pas d'iot sans identité!

36
© 2016 ForgeRock. All rights reserved. Pas d’IoT sans identité! Leonard Moustacchis – 06 Octobre 2016

Upload: leonard-moustacchis

Post on 06-Jan-2017

98 views

Category:

Technology


0 download

TRANSCRIPT

Page 1: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Pas d’IoT sans identité!Leonard Moustacchis – 06 Octobre 2016

Page 2: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

ForgeRock is the leading provider of an Identity Platform helping customers during

their journey into digital transformation

Page 3: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Top Barriers to IoT Adoption

Page 4: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

…andyoucan’tsecureconnectedThingswithoutIdentity

Page 5: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Connected Things Require Security

Cargo ContainerEnergy Substation Smartphone Wearables Animals Shopping CartVehicles Bike Computer

Smart Meter

Stoplight

Parking MeterSensorCameraOil BarrelForkliftBuildings

Wind Turbine

Gas Pump

Page 6: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

ForgeRockSecuresPeople,DevicesandServicesacrossnumerousIoTPlatformsandindustryverticals

• Applications• Services• Data

Azure, Cloud Foundry, AWS, Rackspace Customers, Partners, Employees

Page 7: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

4 Pillards of WoT

Things

People

Data

Process

Page 8: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Use cases

Page 9: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Health&Fitness

Page 10: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

ConnectedHome

Page 11: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

SmartCities

Page 12: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Utilities&Industrial

Page 13: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Demo

Page 14: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Secure Device onboarding

Consumer

Page 15: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Secure Device onboarding

Consumer

mbed Connect

Page 16: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Located at

Identity Relationships Efficiently and Conveniently Driving Access

RELATIONSHIPS convey authorization

information

Can be used to FEED A POLICY ENGINE

TOGETHER WITH ATTRIBUTES

Page 17: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

IoT 3.0 (Realtime)

IoT 2.0 (Share)

IoT 1.0 (Presence)

•Root of trust at the edge, onboard trusted identities, secure and trusted automation,dataprivacy.

•Cross IoT ecosystems trust and sharing with a single security domain across IoT, consumer, customers and enterprise

•Single device identities, secure connect and onboard, connect or pair consumer devices and users, enterprise collect and share data across consumers, customers and enterprise.

•Closed ecosystems, disconnected security across users and IoT

• Internet connected, retrieve data, multi-protocol, multi-vendor solutions

The IoT Evolution

Page 18: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

IoT 3.0 data sharing, Privacy& consent

Page 19: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

User-ManagedAccess

Page 20: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Page 21: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Page 22: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Page 23: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Page 24: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Page 25: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Page 26: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Regard for one's wishes and preferences

The true ability to say noand change one's mind

The ability to sharejust the right amount

The right moment to make the decision to share CONTEXT CONTROL

RESPECTCHOICE

User-Managed Access (UMA)

An emerging standard for privacy and consent

Page 27: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Facebook report

Page 28: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

IoT 3.0 End to end security

Page 29: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Only one security breach is enough !

Everyone makes their own GW, WHY ?They all face the same basic challenges- Access security- Authenticity- Secure communication- Application lifecycle management

Page 30: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Device – 2 world – 2 securityInternetIoT

Gateway

StoplightParking Meter

Sensor

Camera

CoAPMQTT

Page 31: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

PoP (OAuth Proof of Possession) simple description

Brian

Alice Bob

4. Check Alice can contact Bob (opt)Generates random shared secret

6. Alice decrypt shared secretAnd generates message to Bob. Message contains shared secret encrypted for Bob By Brian.

8. Bob decrypt shared secret sent by Brian and check signature. If signature is correct, Alice is aTrusted partner.9. Bob sends response to AliceSigned with shared secret

1. Alice sends a messageWithout authenticator7. Alice signs message with shared secret

2. Bob asks Alice to getShared secret from Brian

3. Alice asks to Brian a shared Secret to initiate a session with Bob5. Send random secret Encrypted for Aliceand Bob To Alice

Page 32: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

High Level Architecture

Authorization Manager(validates access/refresh tokens, manages

local blacklist, asks new access/refreshtokens to AS)

Client

AuthorizationServer

(Generates/validatesaccess/refresh tokens)

Client

Resource Server

Requesting PartyDomain

(lots of them)

Resource Owner Domain

COAP

COAP

HTTPS

HTTPS

HTTPS HTTPSInternet

IoT

Page 33: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Page 34: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.34

Page 35: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.35

Page 36: Pas d'IoT sans Identité!

© 2016 ForgeRock. All rights reserved.

Thank you

36