IoT identity and management revenues to hit $21.5bn by 2022, says ABI Research

ABI Research projects that revenues from IoT identity and management are heading to hit the $ 21.5 billion benchmark by 2022, driven by IoT platform services together with security, cryptography, digital certificate management and data exchange services.

According to predictions put forward by the advisory firm in its report “​Thing Identity and Management Services”, IDoT (Identity of Things) services will realise robust growth over the next five years driven primarily by the industrial, manufacturing, and automotive industries.

Dimitrios Pavlakis, industry analyst at ABI Research, said: “Through ‘smarter gateways’, cloud services, and application programming interface (API)-focused solutions, thing identity and management services are steadily finding their way in a wider spectrum of IoT verticals.”

Although some industries are not so up-to-date in terms of security, vendors in the IoT market are finally making investment moves in encryption and device certificate management. Some of the leading verticals that are eating up over 60% of the total global revenues include aftermarket telematics, fleet management, OEM telematics, metering, home security, and automation.

Elsewhere, a BCC Research report projected that the value of the global IoT networking solutions market is anticipated to reach $ 1 trillion by 2022 at a CAGR of 21.6%. The report titled “Internet of Things (IoT) Networks: Technologies and Global Markets to 2022” highlighted that the Asia Pacific’s IoT networking solutions market is anticipated to grow at a CAGR of 27.6% through 2022, followed by Europe with a CAGR of 23.8% and market share of 31.3%.

iottechnews.com: Latest from the homepage

Identity and Management of Things in the IoT a US$21.5 Billion Opportunity

Identity and Management of Things in the IoT a US$ 21.5 Billion Opportunity

Identity and Management of Things in the IoT a US$ 21.5 Billion Opportunity

IoT Platform services along with security, cryptography, digital certificate management and data exchange services are propelling IoT Identity and Management revenues toward US$ 21.5 billion by 2022.

ABI Research predicts that IDoT (Identity of Things) services are expected to grow significantly over the next five years with most of the revenues being driven primarily by industrial, manufacturing, and automotive market verticals.

“Through ‘smarter gateways’, cloud services, and application programming interface (API)-focused solutions, thing identity and management services are steadily finding their way in a wider spectrum of IoT verticals,” comments Dimitrios Pavlakis, Industry Analyst at ABI Research. Although certain verticals are still lagging in terms of security, IoT vendors are finally starting to invest more on encryption and device certificate management. Aftermarket telematics, fleet management, OEM telematics, metering, home security, and automation are among the most important verticals absorbing more than 60% of the total revenues worldwide.

“This brings us one step closer to the realization of IAM 2.0 (Identity and Access Management)”, continues Pavlakis.

“We are entering a transformational period where device IDs, system IDs, and user IDs are forced to merge under the hyper-connected IoT paradigms, effectively altering the way IDoT will be perceived from now on.”

To that end, open IoT standards and frameworks like OCF (Open Connectivity Foundation), OneM2m and DeviceHive are attempting to create OS/RTOS/Vendor-agnostic solutions to reduce friction for more interconnected and secure ecosystems.

While some vendors choose to offer wide-ranging IoT solutions, most of them are seeing the merit of specialization in IDoT:
enterprise and industrial (e.g., Microsoft Azure), connected agriculture (e.g., Bosch), advanced analytics and machine learning (e.g., SAP), cryptography and device management (e.g., Rambus), as well as energy and manufacturing (e.g., GE Predix). Given the recent PKI (Public Key Infrastructure) success stories in securing IoT devices, this specialization trend extends to most of the Certification Authorities (CAs) too: smart city, transportation and healthcare (e.g., DigiCert), cloud service providers (e.g., GlobalSign), banking and finance (e.g., IdenTrust), and enterprise and consumer (e.g., Comodo).

These findings are from ABI Research’s Thing Identity and Management Services report.

The post Identity and Management of Things in the IoT a US$ 21.5 Billion Opportunity appeared first on IoT Business News.

IoT Business News

Rough Guide to IETF 100: Identity, Privacy, and Encryption

Identity, privacy, and encryption continue to be active topics for the Internet Society and the IETF community impacting a broad range of applications. In this Rough Guide to IETF 100 post, I highlight a few of the many relevant activities happening next week in Singapore, but there is much more going on so be sure to check out the full agenda online.

