 28. Back To Certs and Keys
  • 32. Actual Commands $ aws iot create-keys-and-certificate --set-as-active { "certificateArn": "arn:aws:iot:us-east-1:123456972007:cert/d7677b0…SNIP…026d9", "certificatePem": "-----BEGIN CERTIFICATE-----…SNIP…-----END CERTIFICATE-----", "keyPair": { "PublicKey": "-----BEGIN PUBLIC KEY-----…SNIP…-----END PUBLIC KEY-----", "PrivateKey": "-----BEGIN RSA PRIVATE KEY-----…SNIP…-----END RSA PRIVATE KEY-----" }, "certificateId": "d7677b0…SNIP…026d9" }
  • 35. Certificate Signing Request Dear Certificate Authority, I’d really like a certificate for %NAME%, as identified by the keypair with public key %PUB_KEY%. If you could sign a certificate for me with those parameters, it’d be super spiffy. Signed (Cryptographically), - The holder of the private key
  • 42. Actual Commands $ openssl genrsa –out ThingKeypair.pem 2048 Generating RSA private key, 2048 bit long modulus ....+++ ...+++ e is 65537 (0x10001) $ openssl req -new –key ThingKeypair.pem –out Thing.csr ----- Country Name (2 letter code) [XX]:US State or Province Name (full name) []:NY Locality Name (eg, city) [Default City]:New York Organization Name (eg, company) [Default Company Ltd]:ACME Organizational Unit Name (eg, section) []:Makers Common Name (eg, your name or your server's hostname) []:John Smith Email Address []:jsmith@acme.com
  • 43. Actual Commands $ aws iot create-certificate-from-csr --certificate-signing-request file://Thing.csr --set-as-active { "certificateArn": "arn:aws:iot:us-east-1:123456972007:cert/b5a396e…SNIP…400877b", "certificatePem": "-----BEGIN CERTIFICATE-----…SNIP…-----END CERTIFICATE-----", "certificateId": "b5a396e…SNIP…400877b" }
  • 44. Private Key Protection – Test & Dev $ openssl genrsa -out ThingKeypair.pem 2048 Generating RSA private key, 2048 bit long modulus ......................+++ .................................+++ e is 65537 (0x10001) $ ls -l ThingKeypair.pem -rw-rw-r-- 1 ec2-user ec2-user 1679 Sep 25 14:10 ThingKeypair.pem $ chmod 400 ThingKeypair.pem ; ls -l ThingKeypair.pem -r-------- 1 ec2-user ec2-user 1679 Sep 25 14:10 ThingKeypair.pem
  • 45. Private Key Protection – Software Threats chroot SELinux OTP Fuses
  • 46. Private Key Protection – Hardware Threats TPMs Smartcards Locks and Boxes FIPS-style hardware
  • 47. Identity Revocation $ aws iot list-certificates { "certificateDescriptions": [ { "certificateArn": "arn:aws:iot:us-east-1:123456972007:cert/d7677b0…SNIP…026d9", "status": "ACTIVE", "certificateId": "d7677b0…SNIP…026d9" "lastModifiedDate": 1443070900.491, "certificatePem": "-----BEGIN CERTIFICATE-----…SNIP…-----END CERTIFICATE-----", "ownedBy": "123456972007", "creationDate": 1443070900.491 } ] }
  • 48. Identity Revocation $ aws iot update-certificate --certificate-id "d7677b0…SNIP…026d9" --new-status REVOKED $ aws iot list-certificates { "certificateDescriptions": [ { "certificateArn": "arn:aws:iot:us-east-1:123456972007:cert/d7677b0…SNIP…026d9", "status": "REVOKED", "certificateId": "d7677b0…SNIP…026d9" "lastModifiedDate": 1443192020.792, "certificatePem": "-----BEGIN CERTIFICATE-----…SNIP…-----END CERTIFICATE-----", "ownedBy": "123456972007", "creationDate": 1443070900.491 } ] }
