Professional Documents
Culture Documents
Long-term operation
Technologies become obsolete
Lack of updates
Invisible operation
No visible clues something is wrong
No human operator (for normal use case)
Lack of supervision
Larger scale
More units and attack surfaces
James R. Clapper
http://www.popsci.com/clapper-americas-greatest-threat-is-internet-things
2. HTTP / HTTPS
Client Server
Client Server
https://cert.se/2016/09/mqtt-i-sverige
Intrinsic patterns:
Asynchronous messages (message)
Request/Response (iq)
Publish/Subscribe (presence)
Extended
Publish/Subscribe
(extended by XEP-0060, 0163)
Multicasting
(extended by XEP-0045)
MQTT ✓ ✓
HTTP ✓ ✓
CoAP ✓ ✓ ✓
XMPP ✓ ✓ ✓✓✓ ✓ ✓* ✓
https://gitlab.com/IEEE-SA/XMPPI/IoT
vs
Decentralization
Ubiquitous encryption
Authentication
Authorization
Hashing
Signatures
Anonymization
Pseudonymization
Obfuscation
Data masking
Data aggregation
Security logging
Monitoring
…
Decentralization
Ubiquitous encryption
Even end-to-end encryption
Global identities
Authenticated
Forwarded
Basic communication authorized
Presence negotiation
Consent-based
Required to be able to communicate
using iq and presence.
Consent can be withdrawn.
Bonuses:
Anonymization:
Protects whistle blower or dissident
(or criminal or terrorist)
Makes security decisions difficult.
Amazon
Packt
Microsoft Store
Contact: https://waher.se/