![Page 1: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/1.jpg)
The Identity of Things
Limitations, Markets, and Future Vision
Isaac Potoczny-Jones - CEO of Tozny - [email protected]
Paul Madsen – Ping Identity – [email protected]
![Page 2: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/2.jpg)
Agenda
• Call to Action: Help define the Identity of Things
• Level Setting: Current Markets, Limitations, and Vulnerabilities • Future Visions: Strategy, Bootstrapping, and Sustainment
![Page 3: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/3.jpg)
What we need from you
Participate, challenge, and question.
Help define the future of the Identity of Things.
Note: I’m including questions in each slide to seed the workshop discussion.
![Page 4: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/4.jpg)
What is IoT? Here is a rough consensus
Lots of devices, many are low-power, they sense and control things
• Consumer: Smart Home, Wearables, Transportation
• Industrial: Control Systems (SCADA), Heating & Cooling (HVAC)
• Health: Fitness Bands, Medical Devices
Questions: What areas are we missing? How closely do market segments align with risk?
![Page 5: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/5.jpg)
The value of IoT is certain
• Transportation improvements like self-driving cars will save lives
• Fitness and health care wearables can drastically improve outcomes
• Intelligent automation from thermostats to smart grid saves money
Question: What are the best examples of the value of IoT?
![Page 6: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/6.jpg)
IoT Limitations
And Vulnerabilities
![Page 7: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/7.jpg)
Why is IoT Different?
• Low Power: Devices are cheap & batteries need to last for a long time • Impacts strength of crypto and network connectivity
• Large Scale: Lots of devices, distributed by various manufacturers • Makes key distribution complex, other problems?
• Lack of User Interfaces: Some devices have no screens or buttons • How to use knowledge-based factors like passwords?
• Security Updates: Disconnected systems or stuff that can’t go offline • Patches don’t get applied leaving systems vulnerable
Question: How else is IoT different? How does it impact Identity?
![Page 8: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/8.jpg)
Example: Cryptographic Authentication
• Many IoT devices use hard-coded AES keys
• AES is a symmetric protocol that’s suitable for low power
• Public / Private crypto (PKI) would make key distribution easier
• But the low-power nature of these devices makes using PKI hard
![Page 9: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/9.jpg)
“IoT Risk” is hard to define
• Low Risk: Some devices have low to moderate risk • Smart home, Fitness bands, Entertainment
• High Risk: Other devices have life & death consequences • Medical, SCADA, HVAC, Vehicles
• Challenge: How to understand risk in multi-device systems? • A motion sensor in your house turns on the coffee pot in the morning • The same motion sensor in your neighbor’s house calls the police
• Blurred Lines: Composing different types of IoT in one system • Your car entertainment system might not be properly segregated from breaks
Question: How do we handle “IoT Risk” when devices get composed into a greater whole?
![Page 10: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/10.jpg)
Lack of Standards and Best Practices
• Many IoT devices have almost no communication security • Everything happens unauthenticated, in the clear
• Others use standards with relatively weak crypto • Zigbee and ZWave have not had the scrutiny of Wi-Fi and Bluetooth
• Key distribution is far from solved • I’ve seen AES keys printed in user manuals – security through obscurity • Some vulnerable devices re-key on command - defeating auth altogether
Question: What standards and best practices would most help IoT?
![Page 11: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/11.jpg)
Future Vision
And Planning
![Page 12: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/12.jpg)
Future Vision: The IoT Should Be:
• Authenticated and Secure: It should be a part of the internet… • While maintaining appropriate segregation
• Interoperable and Compositional: Protocols to work together • Applies to auth, crypto, and wireless
• Privacy-Preserving: Take users into account • Including the wide variety of users that a single device might “see”
• Risk-Based: How to balance the limitations of IoT with the risk • Power, networking, crypto, and UI
Question: What’s important to you about the future of Identity of Things
![Page 13: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/13.jpg)
Strategy Overview
• Defining the Strategy: Where are we trying to go?
• Bootstrapping: How can we get started?
• Sustainment: How do we keep forward progress?
You have a unique opportunity to be part of this process!
![Page 14: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/14.jpg)
Defining the Strategy
• What existing technologies most closely align with unique IoT needs?
• What are the unique IoT constraints that will impact technologies?
• Who are the key stakeholders in industry and government?
Question: What are the most important aspects of the strategy to you and your org?
![Page 15: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/15.jpg)
Bootstrapping
• Surface best practices for enrollment and authentication • Device-to-device, device-to-net, user-to-device
• Develop protocols and standards • How to make them widely deployed to improve interoperability?
• Identify and fill gaps in cybersecurity and risk management standards • Do existing standards effectively apply to IoT?
• Experiment with innovative products • Demonstrate best practices and unique opportunities
Question: How can we bring industry and government groups together with projects that will remove barriers and spur innovation?
![Page 16: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/16.jpg)
Sustainment
• Develop reusable and open infrastructure for auth and security
• Incentivize hardware and software developers to build on that
• Upgrade, augment or layer security on top of legacy infrastructure
Question: How can we leverage the growth of the IoT market to sustain robust shared infrastructure?
![Page 17: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/17.jpg)
Workshop Structure – 4PM
Please come and help define the vision!
![Page 18: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/18.jpg)
Workshop Groups: 4PM – Room 18-19
• Group1: Current State • IoT Challenges, Auth, Security, and Privacy
• Group 2: Future Vision • IoT Requirements: A Joint Future Vision • IoT Opportunities and Technologies
Pre-Conference Paper: https://t.co/2YesLIxjlu
![Page 19: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/19.jpg)
Workshop Outcomes
• Post-conference papers to document what we learn • Starting with these talks and discussions • Plus the pre-conference papers
• Volunteers to help provide input, write, and review
• Remember: Chatham House Rule • Participants are free to use information received, but neither the identity nor
the affiliation of speakers, nor that of any other participant, may be revealed.
![Page 20: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/20.jpg)
Last Question:
What Questions Did We Miss?
![Page 21: The Identity of Things - Toznytozny.com/wp-content/uploads/2016/07/gis-identity-of... · 2019. 6. 13. · The Identity of Things Limitations, Markets, and Future Vision Isaac Potoczny-Jones](https://reader035.vdocument.in/reader035/viewer/2022071102/5fdc11fbdd9817723842e7d9/html5/thumbnails/21.jpg)
The Identity of Things
Thank You!
Isaac Potoczny-Jones - CEO of Tozny - [email protected]
Paul Madsen – Ping Identity – [email protected]