Page 1
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
A cloud-centric ecosystem approach to ease IoT development
www.iot-devcon.com
Yujing WuDeveloper Evangelist
Oleg Gryb Sr. Manager in Security
Page 2
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
artik.cloud
As a device developer, you created an innovative thing…
Page 3
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Step 1: Connect the new awesome device to the Internet
artik.cloud
A lot of options to implement a system where this device interacts with apps/things created by YOU
Page 4
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
artik.cloud
Step 2: How to make it smart?
o Make it interact with many other things from different vendors
o Customized integration with each of other things is not scalable and not future proof
Page 5
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Today: IoT = collections of silo systems
artik.cloud
Page 6
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
New Smart City Service
New Smart Building App
New Home Security Service
Not Yet Invented
artik.cloud
Vision: Connect EVERYTHING and enable …
Page 7
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
artik.cloud
Realize vision: IoT Open data exchange platform
Data Sources Applications
New class of applicationsservices
Make connections, not silos.
Any device Any cloudAny data
Rich Open APIs
Devices, apps, and services easily work together cross vendors and vertical markets.Cloud is the best place to achieve this level of interoperability
Page 8
________________________________________________________________________
#IoTDevCon@artikcloud
artik.cloud
#IoTDevCon
• Three capabilities make interoperability possibleo Device Manifesto Diverse ways to interact with devices and 3rd party
cloudso Powerful cross-silo rule engine
Page 9
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
artik.cloud
o Accept diverse type of datao Expose data format/capability of a device type to other
developers
Brings in data from devices: device Manifest
Page 10
________________________________________________________________________
#IoTDevCon@artikcloud
artik.cloud
#IoTDevCon
Multiple ways for a device to communicate:o RESTo WebSocketo MQTTo CoAP
Page 11
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
artik.cloud
o Cloud Connectoro Subscription and
Notificationo Build your
custom integration
Cloud Connector
Brings in data from 3rd party clouds
Page 12
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
o Manage rules through use portal o Manage rules programmatically through API calls
Make devices interact: rules engine
Page 13
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
artik.cloud
vendor A
vendor B
vendor C
Open data exchange platform
Open Ecosystemo Build comprehensive solutions without integration pain
o Applications from A use devices built by B and Co Devices built by B and C are exposed to developers from other
companieso Each of the players focuses on what they do best
Page 14
________________________________________________________________________
#IoTDevCon@artikcloud
artik.cloud
#IoTDevCon
RESTwebsocket
mqtt
coap
websocket
Have flexibility when implementing the system to talk to ARTIK Cloud
Cloud ConnectorSubscribe & Notify
Page 15
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Secure Device Registration Protocol
www.iot-devcon.com
Yujing WuDeveloper Evangelist
Oleg Gryb Sr. Manager in Security
Page 16
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Artik Cloud Security Team and Security Process
artik.cloud
Page 17
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Secure Device Registration – Problems we Solve
• Secure device identification• Secure device authentication• Secure user and device paring• Preventing device spoofing by other devices or
HTTP clients
artik.cloud
Page 18
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
What we use to solve it:• A private key and a certificate signed by a trusted CA• Certificate associated with the private key
guarantees device authenticity • TLS with mutual authentication prevents spoofing
and provided a reliable device authentication• Each device should have a unique certificate within
a given vendor to achieve our goal• CA certificate should be trusted in Artik Cloud
artik.cloud
Page 19
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Secure User Auth and Pairing w/ Device• User should be authenticated against Artik
Cloud to be able to register a device• Artik Cloud generates a challenge code• User needs to enter this code at Artik Cloud
portal to complete the registration
artik.cloud
Page 20
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
artik.cloud
Page 21
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Security Considerations• We use TLS 1.2 with mutual client/server auth• We use GCM block ciphers to avoid CBC
weakness and attacks like beast• Symmetric cipher is AES-128. This is to reduce
the load on device, hash – SHA256• ECDHE with EC brainpoolP256r1
artik.cloud
Page 22
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Demo
artik.cloud
Page 23
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Getting a PINsdrclient -cert artik_dev1.cer -key artik_dev1.key -dtid dtc5ecf0abccaa428c853e144c964ad727 -vdid vd01 –reg s-api.artik.cloud …sdrapi(sdrpost): Sending reg request: sdrclient: Got pin, enter it to a browser: pin=NBSYL5SG
artik.cloud
Page 24
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
artik.cloud
Page 25
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
To send data you can use a command like this:sdrclient -key artik_dev1.key \-cert artik_dev1.cer -data \ '{"sdid":"9be9867e8ca94125a233e271d7150ff0","data":{"data":"testdata"}}’ \ -token ac63daad3c874a08bdf7c7819c74aea9 -v
artik.cloud
Page 26
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Conclusion• Not all IoT devices are equal security wise• But you do need to think about secure
protocols when data is sensitive (e.g. medical applications)
artik.cloud
Page 27
________________________________________________________________________
#IoTDevCon@artikcloud#IoTDevCon
Thanks for coming!
Got questions? Talk to us after the presentation
Find us at https://artik.cloud
Follow us on Twitter and LinkedInOfficial twitter account: @artikcloudYujing: @yujingwu https://www.linkedin.com/in/yujingwu
Oleg: @oleggryb https://www.linkedin.com/in/ogryb
artik.cloud