Federating Access to IoT using OAuth
Formal Metadata
Title |
Federating Access to IoT using OAuth
|
Title of Series | |
Author |
|
License |
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. |
Identifiers |
|
Publisher |
|
Release Date |
2014
|
Language |
English
|
Content Metadata
Subject Area | |
Abstract |
The Internet of Things (IoT) is being used for lots of personal data, but what little authentication and authorization is mainly being done using traditional centralized role-based approaches. This talk shows how we can use Federated identity and access management approaches such as OAuth2 with MQTT and CoAP to support IoT. The Internet of Things and Machine to Machine are growing areas, and security and privacy are prime issues. In this session we will examine the security challenges around using M2M devices, with special reference to Authorization and Authentication. Much of the IoT is used for personal systems, and so there is a strong need for person-centred identity and access management. The OAuth2 protocol is gaining wide acceptance in the Web, and has been designed to support federated identity, personal delegation of access control and dynamic permissions. We look at how we can use OAuth with MQTT and CoAP. We will use a combination of open source hardware (based on Arduino) and open source software (including Mosquitto and WSO2 Identity Server) to demonstrate an Arduino based IoT device interacting with MQTT based systems using OAuth2 bearer tokens. The session will cover: - Challenges with IoT security - Using OAuth2 to support federation and user-directed authorization - Issues and areas for further work - Future directions The session will include a live demonstration of Arduino and Eclipse Paho interoperating secured by OAuth 2.0
|

00:00
Meeting/Interview
Video game
Bit
Right angle
Water vapor
Insertion loss
Information security
Identity management
01:01
Particle system
Message passing
Computer animation
Multiplication sign
Communications protocol
01:26
Game controller
Computer animation
Meeting/Interview
Internetworking
Summierbarkeit
Information security
Number
01:49
Point (geometry)
Email
Game controller
Scaling (geometry)
Computer animation
Password
Model theory
Touch typing
Electronic mailing list
Insertion loss
Information security
Identity management
03:04
Facebook
Game controller
Computer animation
Meeting/Interview
Internetworking
Communications protocol
Perspective (visual)
Identity management
04:23
Computer animation
Meeting/Interview
Internetworking
Token ring
Telecommunication
Model theory
Identity management
04:43
Implementation
Computer animation
Token ring
Multiplication sign
Password
Identity management
05:13
Authentication
Server (computing)
Computer animation
Key (cryptography)
Personal digital assistant
Internet service provider
Insertion loss
Identity management
05:43
Satellite
Slide rule
Dataflow
Game controller
Group action
Open source
Token ring
Workstation <Musikinstrument>
Insertion loss
Client (computing)
Formal language
Number
Web 2.0
Revision control
Facebook
Different (Kate Ryan album)
Software framework
Series (mathematics)
Information security
Physical system
Standard deviation
Email
Graph (mathematics)
Key (cryptography)
Demo (music)
Model theory
Projective plane
Stress (mechanics)
Particle system
Process (computing)
Computer animation
Normal (geometry)
Service-oriented architecture
Communications protocol
08:54
NP-hard
Axiom of choice
Particle system
Dataflow
Message passing
Computer animation
Meeting/Interview
Energy level
Client (computing)
Quicksort
Service-oriented architecture
09:38
Server (computing)
Demo (music)
Token ring
Multiplication sign
System call
Embedded system
Process (computing)
Component-based software engineering
Computer animation
Meeting/Interview
Computer configuration
Cuboid
Library (computing)
God
10:52
Computer animation
11:16
Process (computing)
Computer animation
Meeting/Interview
Multiplication sign
Service-oriented architecture
System call
11:37
Game controller
Server (computing)
Standard deviation
Pay television
Open source
Demo (music)
Moment (mathematics)
Set (mathematics)
Special unitary group
Bit
Open set
System call
Number
Mechanism design
Computer animation
Meeting/Interview
Bridging (networking)
Hacker (term)
Quicksort
13:30
Computer animation
Meeting/Interview
Multiplication sign
Quicksort
Demoscene
13:53
Scripting language
Heegaard splitting
Computer animation
Token ring
Window
14:26
Server (computing)
Process (computing)
Computer animation
Statement (computer science)
Public key certificate
15:17
Wave
Computer animation
Meeting/Interview
String (computer science)
Codierung <Programmierung>
Quicksort
Spacetime
God
15:51
Computer animation
Token ring
Different (Kate Ryan album)
Refraction
Water vapor
16:20
Ocean current
Scripting language
Point (geometry)
Standard deviation
Token ring
Bit
Mereology
Connected space
Computer animation
Musical ensemble
Data conversion
Service-oriented architecture
Information security
Window
Resultant
18:39
Scripting language
Server (computing)
Computer animation
Open source
Code
Service-oriented architecture
19:24
Dataflow
Roundness (object)
Computer animation
Demo (music)
Meeting/Interview
Bit
Communications protocol
20:24
Computer animation
Semiconductor memory
Code
Token ring
Encryption
Information security
Library (computing)
20:54
Suite (music)
Implementation
Multiplication sign
1 (number)
Set (mathematics)
Insertion loss
Mathematics
Message passing
Software
Meeting/Interview
Computer configuration
Password
Encryption
Information security
22:43
Implementation
