1
00:00:06,209 --> 00:00:08,769
hey welcome to cloud on air live

2
00:00:08,769 --> 00:00:11,199
webinars from Google cloud we're hosting

3
00:00:11,199 --> 00:00:13,210
webinars every Tuesday my name is

4
00:00:13,210 --> 00:00:15,339
Anthony possum art the head of product

5
00:00:15,339 --> 00:00:17,829
for our cloud IOT offering and today

6
00:00:17,829 --> 00:00:19,239
we're gonna be talking about IOT

7
00:00:19,239 --> 00:00:21,550
security and how to make your solutions

8
00:00:21,550 --> 00:00:24,670
secure you can ask questions anytime on

9
00:00:24,670 --> 00:00:26,320
the platform and we have Google Earth on

10
00:00:26,320 --> 00:00:29,169
standby to answer them so let's get

11
00:00:29,169 --> 00:00:30,268
started

12
00:00:30,268 --> 00:00:33,850
so making IOT solutions secure security

13
00:00:33,850 --> 00:00:36,159
is top of mind for everybody it's it

14
00:00:36,159 --> 00:00:38,619
it's mostly driven because of all the

15
00:00:38,619 --> 00:00:40,799
recent attacks and it's been in the news

16
00:00:40,799 --> 00:00:44,049
around a IOT security you know think

17
00:00:44,049 --> 00:00:46,859
about Mira Mira I was taking over some

18
00:00:46,859 --> 00:00:49,570
cameras in the wild and using them to do

19
00:00:49,570 --> 00:00:51,369
didn't distributed denial-of-service

20
00:00:51,369 --> 00:00:54,039
attacks that was 2.5 million devices

21
00:00:54,039 --> 00:00:56,590
affected by this kind of attack more

22
00:00:56,590 --> 00:00:59,189
recently things like meltdown inspector

23
00:00:59,189 --> 00:01:01,988
literally touched about every computer

24
00:01:01,988 --> 00:01:04,719
out there including IOT devices that

25
00:01:04,719 --> 00:01:06,640
without was that was a big one that

26
00:01:06,640 --> 00:01:08,230
needed to be solved so all those

27
00:01:08,230 --> 00:01:10,659
security issues and even a more recent

28
00:01:10,659 --> 00:01:12,849
one with z-wave are putting a lot of

29
00:01:12,849 --> 00:01:15,640
pressure into IT professionals and and

30
00:01:15,640 --> 00:01:19,000
people working in IOT to really make

31
00:01:19,000 --> 00:01:21,040
those solutions secure so today we're

32
00:01:21,040 --> 00:01:23,730
going to talk about how to make that

33
00:01:23,730 --> 00:01:27,549
secure there's more and more devices out

34
00:01:27,549 --> 00:01:29,140
there you know a lot of people throw big

35
00:01:29,140 --> 00:01:31,209
numbers what I like to look at is the

36
00:01:31,209 --> 00:01:33,670
current number of devices and the growth

37
00:01:33,670 --> 00:01:35,290
it's about eighty four point eight point

38
00:01:35,290 --> 00:01:37,480
four billion devices connected today

39
00:01:37,480 --> 00:01:40,750
it's growing about 30% a year what that

40
00:01:40,750 --> 00:01:42,640
tells me it's the attack surface is

41
00:01:42,640 --> 00:01:44,349
actually growing rapidly it's not so

42
00:01:44,349 --> 00:01:46,120
much the number of devices just every

43
00:01:46,120 --> 00:01:47,680
new device out there is a new

44
00:01:47,680 --> 00:01:50,200
opportunity for an attacker to take over

45
00:01:50,200 --> 00:01:53,049
and cause sun damage so that's that's

46
00:01:53,049 --> 00:01:55,030
what worries some about the growth and

47
00:01:55,030 --> 00:01:57,310
it can come from everywhere we've seen

48
00:01:57,310 --> 00:02:00,480
for example there was a hack in a casino

49
00:02:00,480 --> 00:02:04,959
in the US where the casino got hacked

50
00:02:04,959 --> 00:02:07,719
through a fishtank thermostat so some

51
00:02:07,719 --> 00:02:10,118
attacker got into that thermostat I was

52
00:02:10,118 --> 00:02:11,650
in the casino and through that

53
00:02:11,650 --> 00:02:13,628
thermostat I get access to the network

54
00:02:13,628 --> 00:02:16,150
and got access to a bunch of data from

55
00:02:16,150 --> 00:02:18,098
the players in the casino that was a

56
00:02:18,098 --> 00:02:19,659
pretty big deal they actually didn't

57
00:02:19,659 --> 00:02:21,159
discover that attack for a little bit of

58
00:02:21,159 --> 00:02:23,379
time and we're wondering why this

59
00:02:23,379 --> 00:02:25,090
thermistor I was sending so much data

60
00:02:25,090 --> 00:02:27,250
out to the cloud well now they know what

61
00:02:27,250 --> 00:02:29,919
it was a little bit of a big deal but

62
00:02:29,919 --> 00:02:31,150
that shows you the importance of

63
00:02:31,150 --> 00:02:33,759
securing the IOT devices not only the

64
00:02:33,759 --> 00:02:37,719
network itself 71 percent of the attacks

65
00:02:37,719 --> 00:02:40,180
go and detected so that's that's a big

66
00:02:40,180 --> 00:02:42,189
number we need to do better here and

67
00:02:42,189 --> 00:02:43,990
it's really more than money it's also

68
00:02:43,990 --> 00:02:46,360
the reputation you've probably heard

69
00:02:46,360 --> 00:02:49,780
about the Equifax breach where all those

70
00:02:49,780 --> 00:02:51,819
social security number information about

71
00:02:51,819 --> 00:02:55,020
users were pulled out of their system

72
00:02:55,020 --> 00:02:57,400
early really really worrisome to be

73
00:02:57,400 --> 00:02:59,409
honest their stock price fell 30 percent

74
00:02:59,409 --> 00:03:01,569
right the same day I mean the day after

75
00:03:01,569 --> 00:03:04,530
the the the attack was was unveiled and

76
00:03:04,530 --> 00:03:08,469
that's that's pretty rough I know you're

77
00:03:08,469 --> 00:03:10,210
talking millions of dollars lost because

78
00:03:10,210 --> 00:03:12,520
of that attack so it's not just money

79
00:03:12,520 --> 00:03:14,650
it's also a reputation I don't know if I

80
00:03:14,650 --> 00:03:17,860
would trust Equifax anymore maybe but

81
00:03:17,860 --> 00:03:19,900
it's you got to really consider the the

82
00:03:19,900 --> 00:03:22,659
cost of being hacked as a device and

83
00:03:22,659 --> 00:03:24,699
being in the news and people talking

84
00:03:24,699 --> 00:03:26,500
about your your devices being hacked

85
00:03:26,500 --> 00:03:28,870
that's sometimes more important than

86
00:03:28,870 --> 00:03:32,979
just the money so security cannot be an

87
00:03:32,979 --> 00:03:34,810
afterthought it has to be built in your

88
00:03:34,810 --> 00:03:37,030
system has to start from the ground up

89
00:03:37,030 --> 00:03:38,919
as you're building your solution and

90
00:03:38,919 --> 00:03:41,709
also we'll look at how you know some

91
00:03:41,709 --> 00:03:43,569
ways to retrofit those solutions but it

92
00:03:43,569 --> 00:03:45,159
cannot be an afterthought and this is

93
00:03:45,159 --> 00:03:47,830
the subject here the problem is it's

94
00:03:47,830 --> 00:03:50,139
really complicated you talk about

95
00:03:50,139 --> 00:03:52,930
mechanical designs and PCB designs we're

96
00:03:52,930 --> 00:03:54,340
talking about the supply chain and

97
00:03:54,340 --> 00:03:56,620
securing the supply chain talking about

98
00:03:56,620 --> 00:03:58,060
the firmware development and security

99
00:03:58,060 --> 00:04:01,389
firmware the network connectivity your

100
00:04:01,389 --> 00:04:03,550
cloud back in your mobile and web apps

101
00:04:03,550 --> 00:04:06,459
even the processing and analytics the

102
00:04:06,459 --> 00:04:08,379
support over time something that people

103
00:04:08,379 --> 00:04:10,360
overlooked often they'll secure device

104
00:04:10,360 --> 00:04:12,069
but what happens two years from now five

105
00:04:12,069 --> 00:04:13,629
years from now how do you keep that

106
00:04:13,629 --> 00:04:16,389
device secure and the overall cost and

107
00:04:16,389 --> 00:04:18,790
ROI and the business model associated