Encryption

Encryption continues to be a priority of the IETF as well as the security community at large. Related to encryption, there is the TLS working group developing the core specifications, several working groups addressing how to apply the work of the TLS working group to various applications, and the Crypto-Forum Research Group focusing on the details of the underlying cryptographic algorithms.

The Transport Layer Security (TLS) working group is a key IETF effort developing core security protocols for the Internet. This week’s agenda includes both TLS 1.3 and Datagram Transport Layer Security. Additionally, the TLS working group will be discussing connection ID, exported authenticators, protecting against denial of service attacks, and application layer TLS. The TLS working group is very active and, as with all things that are really important, there are many diverse opinions to fill the room.

For those new to TLS, there is a TLS 1.3 tutorial planned for Sunday afternoon in the first tutorial slot. This is an excellent opportunity to get a detailed introduction to the TLS 1.3 protocol from the experts.

Two of the working groups focused on updating crypto algorithms and the use of TLS in IETF protocols are also meeting at IETF 100. The DKIM Crypto Update (dcrup) working group, which is focused on updating the cryptographic aspects of RFC 6376, will have a short. Their first document, Cryptographic Algorithm and Key Usage Update to DKIM, has just been approved and has been moved to the RFC Editor for publication. On the agenda for this meeting will be new cryptographic signature methods for DKIM and defining elliptic curve cryptography algorithms for use with DKIM.

The Using TLS in Applications (UTA) working group has finished a number of documents already, including recommendations for the secure use of TLS and DTLS, use of TLS for XMPP, and the use of TLS server identity check procedures for email. The first part of the meeting will focus on resolving the final IESG comments on the use of TLS for email submission and access. This draft outlines current recommendations for the use of TLS to provide confidentiality of email traffic between a mail user agent and a mail access server. The meeting will also cover open issues on a draft related to Strict Transport Security (STS) for mail (SMTP) transfer agents and mail user agents. Finally, the meeting will address a draft on an option to require TLS for SMTP.

The Network Time Protocol (NTP) working group addresses protocols for the accurate synchronization of clocks on a network. This may seem like a bit of a stretch for a blog post on identity, privacy, and encryption. However, accurate and secure time synchronization turns out to be vitally important for the proper operation of security protocols. The NTP WG has been working on Network Time Security (NTS) which is a significant update for NTP server authentication. In order to make progress, the latest version of this draft reduces the scope of the solution to the client server mode of NTP only. There is a recent IETF Journal article that provides a detailed discussion of the current state of the NTS effort.

The next activity of potential interest to the encryption community is the Crypto Forum Research Group (cfrg). Always a popular session at IETF, this week the CFRG will discuss four drafts, including Re-keying Mechanisms for Symmetric Keys, The Transition from Classical to Post-Quantum Cryptography, a draft SPAKE2, a secure, efficient password based key exchange protocol, and Public Key Exchange.

Certificate Infrastructure

Moving on from cryptography and encryption, the next set of IETF working groups are related to the certificate infrastructure for the Internet, acme and trans.

The Automated Certificate Management Environment (acme) working group is specifying ways to automate certificate issuance, validation, revocation and renewal. The main order of business at this week’s meeting is to discuss the core specification Automatic Certificate Management Environment. This document has been submitted to the IESG for publication, and this meeting will focus on the feedback received to date. The meeting will also discuss automatic certificate management for telephony (https://datatracker.ietf.org/doc/draft-ietf-acme-telephone/, https://datatracker.ietf.org/doc/draft-ietf-acme-service-provider/) and email (draft-ietf-acme-email-tls-01 and draft-ietf-acme-email-smime-01 ) along with Short-Term, Automatically-Renewed (STAR) Certificates.

The second certificate related working group is the Public Notary Transparency (trans) working group. It has been working since 2014 to improve the confidence of users in the Web PKI. The underlying premise of this work is to create transparent logs of certificates so that improperly issued certificates can be detected. That which is transparent can be observed and monitored for unexpected behavior. The core document has been submitted to the IESG, and this meeting will discuss resolution of open issues from the AD review. The threat analysis needs some minor enhancements before restarting the WGLC. The Gossiping in CT document has been submitted to the IESG, and the working group needs to address initial AD feedback. Finally, the working group will discuss name redaction (https://datatracker.ietf.org/doc/draft-strad-trans-redaction/, https://www.ietf.org/internet-drafts/draft-ito-yet-another-name-redaction-00.txt ) to improve privacy.

