see 2021
Session / Identity for Developers

A Discussion on a Design for Authorized Communication Between Local IoT devices and an Internet Accessible Controller

Tuesday, June 22
1:30pm - 1:55pm MDT

There different systems cropping up as part of the explosion of IoT. Most experts believe that this industry will continue growing for the foreseeable future. As we continue to get more and faster networks we will be able to add more and more devices. Particularly with Arduino, Raspberry Pi, and other building blocks more and more individuals and companies are able to get into this marketplace. These devices bring with them some interesting challenges associated with security and IAM. Many developers out there, like me, are curious as to how to resolve these issues as we want to be able to create our own solutions and/or we work for a company that needs to solve this problem. This discussion will dive into one particular solution that combines long-polling, the device authorization grant, and an internet accessible controller to communicate with devices on a local network without opening inbound connections to those devices. We will also spend some time reviewing the attack surfaces of this approach and the required mitigations. Finally, we will spend a little time reviewing some of the COTS solutions that already exist in this area.