  • 49. Requirements Secure Communications with Things Strong Thing Identity Fine-grained Authorization for: Thing Management Pub/Sub Data Access AWS Service Access
  • 51. Managing Things DynamoDB LambdaKinesis { "Version": "2012-10-17", "Statement": [ { "Sid": ”ManageCerts", "Action": [ "iot:CreateCertificateAndKeys", "iot:CreateCertificateFromCsr", "iot:DescribeCertificate", "iot:UpdateCertificate", "iot:DeleteCertificate", "iot:ListCertificates” ], "Effect": "Allow", "Resource": "*" } ] }
  • 52. Managing Things DynamoDB LambdaKinesis { "Version": "2012-10-17", "Statement": [ { "Sid": "RevokeOneThing", "Action": [ "iot:UpdateCertificate" ], "Effect": "Allow", "Resource": "arn:aws:iot:us-east-1:123456972007:cert/d7677b0…SNIP…026d9", "Condition": { "IpAddress": { "aws:SourceIp": "192.168.42.54" } } } ] }
  • 54. Requirements Secure Communications with Things Strong Thing Identity Fine-grained Authorization for: Thing Management Pub/Sub Data Access AWS Service Access
  • 55. Data Access Control – AWS APIs DynamoDB LambdaKinesis
  • 56. Data Access Control – AWS APIs DynamoDB LambdaKinesis { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "iot:Connect" ], "Resource":"*" }, { "Effect":"Allow", "Action":[ "iot:GetThingShadow" ], "Resource":[ "arn:aws:iot:us-east-1:123456972007:thing/MyThing"] }, { "Effect":"Allow", "Action":[ "iot:Publish" ], "Resource":[ "arn:aws:iot:us-east-1:123456972007: topic/$aws/things/MyThing/shadow/update"] } ] }
  • 57. Mobile Users as Things DynamoDB LambdaKinesis
  • 58. Mobile Users as Things DynamoDB LambdaKinesis { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "iot:Connect" ], "Resource":"*" }, { "Effect":"Allow", "Action":[ "iot:GetThingShadow" ], "Resource":[ "arn:aws:iot:us-east-1:123456972007: thing/${cognito-identity.amazonaws.com:aud}"] }, { "Effect":"Allow", "Action":[ "iot:Publish" ], "Resource":[ "arn:aws:iot:us-east-1:123456972007:topic/$aws/things/ ${cognito-identity.amazonaws.com:aud}/shadow/update"] } ] }
  • 59. Data Access Control - MQTT DynamoDB LambdaKinesis
  • 60. Data Access Control - MQTT DynamoDB LambdaKinesis { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "iot:Connect" ], "Resource":"*" }, { "Effect":"Allow", "Action":[ "iot:Publish" ], "Resource":[ "arn:aws:iot:us-east-1:123456972007: topic/$aws/things/MyThing/shadow/update"] }, { "Effect":"Allow", "Action":[ "iot:Subscribe", "iot:Receive" ], "Resource":[ "arn:aws:iot:us-east-1:123456972007: topicfilter/$aws/things/MyThing/shadow/*" ] } ] }
  • 61. Actual Commands $ cat MyThingPolicy.json { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "iot:Connect" ], "Resource":"*" }, { "Effect":"Allow", "Action":[ "iot:Publish" ], "Resource":["arn:aws:iot:us-east-1:123456972007: topic/$aws/things/MyThing/shadow/update"] }, { "Effect":"Allow", "Action":[ "iot:Subscribe", "iot:Receive" ], "Resource":["arn:aws:iot:us-east-1:123456972007: topicfilter/$aws/things/MyThing/shadow/*" ] } ] }
  • 62. Actual Commands $ aws iot create-policy --policy-name MyThingPolicy --policy-document file://MyThingPolicy.json { "policyName": "MyThingPolicy", "policyArn": "arn:aws:iot:us-east-1:123456972007:policy/MyThingPolicy", "policyDocument": "...SNIP...", "policyVersionId": "1" } $ aws iot attach-principal-policy --principal "arn:aws:iot:us-east-1:123456972007:cert/b5a396e…SNIP…400877b” --policy-name "MyThingPolicy"
