SlideShare uma empresa Scribd logo

IoT End-to-End Security Overview

Amazon Web Services
Amazon Web Services

Dive deep into AWS IoT end-to-end security mechanisms, MQTT and device secure communication, mutual TLS authentication, thing identity, security processes and authorization using AWS roles and policies.

Apresentações e oratória
1 de 41
Copyright © 2016 AWS and affiliates, all rights reserved IoT End-to-End Security Overview Assaf Naner, Enterprise Solution Architect
Copyright © 2016 AWS and affiliates, all rights reserved Agenda • Connected Devices • AWS IoT Overview • The risks • Protecting the device • Requirements – Securing Devices – Securing users and applications – Thing identity
Copyright © 2016 AWS and affiliates, all rights reserved All things around us are getting connected
Copyright © 2016 AWS and affiliates, all rights reserved Things will proliferate 2013 2015 2020 Vertical Industry Generic Industry Consumer Automotive Many Some Lots
Copyright © 2016 AWS and affiliates, all rights reserved AWS IoT
Copyright © 2016 AWS and affiliates, all rights reserved Publish / Subscribe Standard Protocol Support MQTT, HTTP, WebSockets Long Lived Connections Receive signals from the cloud Secure by Default • Connect securely via X509 Certs • and TLS 1.2 Client Mutual Auth
Copyright © 2016 AWS and affiliates, all rights reserved
Copyright © 2016 AWS and affiliates, all rights reserved The Risk I’m a thing
Copyright © 2016 AWS and affiliates, all rights reserved Protecting the device
Copyright © 2016 AWS and affiliates, all rights reserved Protecting the device • Secure booting – SW on device is verified with digital signatures • Access control - role based access controls in OS (least privilege) • Update and patching – OS and application patching
Copyright © 2016 AWS and affiliates, all rights reserved Requirements • Secure Communications with Things • Strong Thing Identity • Fine-grained Authorization for: – Things – People • Constrains: – Device are small, constrained in computing power and memory capacity – Device updates
Copyright © 2016 AWS and affiliates, all rights reserved Mutual Auth TLS
Copyright © 2016 AWS and affiliates, all rights reserved Mutual Auth TLS
Copyright © 2016 AWS and affiliates, all rights reserved Mutual Auth TLS
Copyright © 2016 AWS and affiliates, all rights reserved The Risk - What about users and applications? I’m a thing
Copyright © 2016 AWS and affiliates, all rights reserved Signing AWS API Requests API: AWS Signature Version 4
Copyright © 2016 AWS and affiliates, all rights reserved Security is too expensive
Copyright © 2016 AWS and affiliates, all rights reserved Elliptical Curve Cryptography (ECC) ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 Elliptical curve logarithm vs RSA integer factorization Smaller key sizes for same security ECDHE – key exchange algorithm (forward secrecy with ephemeral keys) ECDSA – signature algorithm with EC private keys (authentication)
Copyright © 2016 AWS and affiliates, all rights reserved Summary Device  AWS IoT Users & App  AWS IoT Server Auth TLS + Cert TLS + Cert Client Auth TLS + Cert AWS API Keys (SigV4) Confidentiality TLS TLS Protocol MQTT HTTP
Copyright © 2016 AWS and affiliates, all rights reserved Requirements • Secure Communications with Things • Strong Thing Identity • Fine-grained Authorization for: – Things – People • Constrains: – Device are small, constrained in computing power and memory capacity – Device updates
Copyright © 2016 AWS and affiliates, all rights reserved Strong Thing Identity • Private Key are not saved on AWS • You can generate your own keys (CSR)
Copyright © 2016 AWS and affiliates, all rights reserved Strong Thing Identity – client generated key pair CSR
Copyright © 2016 AWS and affiliates, all rights reserved Strong Thing Identity – client generated key pair CSR
Copyright © 2016 AWS and affiliates, all rights reserved TLS Mutual Authentication • Create CSR • Create X.509 Certificate from CSR • Activate the Certificate • Create Policy • Attach Policy to Certificate • * Certificate must be issued by AWS IoT