108
00:04:18,790 --> 00:04:20,829
you have to think about all of this as

109
00:04:20,829 --> 00:04:23,199
you're building a solution and security

110
00:04:23,199 --> 00:04:25,269
has to come in all of those items as

111
00:04:25,269 --> 00:04:28,300
well so we're going to look at four

112
00:04:28,300 --> 00:04:30,970
different areas of your solution

113
00:04:30,970 --> 00:04:33,310
starting from hardware and connectivity

114
00:04:33,310 --> 00:04:36,430
how to secure that the IOT platform the

115
00:04:36,430 --> 00:04:39,009
device management the ETL ingestion how

116
00:04:39,009 --> 00:04:41,949
to secure that the Big Data ml and AI

117
00:04:41,949 --> 00:04:44,350
and then the mobile web and back-end

118
00:04:44,350 --> 00:04:46,860
that cuts across the stree three buckets

119
00:04:46,860 --> 00:04:49,779
will focus more on the hardware in

120
00:04:49,779 --> 00:04:51,610
connectivity and the IOT platform today

121
00:04:51,610 --> 00:04:54,430
we'll assume that the security of mobile

122
00:04:54,430 --> 00:04:56,439
apps web apps and you know big data on

123
00:04:56,439 --> 00:04:58,050
email that's kind of taken care of

124
00:04:58,050 --> 00:05:00,579
because the subject is more around the

125
00:05:00,579 --> 00:05:04,360
IOT side of things so first thing is to

126
00:05:04,360 --> 00:05:06,790
choose a platform that is secure and you

127
00:05:06,790 --> 00:05:08,379
know you can cover yourself you trust

128
00:05:08,379 --> 00:05:10,839
but you have to verify this why for

129
00:05:10,839 --> 00:05:13,810
example the Google cloud platform as ISO

130
00:05:13,810 --> 00:05:16,149
certification HIPAA compliance no

131
00:05:16,149 --> 00:05:18,550
FedRAMP a lot of the certification that

132
00:05:18,550 --> 00:05:21,100
are verified by third-party vendors to

133
00:05:21,100 --> 00:05:23,199
say yes Google Cloud is secure you can

134
00:05:23,199 --> 00:05:26,290
trust them put your data in there but

135
00:05:26,290 --> 00:05:28,300
also we are working with other

136
00:05:28,300 --> 00:05:30,910
institutions like the FDIC or no some

137
00:05:30,910 --> 00:05:33,040
some of the other logos in there to

138
00:05:33,040 --> 00:05:35,439
really stay ahead and look at the

139
00:05:35,439 --> 00:05:37,300
security holistically and really try to

140
00:05:37,300 --> 00:05:39,790
find those those problems before they

141
00:05:39,790 --> 00:05:41,949
occur so that's a very important effort

142
00:05:41,949 --> 00:05:44,079
that Google's undertaking making the

143
00:05:44,079 --> 00:05:46,149
Google cloud platform extremely secure

144
00:05:46,149 --> 00:05:49,720
for your solution we really built that

145
00:05:49,720 --> 00:05:52,300
solution at Google from the ground that

146
00:05:52,300 --> 00:05:54,250
we're thinking security at the hardware

147
00:05:54,250 --> 00:05:57,160
level any software the storage the

148
00:05:57,160 --> 00:05:59,740
identity you know looking at the network

149
00:05:59,740 --> 00:06:01,629
and operations of that network really

150
00:06:01,629 --> 00:06:05,170
thinking security at every layer of that

151
00:06:05,170 --> 00:06:08,050
cake here to make sure that we offer

152
00:06:08,050 --> 00:06:10,029
those secure solution for you and you

153
00:06:10,029 --> 00:06:12,129
can trust that cloud infrastructure for

154
00:06:12,129 --> 00:06:14,079
your application your analytics your ml

155
00:06:14,079 --> 00:06:16,420
and AI you can trust those to build your

156
00:06:16,420 --> 00:06:21,279
IT solution so to illustrate how you can

157
00:06:21,279 --> 00:06:23,560
secure your IT solution we really want

158
00:06:23,560 --> 00:06:25,089
it to go through a little bit of a story

159
00:06:25,089 --> 00:06:28,060
time and tell the story of a company and

160
00:06:28,060 --> 00:06:29,649
you know you can pick any name I'll take

161
00:06:29,649 --> 00:06:33,129
Acme who for example and take a company

162
00:06:33,129 --> 00:06:35,529
that wants to build an IOT device today

163
00:06:35,529 --> 00:06:37,750
what do they have to look at and what do

164
00:06:37,750 --> 00:06:40,899
they go through in their journey to a

165
00:06:40,899 --> 00:06:43,569
solution and to make that secure so they

166
00:06:43,569 --> 00:06:45,610
have to look at encryption obviously of

167
00:06:45,610 --> 00:06:46,439
data

168
00:06:46,439 --> 00:06:49,559
authentication of devices and users at

169
00:06:49,559 --> 00:06:52,499
the manufacturing security at the boot

170
00:06:52,499 --> 00:06:55,348
and at the key rotation over time so

171
00:06:55,348 --> 00:06:57,300
those are five elements that are really

172
00:06:57,300 --> 00:06:58,709
important to look at as they're building

173
00:06:58,709 --> 00:06:59,848
your solution so we're going to go

174
00:06:59,848 --> 00:07:02,848
through each of them and see how to to

175
00:07:02,848 --> 00:07:05,519
make that secure so the first thing is

176
00:07:05,519 --> 00:07:08,550
data encryption so data encryption here

177
00:07:08,550 --> 00:07:09,869
we're talking about data encryption in

178
00:07:09,869 --> 00:07:13,259
transit TLS is what most people should

179
00:07:13,259 --> 00:07:16,338
be using it's a very standard protocol

180
00:07:16,338 --> 00:07:18,809
you can know it's used to connect to

181
00:07:18,809 --> 00:07:21,838
your bank if you're familiar with that

182
00:07:21,838 --> 00:07:23,610
I mean TLS is very well known it's very

183
00:07:23,610 --> 00:07:24,949
well deployed it's been battle tested

184
00:07:24,949 --> 00:07:27,149
this is something that you should always

185
00:07:27,149 --> 00:07:29,309
have between your device and the cloud

186
00:07:29,309 --> 00:07:30,778
platform the Google cloud platform you

187
00:07:30,778 --> 00:07:33,238
should be using TLS for data encryption

188
00:07:33,238 --> 00:07:35,610
in transit that's very important and

189
00:07:35,610 --> 00:07:37,860
that's a given that's the first thing so

190
00:07:37,860 --> 00:07:39,629
they say okay well use ACK missus well

191
00:07:39,629 --> 00:07:41,218
use TLS to communicate between our

192
00:07:41,218 --> 00:07:42,658
device and we will go have that for

193
00:07:42,658 --> 00:07:45,629
great now how do you efendi Kate we have

194
00:07:45,629 --> 00:07:47,399
encryption we need to authenticate those

195
00:07:47,399 --> 00:07:50,639
devices there's two really two ways to

196
00:07:50,639 --> 00:07:52,319
authenticate devices if you wish there's

197
00:07:52,319 --> 00:07:53,848
kind of a certificate based

198
00:07:53,848 --> 00:07:55,709
authentication and a password based

199
00:07:55,709 --> 00:07:59,189
authentication do not use password based

200
00:07:59,189 --> 00:08:02,908
for devices password are for human you

201
00:08:02,908 --> 00:08:05,579
know password is what is a is an element

202
00:08:05,579 --> 00:08:09,028
that somebody has in their head and the

203
00:08:09,028 --> 00:08:11,069
head is the secure storage you're not

204
00:08:11,069 --> 00:08:12,658
supposed to write it down in a post-it

205
00:08:12,658 --> 00:08:14,038
and put it on your keyboard that's not

206
00:08:14,038 --> 00:08:15,658
how you do it you keep it in your head

207
00:08:15,658 --> 00:08:18,088
and then because I know the password I

208
00:08:18,088 --> 00:08:20,069
can authenticate so that I'm the secure

209
00:08:20,069 --> 00:08:22,709
element here the problem with the

210
00:08:22,709 --> 00:08:24,658
password is if somebody else knows your

211
00:08:24,658 --> 00:08:27,598
password that other person is you

212
00:08:27,598 --> 00:08:30,509