  • 63. Protocol Convergence MQTT + Mutual Auth TLS AWS Auth + HTTPS Server Auth TLS + Cert TLS + Cert Client Auth TLS + Cert AWS API Keys Confidentiality TLS TLS Protocol MQTT HTTP Identification AWS ARNs AWS ARNs Authorization AWS Policy AWS Policy
  • 64. Requirements Secure Communications with Things Strong Thing Identity Fine-grained Authorization for: Thing Management Pub/Sub Data Access AWS Service Access
  • 66. Actual Commands $ cat ThingRoleTrustPolicy.json { "Version":"2012-10-17", "Statement":[ { "Sid":"", "Effect":"Allow", "Principal":{ "Service":"iot.amazonaws.com" }, "Action":"sts:AssumeRole" } ] }
  • 67. Actual Commands $ aws iam create-role --role-name thing-actions-role --assume-role-policy-document file://ThingRoleTrustPolicy.json { "Role": { "AssumeRolePolicyDocument": …SNIP… "RoleId": "AROAIQ4HBGG7V7F27E32K", "CreateDate": "2015-09-27T16:29:56.438Z", "RoleName": "thing-actions-role", "Path": "/", "Arn": "arn:aws:iam::123456972007:role/thing-actions-role" } }
  • 68. Actual Commands $ cat ThingRolePolicy.json { "Version": "2012-10-17", "Statement": [ { "Sid": "DDBAccess", "Action": [ "dynamodb:PutItem", "dynamodb:UpdateItem" ], "Effect": "Allow", "Resource": "arn:aws:dynamodb:us-east-1:123456972007:table/MyThingTable" }, ] }
  • 69. Actual Commands $ aws iam create-policy --policy-name thing-role-policy --policy-document file://ThingRolePolicy.json { "Policy": { "PolicyName": "thing-role-policy", "CreateDate": "2015-09-27T16:32:17.998Z", "AttachmentCount": 0, "IsAttachable": true, "PolicyId": "ANPAINCEAOD5EEXOLZWAI", "DefaultVersionId": "v1", "Path": "/", "Arn": "arn:aws:iam::123456972007:policy/thing-role-policy", "UpdateDate": "2015-09-27T16:32:17.998Z" } } $ aws iam attach-role-policy --role-name "thing-actions-role" --policy-arn "arn:aws:iam::123456972007:policy/thing-role-policy"
  • 71. Industrial Example Manufacturer End UserVendor Key Pair Certificate App
  • 83. Claiming a Thing service.awsthermostat.com { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "iot:Connect" ], "Resource":"*" }, { "Effect":"Allow", "Action":[ "iot:Publish" ], "Resource":[ "arn:aws:iot:us-east-1:123456972007:topic/$aws/things /%COGNITO_ID%/shadow/update" ] }, "Effect:"Allow", "Action":[ "iot:Subscribe", "iot:Receive" ], "Resource":[ "arn:aws:iot:us-east-1:123456972007:topicfilter/$aws /things/%COGNITO_ID%/shadow/*" ] } ] }
  • 84. Using a Thing { "Version": "2012-10-17", "Statement": [{ "Effect":"Allow", "Action":[ "iot:Connect" ], "Resource":"*" }, { "Effect": "Allow", "Action": [ "iot:Publish" ], "Resource": [ "arn:aws:iot:us-east-1:123456972007: topic/$aws/things/${cognito-identity.amazonaws.com:aud}/shadow/update" ] }, { "Effect": "Allow", "Action": [ "iot:Subscribe", "iot:Receive" ], "Resource": [ "arn:aws:iot:us-east-1:123456972007: topicfilter/$aws/things/${cognito-identity.amazonaws.com:aud}/shadow/*" ] }] }
  • 86. Requirements Secure Communications with Things Strong Thing Identity Fine-grained Authorization for: Thing Management Pub/Sub Data Access AWS Service Access
  • 89. Flexible, Consistent Access Control DynamoDB LambdaKinesis