Copyright © 2016 AWS and affiliates, all rights reserved Takeaways • Use a unique certificate for each device / thing – this is will help with authorization • You can use your own keys – use CSR for public certificate • Revoke unused certificates - in particular when moving to production $ aws iot list-certificates { "certificateDescriptions": [ { "certificateArn": "arn:aws:iot:us-east-1:123456972007:cert/d7677b0…SNIP…026d9", "status": "REVOKED", "certificateId": "d7677b0…SNIP…026d9" ] "creationDate": 1443070900.491 } ] }
Copyright © 2016 AWS and affiliates, all rights reserved Requirements • Secure Communications with Things • Strong Thing Identity • Fine-grained Authorization for: – Things – People • Constrains: – Device are small, constrained in computing power and memory capacity – Device updates
Copyright © 2016 AWS and affiliates, all rights reserved Policy and certificates • Policy - consists of one or more statements, each of which describes one set of permissions. • Certificate – uniquely identify a device • Policy is attached to one or more device certificate (best practice is to have one certificate per device)
Copyright © 2016 AWS and affiliates, all rights reserved Policy and certificates Device Policy Truck 1 Allow to connect and publish Truck 2 Allow to connect / publish / subscribe Truck 3 Allow to connect / publish /subscribe / unsubscribe
Copyright © 2016 AWS and affiliates, all rights reserved Policy actions • Connect • Publish • Subscribe • Unsubscribe • Receive
Copyright © 2016 AWS and affiliates, all rights reserved Connect policy { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "iot:Connect" ], "Resource":"arn:aws:iot:us-east-1:123456972007: client/MY-THING-NAME" } ] }
Copyright © 2016 AWS and affiliates, all rights reserved Publish policy { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "iot:Publish" ], "Resource":"arn:aws:iot:us-east-1:123456972007: topic/$aws/things/MyThing/shadow/update" } ] }
Copyright © 2016 AWS and affiliates, all rights reserved Requirements • Secure Communications with Things • Strong Thing Identity • Fine-grained Authorization for: – Things – People • Constrains: – Device are small, constrained in computing power and memory capacity – Device updates
Copyright © 2016 AWS and affiliates, all rights reserved Manage Certificates { "Version":"2012-10-17", "Statement":[ { “SID”: “ManageCerts”, "Effect":"Allow", "Action":[ "iot:CreateCertificateAndKeys” , “iot:DescribeCertificate”, “iot:UpdateCertificate” ], "Resource":”*" } ] }
Copyright © 2016 AWS and affiliates, all rights reserved Applications
Copyright © 2016 AWS and affiliates, all rights reserved Mobile AMAZON COGNITO
Copyright © 2016 AWS and affiliates, all rights reserved Mobile Users and Things AMAZON COGNITO 1 2 3 4 5
Copyright © 2016 AWS and affiliates, all rights reserved Policy for Cognito with IoT Cognito authenticated user identity pool role policy: { "Effect": "Allow", "Action": [ "iot:Connect", "iot:Publish", "iot:Subscribe", "iot:Receive", "iot:GetThingShadow", "iot:UpdateThingShadow" ], "Resource": "*" } Specific policy for Joe IoT Cognito user: { "Effect": "Allow", "Action": "iot:UpdateThingShadow", "Resource": "arn:aws:iot:…:thing/joe-sprinkler123" }
Copyright © 2016 AWS and affiliates, all rights reserved Wrap up – Two Secure Protocol API: AWS Signature Version 4 HTTP MQTT
Copyright © 2016 AWS and affiliates, all rights reserved Wrap-up Device  AWS IoT Users & App  AWS IoT Server Auth TLS + Cert TLS + Cert Client Auth TLS + Cert AWS API Keys (SigV4) Confidentiality TLS TLS Protocol MQTT HTTP Identification AWS ARNs AWS ARNs Authorization AWS Policy AWS Policy
Copyright © 2016 AWS and affiliates, all rights reserved Check and balances • Look for suspicious activity in your code • Identify activity signatures • Examples: – Same certificate used from multiple IPs or used simultaneously from two devices – Check if certificates were compromised • Enable 2nd level of authorization for suspicious devices – revoke the certificate first. Ask user to reinitiate the device • Look for rogue activity in the logic of your application
Copyright © 2016 AWS and affiliates, all rights reserved aws.amazon.com/activate Everything and Anything Startups Need to Get Started on AWS