Authentication and Authorization

From the certificate infrastructure, we move next to authentication and authorization and the set of related working groups tackling those issues for the IETF.

Anyone with an interest in the Internet of Things (IoT), will be interested in the Authentication and Authorization for Constrained Environments (ace) working group. This working group is working to develop standardized solutions for authentication and authorization in constrained environments. They published a use cases document last year, and this week’s agenda includes discussion of existing working group documents on authentication and authorization for constrained environments, a DTLS profile for ACE, a CBOR Web Token (CWT), and an architecture for authorization in constrained environments. In addition, there will be discussion of a number of new drafts for working group consideration. You might also want to check out the Internet of Things Rough Guide post for more on IoT.

The Web Authorization Protocol (oauth) working group has been working for years on mechanisms that allow users to grant access to web resources without necessarily compromising long term credentials or even identity. It has been a very prolific working group with around 15 RFCs published to date. IETF 100 will be another busy week for those interested in this area including sessions on both Tuesday and Wednesday. Agenda items for these two sessions include a mutual TLS profile, token binding, JWT best practices, device flow, discovery, token exchange, and incremental authorization.

There are two additional working groups meeting this coming week that are related to the OAUTH work. The first is the Token Binding (TOKBIND) working group that is tasked with specifying a token binding protocol and specifying the use of that protocol with HTTPS. A number of the group’s core documents have been submitted to the IESG (https://datatracker.ietf.org/doc/draft-ietf-tokbind-https/, https://datatracker.ietf.org/doc/draft-ietf-tokbind-negotiation/, and https://datatracker.ietf.org/doc/draft-ietf-tokbind-protocol/). Preliminary feedback from the Area Director (AD) will be discussed. This working group works in collaboration with the TLS, HTTPbis and OAUTH WGs and with the W3C webappsec WG.

Also related to OAUTH, the Security Events (SECEVENT) working group is working on an Event Token specification that includes a JWT extension for expressing security events and a syntax for communicating the event-specific data. This is a fairly new WG, formally chartered in January 2017. The meeting this week will discuss the token specification, token delivery, stream management and provisioning, and a management API.

More Activities

For the security crowd, no IETF week is complete without the Security Area Advisory Group (SAAG) meeting. This meeting features a quick run through all the working groups doing security related work in the IETF across all areas, a set of short talks, and an open session to bring issues and topics forward from the community. This week will have one invited talk on Inter-domain DDoS mitigations: potentials, challenges, and solutions. The remaining time will be spent on an experiment, called secdispatch, where proposals for new work will be discussed.

Also, don’t forget the IETF Hackathon which is held the weekend before the IETF. This IETF Hackathon has several projects of interest including continuing work on TLS 1.3 testing and interoperability, the HTTP status code 451, generating certificate requests for short-term automatically-renewed certificates, and distributed denial of service threat signaling. All the potential projects of this rendition of the IETF Hackathon as listed on the IETF 100 Hackathon wiki site.

Finally, in a continuing effort to connect security researchers and the Internet security standardization community, two topics with active working groups at IETF 100, IoT Security and DNS Privacy, are planning for workshops to be held in conjunction with NDSS 2018. Both the Decentralized IoT Security and Standards (DISS) workshop and DNS Privacy: Increasing Usability and Decreasing Traceability (DNSPRIV) workshop are currently accepting submissions and planning for productive workshops in February 2018. Perhaps something overheard in the halls of IETF 100 would make a good submission.

Join us for another full week for identity, and privacy, and encryption related topics here at IETF 100!

