a cloud-centric ecosystem approach to ease iot development
TRANSCRIPT
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
A cloud-centric ecosystem approach to ease IoT development
www.iot-devcon.com
Yujing WuDeveloper Evangelist
Oleg Gryb Sr. Manager in Security
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
artik.cloud
As a device developer, you created an innovative thing…
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Step 1: Connect the new awesome device to the Internet
artik.cloud
A lot of options to implement a system where this device interacts with apps/things created by YOU
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
artik.cloud
Step 2: How to make it smart?
o Make it interact with many other things from different vendors
o Customized integration with each of other things is not scalable and not future proof
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Today: IoT = collections of silo systems
artik.cloud
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
New Smart City Service
New Smart Building App
New Home Security Service
Not Yet Invented
artik.cloud
Vision: Connect EVERYTHING and enable …
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
artik.cloud
Realize vision: IoT Open data exchange platform
Data Sources Applications
New class of applicationsservices
Make connections, not silos.
Any device Any cloudAny data
Rich Open APIs
Devices, apps, and services easily work together cross vendors and vertical markets.Cloud is the best place to achieve this level of interoperability
________________________________________________________________________
#IoTDevCon@artikcloud
artik.cloud
#IoTDevCon
• Three capabilities make interoperability possibleo Device Manifesto Diverse ways to interact with devices and 3rd party
cloudso Powerful cross-silo rule engine
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
artik.cloud
o Accept diverse type of datao Expose data format/capability of a device type to other
developers
Brings in data from devices: device Manifest
________________________________________________________________________
#IoTDevCon@artikcloud
artik.cloud
#IoTDevCon
Multiple ways for a device to communicate:o RESTo WebSocketo MQTTo CoAP
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
artik.cloud
o Cloud Connectoro Subscription and
Notificationo Build your
custom integration
Cloud Connector
Brings in data from 3rd party clouds
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
o Manage rules through use portal o Manage rules programmatically through API calls
Make devices interact: rules engine
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
artik.cloud
vendor A
vendor B
vendor C
Open data exchange platform
Open Ecosystemo Build comprehensive solutions without integration pain
o Applications from A use devices built by B and Co Devices built by B and C are exposed to developers from other
companieso Each of the players focuses on what they do best
________________________________________________________________________
#IoTDevCon@artikcloud
artik.cloud
#IoTDevCon
RESTwebsocket
mqtt
coap
websocket
Have flexibility when implementing the system to talk to ARTIK Cloud
Cloud ConnectorSubscribe & Notify
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Secure Device Registration Protocol
www.iot-devcon.com
Yujing WuDeveloper Evangelist
Oleg Gryb Sr. Manager in Security
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Artik Cloud Security Team and Security Process
artik.cloud
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Secure Device Registration – Problems we Solve
• Secure device identification• Secure device authentication• Secure user and device paring• Preventing device spoofing by other devices or
HTTP clients
artik.cloud
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
What we use to solve it:• A private key and a certificate signed by a trusted CA• Certificate associated with the private key
guarantees device authenticity • TLS with mutual authentication prevents spoofing
and provided a reliable device authentication• Each device should have a unique certificate within
a given vendor to achieve our goal• CA certificate should be trusted in Artik Cloud
artik.cloud
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Secure User Auth and Pairing w/ Device• User should be authenticated against Artik
Cloud to be able to register a device• Artik Cloud generates a challenge code• User needs to enter this code at Artik Cloud
portal to complete the registration
artik.cloud
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
artik.cloud
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Security Considerations• We use TLS 1.2 with mutual client/server auth• We use GCM block ciphers to avoid CBC
weakness and attacks like beast• Symmetric cipher is AES-128. This is to reduce
the load on device, hash – SHA256• ECDHE with EC brainpoolP256r1
artik.cloud
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Demo
artik.cloud
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Getting a PINsdrclient -cert artik_dev1.cer -key artik_dev1.key -dtid dtc5ecf0abccaa428c853e144c964ad727 -vdid vd01 –reg s-api.artik.cloud …sdrapi(sdrpost): Sending reg request: sdrclient: Got pin, enter it to a browser: pin=NBSYL5SG
artik.cloud
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
artik.cloud
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
To send data you can use a command like this:sdrclient -key artik_dev1.key \-cert artik_dev1.cer -data \ '{"sdid":"9be9867e8ca94125a233e271d7150ff0","data":{"data":"testdata"}}’ \ -token ac63daad3c874a08bdf7c7819c74aea9 -v
artik.cloud
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Conclusion• Not all IoT devices are equal security wise• But you do need to think about secure
protocols when data is sensitive (e.g. medical applications)
artik.cloud
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Thanks for coming!
Got questions? Talk to us after the presentation
Find us at https://artik.cloud
Follow us on Twitter and LinkedInOfficial twitter account: @artikcloudYujing: @yujingwu https://www.linkedin.com/in/yujingwu
Oleg: @oleggryb https://www.linkedin.com/in/ogryb
artik.cloud