The Internet of Things (IoT) suffers from critical, systemic, security and privacy flaws. Problems of Spoofable Identities, Weak Authentication and Ambient Authority are common in most deployments.
Businesses see IoT solutions as an opportunity to reduce costs, increase employee safety and create new revenue streams. Consumers often love the convenience offered by home and wearable IoT products. Adoption is growing rapidly and simultaneously there has been a steady escalation in the severity of attacks against IoT that compromise private information and critical systems.
This talk will discuss how several cryptographic protocol building-blocks, that have been proven in other domains, can be adapted to address foundational problems in IoT. For example, we’ll discuss how protocols from open encrypted messaging projects like Signal can be adapted for end-to-end encrypted communication in IoT. How pairing based cryptography, short group signatures and zero knowledge proofs can be used for efficient privacy preserving authorization credentials in resource constrained machines. And many other such examples of applying proven primitives to secure communication and robust access management in real world IoT systems.
We’ll explore how these building blocks can be combined to create an Internet of Things that is dependable and preserves our privacy.
Many of the ideas presented in this talk are being researched, discussed and implemented as Rust and Elixir libraries in our open source project - Ockam
Login to leave a comment
Mrinal Wadhwa
@mrinalwadhwa Submitter
Slides for the talk
https://speakerdeck.com/mrinalwadhwa/cryptographic-protocols-for-a-secure-and-private-iot
Zainab Bawa
@zainabbawa Editor & Promoter
Thanks for the submission, Mrinal.
To move forward, share 3 slides outlining the content you will cover in the talk. This will help the conference editors to provide feedback, and shape the talk for pre-recording.
The outline slides have to be shared by 3 March, latest.
Anand Venkatanarayanan
@anandvenkatanarayanan Editor
Hi Mrinal,
Please proceed further on developing the full slide deck and post the link here. Since we are mostly doing pre-recorded videos, to handle internet outages and better video splicing, it would be best to get the slides in one full go. Typically 10 slides are enough for a 20 minute talk.
Rishu Mehrotra
@gadgetmnky
Hi Mrinal,
Great to hear that we are going to have you talking about IoT security. It would be great to also have some practical examples in terms of implementation included as you touch base on various protocols and systems ?
Mrinal Wadhwa
@mrinalwadhwa Submitter
Hey Rishu, great suggestion! That's the plan, I'll tie each protocol we discuss to the real world applications it solves in a privacy preserving way.
Suman Kar
@banbreach
Hiya! This sounds super interesting. Would you be talking about generic applications or how you are using these building blocks in your work at Ockam?
Mrinal Wadhwa
@mrinalwadhwa Submitter
Hey Suman, I'll speak broadly about cryptographic protocols that can be used to improve security and privacy in the IoT context. Some of these we're buiding in Ockam, some may be built on top of the Ockam foundation in the future and many that are not a fit for what Ockam is doing, but still very interesting.
For example, I'll touch breifly on Apple's Find My protocol which uses cryptography to enable crowd sourced location tracking of a lost device in a way that the location of the device is only revealed to you and not to Apple. This is in big contrast to all other find my lost device services or tile tracker devices/services where having the ability to track/find lost things comes at the privacy cost of the location of your things (i.e you) being tracked and stored, in a central database, at all times.
Suman Kar
@banbreach
Hi Mrinal,
My curiosity's piqued by the examples you have here. I look forward to your session!