there's no validation that you are you

213
00:08:30,509 --> 00:08:32,250
are the person you say you are you're

214
00:08:32,250 --> 00:08:34,679
just showing a password and it says I am

215
00:08:34,679 --> 00:08:36,778
me and it's that's why the secure

216
00:08:36,778 --> 00:08:38,818
storage in your head is very important

217
00:08:38,818 --> 00:08:40,469
is to prove that it is you but the

218
00:08:40,469 --> 00:08:42,179
problem that's the main issue with the

219
00:08:42,179 --> 00:08:44,458
password password is you with a

220
00:08:44,458 --> 00:08:46,350
certificate there's a certificate

221
00:08:46,350 --> 00:08:48,509
authority that validates that what

222
00:08:48,509 --> 00:08:50,610
you're presenting as an identity is

223
00:08:50,610 --> 00:08:52,438
actually you so that authority will say

224
00:08:52,438 --> 00:08:54,778
yes yes that public key that certificate

225
00:08:54,778 --> 00:08:58,289
great that's device ABC and that's great

226
00:08:58,289 --> 00:09:00,309
so you should always use sir

227
00:09:00,309 --> 00:09:01,990
ticket for devices because you don't

228
00:09:01,990 --> 00:09:04,960
have a head as a secure storage as a

229
00:09:04,960 --> 00:09:07,179
human does so this is very important and

230
00:09:07,179 --> 00:09:10,059
also that third-party validation of the

231
00:09:10,059 --> 00:09:12,399
identity is very important so use

232
00:09:12,399 --> 00:09:14,799
certificate for devices fine

233
00:09:14,799 --> 00:09:16,659
so Acme says okay well use TLS for

234
00:09:16,659 --> 00:09:19,059
encryption will use certificate for

235
00:09:19,059 --> 00:09:21,669
identity but then I have a I have

236
00:09:21,669 --> 00:09:24,100
certificate so I have public keys and

237
00:09:24,100 --> 00:09:26,559
private keys how do I give those keys to

238
00:09:26,559 --> 00:09:28,450
my manufacturer how do I put those keys

239
00:09:28,450 --> 00:09:30,580
on my device and that's actually a

240
00:09:30,580 --> 00:09:33,399
pretty big problem it is there there's

241
00:09:33,399 --> 00:09:35,339
several ways you can do that you can

242
00:09:35,339 --> 00:09:38,169
create a file with all the keys and send

243
00:09:38,169 --> 00:09:40,299
that file to your manufacturer that's

244
00:09:40,299 --> 00:09:42,940
one way to do it you have to trust your

245
00:09:42,940 --> 00:09:44,409
manufacturer at this point because the

246
00:09:44,409 --> 00:09:46,778
manufacturer has like seize your keys

247
00:09:46,778 --> 00:09:49,089
and they can actually copy those keys if

248
00:09:49,089 --> 00:09:52,600
their malicious a bit it does happen

249
00:09:52,600 --> 00:09:55,149
fairly often then the manufacturer will

250
00:09:55,149 --> 00:09:56,919
generate all your devices and your

251
00:09:56,919 --> 00:09:58,269
device is fine and then all of a sudden

252
00:09:58,269 --> 00:10:00,669
you see maybe 10% of those devices or

253
00:10:00,669 --> 00:10:03,429
rogue devices are fake devices but using

254
00:10:03,429 --> 00:10:06,039
valid keys the copies of existing keys

255
00:10:06,039 --> 00:10:07,600
because they were in a file and they've

256
00:10:07,600 --> 00:10:08,919
been copied so it's a little bit of an

257
00:10:08,919 --> 00:10:11,409
issue so that's not really a good way to

258
00:10:11,409 --> 00:10:13,809
do it the other ways to say hey

259
00:10:13,809 --> 00:10:15,549
manufacturer you're gonna put you're

260
00:10:15,549 --> 00:10:17,649
gonna do an API call every time you're

261
00:10:17,649 --> 00:10:19,179
gonna flash that firmware and my

262
00:10:19,179 --> 00:10:20,830
identities you're gonna do an API call

263
00:10:20,830 --> 00:10:23,019
to a back-end to get the keys right on

264
00:10:23,019 --> 00:10:26,559
time the manufacturers hate that because

265
00:10:26,559 --> 00:10:28,750
it slows down the manufacturing process

266
00:10:28,750 --> 00:10:31,000
so imagine that you will call they get

267
00:10:31,000 --> 00:10:33,009
the kid the key that's a roundtrip

268
00:10:33,009 --> 00:10:34,480
you know they get to download that key

269
00:10:34,480 --> 00:10:35,950
they have to flash it then they go to

270
00:10:35,950 --> 00:10:37,809
the next device that's fairly slow and

271
00:10:37,809 --> 00:10:39,519
what happens sometimes is that call

272
00:10:39,519 --> 00:10:42,100
doesn't work but that calls to slow its

273
00:10:42,100 --> 00:10:44,320
slowing down the manufacturing process

274
00:10:44,320 --> 00:10:47,080
which adds cost to you so when they do

275
00:10:47,080 --> 00:10:48,879
that they will actually charge you way

276
00:10:48,879 --> 00:10:51,070
more than just a standard manufacturing

277
00:10:51,070 --> 00:10:53,500
process that goes really fast so that's

278
00:10:53,500 --> 00:10:55,179
costing a lot of money and they usually

279
00:10:55,179 --> 00:10:56,649
don't like that actually a lot of math

280
00:10:56,649 --> 00:10:58,690
structures don't even have their

281
00:10:58,690 --> 00:11:00,190
manufacturing line connected to the

282
00:11:00,190 --> 00:11:01,929
internet that they don't even allow you

283
00:11:01,929 --> 00:11:04,539
to do this so you revert to giving them

284
00:11:04,539 --> 00:11:07,000
a file with the copies of the keys so

285
00:11:07,000 --> 00:11:09,399
that's not that's not great so we need

286
00:11:09,399 --> 00:11:11,139
to find we need to find a solution for

287
00:11:11,139 --> 00:11:13,750
that

288
00:11:13,750 --> 00:11:17,049
Els mutual authentication so this is the

289
00:11:17,049 --> 00:11:18,250
authentication we say what we're gonna

290
00:11:18,250 --> 00:11:20,259
use we were going to use certificates

291
00:11:20,259 --> 00:11:23,740
great so the certificate can be used to

292
00:11:23,740 --> 00:11:25,870
authenticate the cloud like you would

293
00:11:25,870 --> 00:11:27,820
authenticate with your bank when you do

294
00:11:27,820 --> 00:11:29,860
that the bank knows it's you know it's

295
00:11:29,860 --> 00:11:31,299
the bank but the bank doesn't know it's

296
00:11:31,299 --> 00:11:32,590
you until you put your username password

297
00:11:32,590 --> 00:11:34,600
it's the same for device they can

298
00:11:34,600 --> 00:11:37,809
authenticate the cloud the cloud needs

299
00:11:37,809 --> 00:11:39,789
to authenticate the device so it's a

300
00:11:39,789 --> 00:11:42,460
mutual authentication both ways and you

301
00:11:42,460 --> 00:11:44,259
can use TLS with you a lot to do that

302
00:11:44,259 --> 00:11:46,720
there's good and bad for it it's not all

303
00:11:46,720 --> 00:11:50,769
good so we'll look at that and finally

304
00:11:50,769 --> 00:11:53,429
secure boot we want to make sure that

305
00:11:53,429 --> 00:11:56,049
what the device is running when it boots

306
00:11:56,049 --> 00:11:58,210
is what's supposed to be running the

307
00:11:58,210 --> 00:11:59,830
first thing that a hacker will do when

308
00:11:59,830 --> 00:12:01,120
they get on to a device they'll modify

309
00:12:01,120 --> 00:12:03,759
the firmware so the device cannot do

310
00:12:03,759 --> 00:12:05,500
what it's supposed to be doing Mira I

311
00:12:05,500 --> 00:12:07,210
was doing that Mira I would get on the

312
00:12:07,210 --> 00:12:09,610
device shut off everything every other

313
00:12:09,610 --> 00:12:11,889
connection and reconfigure itself so

314
00:12:11,889 --> 00:12:14,049
nobody else could come in actually would

315
00:12:14,049 --> 00:12:16,000
shut down any other Mira attack which

316
00:12:16,000 --> 00:12:17,830
was pretty good but it would shut down

317
00:12:17,830 --> 00:12:20,049
any access to the device then it would

318