Relevant Working Groups at IETF 100

ace (Authentication and Authorization for Constrained Environments) WG
Tuesday, 14 November 2017, 930 – 1200, Collyer
Agenda: https://datatracker.ietf.org/doc/agenda-100-ace/
Charter: https://datatracker.ietf.org/wg/ace/about/

acme (Automated Certificate Management Environment) WG
Thursday 16 November 2017, 1550 – 1750, Sophia
Agenda: https://datatracker.ietf.org/doc/agenda-100-acme/
Charter: https://datatracker.ietf.org/wg/acme/about/

cfrg (Crypto Forum Research Group)
Wednesday, 15 November 2017, 15:20-16:50, VIP A
Agenda: https://datatracker.ietf.org/meeting/100/agenda/cfrg/
Charter: https://irtf.org/cfrg

dcrup (DKIM Crypto Update)
Wednesday, 15 November 2017, 930-1100, Bras Basah
Agenda: https://datatracker.ietf.org/meeting/100/agenda/dcrup/
Charter: https://datatracker.ietf.org/wg/dcrup/about/

ntp (Network Time Protocol) WG
Monday, 13 November 2017, 1330 – 1530, VIP A
Agenda: https://datatracker.ietf.org/doc/agenda-100-ntp/
Charter: https://datatracker.ietf.org/wg/ntp/about/

oauth (Web Authorization Protocol) WG
Tuesday, 14 November 2017, 1550 – 1750, Sophia
Wednesday, 15 November 2017, 1520 – 1650, Orcard
Agenda: https://datatracker.ietf.org/doc/agenda-100-oauth/
Charter: https://datatracker.ietf.org/wg/oauth/about/

saag (Security Area open meeting)
Thursday, 16 November 2017, 1330-1530, Padang
Agenda: https://datatracker.ietf.org/meeting/100/materials/agenda-100-saag/

secevent (Security Events) WG
Monday, 13 November 2017, 1330 – 1530, Bras Basah
Agenda: https://datatracker.ietf.org/meeting/100/materials/agenda-100-secevent/
Charter: https://datatracker.ietf.org/wg/secevent/about/

tls (Transport Layer Security) WG
Thursday, 16 November 2017, 930 – 1200, Canning
Agenda: https://datatracker.ietf.org/doc/agenda-100-tls-sessa/
Charter: https://datatracker.ietf.org/wg/tls/about/

tokbind (Token Binding) WG
Tuesday, 14 November 2017, 1330 – 1530, VIP A
Agenda:  https://datatracker.ietf.org/meeting/100/materials/agenda-100-tokbind/
Charter: https://datatracker.ietf.org/wg/tokbind/about/

trans (Public Notary Transparency) WG
Monday, 13 November 2017, 1550 – 1720, Orchard
Agenda: https://datatracker.ietf.org/meeting/100/materials/agenda-100-trans/
Charter: https://datatracker.ietf.org/wg/trans/about/

uta (Using TLS in Applications) WG
Wednesday, 15 November 2017, 1330 – 1500, Bras Basah
Agenda: https://datatracker.ietf.org/meeting/100/materials/agenda-100-uta/
Charter: https://datatracker.ietf.org/wg/uta/about/

Follow Us

A lot is going on in Singapore, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Society blog, Twitter, Facebook, or see https://www.internetsociety.org/events/ietf/ietf-100/.

The post Rough Guide to IETF 100: Identity, Privacy, and Encryption appeared first on Internet Society.

Internet Society

Okta: In the IoT, every ‘thing’ has its own identity

Okta: In the IoT, every 'thing' has its own identity

Adrian Bridgwater attends this week’s Oktane17 user conference in Las Vegas, to analyze what Okta company executives really mean by ‘identity’ in an IoT context. 

In the IoT, ‘things’ are just things. They’re sensors, devices, machines, certainly – but typically, it’s additional layers of artificial intelligence (AI) that give these ‘things’ some semblance of sentient awareness and the ability to power intelligent decision-making. The things themselves are still just things.

But being ‘just a thing’ doesn’t imply a lack of identity. Every device has an element and expression of identity that denotes its name, form, function and place in the technology universe. More importantly, the identity of every device can help to control who or what has access to it, or can exchange information with it.

Enter Okta, a company that offers a dedicated identity authentication layer that developers use to implement IoT at the app, service, device and user levels. This week, the company is holding its Oktane17 user conference in Las Vegas, giving Internet of Business an opportunity to better understand its approach to the IoT.

