Upload
others
View
27
Download
0
Embed Size (px)
Citation preview
PRESENTED BY:
IoT Security:
Robert Haynes, Principal Marketing Manager
••••
AppsThingsInternet
5XB
illio
ns
Billions of Devices
2010 2015 2020
10
50
0
20
30
40
48 Billion ‘Things’
25 Billion
12.5 Billion Meat Sack Population <8 Billion
Things
67% of adopters say their IoT projects are mission-critical to their business.
85% of adopters say their IoT projects will be critical to future success.
••••
Example:
55Km/h
35Km/h
04 7 7
04 7 7
Fog Compute
“The most disturbing maneuver came when they cut the Jeep's brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch. ”
70% of MQTT Brokers use no authentication and are discoverable via port scans.*
*https://morphuslabs.com/hacking-the-iot-with-mqtt-8edaf0d07b9b
Own the app: own the physical infrastructure.
*https://blog.kaspersky.com/blackhat-jeep-cherokee-hack-explained/9493/
1.2 Tbps
Your Our
••
•
VerticalsSurvey Response
MQTT100%
CoAP80%
AMQP20%
XMPP20%
HTTP60%
HTTP 2.020%
WebSkt40%
LWM2M60%
ManufacturingFactories, Mining
UtilitiesEnergy
Smart SpacesHome, Building, City
TransportationCars, Public Transit
Platform ProvidersCloud, Service, Integration
1https://www.slideshare.net/henriksjostrand/devmobile-2013-low-latencymessagingusingmqtt
Test HTTP MQTTGet data from server1 302 Bytes 69 BytesSend data to server1 320 Bytes 47 BytesData costs/car/year1 €220 €23Power consumption2 0.2164 mAh/session 0.17 mAh/session -15%
• Lightweight• Asynchronous • Publish-Subscribe• Any data type• Minimal overhead
04 7 7
F5 App Services
ADC
SSL (En/De)cryption+ Load Balancing +
Traffic Cloning + Forward Proxy
ADC
SSL (En/De)cryption
+ Load Balancing + IoT WAF +
Access ControlLTM/ASM/APM
Untrusted Networks
Protected Networks/Resources
BIG-IP SystemBIG-IP System
Security Infrastructure
LegitimateIoT device
Malicious IoT device
Carrier/SPData Center
EnterpriseData Center
MSSPData Center
AFM
AFMBIG-IP System
L3/L4 DOS Protection
FirewallsLTM/AFM
SecurityADCFirewallAFM
DNS
BIG-IP System
DNS DOS + DNS Query Filtering
DNSTraffic steering
Tier1 ADC edge service
Tier2 Core IoT ADC
!
!\
OCSP LDAP
TelemetryInfotainment
50 to 1500 Msgs/Sec/Car
MQTT Broker
Apps
MQTT + iRulesAuth + ID
Load Balancing
Apps
MQTT Broker
MQTT Broker and Client
MQTT Client MQTT over Websockets
MQTT Client
Extract JWT tokenfrom MQTT msg
for authentication.
Insert SSL certCN to MQTT header.
04 7 7
04 7 7
04 7 7
04 7 7
04 7 7
Apps
SecurityLoad Balancing
Traffic Management
•MQTT 3.1 and 3.1.1 native support•Ability to view/modify MQTT packets (iRules)•MQTT Connection logs•MQTT Health Monitor •MQTT authentication offload for the application•MQTT topic based authorization using access policies•MQTT protocol compliance using AFM
Contact: [email protected] to Influence F5 IoT Solution Survey