00:12:20,049 --> 00:12:21,700
reconfigure the device to do what it

319
00:12:21,700 --> 00:12:24,490
wanted it to be to do so make sure that

320
00:12:24,490 --> 00:12:26,740
when the device boots there's a

321
00:12:26,740 --> 00:12:28,509
validation of the firmware that says yes

322
00:12:28,509 --> 00:12:30,549
yes it is right it is the right firmware

323
00:12:30,549 --> 00:12:32,049
and it's supposed to boot the right way

324
00:12:32,049 --> 00:12:33,970
and it's doing the right thing so I let

325
00:12:33,970 --> 00:12:35,620
the device boot so that's secure boot

326
00:12:35,620 --> 00:12:37,419
and that's really important to implement

327
00:12:37,419 --> 00:12:42,460
in your device and the key rotation is

328
00:12:42,460 --> 00:12:44,440
something that is actually forgotten

329
00:12:44,440 --> 00:12:47,889
quite often you need to think more than

330
00:12:47,889 --> 00:12:50,139
a year away you know think four years

331
00:12:50,139 --> 00:12:51,850
five ten years fifteen years in

332
00:12:51,850 --> 00:12:53,679
manufacturing we see 15 20 years

333
00:12:53,679 --> 00:12:57,039
sometimes Keys will rotate will have to

334
00:12:57,039 --> 00:12:58,779
be rotated sometimes they're corrupted

335
00:12:58,779 --> 00:13:00,279
there's been a hack in your back-end

336
00:13:00,279 --> 00:13:03,100
system in your CA the keys have been

337
00:13:03,100 --> 00:13:05,379
exposed you have to rotate them maybe

338
00:13:05,379 --> 00:13:07,990
the CA has to be rotated at a few years

339
00:13:07,990 --> 00:13:10,029
and that's very important that's hard to

340
00:13:10,029 --> 00:13:12,299
do so you have to really consider

341
00:13:12,299 --> 00:13:15,190
throughout your design that the keys are

342
00:13:15,190 --> 00:13:17,919
ephemeral and will have to be changed so

343
00:13:17,919 --> 00:13:19,389
that's something very important to

344
00:13:19,389 --> 00:13:21,639
consider when you build your device

345
00:13:21,639 --> 00:13:24,299
think that your key are not going to be

346
00:13:24,299 --> 00:13:26,830
permanent and will have to be rotated

347
00:13:26,830 --> 00:13:27,519
how

348
00:13:27,519 --> 00:13:30,490
your software and humor manages that to

349
00:13:30,490 --> 00:13:32,559
make sure that that's feasible over time

350
00:13:32,559 --> 00:13:34,149
that's very that's a very important

351
00:13:34,149 --> 00:13:37,870
point that's often time overlooked so if

352
00:13:37,870 --> 00:13:39,429
you look at all the challenges so you

353
00:13:39,429 --> 00:13:41,320
need certificates and a certificate

354
00:13:41,320 --> 00:13:43,509
authority and there's complexity coming

355
00:13:43,509 --> 00:13:46,029
with that the manufacturing cost and

356
00:13:46,029 --> 00:13:47,679
risk associated with transferring the

357
00:13:47,679 --> 00:13:49,330
keys to your manufacturer that's the

358
00:13:49,330 --> 00:13:50,070
problem

359
00:13:50,070 --> 00:13:54,370
TLS and TLS mutual loss is actually a

360
00:13:54,370 --> 00:13:56,500
little bit bloated and hard to maintain

361
00:13:56,500 --> 00:13:58,090
so we'll see we'll see how we can solve

362
00:13:58,090 --> 00:14:01,570
this keys are extremely difficult to

363
00:14:01,570 --> 00:14:05,289
store securely in fear Moya if it's fume

364
00:14:05,289 --> 00:14:07,840
wear or software somebody can have

365
00:14:07,840 --> 00:14:10,899
access to it somebody can reverse

366
00:14:10,899 --> 00:14:13,389
engineer the code can decompile and can

367
00:14:13,389 --> 00:14:15,309
get access to those keys it's extremely

368
00:14:15,309 --> 00:14:18,929
hard to secure any key in a theme where

369
00:14:18,929 --> 00:14:21,490
you have to do secure boot and you have

370
00:14:21,490 --> 00:14:23,679
to have key rotation management so those

371
00:14:23,679 --> 00:14:25,600
are six points that are really big

372
00:14:25,600 --> 00:14:27,399
challenges and at this point you're

373
00:14:27,399 --> 00:14:29,830
probably thinking man this is a problem

374
00:14:29,830 --> 00:14:31,570
like how am I going to secure my IOT

375
00:14:31,570 --> 00:14:34,149
devices this is too complicated so let's

376
00:14:34,149 --> 00:14:36,330
see how we can help with that

377
00:14:36,330 --> 00:14:39,070
so let's talk a bit about Google Cloud

378
00:14:39,070 --> 00:14:41,230
IRT the Google car diode chip platform

379
00:14:41,230 --> 00:14:44,080
is a set of services one of the most

380
00:14:44,080 --> 00:14:46,720
recent it's called coyote quartz the big

381
00:14:46,720 --> 00:14:49,840
one on the left here clarity core has

382
00:14:49,840 --> 00:14:51,909
two components a device manager where

383
00:14:51,909 --> 00:14:53,590
you'll declare your devices your

384
00:14:53,590 --> 00:14:55,299
attributes your registries your access

385
00:14:55,299 --> 00:14:57,610
controls all of that and your keys

386
00:14:57,610 --> 00:14:58,899
you're gonna store your keys in there

387
00:14:58,899 --> 00:15:03,009
the public keys and then you have a data

388
00:15:03,009 --> 00:15:07,090
bridge or broker for mqtt and HTTP to be

389
00:15:07,090 --> 00:15:09,100
able to communicate bi-directionally

390
00:15:09,100 --> 00:15:12,100
with the devices and between the devices

391
00:15:12,100 --> 00:15:14,649
and the cloud all the data coming into

392
00:15:14,649 --> 00:15:16,600
cloud IT core is passed on to cloud

393
00:15:16,600 --> 00:15:20,440
pub/sub a globally available messaging

394
00:15:20,440 --> 00:15:22,360
service from pub/sub you can trigger

395
00:15:22,360 --> 00:15:24,250
your cloud function serverless functions

396
00:15:24,250 --> 00:15:26,649
and compute you can trigger data flows

397
00:15:26,649 --> 00:15:29,139
that can do streaming analytics over a

398
00:15:29,139 --> 00:15:30,399
certain period of time can do

399
00:15:30,399 --> 00:15:32,919
transformation and any kind of operation

400
00:15:32,919 --> 00:15:35,649
at very high scale from there you'll go

401
00:15:35,649 --> 00:15:37,889
into storage in BigTable

402
00:15:37,889 --> 00:15:40,990
bigquery maybe fire store

403
00:15:40,990 --> 00:15:43,870
and trigger cloud ml training if knitted

404
00:15:43,870 --> 00:15:45,370
those trainings could be used by data

405
00:15:45,370 --> 00:15:48,190
flow or cloud functions to do inferences

406
00:15:48,190 --> 00:15:51,250
and then pass back to the device

407
00:15:51,250 --> 00:15:54,458
eventually on the far right data studio

408
00:15:54,458 --> 00:15:56,350
and data lab and analytics are allow you

409
00:15:56,350 --> 00:15:58,899
to visualize data silly little time

410
00:15:58,899 --> 00:16:01,120
series you know see any information you

411
00:16:01,120 --> 00:16:03,039
need about your your your data coming

412
00:16:03,039 --> 00:16:04,120
from the devices

413
00:16:04,120 --> 00:16:07,330
that's our cloud IOT platform it's a

414
00:16:07,330 --> 00:16:09,850
fully managed platform quadratic or is

415
00:16:09,850 --> 00:16:13,240
not installed or deployed or configured

416
00:16:13,240 --> 00:16:15,789
in terms of shard size or anything it's

417
00:16:15,789 --> 00:16:18,490
a global service it will be accessible

418
00:16:18,490 --> 00:16:20,559
anywhere in the world and it's scalable

419
00:16:20,559 --> 00:16:22,958
for you one device million device

420
00:16:22,958 --> 00:16:24,730
doesn't really matter you just throw

421
00:16:24,730 --> 00:16:26,500
whatever you have at it it will scale up

422
00:16:26,500 --> 00:16:31,899
and down to you need so how do we secure

423
00:16:31,899 --> 00:16:36,399
that step one use a secure element use a

424
00:16:36,399 --> 00:16:39,220
