drones, phones & pwns the promise & dangers of iot apis: use apis to securely leverage iot
TRANSCRIPT
Drones, Phones, and Pwns: The Promise (and Dangers) of IoT APIs
© 2014 CA. All rights reserved.
<name>
<date> Jaime Ryan
Senior Director, Product Management & Strategy
CA Technologies
July 23, 2014
20 © 2014 CA. ALL RIGHTS RESERVED.
Dumb Things
Collect Data Do Something
Quantified Self Track exercise, calories consumed, sleeping habits
Suggestion-based fitness Create customized workouts, social running routes, sleep suggestions
Surveillance Capture images/video – home, retail, gambling
Security Unlock door based on Bluetooth or NFC proximity
Agricultural Sensors Track conditions in soil, air, supply chain
Industrial Farm Equipment Increase/decrease irrigation, feed, pesticides
Smart Parking Record and plot empty parking spaces
Connected Meters Email driver when it’s time to pay for more time
Disease Tracking Wearables Sensors in underwear, pacemakers,
Notification and Medication Administration
Remind patient to take medications; notify emergency medical personnel prior to seizure
Manage Retail Inventory Location of items in-store, automatically updated inventory
Ordering/Loss Prevention Place new order upon low inventory; alert staff if removed from store
Energy Usage Tracking Identify power-guzzling appliances, collect meter readings
Home Automation Turn on lights, manage AC/heating, regulate power
23 © 2014 CA. ALL RIGHTS RESERVED.
Smart Things
Bridge the gap between dumb things
Allow for human interaction and decision-making
Create/enforce policy - IFTTT
Portal/UI into the world of data
App-based
Laptops, desktops, tablets, phones, smartwatches
24 © 2014 CA. ALL RIGHTS RESERVED.
What does the architecture look like?
Cloud
Sensors & Actuators
Mobile/App
Marketplace
Mobile/App Server
Gateway
Server Gateway
Overlapping Domains of Interest (Clustered Graphs)
Mobile/App
Mobile/App
Mobile/App
Domain A
Domain B
Domain C = A ∩ B
Domain E = C ∩ …
28 © 2014 CA. ALL RIGHTS RESERVED.
APIs are fundamental to the Internet of Things
{ “min”: “23C”, “max”: “11C”…}
39 © 2014 CA. ALL RIGHTS RESERVED.
What are the concerns?
IDENTITY
CUSTODY
PRIVACY
• How do we make sure we retain control? • How do we authenticate ourselves in person and online? • How do we delegate information to interested parties?
• Who has our information? • What information do they have? • What do they need? • Who do we trust? Why?
• How does information get from one place to another? • Are those pathways secure? • What role do we play?
45 © 2014 CA. ALL RIGHTS RESERVED.
An Enterprise API Management Solution
Internet of Things
Partners/ 3rd-party Developer Community
Cloud Services
BYOD
Sister Company APIs Daughter Company APIs
…
46 © 2014 CA. ALL RIGHTS RESERVED.
Developer Management
Health Tracking
Workflow
Performance Global Staging Developer Enrollment
API Docs
Forums
API Explorer
Rankings Quotas
Plans
Analytics Reporting
Config Migration
Patch Management Policy Migration
Operations Management
Throttling Prioritization Caching
Routing Traffic Control Transformation
Security
Interface Management
Composition Authentication Single Sign On API Keys Entitlements
OAuth 1.x OAuth 2.0 OpenID Connect
Identity Management
Key Functional Areas of API Management
Token Service
Senior Director, Prouct Management & Strategy
@JRyanL7
https://www.facebook.com/Layer7
linkedin.com/company/ca-technologies
ca.com
Jaime Ryan
49 © 2014 CA. ALL RIGHTS RESERVED.
References
http://techcrunch.com/2014/04/14/google-acquires-titan-aerospace-the-drone-company-pursued-by-facebook/
http://www.cnet.com/news/google-buys-solar-powered-drone-company-titan-aerospace/
http://finance.yahoo.com/news/facebooks-feature-users-thoroughly-creeped-005800620.html
http://www.foxnews.com/leisure/2013/09/04/hackers-find-weaknesses-in-car-computer-systems/
http://www.mirror.co.uk/news/technology-science/technology/spies-can-listen-your-iphone-3670347
http://www.theblaze.com/stories/2013/08/02/report-fbi-can-remotely-turn-on-phone-microphones-for-spying/
http://www.theblaze.com/stories/2011/04/18/can-your-smartphone-use-your-microphone-camera-to-gather-data-yes/
http://www.usatoday.com/story/news/nation/2013/12/08/cellphone-data-spying-nsa-police/3902809/
cow: https://www.flickr.com/photos/julochka/
milk: https://www.flickr.com/photos/crazytales562/
https://security.google.com/settings/security/permissions?pli=1
https://www.facebook.com/help/405183566203254/
http://www.businessinsider.com/facebook-app-privacy-controls-2012-10
50 © 2014 CA. ALL RIGHTS RESERVED.
Copyright © 2014 CA. The Nike logo is either a registered trademark or trademark of Nike Corporation in the United States and/or other countries. The Sonos logo is either a registered trademark or trademark of Sonos Corporation in the United States and/or other countries. The Google logo is either a registered trademark or trademark of Google Corporation in the United States and/or other countries. The Facebook logo is either a registered trademark or trademark of Facebook Corporation in the United States and/or other countries. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.
Certain information in this publication may outline CA’s general product direction. However, CA may make modifications to any CA product, software program, method or procedure described in this publication at any time without notice, and the development, release and timing of any features or functionality described in this publication remain at CA’s sole discretion. CA will support only the referenced products in accordance with (i) the documentation and specifications provided with the referenced product, and (ii)CA’s then-current maintenance and support policy for the referenced product. Notwithstanding anything in this publication to the contrary, this publication shall not: (i) constitute product documentation or specifications under any existing or future written license agreement or services agreement relating to any CA software product, or be subject to any warranty set forth in any such written agreement; (ii) serve to affect the rights and/or obligations of CA or its licensees under any existing or future written license agreement or services agreement relating to any CA software product; or (iii) serve to amend any product documentation or specifications for any CA software product.
THIS PRESENTATION IS FOR YOUR INFORMATIONAL PURPOSES ONLY. CA assumes no responsibility for the accuracy or completeness of the information. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENT “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. In no event will CA be liable for any loss or damage, direct or indirect, in connection with this presentation, including, without limitation, lost profits, lost investment, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages.