PRESENTED BY:

IoT Security:

Robert Haynes, Principal Marketing Manager

••••

AppsThingsInternet

5XB

illio

ns

Billions of Devices

2010 2015 2020

10

50

0

20

30

40

48 Billion ‘Things’

25 Billion

12.5 Billion Meat Sack Population <8 Billion

Things

67% of adopters say their IoT projects are mission-critical to their business.

85% of adopters say their IoT projects will be critical to future success.

••••

Example:

55Km/h

35Km/h

04 7 7

04 7 7

Fog Compute

“The most disturbing maneuver came when they cut the Jeep's brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch. ”

70% of MQTT Brokers use no authentication and are discoverable via port scans.*

*https://morphuslabs.com/hacking-the-iot-with-mqtt-8edaf0d07b9b

Own the app: own the physical infrastructure.

*https://blog.kaspersky.com/blackhat-jeep-cherokee-hack-explained/9493/

1.2 Tbps

Your Our

••

•

VerticalsSurvey Response

MQTT100%

CoAP80%

AMQP20%

XMPP20%

HTTP60%

HTTP 2.020%

WebSkt40%

LWM2M60%

ManufacturingFactories, Mining

UtilitiesEnergy

Smart SpacesHome, Building, City

TransportationCars, Public Transit

Platform ProvidersCloud, Service, Integration

1https://www.slideshare.net/henriksjostrand/devmobile-2013-low-latencymessagingusingmqtt

Test HTTP MQTTGet data from server1 302 Bytes 69 BytesSend data to server1 320 Bytes 47 BytesData costs/car/year1 €220 €23Power consumption2 0.2164 mAh/session 0.17 mAh/session -15%

• Lightweight• Asynchronous • Publish-Subscribe• Any data type• Minimal overhead

04 7 7

F5 App Services

ADC

SSL (En/De)cryption+ Load Balancing +

Traffic Cloning + Forward Proxy

ADC

SSL (En/De)cryption

+ Load Balancing + IoT WAF +

Access ControlLTM/ASM/APM

Untrusted Networks

Protected Networks/Resources

BIG-IP SystemBIG-IP System

Security Infrastructure

LegitimateIoT device

Malicious IoT device

Carrier/SPData Center

EnterpriseData Center

MSSPData Center

AFM

AFMBIG-IP System

L3/L4 DOS Protection

FirewallsLTM/AFM

SecurityADCFirewallAFM

DNS

BIG-IP System

DNS DOS + DNS Query Filtering

DNSTraffic steering

Tier1 ADC edge service

Tier2 Core IoT ADC

!

!\

OCSP LDAP

TelemetryInfotainment

50 to 1500 Msgs/Sec/Car

MQTT Broker

Apps

MQTT + iRulesAuth + ID

Load Balancing

Apps

MQTT Broker

MQTT Broker and Client

MQTT Client MQTT over Websockets

MQTT Client

Extract JWT tokenfrom MQTT msg

for authentication.

Insert SSL certCN to MQTT header.

04 7 7

04 7 7

04 7 7

04 7 7

04 7 7

Apps

SecurityLoad Balancing

Traffic Management

•MQTT 3.1 and 3.1.1 native support•Ability to view/modify MQTT packets (iRules)•MQTT Connection logs•MQTT Health Monitor •MQTT authentication offload for the application•MQTT topic based authorization using access policies•MQTT protocol compliance using AFM

Contact: iot@f5.comPower to Influence F5 IoT Solution Survey