crypto chip this is super important I

425
00:16:39,220 --> 00:16:42,278
cannot emphasize that enough you should

426
00:16:42,278 --> 00:16:44,500
use a crypto chip in your device if you

427
00:16:44,500 --> 00:16:47,470
can the private key from secure chip are

428
00:16:47,470 --> 00:16:50,200
never exposed they are generated inside

429
00:16:50,200 --> 00:16:52,360
the hardware private keys generated

430
00:16:52,360 --> 00:16:53,620
inside the hardware the public key is

431
00:16:53,620 --> 00:16:56,169
generated and then exposed so it can be

432
00:16:56,169 --> 00:16:58,120
distributed to to the backend this is

433
00:16:58,120 --> 00:16:59,350
super important we have a great

434
00:16:59,350 --> 00:17:01,149
partnership with microchip here on that

435
00:17:01,149 --> 00:17:03,309
you're talking a sub dollar and it's

436
00:17:03,309 --> 00:17:05,349
really cheap to add and it saves you a

437
00:17:05,349 --> 00:17:08,880
ton of trouble you can send that crypto

438
00:17:08,880 --> 00:17:10,929
pre-configured to your manufacturer

439
00:17:10,929 --> 00:17:13,630
anywhere in the world even if you don't

440
00:17:13,630 --> 00:17:15,459
trust them doesn't matter because they

441
00:17:15,459 --> 00:17:16,869
can't read anything from that chip

442
00:17:16,869 --> 00:17:18,459
they'll just be able to solder it to

443
00:17:18,459 --> 00:17:20,740
your PCB design and then you're good to

444
00:17:20,740 --> 00:17:22,660
go the identity has been burned onto the

445
00:17:22,660 --> 00:17:25,720
device it's super secure there's really

446
00:17:25,720 --> 00:17:28,630
no copying of keys possible there's no

447
00:17:28,630 --> 00:17:31,240
API calls that the manufacturer has to

448
00:17:31,240 --> 00:17:33,460
do there's no constraint so the cost of

449
00:17:33,460 --> 00:17:35,140
manufacturing is actually much much

450
00:17:35,140 --> 00:17:38,319
cheaper and it often time compensate for

451
00:17:38,319 --> 00:17:40,029
the price of the chip so that's super

452
00:17:40,029 --> 00:17:43,179
important I've seen customers having to

453
00:17:43,179 --> 00:17:46,170
add three or four dollars to do custom

454
00:17:46,170 --> 00:17:48,460
manufacturing for each of the devices if

455
00:17:48,460 --> 00:17:50,799
you use this there's no more custom it's

456
00:17:50,799 --> 00:17:52,329
a single thing so you'd save three or

457
00:17:52,329 --> 00:17:53,380
four dollars for it

458
00:17:53,380 --> 00:17:54,669
a chip that costs less

459
00:17:54,669 --> 00:17:56,440
and a dollar so that's that's a very

460
00:17:56,440 --> 00:17:59,470
good value prop you should really use a

461
00:17:59,470 --> 00:18:01,450
crypto chip the clip that you can also

462
00:18:01,450 --> 00:18:03,460
do secure boot by the way so you can

463
00:18:03,460 --> 00:18:06,220
have the signature of your firmware

464
00:18:06,220 --> 00:18:08,259
inside the crypto chip when the device

465
00:18:08,259 --> 00:18:11,048
boots there's a signature there's a hash

466
00:18:11,048 --> 00:18:12,730
that's calculated of your firmware it's

467
00:18:12,730 --> 00:18:14,138
passed to the crypto the critical say

468
00:18:14,138 --> 00:18:16,239
yes or no and then the device can boot

469
00:18:16,239 --> 00:18:18,999
or not so you're doing secure provision

470
00:18:18,999 --> 00:18:21,398
you have a keys cheaper manufacturing

471
00:18:21,398 --> 00:18:23,528
and more secure manufacturing you're

472
00:18:23,528 --> 00:18:26,499
doing secure boot with this and also

473
00:18:26,499 --> 00:18:27,849
we'll see you'll be able to do key

474
00:18:27,849 --> 00:18:29,558
rotation with this so this is very

475
00:18:29,558 --> 00:18:31,480
important even if you feel it's a little

476
00:18:31,480 --> 00:18:34,329
bit expensive please do it it will save

477
00:18:34,329 --> 00:18:36,579
you a ton of time will save you a lot of

478
00:18:36,579 --> 00:18:38,679
trouble down the line so use a secure

479
00:18:38,679 --> 00:18:43,028
element second be authentication I was

480
00:18:43,028 --> 00:18:46,720
talking about mutual life from TLS

481
00:18:46,720 --> 00:18:48,308
mutuality is great that there's kind of

482
00:18:48,308 --> 00:18:51,788
a lot of downside to it so we recommend

483
00:18:51,788 --> 00:18:54,128
using a jot for authentication jawed is

484
00:18:54,128 --> 00:18:55,690
something that's used by web web

485
00:18:55,690 --> 00:18:58,089
services in general and then it's a

486
00:18:58,089 --> 00:19:02,858
standard it's a JSON web token the way

487
00:19:02,858 --> 00:19:04,599
works and I have a little schema the

488
00:19:04,599 --> 00:19:06,970
schematic after that is you establish a

489
00:19:06,970 --> 00:19:08,980
TLS session with the Google front end

490
00:19:08,980 --> 00:19:10,839
and you were in the world as I said card

491
00:19:10,839 --> 00:19:12,730
IOT core is a global service so anywhere

492
00:19:12,730 --> 00:19:14,169
in the world you'll hit that Google

493
00:19:14,169 --> 00:19:15,819
Google front end with a TLS session

494
00:19:15,819 --> 00:19:17,589
you'll establish that TLS session with

495
00:19:17,589 --> 00:19:19,480
Google front end great no problem

496
00:19:19,480 --> 00:19:21,519
then you're going to establish your own

497
00:19:21,519 --> 00:19:24,759
qtd session over TLS to do that you're

498
00:19:24,759 --> 00:19:26,589
going to use username and password from

499
00:19:26,589 --> 00:19:28,659
MQTT so you're not using the mutual loss

500
00:19:28,659 --> 00:19:31,058
at this point you're just establish your

501
00:19:31,058 --> 00:19:33,579
TLS session that's it my name qtt

502
00:19:33,579 --> 00:19:35,829
session has user name and password to

503
00:19:35,829 --> 00:19:38,409
connect statement of your qtt has user

504
00:19:38,409 --> 00:19:40,329
name password username is actually not

505
00:19:40,329 --> 00:19:41,919
used we don't you can put anything you

506
00:19:41,919 --> 00:19:44,079
want in there you say ignore or empty

507
00:19:44,079 --> 00:19:44,858
doesn't matter

508
00:19:44,858 --> 00:19:47,950
the password is actually not a password

509
00:19:47,950 --> 00:19:51,220
it's a it's a jot token a JSON web token

510
00:19:51,220 --> 00:19:53,200
that has has a bunch of information

511
00:19:53,200 --> 00:19:55,538
about the device the device ID all of

512
00:19:55,538 --> 00:19:58,569
that that is signed by the private key

513
00:19:58,569 --> 00:20:00,909
so encrypted and signed by the private

514
00:20:00,909 --> 00:20:03,759
key of the device with a little crypto I

515
00:20:03,759 --> 00:20:05,230
showed you earlier that crypto is

516
00:20:05,230 --> 00:20:07,058
capable of signing that job I could

517
00:20:07,058 --> 00:20:07,960
although all the

518
00:20:07,960 --> 00:20:09,730
to do it without crypto so it's very

519
00:20:09,730 --> 00:20:12,009
easy to do you sign that jut with your

520
00:20:12,009 --> 00:20:13,990
private key and you pass it as your

521
00:20:13,990 --> 00:20:16,390
password that jut will be valid from

522
00:20:16,390 --> 00:20:19,509
whatever you want to 24 hours maximum so

523
00:20:19,509 --> 00:20:21,789
you will have to rotate every 24 hours

524
00:20:21,789 --> 00:20:25,299
at minimum so that jar is signed and

525
00:20:25,299 --> 00:20:28,720
passed to IOT core IOT core we'll look

526
00:20:28,720 --> 00:20:30,460
at the device ID we'll find the public

527
00:20:30,460 --> 00:20:32,829
key and validate that the private

528
00:20:32,829 --> 00:20:34,599
signature that the signature from the

529
00:20:34,599 --> 00:20:36,940
private key is actually valid and here

530
