Cryptographic Protocols for a Secure and Private IoT
The Internet of Things (IoT) suffers from critical, systemic, security and privacy flaws. Problems of Spoofable Identities, Weak Authentication and Ambient Authority are common in most deployments.
Businesses see IoT solutions as an opportunity to reduce costs, increase employee safety and create new revenue streams. Consumers often love the convenience offered by home and wearable IoT products. Adoption is growing rapidly and simultaneously there has been a steady escalation in the severity of attacks against IoT that compromise private information and critical systems.
This talk will discuss how several cryptographic protocol building-blocks, that have been proven in other domains, can be adapted to address foundational problems in IoT. For example, we’ll discuss how protocols from open encrypted messaging projects like Signal can be adapted for end-to-end encrypted communication in IoT. How pairing based cryptography, short group signatures and zero knowledge proofs can be used for efficient privacy preserving authorization credentials in resource constrained machines. And many other such examples of applying proven primitives to secure communication and robust access management in real world IoT systems.
We’ll explore how these building blocks can be combined to create an Internet of Things that is dependable and preserves our privacy.
Many of the ideas presented in this talk are being researched, discussed and implemented as Rust and Elixir libraries in our open source project - Ockam
- A talk I presented last year that explores why IoT needs secure messaging.
- A recent talk by Ockam contributor Mike Lodder on the cryptography behind the anonymous, privacy preserving credentials in Ockam.