Server (computing)
Constraint (mathematics)
Theory of relativity
Arm
Observational study
Standard Model
Multiplication sign
Model theory
Bit
Client (computing)
Cartesian coordinate system
Particle system
Uniform boundedness principle
Computer animation
Different (Kate Ryan album)
Hierarchy
Right angle
Service-oriented architecture
Communications protocol
Information security
24:34
Computer animation
Friction
Multiplication sign
Communications protocol
25:01
Authentication
Game controller
Transport Layer Security
Chemical equation
Control flow
Water vapor
Bit
Cryptography
Proper map
Ellipse
Casting (performing arts)
Befehlsprozessor
Meeting/Interview
Computer configuration
Semiconductor memory
Computer hardware
Library (computing)
God
00:00
a few yes technical mn items at my my old friend Paul freemantle gonna talk about security on intent of things um meeting a PhD currently innocence seats you all of the the the B S O 2 um so Paul were so let me get much from the working and it's just that 1 half have to try and do so on my own I'm Paul and I'm I'm a keen supporter of the concept of federated identity so who have you use a water or a loss to excellent right so that will make my life a lot easier today so I wonder do is firstly just talk a little bit about federated identity access management that's me very quick because of you know about that and and a little bit about was to i'm gonna talk a very briefly about and Q t t which
01:02
particle of been using it's a lightweight messaging protocol this we designed
01:07
around pieties got other kind devices and then I had put the 2 together hopefully with a solid we know some it's the devil broken 3 times this morning already so if it actually works so will be very happy indeed you buy me a beer after its and then I'll talk about lessons learned and next steps some federation is is
01:29
important and and his friend Pontus security because the the big problem we've had with
01:34
security and the internet has been centralized security where firstly people have failures and secondly
01:43
is not in your control and the sum especially as the number of users on the Internet has
01:51
grown massively basically people had to move to federated models and that's why I was true then so popular I
01:59
see the same challenge with I devices which is that they all they're all billions of them already the growing very rapidly we can't expect them to use centralized traditional when user ID password touch security models we're just ongoing work and this scale to click and federated identity Texas motions really important because it allows you to retain control of your password and user ID non for should the way most people use this as the giver to face but instead Apple Google and and they trust them and of course that itself is a challenge but the point is that if you give it some of you do trust then uh they don't handed out to anyone else and and this is this came about uh a loss came about specifically from problems like linked in saying give me your Gmail user ID password all going grab your your contact list and I promise not to send the e-mails not to do anything else and actually that currently facing a lawsuit in the US saying that they did more than they said they would so as to basically says it's up to me to to give a
03:06
token or to authorize a token for linked tend to say how much are they can
03:11
access what what they can do and how long that lost and that's also variable from
03:17
and and also to is is a very
03:20
seems to be that the most used federated protocol it's used by get Hobbits used by the linked in Gmail Facebook and and many many others so it seems to be a a good of good approach leads to to start using it and really why Federated In management fire T while the the most important thing from my perspective is it's your device you ought to be your data you know to be under your control where you publish updates data who can access it how they can access if my house is connected to the Internet maybe I want to let my mom you know my neighbors check on the health of that while I'm away but only 1 why I don't want anybody else coming along and saying hey the lights have been on nobody's been living there for a week and then again but so it's very important that that you can have of your data and I think that's been a big failure
04:23
in in in IT devices so far a lot of people have thought about it Benedict failure on the Internet of role is something that was slowly fixing another reason a very technical reasons the tokens are much better model for managing identity in a in a device the most
04:40
server-to-server communications these days that the designed properly rely on tokens
04:46
because a token is the user ID password is for not for device and another thing that that depends on you all of implementation but you can potentially manage the the tokens in the Scopes quite well so you can it made bet that token a device and then manager over time so tokens what
05:07
called the basic idea is you you get a token islands you then passed just the token to the resource so this to
05:15
key parties in IDP the identity provider and the resources of the resource server is what's trying to what are you trying to access resources on you always trying to get access to your resources and the IDP is the authentication server in this case all the physicians and so as I said at a loss to vary widely implemented
05:39
I think it's pretty good but there are people who have criticisms particularly over the
05:44