00:20:36,940 --> 00:20:38,589
you go you have your device ident

531
00:20:38,589 --> 00:20:41,170
occation so using that system you get

532
00:20:41,170 --> 00:20:43,750
mutual authentication from both cloud

533
00:20:43,750 --> 00:20:47,079
and device without using the TLS mutual

534
00:20:47,079 --> 00:20:51,940
of feature we support ECC and RSA on IOT

535
00:20:51,940 --> 00:20:54,250
core and that crypto that I showed you

536
00:20:54,250 --> 00:20:58,809
can do both as well little schematic to

537
00:20:58,809 --> 00:21:00,849
bring it to life we have the provisioner

538
00:21:00,849 --> 00:21:03,460
the provisioner is a person is a company

539
00:21:03,460 --> 00:21:07,930
we will buy the chips from from

540
00:21:07,930 --> 00:21:10,630
microchip microchip will configure those

541
00:21:10,630 --> 00:21:12,849
keys with your CA and your certificates

542
00:21:12,849 --> 00:21:14,799
the private key is inside the public is

543
00:21:14,799 --> 00:21:17,049
passed to you the provisioner will run

544
00:21:17,049 --> 00:21:20,019
that script to put all the public keys

545
00:21:20,019 --> 00:21:22,029
in device manager all the public keys

546
00:21:22,029 --> 00:21:23,650
are put there the device are not even

547
00:21:23,650 --> 00:21:24,940
created but all the public is already

548
00:21:24,940 --> 00:21:28,240
there the device the crypto is passed on

549
00:21:28,240 --> 00:21:30,759
the device burned on it the device wakes

550
00:21:30,759 --> 00:21:33,099
up for the first time creates the jot

551
00:21:33,099 --> 00:21:36,099
signs the drug with the crypto connects

552
00:21:36,099 --> 00:21:38,859
to the broker the jar is verified we

553
00:21:38,859 --> 00:21:41,230
already have the public keys there we're

554
00:21:41,230 --> 00:21:45,599
all good to go it works so that's

555
00:21:45,599 --> 00:21:47,650
basically doing that you've solved all

556
00:21:47,650 --> 00:21:50,619
of your problems so it's really it's

557
00:21:50,619 --> 00:21:53,619
really nice so why not TLS mutual law

558
00:21:53,619 --> 00:21:57,279
why using jar instead first thing is you

559
00:21:57,279 --> 00:21:59,289
achieve mutual authentication with dot

560
00:21:59,289 --> 00:22:02,259
and TLS both so you will achieve the

561
00:22:02,259 --> 00:22:03,990
same level authentication of

562
00:22:03,990 --> 00:22:06,279
authentication and security with both

563
00:22:06,279 --> 00:22:09,880
solution the benefit are that the TLS

564
00:22:09,880 --> 00:22:12,099
attack is much smaller all you need is

565
00:22:12,099 --> 00:22:14,049
establish the TLS session with the cloud

566
00:22:14,049 --> 00:22:16,450
that's all you don't need to use the TLS

567
00:22:16,450 --> 00:22:19,089
the mutual loss section of that stack

568
00:22:19,089 --> 00:22:21,650
which make that stack much much smaller

569
00:22:21,650 --> 00:22:25,339
for example we've gone from 150 200k

570
00:22:25,339 --> 00:22:28,400
roughly to 10 K for the entire stacks

571
00:22:28,400 --> 00:22:29,990
that's a big difference especially for

572
00:22:29,990 --> 00:22:31,940
devices that often time have 32 K of

573
00:22:31,940 --> 00:22:34,039
memory or 64 K of memory you can't put a

574
00:22:34,039 --> 00:22:35,960
full TLS stack in it you have to use a

575
00:22:35,960 --> 00:22:37,819
different solution this is what it

576
00:22:37,819 --> 00:22:40,069
brings you you can bring as much smaller

577
00:22:40,069 --> 00:22:42,559
stack the speed is faster because you

578
00:22:42,559 --> 00:22:43,849
don't have to do that whole new

579
00:22:43,849 --> 00:22:46,009
handshake and mutual off every time you

580
00:22:46,009 --> 00:22:47,750
establish the TLS session all you have

581
00:22:47,750 --> 00:22:50,450
to do is one TLS boom username password

582
00:22:50,450 --> 00:22:52,250
you're done it's much faster less

583
00:22:52,250 --> 00:22:54,410
consuming in bandwidth there's no

584
00:22:54,410 --> 00:22:56,779
dependency on the TLS stack you use you

585
00:22:56,779 --> 00:22:59,210
do not have to use a special TLS stack

586
00:22:59,210 --> 00:23:02,119
that's optimized that has mu2 alot

587
00:23:02,119 --> 00:23:04,099
optimized and all that you can use any

588
00:23:04,099 --> 00:23:05,960
TLS tack you want open source ones are

589
00:23:05,960 --> 00:23:08,089
very good because the only thing you use

590
00:23:08,089 --> 00:23:10,640
is the TLS session with your cloud so

591
00:23:10,640 --> 00:23:12,589
that's less dependent if you have to

592
00:23:12,589 --> 00:23:15,289
update the TLS stack at some point from

593
00:23:15,289 --> 00:23:16,700
one point two to one point three for

594
00:23:16,700 --> 00:23:19,220
example your code is not dependent on

595
00:23:19,220 --> 00:23:21,529
that tli stack the fact that you use a

596
00:23:21,529 --> 00:23:23,690
crypto is not dependent on that TLS tag

597
00:23:23,690 --> 00:23:26,450
so the upgrade of the TLS that gets much

598
00:23:26,450 --> 00:23:30,230
easier much less risk much less testing

599
00:23:30,230 --> 00:23:33,289
to be done supports crypto because your

600
00:23:33,289 --> 00:23:35,480
code does it not the TLS stack no

601
00:23:35,480 --> 00:23:38,299
dependency again the ease of evolution

602
00:23:38,299 --> 00:23:40,970
or the stack as I said there's no no

603
00:23:40,970 --> 00:23:42,079
validation of your code your code

604
00:23:42,079 --> 00:23:43,430
doesn't change you can change the tear

605
00:23:43,430 --> 00:23:44,809
cycle you want your car's gonna be the

606
00:23:44,809 --> 00:23:46,279
same it's gonna generate the dot sign it

607
00:23:46,279 --> 00:23:48,200
put it as a password in MQTT Connect

608
00:23:48,200 --> 00:23:51,049
very easy and then how do you support

609
00:23:51,049 --> 00:23:54,170
multiple certificate here with card IT

610
00:23:54,170 --> 00:23:57,680
core you can use up to 3 certificate so

611
00:23:57,680 --> 00:24:00,799
3 public keys per device Valley public

612
00:24:00,799 --> 00:24:02,390
keys per device so what you'll do is you

613
00:24:02,390 --> 00:24:04,789
have your public key you want to rotate

614
00:24:04,789 --> 00:24:06,380
it you'll create a second public key

615
00:24:06,380 --> 00:24:09,349
you'll put it there you will relent ik 8

616
00:24:09,349 --> 00:24:11,329
you will also enjoy with the first one

617
00:24:11,329 --> 00:24:13,490
download you know all the information

618
00:24:13,490 --> 00:24:16,309
you need for using the second key then

619
00:24:16,309 --> 00:24:18,019
rotate because both can be used at the

620
00:24:18,019 --> 00:24:20,240
same time and then you'll invalidate the

621
00:24:20,240 --> 00:24:21,980
first one so you could do those rotation

622
00:24:21,980 --> 00:24:23,990
up to 3 keys at the same time and you

623
00:24:23,990 --> 00:24:26,240
could do those rotation very easily it's

624
00:24:26,240 --> 00:24:27,890
much harder to do with the material off

625
00:24:27,890 --> 00:24:29,900
because the TLS tag has to know where

626
00:24:29,900 --> 00:24:31,460
the certificates are etc because you're

627
00:24:31,460 --> 00:24:34,759
again dependent on the TLS tag so by

628
00:24:34,759 --> 00:24:35,569
using the Judd

629
00:24:35,569 --> 00:24:39,259
touken and the signature with IOT core

630
00:24:39,259 --> 00:24:41,059
you're simplifying your life a whole

631
00:24:41,059 --> 00:24:46,940
bunch versus TLS mutual love for bigger

632
00:24:46,940 --> 00:24:49,250
devices there's an added layer security

633
00:24:49,250 --> 00:24:51,740
that you can use for MCU class devices

634
00:24:51,740 --> 00:24:53,390
you'll have to use whatever you know