Recomendados

IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsLiwei Ren任力偉
 
Best Practices of IoT Security in the Cloud
Best Practices of IoT Security in the CloudBest Practices of IoT Security in the Cloud
Best Practices of IoT Security in the CloudAmazon Web Services
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud Amazon Web Services
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera Technologies
 
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attackCisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attackCisco Canada
 
Creator Ci40 IoT kit & Framework - scalable LWM2M IoT dev platform for business
Creator Ci40 IoT kit & Framework - scalable LWM2M IoT dev platform for businessCreator Ci40 IoT kit & Framework - scalable LWM2M IoT dev platform for business
Creator Ci40 IoT kit & Framework - scalable LWM2M IoT dev platform for businessPaul Evans
 
Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...
Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...
Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...Cisco Canada
 
Cisco Connect Halifax 2018 Accelerating incident response in organizations...
Cisco Connect Halifax 2018 Accelerating incident response in organizations...Cisco Connect Halifax 2018 Accelerating incident response in organizations...
Cisco Connect Halifax 2018 Accelerating incident response in organizations...Cisco Canada
 

Recomendados

IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsLiwei Ren任力偉
 
Best Practices of IoT Security in the Cloud
Best Practices of IoT Security in the CloudBest Practices of IoT Security in the Cloud
Best Practices of IoT Security in the CloudAmazon Web Services
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud Amazon Web Services
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera Technologies
 
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attackCisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attackCisco Canada
 
Creator Ci40 IoT kit & Framework - scalable LWM2M IoT dev platform for business
Creator Ci40 IoT kit & Framework - scalable LWM2M IoT dev platform for businessCreator Ci40 IoT kit & Framework - scalable LWM2M IoT dev platform for business
Creator Ci40 IoT kit & Framework - scalable LWM2M IoT dev platform for businessPaul Evans
 
Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...
Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...
Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...Cisco Canada
 
Cisco Connect Halifax 2018 Accelerating incident response in organizations...
Cisco Connect Halifax 2018 Accelerating incident response in organizations...Cisco Connect Halifax 2018 Accelerating incident response in organizations...
Cisco Connect Halifax 2018 Accelerating incident response in organizations...Cisco Canada
 
(SACON) Anant Shrivastava - cloud pentesting
(SACON) Anant Shrivastava - cloud pentesting(SACON) Anant Shrivastava - cloud pentesting
(SACON) Anant Shrivastava - cloud pentestingPriyanka Aash
 
Cisco Connect Halifax 2018 Application agility and programmability with cis...
Cisco Connect Halifax 2018 Application agility and programmability with cis...Cisco Connect Halifax 2018 Application agility and programmability with cis...
Cisco Connect Halifax 2018 Application agility and programmability with cis...Cisco Canada
 
Cybesecurity of the IoT
Cybesecurity of the IoTCybesecurity of the IoT
Cybesecurity of the IoTAltoros
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeHimani Singh
 
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...Cisco Canada
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraZscaler
 
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...NetworkCollaborators
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
Enterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without CompromiseEnterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without CompromiseRobb Boyd
 
Top 5 predictions webinar
Top 5 predictions webinarTop 5 predictions webinar
Top 5 predictions webinarZscaler
 
IoT security compliance checklist
IoT security compliance checklistIoT security compliance checklist
IoT security compliance checklistGoWitek Consulting Pvt.Ltd
 
Intro to AWS IoT - Pop-up Loft London
Intro to AWS IoT - Pop-up Loft LondonIntro to AWS IoT - Pop-up Loft London
Intro to AWS IoT - Pop-up Loft LondonBoaz Ziniman
 
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Canada
 
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the business
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the businessCisco Connect Vancouver 2017 - Embedding IR into the DNA of the business
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the businessCisco Canada
 
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...Cisco Canada
 
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforceThe Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforcePerimeter 81
 
Secure remote access to AWS your users will love
Secure remote access to AWS your users will loveSecure remote access to AWS your users will love
Secure remote access to AWS your users will loveZscaler
 
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kineticCisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kineticCisco Canada
 
Zscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacksZscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacksZscaler
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerAnkit Dua
 
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech TalksHow to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech TalksAmazon Web Services
 