concept of the bearer tokens which is basically if you have this token you all you have full control so obviously the stealing of bearer tokens is an issue and that's a very big issue in IT devices all talk about that at the end of of course that never any certainty with or with security protocols the certainty is that hasn't broken yet found there is some researchers who have done a model of that using a framework from MIT Kigali and they don't some formal model involves 2 so that gives you some more security it isn't just use for they should be there is a draft spec for using the fossil so basically fill lying to log on the source so it's getting some traction outside that GDP this is a 3 legged awards I'm going so talk through this in the demo more on but but it's all put the slides up on the on the web afterwards and you if you would assess the graph some other briefly gonna talk about an QTT resistant QTT before of the the of the given the no that's interesting thank you to invite probably OK so the notion of a person who's got Facebook Messenger on their 5 OK so more of you use them to teach you just enough of then key TCZ protocol that came out of IBM and but no uh out of 1 guy in IBM who happens not to be used to call them and so is not your normal IBM standard but it's very very light where a simple and doesn't you and and just does what what it needs to and so it was really designed for a pipeline in Alaska this pipeline monitoring guys came to IBM and they said would go and q series in on in all systems we want to connect all monitoring think stations on the pipeline to warrant Q Sears system so we
07:39
can we can follow the flow of the oil and so some modern goes there are lots of it would be an MQ series on the monitoring stations and and they were like well as a 14 hundred bytes of header with MQ series and each extra by 78 thousand dollars a day because we're going to a satellite and this is about 15 years ago and it was very very expensive so they're like now don't think we can do that so basically designed a particle with the true Whitehead and that the best thing that's happened and QTT is its recently really that of a lot of it has moved to eclipse so there's a number of projects in eclipse in the end to end the group there around creating open-source brokers there's a uh a C-based to see brokers loss and the 1 mosquito a new 1 from job is just about to be donated lots lots of clients in different languages and there's other clients and other things as well is also being standardized by oasis from some people have had bad expenses about but basically this just gone through with some very minor clarifications and this I think read a process that there's also a lighter-weight version physically called and TTS & I'm not going to go into that but that's actually very
08:56
nice particle well is a sort of
09:00
flow this is a a full reliable flow which basically guarantees each message gets to each subscriber exactly once Our which is why it's quite heavy this basic 3 choices of so this you can say no reliability this message may may not at that it will definitely get there but it may get them more than once that's true it's 1 and this is it will get the exactly once so that requires the sort of handshape now the Arduino and cutesy client can only do pure 0 so there's no reliability but you can bridge that into a broker and then have the broker too hard levels of reliability and distributing the data so In my
09:41
demo what I'm gonna do is i'm gonna embeds and token on here now actually would tokens this 2 different things this the access token tioners the bearer token and there's a refresher connects a token typically times out and and so you know only have to go and say well when it's time that I'm going to go with my refreshed token back to the server the main IDP and get
10:05
a new version of token now the problem is that an HTTP call now I don't have room on my Arduino for the HTTP and QTT libraries and the actual job I want to do which is a which is of God from a little the accelerometer on here and I will publish information from so I have an ITC library to to so what I did was I basically said OK well 1 1 option would basically to make access to with a very very long lifetime and embed that onto the box that's some firstly is up to the i will provide you provided so this knowledge to the work if you want to make this generic and work with any so what I did was I created a new component called a refresher which basically transferring the
10:53
HTP thing into computing so i at the
10:57
start I'm going to go 10 Delgado invalid their token and I'm going to try it's gonna fail so the anger publish onto that on 2 different topic they refresh token and get back the testimony than the R is disconnect reconnect with the new system so it'll but faked to
11:17
demonstrate this process that normally would happen you once day or something but under lecture happens every time and then it's gonna publish that to the to the broker and
11:29
the broker has a plug-in wrote in Python which uses some which basically makes a call just the off
11:37