635
00:24:53,390 --> 00:24:55,730
Mongoose OS or Express logic or any of

636
00:24:55,730 --> 00:24:58,430
the know zephyr from the Linux

637
00:24:58,430 --> 00:24:59,900
Foundation you should have used some of

638
00:24:59,900 --> 00:25:02,059
those but for larger devices that have

639
00:25:02,059 --> 00:25:06,920
CPU class processors you can use Android

640
00:25:06,920 --> 00:25:09,529
things Android things is the optimized

641
00:25:09,529 --> 00:25:12,829
version of Android for devices it is a

642
00:25:12,829 --> 00:25:15,019
secure OS from the ground up it is a

643
00:25:15,019 --> 00:25:18,349
full OS we will provide we as the Google

644
00:25:18,349 --> 00:25:21,730
will provide secure patches OS updates

645
00:25:21,730 --> 00:25:25,099
like we would do on your phone if you

646
00:25:25,099 --> 00:25:26,420
have an Android phone you get all those

647
00:25:26,420 --> 00:25:27,710
updates you don't have to really think

648
00:25:27,710 --> 00:25:29,720
about it versus if you have a linux

649
00:25:29,720 --> 00:25:31,190
server for example in the cloud and when

650
00:25:31,190 --> 00:25:32,539
the updates are available you have to go

651
00:25:32,539 --> 00:25:34,940
patch and update and maintain and test

652
00:25:34,940 --> 00:25:37,220
all that we do all that for you with

653
00:25:37,220 --> 00:25:39,759
Android things so you do not have to

654
00:25:39,759 --> 00:25:43,099
manage those those environments on your

655
00:25:43,099 --> 00:25:45,019
own Google will provide you the firmware

656
00:25:45,019 --> 00:25:46,940
update that the OS update the security

657
00:25:46,940 --> 00:25:49,400
patches and the infrastructure to deploy

658
00:25:49,400 --> 00:25:51,319
those though those patches to the

659
00:25:51,319 --> 00:25:53,809
devices through the same back-end that

660
00:25:53,809 --> 00:25:56,839
actually deploys updates to your Android

661
00:25:56,839 --> 00:26:00,349
phones it's a very battle tested back in

662
00:26:00,349 --> 00:26:03,440
those update processes have been used

663
00:26:03,440 --> 00:26:05,539
millions hundreds of millions of times

664
00:26:05,539 --> 00:26:08,180
already it's a very secure way to send

665
00:26:08,180 --> 00:26:10,339
those updates very secure way to have an

666
00:26:10,339 --> 00:26:11,359
OS that you don't have to worry about

667
00:26:11,359 --> 00:26:14,809
other benefits you can use Android

668
00:26:14,809 --> 00:26:16,400
developers to build apps on Android

669
00:26:16,400 --> 00:26:18,589
things it's the same IDE same language

670
00:26:18,589 --> 00:26:20,480
same same everything it's really the

671
00:26:20,480 --> 00:26:22,579
same as an Android device very easy to

672
00:26:22,579 --> 00:26:25,339
deploy an application you can run

673
00:26:25,339 --> 00:26:28,849
tensorflow models on android thing so

674
00:26:28,849 --> 00:26:31,579
run machine learning intelligence on the

675
00:26:31,579 --> 00:26:33,980
edge and you also have the cloud IOT

676
00:26:33,980 --> 00:26:36,380
connectivity as part of the u.s. so you

677
00:26:36,380 --> 00:26:38,269
can communicate with cloud IOT core in

678
00:26:38,269 --> 00:26:40,880
the cloud iot platform very easily by

679
00:26:40,880 --> 00:26:43,730
using android things so it's a good

680
00:26:43,730 --> 00:26:45,920
option the only downside of android

681
00:26:45,920 --> 00:26:47,559
things it's you have to use certified

682
00:26:47,559 --> 00:26:48,829
some

683
00:26:48,829 --> 00:26:51,710
so system on modules certified hardware

684
00:26:51,710 --> 00:26:54,950
that we have tested and validated to

685
00:26:54,950 --> 00:26:56,329
work with Android things so we have

686
00:26:56,329 --> 00:26:59,148
relationship with Qualcomm we then XP

687
00:26:59,148 --> 00:27:03,710
with arm I believe some others I can't

688
00:27:03,710 --> 00:27:06,409
remember exactly the full list but we

689
00:27:06,409 --> 00:27:08,028
have a bunch of modules like that and

690
00:27:08,028 --> 00:27:09,619
you can use and those are the only

691
00:27:09,619 --> 00:27:13,609
approved hardware or some that can be

692
00:27:13,609 --> 00:27:15,919
used by anything so the only downside so

693
00:27:15,919 --> 00:27:17,690
if it's possible for you to choose one

694
00:27:17,690 --> 00:27:18,950
of those everything is a great option

695
00:27:18,950 --> 00:27:20,390
otherwise you'd have to revert to

696
00:27:20,390 --> 00:27:23,569
something else and I believe that's

697
00:27:23,569 --> 00:27:25,069
about it if you want to know more about

698
00:27:25,069 --> 00:27:28,700
cada ot you can go in that simple URL

699
00:27:28,700 --> 00:27:32,929
cloud google.com slash IOT you'll find

700
00:27:32,929 --> 00:27:36,319
no sample code you'll find example

701
00:27:36,319 --> 00:27:38,089
documentation a little bit of an

702
00:27:38,089 --> 00:27:40,130
overview of the infrastructure I invite

703
00:27:40,130 --> 00:27:42,109
you to come to next it's in a couple

704
00:27:42,109 --> 00:27:43,429
weeks that's something you really want

705
00:27:43,429 --> 00:27:44,960
to see there's gonna be a lot of IOT

706
00:27:44,960 --> 00:27:48,500
talks over there and that's about it so

707
00:27:48,500 --> 00:27:51,230
stay tuned for the live Q&A we'll be

708
00:27:51,230 --> 00:28:00,558
back in less than a minute

709
00:28:00,558 --> 00:29:07,009
you

710
00:29:07,009 --> 00:29:10,079
hey welcome back for the Q&A around the

711
00:29:10,079 --> 00:29:12,900
security and IOT so we have a few

712
00:29:12,900 --> 00:29:14,819
questions from the audience here so I

713
00:29:14,819 --> 00:29:17,369
just look at that I like the use of a

714
00:29:17,369 --> 00:29:19,170
hardware root of trust but many of our

715
00:29:19,170 --> 00:29:21,210
customers don't have that in their

716
00:29:21,210 --> 00:29:24,359
current design what can they do that's a

717
00:29:24,359 --> 00:29:25,319
good question because I was emphasizing

718
00:29:25,319 --> 00:29:28,650
you know the use of hardware and it's

719
00:29:28,650 --> 00:29:30,089
true there's a lot of harder out there

720
00:29:30,089 --> 00:29:32,309
that don't have root of trust so how do

721
00:29:32,309 --> 00:29:34,410
we handle that so as if you're at first

722
00:29:34,410 --> 00:29:36,599
you don't have to use the root of trust

723
00:29:36,599 --> 00:29:38,130
you can still connect to IT core and

724
00:29:38,130 --> 00:29:40,410
benefit from the jaw authentication from

725
00:29:40,410 --> 00:29:42,750
the independence on the TLS stack and

726
00:29:42,750 --> 00:29:44,309
all the security of the backend so

727
00:29:44,309 --> 00:29:46,049
that's let's put it that way you can

728
00:29:46,049 --> 00:29:48,359
still use a clarity core without the

729
00:29:48,359 --> 00:29:50,849
root of trust that's totally fine if you

730
00:29:50,849 --> 00:29:52,829
don't have one but you want to add one

731
00:29:52,829 --> 00:29:54,029
to your design there's several ways to

732
00:29:54,029 --> 00:29:55,769
do that those little crypto I showed you

733
00:29:55,769 --> 00:29:57,390
that the microchip point for example use

734
00:29:57,390 --> 00:29:59,039
it I Square C as a protocol to

735
00:29:59,039 --> 00:30:02,400
communicate with node in the rest of the

736
00:30:02,400 --> 00:30:04,799
board the PCB it's on of course is very

737
00:30:04,799 --> 00:30:07,380
common on most devices and you'll find a

738
00:30:07,380 --> 00:30:09,630
lot of retrofit hardware that you can

739
00:30:09,630 --> 00:30:13,309
add to an I square C bus on the hardware

740
00:30:13,309 --> 00:30:16,200
either through a hat that you plug in

