Jeff,
I won't say that linking everything by a single protocol is desirable, as I don't think it is, but I don't agree that using multiple protocols is a viable defense-in-depth strategy. It could be seen perhaps more like security by obscurity, and while it may initially make it more difficult for adversaries to take over networks and devices, it also makes it harder for us to manage the networks ourselves as we deal with the protocol soup and may give us a false sense of security
Wouldn't it be better to invest in trying to ensure we have a relatively small number of hardened protocols (perhaps engineered for specific problem domains?) that we focus on, rather than a potentially large number of relatively insecure protocols due to the diluted efforts across vendors?
Cheers,
Einar
On Nov 18, 2013, at 10:39 PM, j stollman <stollman.j@gmail.com> wrote:
I am not yet convinced that the ability to link everything through a single protocol is desirable.
The notion of being able to obtain data from all sensors and/or to be able to control all active components is alluring. But, I would assert that anything that we can do with this new ability, adversaries can exploit as well.
The notion of defense-in-depth is to complicate control of devices by using multiple protocols. This makes it more difficult for adversaries to take over our networks and devices.
Deciding which devices to make easily accessible and which to make more complicated is going to be a complicated process.
Jeff_______________________________________________
On Mon, Nov 18, 2013 at 9:16 AM, Salvatore D'Agostino <sal@idmachines.com> wrote:
Thanks Ingo,
Yes that’s a traditional SCADA approach. Certainly applies, sensor \controller\ network
At the same time the reason we are talking about this is that much of this is available at the edge.
Rgds all,
Sal
From: dg-idot-bounces@kantarainitiative.org [mailto:dg-idot-bounces@kantarainitiative.org] On Behalf Of Ingo.Friese@telekom.de
Sent: Monday, November 18, 2013 8:49 AM
To: dg-idot@kantarainitiative.org
Subject: [DG-IDoT] out IDoT topics
Hi All,
I’m back from vacation and business trips. One week ago I promoted our group at IEEE IoT workshop.
Find attached my slide set.
I’d like to draw your attention to slide 4. This is my attempt to cluster and to prioritize different IdM Topics
(identifier, mapping, discovery, authentication, authorization, privacy…).
I saw a youtube video by Scott Jenson (@Paul thanks for sending the link to the list). Scott sees three layers of complexity in the IoT.
- First one is about simple sensors/actuators e.g. measuring the temperature at “central square” – here the challenge is discovery
- Second layer is “control” – it’s about putting some restrictive elements in front of the sensor – a user needs to authenticate etc.
- Third layer is “coordination”-it’s about many devices acting together according to certain policies etc.
Along these layers I located different sub-topics of our identity discussion.
Maybe it’s a good way to bring some order and focus to our groups topics.
It would be good to match this order with your current IoT projects/experiences and provide feedback.
Many greets,
Ingo
_______________________________________________
DG-IDoT mailing list
DG-IDoT@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-idot
--
Jeff Stollman
stollman.j@gmail.com
1 202.683.8699
Truth never triumphs — its opponents just die out.Science advances one funeral at a time.Max Planck
DG-IDoT mailing list
DG-IDoT@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-idot