AWS Webcast - Splunk and Autodesk
AWS Webcast - Splunk and AutodeskAWS Webcast - Splunk and Autodesk
AWS Webcast - Splunk and AutodeskAmazon Web Services
 

Mais conteúdo relacionado

Mais procurados

(SACON) Anant Shrivastava - cloud pentesting
(SACON) Anant Shrivastava - cloud pentesting(SACON) Anant Shrivastava - cloud pentesting
(SACON) Anant Shrivastava - cloud pentestingPriyanka Aash
 
Cisco Connect Halifax 2018 Application agility and programmability with cis...
Cisco Connect Halifax 2018 Application agility and programmability with cis...Cisco Connect Halifax 2018 Application agility and programmability with cis...
Cisco Connect Halifax 2018 Application agility and programmability with cis...Cisco Canada
 
Cybesecurity of the IoT
Cybesecurity of the IoTCybesecurity of the IoT
Cybesecurity of the IoTAltoros
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeHimani Singh
 
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...Cisco Canada
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraZscaler
 
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...NetworkCollaborators
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
Enterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without CompromiseEnterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without CompromiseRobb Boyd
 
Top 5 predictions webinar
Top 5 predictions webinarTop 5 predictions webinar
Top 5 predictions webinarZscaler
 
Intro to AWS IoT - Pop-up Loft London
Intro to AWS IoT - Pop-up Loft LondonIntro to AWS IoT - Pop-up Loft London
Intro to AWS IoT - Pop-up Loft LondonBoaz Ziniman
 
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Canada
 
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the business
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the businessCisco Connect Vancouver 2017 - Embedding IR into the DNA of the business
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the businessCisco Canada
 
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...Cisco Canada
 
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforceThe Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforcePerimeter 81
 
Secure remote access to AWS your users will love
Secure remote access to AWS your users will loveSecure remote access to AWS your users will love
Secure remote access to AWS your users will loveZscaler
 
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kineticCisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kineticCisco Canada
 
Zscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacksZscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacksZscaler
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerAnkit Dua
 

Mais procurados (20)

(SACON) Anant Shrivastava - cloud pentesting
(SACON) Anant Shrivastava - cloud pentesting(SACON) Anant Shrivastava - cloud pentesting
(SACON) Anant Shrivastava - cloud pentesting
 
Cisco Connect Halifax 2018 Application agility and programmability with cis...
Cisco Connect Halifax 2018 Application agility and programmability with cis...Cisco Connect Halifax 2018 Application agility and programmability with cis...
Cisco Connect Halifax 2018 Application agility and programmability with cis...
 
Cybesecurity of the IoT
Cybesecurity of the IoTCybesecurity of the IoT
Cybesecurity of the IoT
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
 
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
 
Rethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation EraRethinking Cybersecurity for the Digital Transformation Era
Rethinking Cybersecurity for the Digital Transformation Era
 
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
 
Enterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without CompromiseEnterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without Compromise
 
Top 5 predictions webinar
Top 5 predictions webinarTop 5 predictions webinar
Top 5 predictions webinar
 
IoT security compliance checklist
IoT security compliance checklistIoT security compliance checklist
IoT security compliance checklist
 
Intro to AWS IoT - Pop-up Loft London
Intro to AWS IoT - Pop-up Loft LondonIntro to AWS IoT - Pop-up Loft London
Intro to AWS IoT - Pop-up Loft London
 
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper dive
 
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the business
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the businessCisco Connect Vancouver 2017 - Embedding IR into the DNA of the business
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the business
 
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...
 
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforceThe Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
 
Secure remote access to AWS your users will love
Secure remote access to AWS your users will loveSecure remote access to AWS your users will love
Secure remote access to AWS your users will love
 
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kineticCisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
 
Zscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacksZscaler ThreatLabz dissects the latest SSL security attacks
Zscaler ThreatLabz dissects the latest SSL security attacks
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and Zscaler
 

Semelhante a IoT End-to-End Security Overview

How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech TalksHow to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech TalksAmazon Web Services
 
AWS Webcast - Splunk and Autodesk
AWS Webcast - Splunk and AutodeskAWS Webcast - Splunk and Autodesk
AWS Webcast - Splunk and AutodeskAmazon Web Services
 