741
00:30:16,200 --> 00:30:18,569
there's a nice hat that exists on for

742
00:30:18,569 --> 00:30:20,400
PI's for example as an example put a hat

743
00:30:20,400 --> 00:30:22,920
it has the crypto on it you can use that

744
00:30:22,920 --> 00:30:25,289
to retrofit design and the cool thing

745
00:30:25,289 --> 00:30:27,539
about I square C is you can do it hot so

746
00:30:27,539 --> 00:30:28,799
you don't have to shut down the device

747
00:30:28,799 --> 00:30:30,569
that's pretty close you just add that

748
00:30:30,569 --> 00:30:33,059
crypto to existing devices other

749
00:30:33,059 --> 00:30:35,240
customers I've seen doing is they use

750
00:30:35,240 --> 00:30:37,589
communication chips so for example you

751
00:30:37,589 --> 00:30:39,029
have a device that's not connecting like

752
00:30:39,029 --> 00:30:42,029
a manufacturing you know a PLC on a

753
00:30:42,029 --> 00:30:44,430
manufacturing line that is not connected

754
00:30:44,430 --> 00:30:45,480
to the Internet they'll add a

755
00:30:45,480 --> 00:30:47,279
communication module and inside that

756
00:30:47,279 --> 00:30:49,170
communication module like a Wi-Fi or

757
00:30:49,170 --> 00:30:51,599
Ethernet you'll have a crypto already in

758
00:30:51,599 --> 00:30:53,099
there that you can start using and

759
00:30:53,099 --> 00:30:55,470
actually the encryption is all dealt by

760
00:30:55,470 --> 00:30:57,839
the communication devices itself not the

761
00:30:57,839 --> 00:31:01,529
MCU not the MCU or the CPU so that's a

762
00:31:01,529 --> 00:31:03,450
great way to also retrofit without

763
00:31:03,450 --> 00:31:05,460
touching the existing design just add

764
00:31:05,460 --> 00:31:07,079
the communication chip

765
00:31:07,079 --> 00:31:09,599
Wi-Fi internet whatever serial and then

766
00:31:09,599 --> 00:31:12,089
add the crypto that has the crypto

767
00:31:12,089 --> 00:31:13,470
embedded in it so that there are ways to

768
00:31:13,470 --> 00:31:17,700
do that it's mostly a retrofit world but

769
00:31:17,700 --> 00:31:19,170
it's easy to retrofit because of the

770
00:31:19,170 --> 00:31:20,009
ICRC Committee

771
00:31:20,009 --> 00:31:24,200
that's a very standard another question

772
00:31:24,200 --> 00:31:26,549
it still seems like the best way to

773
00:31:26,549 --> 00:31:30,000
secure devices is changing changing

774
00:31:30,000 --> 00:31:34,650
devices I assume should we wait until is

775
00:31:34,650 --> 00:31:36,539
there any reason for the customers to

776
00:31:36,539 --> 00:31:38,960
hold off any longer

777
00:31:38,960 --> 00:31:42,779
so I think the question here is more

778
00:31:42,779 --> 00:31:46,230
around we need to change everything to

779
00:31:46,230 --> 00:31:48,089
be secure but I don't think that's a

780
00:31:48,089 --> 00:31:49,319
good I think you shouldn't you shouldn't

781
00:31:49,319 --> 00:31:50,940
hold off I think you know if you're

782
00:31:50,940 --> 00:31:52,410
doing a design today if you put a

783
00:31:52,410 --> 00:31:54,240
hardware route of trust on it if you put

784
00:31:54,240 --> 00:31:56,160
a little creek though you're basically

785
00:31:56,160 --> 00:31:58,109
future proof you'll be able to update

786
00:31:58,109 --> 00:32:00,269
that hardware address if you need you'll

787
00:32:00,269 --> 00:32:01,829
be able to rely on that hardware route

788
00:32:01,829 --> 00:32:03,869
of trust to do a lot of security

789
00:32:03,869 --> 00:32:06,420
improvement like irritation new

790
00:32:06,420 --> 00:32:08,279
generation of certificates validation of

791
00:32:08,279 --> 00:32:11,430
boot firmware images and all of that so

792
00:32:11,430 --> 00:32:13,140
there's no and there's no reason to wait

793
00:32:13,140 --> 00:32:16,500
I think overall the security is there

794
00:32:16,500 --> 00:32:18,450
it's a matter of implementing it and

795
00:32:18,450 --> 00:32:20,670
we've seen that it could be complicated

796
00:32:20,670 --> 00:32:23,279
but with a solution with IOT core with

797
00:32:23,279 --> 00:32:24,359
the hardware root of trust in the

798
00:32:24,359 --> 00:32:25,859
partnership with microchip for example

799
00:32:25,859 --> 00:32:29,130
the those things are very much solved

800
00:32:29,130 --> 00:32:31,200
and there is solutions for security

801
00:32:31,200 --> 00:32:33,299
today and you shouldn't wait you

802
00:32:33,299 --> 00:32:35,250
shouldn't wait you can be secure pretty

803
00:32:35,250 --> 00:32:38,009
easily today if with the solutions we

804
00:32:38,009 --> 00:32:39,599
have out there so there's no reason to

805
00:32:39,599 --> 00:32:43,910
wait in terms of Christ you said sub $1

806
00:32:43,910 --> 00:32:46,230
this is still very expensive for small

807
00:32:46,230 --> 00:32:48,690
devices are there ways to lower this

808
00:32:48,690 --> 00:32:51,240
cost so yes about its sub dollar and it

809
00:32:51,240 --> 00:32:53,220
depends on on the volume obviously but

810
00:32:53,220 --> 00:32:56,730
it's not it's not over $1 depends on

811
00:32:56,730 --> 00:33:00,509
volume so I would say you know if you're

812
00:33:00,509 --> 00:33:03,180
looking at low-cost devices you know

813
00:33:03,180 --> 00:33:04,769
people that have bombs that are now

814
00:33:04,769 --> 00:33:09,210
maybe 20 30 bucks or even less that

815
00:33:09,210 --> 00:33:11,190
means you're already looking often time

816
00:33:11,190 --> 00:33:13,380
at fairly high volumes because otherwise

817
00:33:13,380 --> 00:33:16,049
you can't get those bombed down and that

818
00:33:16,049 --> 00:33:17,819
means that you're gonna get volume

819
00:33:17,819 --> 00:33:19,500
discounts as well on those chips so

820
00:33:19,500 --> 00:33:21,269
you'll be way lower than $1 so that's

821
00:33:21,269 --> 00:33:22,529
what this one thing to know if you have

822
00:33:22,529 --> 00:33:24,420
volume you know sub dollars as a

823
00:33:24,420 --> 00:33:26,640
guidance but you get volume discounts on

824
00:33:26,640 --> 00:33:29,339
that the other thing is you have to

825
00:33:29,339 --> 00:33:31,200
think about the cost holistically it's

826
00:33:31,200 --> 00:33:33,420
not just the cost of the bomb it's what

827
00:33:33,420 --> 00:33:34,150
it saves you

828
00:33:34,150 --> 00:33:38,799
Manufacturing cost in maintenance in no

829
00:33:38,799 --> 00:33:41,200
reputation cost a dollar amount lost

830
00:33:41,200 --> 00:33:44,170
through a hack that could happen and the

831
00:33:44,170 --> 00:33:45,880
ease of maintaining that over time

832
00:33:45,880 --> 00:33:48,339
there's a ton of costs maintaining

833
00:33:48,339 --> 00:33:49,630
things over time maintaining things

834
00:33:49,630 --> 00:33:52,150
secure over time that this little crypto

835
00:33:52,150 --> 00:33:55,539
sub dollar will solve for you and to in

836
00:33:55,539 --> 00:33:57,880
my opinion it is well worth it to spend

837
00:33:57,880 --> 00:33:59,890
that the bomb will be a little higher

838
00:33:59,890 --> 00:34:01,779
for your devices but it's so much

839
00:34:01,779 --> 00:34:05,170
cheaper overall holistically then you

840
00:34:05,170 --> 00:34:08,289
know then you can you can really see or

841
00:34:08,289 --> 00:34:11,829
get without it there are other questions

842
00:34:11,829 --> 00:34:15,219
and this coming up okay so I mean well

843
00:34:15,219 --> 00:34:17,110
stay tuned for the next session we have

844
00:34:17,110 --> 00:34:19,630
a siege at efficiently migrating data

845
00:34:19,630 --> 00:34:22,389
into the Google cloud platform which

846
00:34:22,389 --> 00:34:24,139
should be pretty interesting thank you