CloudCamp Chicago - June 17, 2015 The Internet of Things

CloudCamp Chicago
“The Internet of Things”
#cloudcamp
@CloudCamp_CHI
Sponsored by
Hosted by

Emcee
Margaret Walker 
Cohesive Networks
Tweet: @CloudCamp_Chi 
#cloudcamp
#cloudcamp
@CloudCamp_CHI
Sponsored by
Hosted by

… sponsored by you!
William Knowles - Evident.io
Chuck Mackie - Maven Wave Partners
Chacko Kurian - Complete Health Systems, LC
Danai Samuriwo - tenniswithd
Charlie Havens - Global Tech & Resources
Jessica Hitch - Pariveda Solutions

6:00 pm Introductions
6:05 pm: Lightning Talks
The Internet of (Insecure) Things - Chandler Howell,
Engineering Manager at Nexum @chandlerhowell
CPL MakerLab: Intriging the General Public - Jorge Garcia,
Maker Navigator for the CPL MakerLab @yorickgarcia
"Connecting Vehicles on Google Cloud Platform" - David
Patterson, Senior Principal at Maven Wave Partners
IoT in Healthcare - Harold Clampitt, CEO & Founder at
American RFID Solutions, LLC @haroldclampitt
"IoT Perspectives from the Trenches" - Steven Loving,
Director of Business Development at Infobrite
7:00 pm: Unpanel
7:45 pm: Networking, drinks and pizza
Agenda
#cloudcamp
@CloudCamp_CHI
Sponsored by
Hosted by

"The Internet of (Insecure)
Things"
Chandler Howell,  
Engineering Manager at Nexum
Tweet: @chandlerhowell
#cloudcamp
#cloudcamp
@CloudCamp_CHI
Sponsored by
Hosted by

The Internet of
(Insecure)
Things
Chandler Howell
June 2015

The Internet of (Insecure) Things
1. Smart is the New Dumb
2. When Worlds Collide
3. Failure Modes
4. A Parade of Horrors
5. So What Should I do Now?

SMART IS THE NEW DUMB
Ironic, really

Smart is the New Dumb
Smart, butVulnerable
Security is not a priority of IoT (yet)
Focus is on
Time to market
Features & Functionality
Focus is NOT on
Security
Maintainability
Longevity

WHEN WORLDS COLLIDE
We ain’t seen nothing yet

When Worlds Collide
Lifecycles are mismatched
Technology lifecycles are very short
Devices go EOL in 3-5 years or less
Consumer lifecycles are longer
Refrigerators, coffee makers, etc. can last 10 years
Industrial Equipment may outlive you
Heavy Equipment can have service lives >50 years

FAILURE MODES
How can I fail thee? Let me count the ways…

Failure Modes
1. Get Broken
2. Get Leveraged
3. Get Exploited

Failure Modes
Get Broken
Damage or destroy the device or attached devices
For example…
Plant Control Systems
People with Pacemakers

Failure Modes
Get Leveraged
Compromised Device is used as a vector for
other Badness
For Example…
Unlock a Smart Home
Join a botnet
Provide a beachhead for APT

Failure Modes
Get Exploited
The device can be used to spy on people, either
directly or indirectly
Yes, even more examples…
Smart TV’s
Data & MetaData Collection

A PARADE OF HORRORS
It’s spelled “IoT” but it’s pronounced “Fail”

A Parade of Horrors
Welcome to the Future

A Parade of Horrors
Consumer Goods
Refrigerators
Smart Fridges found in a botnet (2014)
25% of devices in that large botnet were IoT
Televisions & Electronics
Samsung “Smart TV” Spying
Numerous XSS, local exploits
Light Bulbs
LIFX “Smart” Bulbs authentication flaws
Disclosed credentials for attached wi-fi

A Parade of Horrors
Medical Devices
Surgical and anesthesia devices
Ventilators
Drug infusion pumps
Pacemakers
External defibrillators
Patient monitors
Laboratory and analysis equipment
Pretty much every type of failure you can imagine

A Parade of Horrors
Cars
Black Boxes
Data stolen or altered
Remote Lock/Unlock and starters
Key fobs and alarm protocols broken
ON*Star
Hacked & Abused by Law Enforcement
Braking & steering controls
Integration with entertainment/dash allowed
access and compromise

A Parade of Horrors
Airplanes
Drones
Definitely
In-Flight Entertainment
Definitely
Passenger Flight Control
Maybe

A Parade of Horrors
Infrastructure
Traffic Lights
Plaintext wireless
Weak/No Authentication
Industrial Control Systems
2008: Turkish Gas Pipeline Destroyed
2010: Iranian Gas Centrifuges (Stuxnet)
2014: Steel Mill’s Blast Furnace ($17mm in damage)
Utility Meters
Weak Authentication
Inaccurate readings == Fraud
Tampered or otherwise

SO WHAT SHOULD I DO?
Can I have a hint?

