Pas d'IoT sans Identité!
-
Upload
leonard-moustacchis -
Category
Technology
-
view
98 -
download
0
Transcript of Pas d'IoT sans Identité!
![Page 1: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/1.jpg)
© 2016 ForgeRock. All rights reserved.
Pas d’IoT sans identité!Leonard Moustacchis – 06 Octobre 2016
![Page 2: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/2.jpg)
© 2016 ForgeRock. All rights reserved.
ForgeRock is the leading provider of an Identity Platform helping customers during
their journey into digital transformation
![Page 3: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/3.jpg)
© 2016 ForgeRock. All rights reserved.
Top Barriers to IoT Adoption
![Page 4: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/4.jpg)
© 2016 ForgeRock. All rights reserved.
…andyoucan’tsecureconnectedThingswithoutIdentity
![Page 5: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/5.jpg)
© 2016 ForgeRock. All rights reserved.
Connected Things Require Security
Cargo ContainerEnergy Substation Smartphone Wearables Animals Shopping CartVehicles Bike Computer
Smart Meter
Stoplight
Parking MeterSensorCameraOil BarrelForkliftBuildings
Wind Turbine
Gas Pump
![Page 6: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/6.jpg)
© 2016 ForgeRock. All rights reserved.
ForgeRockSecuresPeople,DevicesandServicesacrossnumerousIoTPlatformsandindustryverticals
• Applications• Services• Data
Azure, Cloud Foundry, AWS, Rackspace Customers, Partners, Employees
![Page 7: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/7.jpg)
© 2016 ForgeRock. All rights reserved.
4 Pillards of WoT
Things
People
Data
Process
![Page 8: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/8.jpg)
© 2016 ForgeRock. All rights reserved.
Use cases
![Page 9: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/9.jpg)
© 2016 ForgeRock. All rights reserved.
Health&Fitness
![Page 10: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/10.jpg)
© 2016 ForgeRock. All rights reserved.
ConnectedHome
![Page 11: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/11.jpg)
© 2016 ForgeRock. All rights reserved.
SmartCities
![Page 12: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/12.jpg)
© 2016 ForgeRock. All rights reserved.
Utilities&Industrial
![Page 13: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/13.jpg)
© 2016 ForgeRock. All rights reserved.
Demo
![Page 14: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/14.jpg)
© 2016 ForgeRock. All rights reserved.
Secure Device onboarding
Consumer
![Page 15: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/15.jpg)
© 2016 ForgeRock. All rights reserved.
Secure Device onboarding
Consumer
mbed Connect
![Page 16: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/16.jpg)
© 2016 ForgeRock. All rights reserved.
Located at
Identity Relationships Efficiently and Conveniently Driving Access
RELATIONSHIPS convey authorization
information
Can be used to FEED A POLICY ENGINE
TOGETHER WITH ATTRIBUTES
![Page 17: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/17.jpg)
© 2016 ForgeRock. All rights reserved.
IoT 3.0 (Realtime)
IoT 2.0 (Share)
IoT 1.0 (Presence)
•Root of trust at the edge, onboard trusted identities, secure and trusted automation,dataprivacy.
•Cross IoT ecosystems trust and sharing with a single security domain across IoT, consumer, customers and enterprise
•Single device identities, secure connect and onboard, connect or pair consumer devices and users, enterprise collect and share data across consumers, customers and enterprise.
•Closed ecosystems, disconnected security across users and IoT
• Internet connected, retrieve data, multi-protocol, multi-vendor solutions
The IoT Evolution
![Page 18: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/18.jpg)
© 2016 ForgeRock. All rights reserved.
IoT 3.0 data sharing, Privacy& consent
![Page 19: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/19.jpg)
© 2016 ForgeRock. All rights reserved.
User-ManagedAccess
![Page 20: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/20.jpg)
© 2016 ForgeRock. All rights reserved.
![Page 21: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/21.jpg)
© 2016 ForgeRock. All rights reserved.
![Page 22: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/22.jpg)
© 2016 ForgeRock. All rights reserved.
![Page 23: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/23.jpg)
© 2016 ForgeRock. All rights reserved.
![Page 24: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/24.jpg)
© 2016 ForgeRock. All rights reserved.
![Page 25: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/25.jpg)
© 2016 ForgeRock. All rights reserved.
![Page 26: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/26.jpg)
© 2016 ForgeRock. All rights reserved.
Regard for one's wishes and preferences
The true ability to say noand change one's mind
The ability to sharejust the right amount
The right moment to make the decision to share CONTEXT CONTROL
RESPECTCHOICE
User-Managed Access (UMA)
An emerging standard for privacy and consent
![Page 27: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/27.jpg)
© 2016 ForgeRock. All rights reserved.
Facebook report
![Page 28: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/28.jpg)
© 2016 ForgeRock. All rights reserved.
IoT 3.0 End to end security
![Page 29: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/29.jpg)
© 2016 ForgeRock. All rights reserved.
Only one security breach is enough !
Everyone makes their own GW, WHY ?They all face the same basic challenges- Access security- Authenticity- Secure communication- Application lifecycle management
![Page 30: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/30.jpg)
© 2016 ForgeRock. All rights reserved.
Device – 2 world – 2 securityInternetIoT
Gateway
StoplightParking Meter
Sensor
Camera
CoAPMQTT
![Page 31: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/31.jpg)
© 2016 ForgeRock. All rights reserved.
PoP (OAuth Proof of Possession) simple description
Brian
Alice Bob
4. Check Alice can contact Bob (opt)Generates random shared secret
6. Alice decrypt shared secretAnd generates message to Bob. Message contains shared secret encrypted for Bob By Brian.
8. Bob decrypt shared secret sent by Brian and check signature. If signature is correct, Alice is aTrusted partner.9. Bob sends response to AliceSigned with shared secret
1. Alice sends a messageWithout authenticator7. Alice signs message with shared secret
2. Bob asks Alice to getShared secret from Brian
3. Alice asks to Brian a shared Secret to initiate a session with Bob5. Send random secret Encrypted for Aliceand Bob To Alice
![Page 32: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/32.jpg)
© 2016 ForgeRock. All rights reserved.
High Level Architecture
Authorization Manager(validates access/refresh tokens, manages
local blacklist, asks new access/refreshtokens to AS)
Client
AuthorizationServer
(Generates/validatesaccess/refresh tokens)
Client
Resource Server
Requesting PartyDomain
(lots of them)
Resource Owner Domain
COAP
COAP
HTTPS
HTTPS
HTTPS HTTPSInternet
IoT
![Page 33: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/33.jpg)
© 2016 ForgeRock. All rights reserved.
![Page 34: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/34.jpg)
© 2016 ForgeRock. All rights reserved.34
![Page 35: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/35.jpg)
© 2016 ForgeRock. All rights reserved.35
![Page 36: Pas d'IoT sans Identité!](https://reader033.fdocument.pub/reader033/viewer/2022052915/586fbc4c1a28abe57d8b8d2b/html5/thumbnails/36.jpg)
© 2016 ForgeRock. All rights reserved.
Thank you
36