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech TalksEssential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech TalksAmazon Web Services
 
Implementing Multi-Region AWS IoT, ft. Analog Devices (IOT401) - AWS re:Inven...
Implementing Multi-Region AWS IoT, ft. Analog Devices (IOT401) - AWS re:Inven...Implementing Multi-Region AWS IoT, ft. Analog Devices (IOT401) - AWS re:Inven...
Implementing Multi-Region AWS IoT, ft. Analog Devices (IOT401) - AWS re:Inven...Amazon Web Services
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS SecurityAmazon Web Services
 
Modernizing Technology Governance
Modernizing Technology GovernanceModernizing Technology Governance
Modernizing Technology GovernanceAlert Logic
 
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...Amazon Web Services
 
RET303_Drive Warehouse Efficiencies with the Same AWS IoT Technology that Pow...
RET303_Drive Warehouse Efficiencies with the Same AWS IoT Technology that Pow...RET303_Drive Warehouse Efficiencies with the Same AWS IoT Technology that Pow...
RET303_Drive Warehouse Efficiencies with the Same AWS IoT Technology that Pow...Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduVladimir Simek
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018Amazon Web Services
 
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018Amazon Web Services
 
Best Practices with IoT Security - February Online Tech Talks
Best Practices with IoT Security - February Online Tech TalksBest Practices with IoT Security - February Online Tech Talks
Best Practices with IoT Security - February Online Tech TalksAmazon Web Services
 
ENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesAmazon Web Services
 
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...Amazon Web Services
 
AWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAmazon Web Services
 
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015Amazon Web Services Korea
 

Semelhante a IoT End-to-End Security Overview (20)

How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech TalksHow to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
 
AWS Webcast - Splunk and Autodesk
AWS Webcast - Splunk and AutodeskAWS Webcast - Splunk and Autodesk
AWS Webcast - Splunk and Autodesk
 
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech TalksEssential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
 
Implementing Multi-Region AWS IoT, ft. Analog Devices (IOT401) - AWS re:Inven...
Implementing Multi-Region AWS IoT, ft. Analog Devices (IOT401) - AWS re:Inven...Implementing Multi-Region AWS IoT, ft. Analog Devices (IOT401) - AWS re:Inven...
Implementing Multi-Region AWS IoT, ft. Analog Devices (IOT401) - AWS re:Inven...
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS Security
 
Modernizing Technology Governance
Modernizing Technology GovernanceModernizing Technology Governance
Modernizing Technology Governance
 
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
 
RET303_Drive Warehouse Efficiencies with the Same AWS IoT Technology that Pow...
RET303_Drive Warehouse Efficiencies with the Same AWS IoT Technology that Pow...RET303_Drive Warehouse Efficiencies with the Same AWS IoT Technology that Pow...
RET303_Drive Warehouse Efficiencies with the Same AWS IoT Technology that Pow...
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
 
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
 
Understanding AWS security
Understanding AWS securityUnderstanding AWS security
Understanding AWS security
 
Best Practices with IoT Security - February Online Tech Talks
Best Practices with IoT Security - February Online Tech TalksBest Practices with IoT Security - February Online Tech Talks
Best Practices with IoT Security - February Online Tech Talks
 
AWS IoT Security Best Practices
AWS IoT Security Best PracticesAWS IoT Security Best Practices
AWS IoT Security Best Practices
 
ENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated Industries
 
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV204 - T...
 
AWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & Compliance
 
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Último

Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoKayode Fayemi
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar TrainingKylaCullinane
 
Digital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalDigital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalFabian de Rijk
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfSenaatti-kiinteistöt
 
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdfSOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdfMahamudul Hasan
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfSkillCertProExams
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIINhPhngng3
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxraffaeleoman
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatmentnswingard
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lodhisaajjda
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaKayode Fayemi
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...amilabibi1
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Baileyhlharris
 
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...David Celestin
 

Último (15)

Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
Digital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalDigital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of Drupal
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
 
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdfSOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
 