Fortunately, not this.
So what should I do?

Realize these are not new problems
Insecure computers are nothing new
Think in terms of Failure Modes
Use these to understand your threats
Expect Novel attack types
Inference Attacks
Side-Channel Attacks

Architect for Insecure Things
Assume devices are insecure by default
If not today, they will be some day
Leverage Security Tools & Processes
Defense-in-Depth
Threat Modeling
Incident Response

Assess whether the Smart is worth the Risk
Don’t forget how to live without IoT
Think of it in Business Continuity Planning
(BCP) or Disaster Recovery (DR) terms
Smart Devices are just another system to fail

Get Dumb Again
Like Power Over Ethernet (PoE) light bulbs…
THANK YOU!
Well, that was fun.

"Chicago Public Library
MakerLab: Intriging the
General Public "
Jorge Garcia,
Maker Navigator for the CPL MakerLab
Tweet: @yorickgarcia
#cloudcamp
#cloudcamp
@CloudCamp_CHI
Sponsored by
Hosted by

"Connecting Vehicles on
Google Cloud Platform"
David Patterson,  
Senior Principal at Maven Wave
Partners
Tweet: @CloudCamp_Chi
#cloudcamp
#cloudcamp
@CloudCamp_CHI
Sponsored by
Hosted by

Connected Bike on
Google Cloud Platform
David Patterson - Senior Principal
david.patterson@mavenwave.com

Client Vision
Allow riders to “plug-in” their devices to receive information about their
planned ride. Create a community to share ride experiences - popular
rides, scenic roads, and POI’s
Motorcycle Manufacturer: Connected Bike POC
1
Bike Performance

Project Goals
1
2
3
Bike and location
data collection
Location-based
alerts
Scalable data
collection
4
Post-ride services
and analytics

Product Inspiration Competitive Advantage
Third-party
aftermarket
products
Other vehicle
apps - e.g. Tesla
● Tremendous brand loyalty
● Strong sense of community among
customers
● Proprietary engine codes / engineering
knowledge

Engine byte stream Onboard Location
Data Acquisition

LOCATION
ALERT
PRECIPITATION
FORECAST
Alerts pushed to preferred rider and/or passenger devices
Google App
Engine
Backend
Precipitation Alerts

Dashboards showing real-time positioning and engine metrics

Android
App Engine
Datastore
BigQuery
Google Cloud
Messaging
Guaranteed push notifications to mobile
devices
Fully managed application platform. Cost
scales with application adoption
Fully managed NoSQL data storage.
Extremely scalable random I/O
Big Data Service to perform interactive
analysis on massive amounts of data
Native client application

Clients &
Frontends
Backend
Services
Storage
Data Providers
Ride Data
2
6
4
3
5
7
1

"IoT in Healthcare"
Harold Clampitt,  
CEO & Founder at American RFID
Solutions, LLC
Tweet: @haroldclampitt
#cloudcamp
#cloudcamp
@CloudCamp_CHI
Sponsored by
Hosted by

American RFID Solutions, LLC © 2015
• ‘things’ have an aperture and become active participants:
 in business
 in vacations
 In hobbies
• information and processes offer real time situation awareness
 interact and communicate:
 among themselves
 with the environment by exchanging data and information
‘sensed’ about the environment
• running processes:
 trigger actions
 create services
 autonomously with or without direct human intervention

"IoT Perspectives from the
Trenches"
Steven Loving,
Director of Business Development at
Infobrite
Tweet: @ Infobrite
#cloudcamp
#cloudcamp
@CloudCamp_CHI
Sponsored by
Hosted by

Internet
of
Things

“Lightning”
Talk

Cloud
Camp
Chicago

Steven
Loving

(IoT
Chicago
Meet-‐up)

2015

Consumer
Safety. Protect home investments
with affordable remote monitoring.
Savings. Save money by decreasing
energy usage from home products.
Comfort. Maximize time with remote
home product and appliance
management.
Smart Service. Take advantage of
remote diagnostic testing and
advanced customer service
programs.
Green. Reduce energy consumption
and protect the environment.
Value, Growth, Savings
Driving Business and Consumer Benefits
Business
Diversify. Diversify revenue strategies
and earn income from new sources.
New Markets. Engage current and
high potential mobile customers.
Efficient Diagnostics. Save money
with remote product diagnostic
testing and monitoring.
Quality Customer Service. Provide
best-in-class customer service with
new product information and advice.
Brand Reputation. Build brand
reputation for product innovation and
leadership.
5

