Explaining use cases that participants are looking at:
- Construction camera
- How to control access to these devices?
- Consumer devices
- Health care devices
- AWS IoT
Early Access Edge Controller:
Some devices are smart enough to secure their own requests, others are simple and need to go through a gateway.
Actuators on a farm to control irrigation.
Kitchen equipment - monitoring state and usage.
These devices are the kind that need to talk to a gateway. Typically attached to a wall or exposed to the public.
How do you get a secure route from the device to the gateway?
How do you make it work securely?
- Specific chipset: ARM ARTIK
- Secure execution environment
- OAuth 2 Proof of Possession
Device: trusted execution environment. Linux based with commands executed directly on the chipset separate from other operating system requests.
Boot Process: Securely startup.
Upgrade: Over the air updates.
On Boarding: protocol between gateway and OpenAM mimics TLS and builds on top of it.
Requests route through to the trusted execution environment.
- Uses Diffie-Hellman based algorithm
- Adds contextual information to the request
- Uses manufactures burned in key
With these we can securely boot the device.
How do we interact with the device?
- Some algorithms are too heavy for very constrained devices.
- ZeroMQ used for queuing/aggregating requests
Discovery of devices
- How do we know that this is the trusted device broadcasting on the network?
- PKI using key burned on the device.
Consumer devices are generally smart and can perform operations themselves.
Industrial devices often rely on TLS.
Participant discusses a gateway use case. Most phones operate in a similar fashion to the Edge Controller with a trusted execution environment.
How low powered can the device be?
- Multiple ways to register with the gateway.
- Multiple cryptography algorithms supported.
- What can we fall back to?
- Is there a known identifier on the device?
How do we manage devices that are programmable and are literally clones of each other?
Convenience trumps security seemingly every time when it comes to discussions around security.
Example of devices on campus.
- Students connecting consumer grade equipment to campus network.
Policy discussions around BYOD type devices.
- How do we monitor it?
- How do we secure it?
- Use of a guest network with limitations.
How do we control which devices can connect to the network?
- Out of band authentication for registration.
Edge Controller is early access at the moment. PoC of use cases.
- Looking to iterate to the needs of customers.
- Expect a long lifetime for devices.
- Over the air updates are important.