IoT End-to-End Security Overview

  • 1. Copyright © 2016 AWS and affiliates, all rights reserved IoT End-to-End Security Overview Assaf Naner, Enterprise Solution Architect
  • 2. Copyright © 2016 AWS and affiliates, all rights reserved Agenda • Connected Devices • AWS IoT Overview • The risks • Protecting the device • Requirements – Securing Devices – Securing users and applications – Thing identity
  • 3. Copyright © 2016 AWS and affiliates, all rights reserved All things around us are getting connected
  • 4. Copyright © 2016 AWS and affiliates, all rights reserved Things will proliferate 2013 2015 2020 Vertical Industry Generic Industry Consumer Automotive Many Some Lots
  • 5. Copyright © 2016 AWS and affiliates, all rights reserved AWS IoT
  • 6. Copyright © 2016 AWS and affiliates, all rights reserved Publish / Subscribe Standard Protocol Support MQTT, HTTP, WebSockets Long Lived Connections Receive signals from the cloud Secure by Default • Connect securely via X509 Certs • and TLS 1.2 Client Mutual Auth
  • 7. Copyright © 2016 AWS and affiliates, all rights reserved
  • 8. Copyright © 2016 AWS and affiliates, all rights reserved The Risk I’m a thing
  • 9. Copyright © 2016 AWS and affiliates, all rights reserved Protecting the device
  • 10. Copyright © 2016 AWS and affiliates, all rights reserved Protecting the device • Secure booting – SW on device is verified with digital signatures • Access control - role based access controls in OS (least privilege) • Update and patching – OS and application patching
  • 11. Copyright © 2016 AWS and affiliates, all rights reserved Requirements • Secure Communications with Things • Strong Thing Identity • Fine-grained Authorization for: – Things – People • Constrains: – Device are small, constrained in computing power and memory capacity – Device updates
  • 12. Copyright © 2016 AWS and affiliates, all rights reserved Mutual Auth TLS
  • 13. Copyright © 2016 AWS and affiliates, all rights reserved Mutual Auth TLS
  • 14. Copyright © 2016 AWS and affiliates, all rights reserved Mutual Auth TLS
  • 15. Copyright © 2016 AWS and affiliates, all rights reserved The Risk - What about users and applications? I’m a thing
  • 16. Copyright © 2016 AWS and affiliates, all rights reserved Signing AWS API Requests API: AWS Signature Version 4
  • 17. Copyright © 2016 AWS and affiliates, all rights reserved Security is too expensive
  • 18. Copyright © 2016 AWS and affiliates, all rights reserved Elliptical Curve Cryptography (ECC) ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 Elliptical curve logarithm vs RSA integer factorization Smaller key sizes for same security ECDHE – key exchange algorithm (forward secrecy with ephemeral keys) ECDSA – signature algorithm with EC private keys (authentication)
  • 19. Copyright © 2016 AWS and affiliates, all rights reserved Summary Device  AWS IoT Users & App  AWS IoT Server Auth TLS + Cert TLS + Cert Client Auth TLS + Cert AWS API Keys (SigV4) Confidentiality TLS TLS Protocol MQTT HTTP
  • 20. Copyright © 2016 AWS and affiliates, all rights reserved Requirements • Secure Communications with Things • Strong Thing Identity • Fine-grained Authorization for: – Things – People • Constrains: – Device are small, constrained in computing power and memory capacity – Device updates
  • 21. Copyright © 2016 AWS and affiliates, all rights reserved Strong Thing Identity • Private Key are not saved on AWS • You can generate your own keys (CSR)
  • 22. Copyright © 2016 AWS and affiliates, all rights reserved Strong Thing Identity – client generated key pair CSR
  • 23. Copyright © 2016 AWS and affiliates, all rights reserved Strong Thing Identity – client generated key pair CSR
  • 24. Copyright © 2016 AWS and affiliates, all rights reserved TLS Mutual Authentication • Create CSR • Create X.509 Certificate from CSR • Activate the Certificate • Create Policy • Attach Policy to Certificate • * Certificate must be issued by AWS IoT