The importance of identity

In particular, Okta insists that its specialist approach elevates identity as a function and a discipline that should be a dedicated part of the way all IoT systems (and all IT systems) are now engineered.

“It’s true, a device is just like any other resource,” says Alex Salazar, vice president of developer platform at Okta. But, he adds, a device has an identity in two distinct senses:

  • Device Identity #1 – A human user that programs an IoT home heating system expresses his or her identity through their own preferences and controls as they program that device.
  • Device Identity #2 – A sensor in a gas pipeline has an ‘identity’ in the sense that it has a log file locator, a ‘device name’, a numbered reference position and set of corresponding values that it creates in the database (or other store) to which it feeds data or to which it belongs.

Read more: Postman aims to help companies deliver on IoT edge computing

People at the device perimeter

Given this core proposition of device identity, Okta CEO Todd McKinnon warns that, despite IoT intelligence layers now spiraling, we humans will be still be ultimately responsible for device interactions.

“Integration is everything, but the perimeter of our networks has been redefined. Given the sheer volume of users now interacting with our networks, [we can say that] people are the new perimeter,” said McKinnon at this week’s event.

What Okta seeks to provide, then, is access to a multi-layered authentication service, but delivered as a layer inside the cloud. The Okta Adaptive Multi-Factor Authentication (AMFA) product is a cloud-based service, running on the firm’s own Okta Identity Cloud, and designed to provide a ‘unified identity layer’ across what are now increasingly diverse business networks and systems.

Read more: Vapor IO powers up hypercollapsed micro-datacenters

Identity steps out of the shadow

The problem, to date, has been that software application developers rarely rank identity functionality among their top project attributes. They prefer instead to focus on core functions and application power. Aspects of login, user (or indeed IoT device) access and authentication, device directory and datastream access, and other system function elements governed by identity, have not traditionally been regarded as appealing or sexy.

To address this problem, the main message reverberating around Okta’s keynote sessions at Oktane17 has been this: “We’ve made it so easy to implement an identity layer into all application architecture design – so why wouldn’t you implement it?”

The Okta platform is designed to be capable of breaking down ‘different types’ of applications, so that developers building identity controls into them can start to focus on two things: first, which apps will need the most identity access provisioning; and second, which apps will need the most work in terms of getting them to the point where they can integrate with other pieces of software in an ‘identity-secure’ way.

Read more: SAP shifts gears of IoT into business ERP

Age of consent

Ed Sawma is senior director of product marketing at Okta and, in explaining the predicament here, he suggests that IoT device identity can be a thorny subject. In other words, it’s about getting engineers (and ultimately, users) to appreciate exactly where identity fits into the total sphere of data management. This must be clarified, he says.

“An IoT device identity may well be ‘proprietary’ and so standard to a particular operating system, or indeed proprietary to some other system and set of protocols. The particular form of that identity will then dictate how we manage data coming on or off of that device.”

“But, crucially,” he continues, “to do anything with that data requires a level of authorization and that comes from identity management. If I want my grocery store to be able to access my IoT refrigerator so that they can analyze my milk drinking data, then I need to be able to authorize that action – and that control comes from being able to control device identity down to granular level, but actioned through a user-friendly interface.”

Read more: Nederlandse Spoorwegen uses Tibco to put data on rails

Identity Kool-Aid, want some?

Asking Okta CEO McKinnon if he thinks this is crucial time for identity to feature as a more prevalent aspect in all systems development discussions is hardly necessary.

“Of course I think this is our time. I actually can’t believe it has taken so long for this truism to come to the surface,” he says.

It’s hard to spend two days at an identity-focused event like Okta’s Oktane show and not agree with McKinnon. It’s like drinking the identity Kool-Aid and wondering why the developer and wider software engineering world hasn’t been ranking this layer as key to all device design from the start.

Should identity be broken out as a discrete, definable, dedicated service in the way that Okta has positioned it? For now, it would appear that the answer is yes, but whether it will be treated with more respect, and ultimately subsumed into wider systems design and management tools, is hard to say.

For now, please log in to more powerfully authenticated identity, whether you are a device or a human being.

The post Okta: In the IoT, every ‘thing’ has its own identity appeared first on Internet of Business.

Internet of Business