introspection API which is a RESTful call into the RDP to say what's gone does this have token have the scope of basically the access control so and I encoded the scope was a bit of Jason saying you can read or write to the set of 2 topics so that's a that's how I included the the scope thinking so then that the ordering of AC tries to publish particular topic and the service saying does this user have does this this device have the credential and they also have a subscriber that's going to see also use the same mechanism to get its subscription and basically all data from that little clip any questions it will become a little bit clearer with the donor is not a beautiful graphic demo like the first one was those of a repressed by that but also the world will change when 1 should all bunch of back moments I'm using uh all of this is open source but this bet is just Dehak basically the visit also over here which is which is from my company but it's open pure Apache open source and if there is a a sort pseudo standard inspection EPI forgetting the stroke From here but we don't implement yet we're gonna at it so I have just yeah have something that's that's that's just transferring that I could make the soap calling here that this offers but I really like opened and will have to start from Python a bridge that into the standard call as can be in the next release of sun that's a sort of hack but apart from that and this API here is where number 1 is
13:17
coming in is completely standard that specified by the really I think your spec should specify this 1 as well the and for some reason the standardization of this in the ITF is cost all that and and 1 because this is a
13:33
useful API to say give me a token Now let me know what the lifetime laughter can is what the scope of this insightful which is what this means for some reason that sort of Salinas was behind the scenes by the old guys so
13:48
the I and II because of the the way this is failed so many times today i'm gonna
13:53
of I should buy possible most of splitting show you just completed so the 1st step would be basically when you create your device so you need to to talk push that refresh token into here so the 1st thing I do
14:08
is I go to a a window here and I
14:13
have a little um a little that create tokens script the and this basically just does a
14:27
redirect to my ID so this is a redirect to the IDP saying in the weather
14:33
resource services on on not this in my job on your hand you over to the to the 0
14:39
will so this is like when you go to facebook and it says do you want to give this up mission to do this so and and I don't have a sense of self certificate on here so this is the same as it's trust so this is now you have to log in and say who you are is giving permission to this so I put in my credentials and then use from and this and Bingo and then it says uh and then that scope should really be some meaningful statement do you want to publish uh June to allow this device to publish your
15:18
topic we should be what it says are eyeing I've got it in a sort of IID of God adjacent string and there was some problems of the wave Jason stored because it's space delimited scopes you know of so I by 64 encode wages so it's not very useful but but it gives you the idea so that obscure strength as gets gives people permission to to publish to this particular topic and then I mean I'm
15:49
having breakthroughs in Denmark so then I get
15:53
some token refraction Barrett tokens with a lifetime they now have to be zapped into my oddly enough but under avoid that for the moment and if it fails in the Chinese so I'm hoping that the that that's why you a different ID because I'm hoping that I haven't ever written the tokens and when mother water so have some tokens already written here and then I would and
16:16
then basically what's gonna happen now is
16:21
in the Pollock 1 of my many windows which has got my broken to so this is my mosquito broker with the extra bit of current inadmissible was looking the plugged in
16:36
my we know the and it has music no it's not the standard and just treatment and with with that I was just somewhere else on the window so what's happened here is that it's basically the oddly node his connected and has tried to connect with a dummy token which is the 0 1 2 3 4 so that's my expired and it's failed to go back and you got the wrong credentials and that's reconnected as with the with really this should be connected to different parts this point this should be saying under talk to my deeply and connected and and get my and refreshment I've got a fudge that by having a on the same broke rose the results so that's that's actually a big security all but it's easily fixed so then it's now we know that there's a simple script called refresher is basically converts when QTT which is that takes that token and sends it to the IDP and says here we go so what this refresh token for a real new access token that republishes it back on 10 QTT where the current picks it up disconnects and then it now reconnects to the token as you can see I'm now getting some uh data from my in from my uh accelerometer here and the whole thing
18:42
dies alone but because gonna cashing in here so for every single publishers doing it's making a city people smile of server and so cruddy Python script running in the broker and I have a feeling it's it's not garbage collected properly in the summary really and is annoying but because it's visually doing you thousands and thousands of features we request against the source of the so it was that's easily fixed by firstly getting someone who actually what code to do it and and secondly so they're putting some cashing in there which is of this because when you get back that start from the introspection server forged about most slots
19:24
so yeah when it gets
19:27
this scope here it gets a lifetime for that token so it can and so can I know that the whole is that this
19:36
