Securing Things on the Internet

FOR DEVELOPERS

OUR GOALS

  • Be at least as secure as best-of-breed IoT security

  • Be easy to use for both developers and end-users

  • No username / passwords

  • Provide identity management

  • Provide and minimize transport security

  • Use standard protocols and known crypto

NON GOALS

  • Encryption of stored data

  • Protection from physical attacks

1
2

|pipe| on

YOUR HARDWARE

  • BABY MONITOR

  • DRONE

  • DOORBELL

  • YOUR DEVICE

  • Small Linux

  • CPU

  • ARM CPU

  • .H264

  • H.264 hardware video encoder

  • Small/ no screen or keyboard

  • Bluetooth LE

3

Providing you with an easy-to-embed

WEBRTC AGENT

22° C

  •      Single process and exports local services

  •         •  Video RTP

  •         •  Audio

  •         •  http/websocket and other on request

  •      Over WebRTC to smartphone browsers

  •      Config permitted services and users

22° C

  • Encryption of stored data

  • Exports local services

  •  • Video RTP

  •  •  Audio

  •  •  http/websocket and other on request

  • Over WebRTC to smartphone browsers

  • Config permitted services and users

4

Simply:

A BLACK BOX THAT “DOES WEBRTC”

Signaling WebRTC Inside view of IoT device / camera Audio ALSA Sensor WebSocket Control http Video RTP Config Linux |pipe| works in every smartphone browser 22° C
Inside view of IoT device / camera |pipe| works in every smartphone browser 22° C Audio ALSA Sensor WebSocket Control http Video RTP Linux WebRTC Signaling

|pipe| is familiar for

YOUR WEB DEVELOPER

5

  • Pure JavaScript (pipe.js) supported in all browsers / phones

  • Device services into webpage

  •     • Src for video tag

  •     • Source and sink for webAudio and

  •     • Web socket eg ”ws://localjost:8181/sensor“

  •     • http via device workers - maps device web
          services through NAT to phone

  • ID management / pairing pages as sample code

  • Sample code for Native apps on iOS and Android

  • Device config controls which services are proxied and to whom

6

For example, here is |pipe| on a

PTZ CAM SET-UP

Macro view of IoT device |pipe| installed on camera Existing RTSP Existing Web service Video RTP local http Config
Macro view of IoT device |pipe| installed on camera Existing RTSP Existing Web service Video RTP local http Config

Too Long; Didn’t Read

TL;DR

  • Agent implements WebRTC standards for small devices

  • Client code for modern browsers and native apps

  • Identity managed by local self-signed x509s

  • Identity verified by proximity with QR, BTLE or USB

  • Patents granted on identity management method