IoT suffers from critical, systemic, security flaws. Problems of Spoofable Identities, Weak Authentication and Ambient Authority are common in most deployments. Businesses see IoT solutions as an opportunity to reduce costs, increase employee safety and create new revenue streams. Adoption is growing rapidly and simultaneously there has been a steady escalation in the severity of attacks against IoT. This talk will discuss how several cryptographic protocol building blocks, that have been proven in other domains, can be adapted to address foundational problems in IoT. For example, we'll discuss how protocols from open encrypted messaging projects like Signal can be adapted for end-to-end encrypted communication in IoT. How zero knowledge proofs can be used for efficient privacy preserving authorization in resource constrained machines. And many other such examples of applying proven primitives to robust identity and access management in real world IoT systems.