holds ordering is authorized to publish for the next 60 minutes so now I can catch that the so so OK not not the most exciting demos but I think would have demonstrated here is firstly there are some tricky bits in using a war honor up such a small device it's not the actual token as easy as just a for 1340 by character but the re fresh little flow there is a pain because you've got you know you've got whatever your COA PON QTC protocol and then some new Mentadent http request over somewhere else the so by swapping it out and using the same protocol for both of those I get round that some interesting things here so lessons learnt well my and
20:27
QTT and I to C code took up 90 % 7 % of the memory my during so I really didn't have room for the
20:36
HTTP library as well and in fact I had to cut out some of the other 2 C code to to actually get it all in so another big issue is that it's a huge security flaw sending is refreshed token access token without some kind of encryption
20:56
so there's no TLS on on this ordering so I think that's something that we need to solve is how to do encryptions of it's a problem for anything from setting user ID and password that's society so I don't feel it's any worse with loss but it's only a problem that these resolving in this scenario I would assume that i've going to have to have some local security to solve that work with some kind of Wi-Fi security from using a Wi-Fi network and 1 of the challenges here is that the old implementations you know are all yeah they'll follow suspect respect have lots of little options and so when you in such a small device those of options matter so for example the refresh token can get changed every time it gets every time you use it it could get changed now I think that's a problem in a device like this because it's with no reliability so my send out a message saying please change why refreshed token and then the network dies or gets tongue or something and I never get the new refreshed OK now the old one's dead this hard coded need from here I haven't had a chance of dated Hollister get you refers to it so there are some challenges with different will specs and you need the right settings on those implementations to to suit so I wanna make sure that I have a very long lifetime among 1st token on this device which might not be appropriate in a mobile phone where it's easy to get the person to log and resent it but on embedded devices heart um what is it
22:38
that and it's so I think the other thing is that some vowels implementations let you
22:46
update the spec so the stop for it for token but others don't they just assume OK you want a different scope you're going kill that token and do that login thing I showed you again course on embedded devices known 1 so for those devices you need to build to update the stroke without changing the time like so so I've got my devices in my house and then suddenly I have a softer update in the through something different published a different topic or different target I need to build update the stroke without changing the token and I told you this was a bit of a security flaw in the way that I have had it all going through the resource server which is I'm QTT broker relations had to brokers but there's more of a deal at 1 of the other challenges is there is no and QTT is really appeal pub sub model says no well defined way if they are just was and is refreshed token back to just this device so what I did was I basically created a topic hierarchy such clients in the client ID and ii uh implanted custom security role in my in my security at to say the only this device can can pop subscribe to that topic so only this device is going to get data but I feel that should at least be a so there should be some kind of standard model for lot in maybe not in the spec itself but In the kind of in general way that people use in QTC so the next step so I wanna do the same thing for the for the Constrained Application Protocol on the other right the particles that won't arm of a study to fix my implementation did work
24:27
but early just in and I think there's that little flow with QTT t or with COA people to be defined in the same
24:35
way that is friction to here's how you do a refresh on a different protocol i if anyone's interested in this or has any other ideas on on federated so but things that should be used with please contact me on I'm interested in collaborating and this contact me and here which any questions we
25:00
can actually have time for questions maybe just 1
25:03
1 question it God my watch we had 2 minutes if you replace the going intervene the you know our some device that actually can cast memory and CPU for incremental QS World proper authentication instead of 1 of the so so I agree I mean I think that's important and but as far as I know there's no TLS library any ordering of so I think that needs to be written so if anyone wants to do that please please do that we really import really useful I the other option would be something like you know there are some the CCA elliptic cryptography chips the right cheek they're like 40 50 cents um which would also probably allow you to do it on a on a really cheap device like this with controller so I think it is a balance is nitida in hardware with a shield or and then and then it's sort of overtaken by improving CPU's but on the other hand to those there's a bit controls get cheaper and cheaper and so the ability of tell us on a really really cheap devices also useful tips this we'll be complemented bottled water on us because that just as well thank you very much so we have a five-minute minute break and then we will talk on the next
