AppSec USA 2016 has ended
Back To Schedule
Friday, October 14 • 10:45am - 11:45am
Patterns of Authentication and Self-Announcement in the Internet of Things (IoT)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The need to connect ‘things’ to each other in the IoT ecosystem introduces new security requirements for authentication and self-announcement due to four major characteristics of IoT
1. Physical access and infinite time available to adversaries to take apart devices 
2. Lower computation power of standalone devices 
3. Unforeseen and emergent behavior of the system if arbitrary nodes are compromised 
4. Endless possibility of privacy intrusion based on data intelligence and indirect identity inference. 
In this work the IoT systems are modelled using a number of elements: person, machine/device, service, server, client (esp. mobile), and passive marker. New authentication scenarios emerge when these items introduce themselves to each other on trusted or untrusted networks. The majority of authentication and self-announcement needs could be modelled using the above elements. For major authentication and self-announcement scenarios, possible authentication patterns are presented. Here are four examples of how these patterns apply to sample IoT scenarios: 
• Home automation as enabled by NEST devices
• Device collaboration in Zigbee-based networks
• Smart inventory management using NFC/RFID
• Remote device control based on XMPP (SASL authentication)
The minimum computation power (capability to perform cryptographic operations) and privacy preserving considerations are analyzed in each case.

avatar for Farbod H Foomany

Farbod H Foomany

Senior Security Researcher (Tech. Lead), Security Compass
Farbod H Foomany is a senior application security researcher (technical lead) at security compass. He has a bachelor degree in electrical engineering (control systems), Masters degree in artificial intelligence and robotics, and has completed a PhD with main research on security aspects... Read More →
avatar for Amir Pourafshar

Amir Pourafshar

Application Security Researcher, Security Compass
Amir Pourafshar is an application security researcher at Security Compass. Amir is currently part of a research team working on an IoT project that aims to investigate and formulate the security requirements of system design/development in internet of things (IoT) ecosystem. Amir... Read More →

Friday October 14, 2016 10:45am - 11:45am EDT
Grand North Renaissance Washington, DC Downtown Hotel 999 9th St NW, Washington, DC 20001