Open Source Summit + ELC Europe 2019

IoT presents a large attack surface, stemming from the number of connected components, physical distribution, and bugs in hardware and software. In this talk we focus on the Edge, systems close to the IoT sensors and actuators to reduce network bandwidth needs yet lower response latencies. EdgeX Foundry, an open source LF project, is a collection of microservices that collect, process, and respond to sensor data along with various support services. We review its threat model and the security best practices it adopts, such as code scans for known CVEs and security anti-patterns, use of Kong for secure gateway/proxy, use of Vault for secure storage of keys and authentication credentials, audit logging, and deployment prescriptions to limit privilege escalation and stolen media type attacks, and incidence response. Lastly, we touch on security roadmap items such as PKI for authenticated secure inter-service interaction and Trusted Platform Modules for secure boot and encrypted storage .