Industrial
Automa3on
Smart
Health

Smart
Home
Smart
City

“Things
having
iden33es
and
virtual
personali3es
opera3ng
in
smart
spaces
using

intelligent
interfaces
to
connect
and
communicate
within
social,
environmental,
and
user

contexts”

6

7

Devices,
Products,
Assets

On-‐premise,
In
the
ﬁeld

M2M
Enabled

Devices

Device
PlaOorm
Applica3on
PlaOorm

Smart
Enterprise
Infrastructure

Smart
Product
Development

Network

M2M

Sensors

Actuators

LAN,
WIFI

Cellular

M2M
Gateway

WAN

Device
Mgmt.

Enablement

Cer3ﬁca3on

Provisioning

Security

Data

Rules

Alerts

Real
Time
Analy3cs

Data
Collec3on

Applica3on

Integra3on

Analy3cs

Dashboards

Data
Models

Applica3on
Dev.

Applica3on
Sec.

Enterprise
Systems

1+N

10

Devices
speak
wirelessly
to

Home
hub

Hub
plugs
into
home

router
to
access
Internet

Cloud
links
devices,

applica3ons
and
analy3cs

Consumer
controls

Home
from
phone

11

Whirlpool
6th
Sense

“20
%
of
your
day
is
used

For
meal
/
clothes
mgmt”

IoT
Use
Cases:

• Home
AutomaNon

• Energy
Savings

MSRP

Various

(washer,
dryer,
dish,
frig.)

EsNmated
Volume
50,000+

ConnecNvity
Wi-‐Fi

Channels

11

“Never
worry
if
your

garage
door
is
open
again”

IoT
Use
Cases:

• Awareness
&
ProtecNon

• Home
AutomaNon

Product
Use
Cases

• Control
your
garage
door
and
your

house
lights
through
your
smart
phone

• Get
noNﬁed
if
your
garage
door
opens
or

if
you
forgot
to
close
your
garage
door

• Know
if
your
garage
door
opened
while

you
were
away

MSRP

$129.99

EsNmated
Volume
250,000+

ConnecNvity
Wi-‐Fi

Channels

Chamberlain
MyQ

12

13

A
Connect
Cloud
Pla`orm
-‐
Sample

AES
128
Encryp3on

and
key

management
from

the
device.
SSL
and

two
factor

authen3ca3on
for

data
transfer
and

storage
in
the

cloud.

Normalize
Data
to

your
exis3ng

ERP,

CRM
and

BI
systems

Both
backup
&

recovery
and
3me

series
storage

available
using

dedicated
virtual

machines
running

Cassandra
DB
Android,
iOS,
and

Windows
Push

no3ﬁca3ons,
SMS,

and
email

Real
3me
weather

and
3me
of
day

energy
pricing

SLA:

-‐ 99.9%
up3me

-‐ Sub-‐second
latency

Mobile
appp

development

plaOorm
to
speed

app
development.

• Technology is Fragmented
– Lack of Common Standards (fragmented)
– Closed Systems
• Users are Concerned
– Security / Privacy Challenges
– Complexity
• Business Challenges
14

Actor
Cloud (s)
Device
Actor
Devices / Data
Sensors
Actor
Interface
Devices
Device
Interface
Device
Interface
Systems, Products
Services
Other Service
Users
Mac/PC
Smartphone
Smartphone
Screen
Smartphone
Accelerometer
Products
(1+N)
15

Un-panel Discussion
volunteer to join the panel & ask
questions from the ﬂoor!
#cloudcamp
@CloudCamp_CHI
Sponsored by
Hosted by

Unconference
Small groups & discussions,
network
Pizza’s almost here!
#cloudcamp
@CloudCamp_CHI
Sponsored by
Hosted by

CloudCamp Chicago - June 17, 2015 The Internet of Things

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (15)

Semelhante a CloudCamp Chicago - June 17, 2015 The Internet of Things

Semelhante a CloudCamp Chicago - June 17, 2015 The Internet of Things (20)

Mais de CloudCamp Chicago

Mais de CloudCamp Chicago (20)

Último

Último (20)

CloudCamp Chicago - June 17, 2015 The Internet of Things