Explore IoT about Authentication, Privacy, Communications and Attacks.
Learn about securing financial APIs and how the standards are being adapted to support Open Banking.
Agenda:
• 6:30 pm - Social
• 6:55 pm - OWASP update
• 7:00 pm - Presentation 1: IoT - Ramesh Krishnasagar, Cisco
• 8:00 pm - Presentation 2: Securing Financial APIs -> moving beyond vanilla OAuth with Dave Tonge, Moneyhub Enterprise
• After - Knights Templar (Wetherspoon's pub)
Presentation 1: IoT - discuss :
1. Authentication.
What types of device require a specific identity, or are identity attributes sufficient in some cases (e.g. a member of a set or an approximate location)? How are device identities established and attributed or distributed? How can device identities or attributes be authenticated? What are the current approaches, derived from fixed network infrastructure, and their strengths and weaknesses in IoT?
2. Privacy. What is the potential for IoT devices to make more information available about individuals’ movements, behaviour and preferences? How can such information be controlled or restricted? Is there opportunity for ‘adware’ with IoT devices – specific tracking features placed by third parties?Will sensor diversity inevitably allow the linkage of distributed information?
3. Communications . What limitations on communication protocols result from the types of device? some contrasting approaches to communication (including ad-hoc networks) and review of their capability, their suitability for different types of device and the feasibility of providing integrity, availability, and confidentiality. Contrast the security solutions with those available for fixed internet network infrastructure.
4 Attacks. What is already known about real attacks on, or using, IoT devices?Do these attacks suggest general trends or threats against a wider range of IoT devices? Do these attacks suggest that existing solutions can be applied to IoT, or are there new problems that require new solutions?
Bio: Ramesh Krishnasagar is a Cyber Security Consultant at Cisco with experience in design, development, integration and testing of embedded system software for major clients.
Presentation 2: "Securing Financial APIs -> moving beyond vanilla OAuth".
Abstract: OAuth 2.0 the least bad option for banking APIs. There is a lot of FUD spread around OAuth 2 and OpenID Connect, in this talk I'll dispel some of the myths, show how the standards are being adapted to support Open Banking and paint a picture of the future that doesn't involve creating a new password for every new service!
Bio: Dave is the CTO of Moneyhub Enterprise, a member of the Open ID Foundation working on open standards for financial APIs and is the technical representative for the Financial Data and Technology Association.