  • 25. Copyright © 2016 AWS and affiliates, all rights reserved Takeaways • Use a unique certificate for each device / thing – this is will help with authorization • You can use your own keys – use CSR for public certificate • Revoke unused certificates - in particular when moving to production $ aws iot list-certificates { "certificateDescriptions": [ { "certificateArn": "arn:aws:iot:us-east-1:123456972007:cert/d7677b0…SNIP…026d9", "status": "REVOKED", "certificateId": "d7677b0…SNIP…026d9" ] "creationDate": 1443070900.491 } ] }
  • 26. Copyright © 2016 AWS and affiliates, all rights reserved Requirements • Secure Communications with Things • Strong Thing Identity • Fine-grained Authorization for: – Things – People • Constrains: – Device are small, constrained in computing power and memory capacity – Device updates
  • 27. Copyright © 2016 AWS and affiliates, all rights reserved Policy and certificates • Policy - consists of one or more statements, each of which describes one set of permissions. • Certificate – uniquely identify a device • Policy is attached to one or more device certificate (best practice is to have one certificate per device)
  • 28. Copyright © 2016 AWS and affiliates, all rights reserved Policy and certificates Device Policy Truck 1 Allow to connect and publish Truck 2 Allow to connect / publish / subscribe Truck 3 Allow to connect / publish /subscribe / unsubscribe
  • 29. Copyright © 2016 AWS and affiliates, all rights reserved Policy actions • Connect • Publish • Subscribe • Unsubscribe • Receive
  • 30. Copyright © 2016 AWS and affiliates, all rights reserved Connect policy { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "iot:Connect" ], "Resource":"arn:aws:iot:us-east-1:123456972007: client/MY-THING-NAME" } ] }
  • 31. Copyright © 2016 AWS and affiliates, all rights reserved Publish policy { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "iot:Publish" ], "Resource":"arn:aws:iot:us-east-1:123456972007: topic/$aws/things/MyThing/shadow/update" } ] }
  • 32. Copyright © 2016 AWS and affiliates, all rights reserved Requirements • Secure Communications with Things • Strong Thing Identity • Fine-grained Authorization for: – Things – People • Constrains: – Device are small, constrained in computing power and memory capacity – Device updates
  • 33. Copyright © 2016 AWS and affiliates, all rights reserved Manage Certificates { "Version":"2012-10-17", "Statement":[ { “SID”: “ManageCerts”, "Effect":"Allow", "Action":[ "iot:CreateCertificateAndKeys” , “iot:DescribeCertificate”, “iot:UpdateCertificate” ], "Resource":”*" } ] }
  • 34. Copyright © 2016 AWS and affiliates, all rights reserved Applications
  • 35. Copyright © 2016 AWS and affiliates, all rights reserved Mobile AMAZON COGNITO
  • 36. Copyright © 2016 AWS and affiliates, all rights reserved Mobile Users and Things AMAZON COGNITO 1 2 3 4 5
  • 37. Copyright © 2016 AWS and affiliates, all rights reserved Policy for Cognito with IoT Cognito authenticated user identity pool role policy: { "Effect": "Allow", "Action": [ "iot:Connect", "iot:Publish", "iot:Subscribe", "iot:Receive", "iot:GetThingShadow", "iot:UpdateThingShadow" ], "Resource": "*" } Specific policy for Joe IoT Cognito user: { "Effect": "Allow", "Action": "iot:UpdateThingShadow", "Resource": "arn:aws:iot:…:thing/joe-sprinkler123" }
  • 38. Copyright © 2016 AWS and affiliates, all rights reserved Wrap up – Two Secure Protocol API: AWS Signature Version 4 HTTP MQTT
  • 39. Copyright © 2016 AWS and affiliates, all rights reserved Wrap-up Device  AWS IoT Users & App  AWS IoT Server Auth TLS + Cert TLS + Cert Client Auth TLS + Cert AWS API Keys (SigV4) Confidentiality TLS TLS Protocol MQTT HTTP Identification AWS ARNs AWS ARNs Authorization AWS Policy AWS Policy
  • 40. Copyright © 2016 AWS and affiliates, all rights reserved Check and balances • Look for suspicious activity in your code • Identify activity signatures • Examples: – Same certificate used from multiple IPs or used simultaneously from two devices – Check if certificates were compromised • Enable 2nd level of authorization for suspicious devices – revoke the certificate first. Ask user to reinitiate the device • Look for rogue activity in the logic of your application
  • 41. Copyright © 2016 AWS and affiliates, all rights reserved aws.amazon.com/activate Everything and Anything Startups Need to Get Started on AWS