Duration 44:26
16+
Play
Video

Internet of Things (IoT) Security Best Practices With Google Cloud (Cloud Next '19)

Nicolas Schieli
Sr Marketing Director - Crypto Products at Atmel Corporation
+ 1 speaker
  • Video
  • Table of contents
  • Video
Google Cloud Next 2019
April 9, 2019, San Francisco, USA
Google Cloud Next 2019
Request Q&A
Video
Internet of Things (IoT) Security Best Practices With Google Cloud (Cloud Next '19)
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Add to favorites
2.6 K
I like 0
I dislike 0
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
  • Description
  • Transcript
  • Discussion

About speakers

Nicolas Schieli
Sr Marketing Director - Crypto Products at Atmel Corporation
Pushkar Sharma
Product Manager, Google Cloud IoT at Google

Nicolas Schieli has more than 20 years of high-tech embedded experience. He is currently responsible for the product strategy, marketing and application engineering for the Secure Products Group at Microchip Technology Inc. Formerly, he was the marketing director for the microcontroller business line in the Automotive Business Unit at Atmel. He’s also led the Automotive RF Product Marketing Team. Prior to Atmel, he co-founded Quelis Id Systems and served in technical systems engineering positions at PSI Electronics. Schieli has an MSEE in Electronics, Computer Science and Signal Processing from the Ecole supérieure de Chimie Physique Electronique de Lyon.

View the profile

Pushkar Sharma is Product Manager in Google Cloud IoT. He has 14 years of experience in bringing wide range of products to market - Cloud platforms, indoor location, Enterprise Wireless, mobile radio transceivers.

View the profile

About the talk

Security is a critical concern when deploying and managing IoT devices. During this session, you'll learn how Cloud IoT provisioning service simplifies the device provisioning and on-boarding experience for Cloud IoT customers and OEMs. We will demonstrate how to efficiently do bulk provisioning of 8-, 16-, and 32-bit microcontrollers. Come learn best practices and practical examples of how to provision devices in the wild and keep them secure for their lifetime.

Share

Play Welcome to iot 205. We going to talk about security best practices, especially with Google cloud and how do you incorporate incorporate that in iot? So let's start. My name is push push push push a product manager in Google cloud iot and with me is Nicholas Sheley. He'll be joining me and talk about a secure elements and ID security he's the senior marketing manager and application manager at microchip in the security products group. So let's get started.

Sao alternative Nicholasville take over. So first of all, we'll talk about iot device root of trust. What does it mean and why it's important then we'll talk about some crypto algorithms. And how do you Define algorithms are and how do you think about those then there are different methodologies. There is the hardware to defrost there is a faster route of trust. And then how do you think about which one is better or not? Then there are different implementations to even if you think about Hardware the different ways you can make things better and and and also the

way to get compromised and you want to think about all those aspects we've been you choose your hard way to defrost and then the second asteroid will turn into like, how do you put that in in real life? How do you resent them a scale? And how do you operationalize them and will do a demonstration of all the aspects of security validation onboarding of the Coyote in eau de parfum and Clarity how to do that with Sakura lemons without heading back over to Nikolai and then he talked about those. So basically we're resigning

an IT product as mentioned wanting to start with is well first we need to be basically what we are facing in the market. The number of attacks on that are widespread over the past two years and difficulty on the taxi sweetie increasing that's really one of the important points. They fit into your taxes increasing rapidly and you see also this king of the taxes increasing me some other text Ashley. Pointing to pretty much every single connected device. Now we got in mind when you're designing

a product for a connected product. You will need to physically bill. With the boot of trust. So many people are using the concept of you. Trust. So what does that mean for novelty device support device without trust. Typically we bleed means two things you need to basically make sure that's the device runs during code. So cold that is supposed to be running and also the device is connected to the service. It supposed to be connecting to so really before connecting to any remote service. You need to make sure that this guy rants the coldest

it supposed to be running. And only the combination of those two attributes make the device. And basically that's what we called it without trust phone connected device. In order to be able to connect a device to a remote service. You need to have a choice about identity. So what is a trusted identity in a world? So in a digital world adjustable identity is number. It's nothing more than just a number. That's basically you can make a copy of that number that could be with your perfect copy. You will even know that someone has made a copy of

your party. So twistable by Fable and unique identity property that is very easy to copy which means if I have a copy of your party key. I have all the actresses that you you have so put burning someone to making a copy of that party is essential. So it's all about protecting the key. Basically if you looking at that number that is the party the other number of principles to to apply to put a stop to those numbers or those keys. When is the castros principle which basically says that in the system in a critical system. Everything should be known? And it said the key. So what you

should really spend your time on collecting is the is the key to the key is a secret. Everything else should be should be known and go Channel actually also stated essentially the same thing that physically you should assume that the enemy the attacker know the system. So closing the system down to make you go see Tommy secret. He's not going to make the whole system is secure. No, the are some examples where that those principles of not being implemented. So if you looking at no back in time where the phones were basically using the GSM specification for

connecting I forget to bring text messages or connecting to the Network's physically. The security scheme of GSM was based on the secret protocol. So the secret what secret till the time it was no secret anymore by so that I'm basically it was possible to spoof GSM messages and send text messages spam stew the network. So basically again Secret APA system should only rely on the secrecy of the T itself. If you rely on anything else, it's likely that you're going to get hacked. The next thing to consider is you should only use

industry standard algorithms. So there are these organisms are the major benefit of the fact that these organisms are. Why do we study it? They've been buried by regulation bodies that we can choose to trust and physically they are coming with a set of the communication test that tell you on how to use those algorithms because many of the cryptographic algorithms if they're not used as defined they are potentially causing weaknesses and also some of the main

benefits of the fact that then you can get into a Volvo systems. Know when it comes to Houghton commence. Too. So you have that connected device that basically runs software for your connected thermostat or what have we got that connects to the cloud. Now, you have all that computing power that is not device. So why not using that computing power to run those cryptographic algorithms. Now the thing is if to run cryptographic algorithms directly and software in your Computing engine in a device. That

means is the keys that are used by those cryptographic algorithms are also there with the Coco. So either the keys are there and we basically mentioned that the keys are the things that we need to remain Secret. Then we need to make sure that nothing in the system can leak out those keys and how bleed as well as being so committed by Google back in 2014 is an open SSL the back that's basically was allowing hackers to go and have direct access to the memory of the open SSL server. What is important to mentioned in that case is

2014 when he got published as a as a buddy that that that was the most read last thing you do Bloodgood introduced years before so it's likely that someone is being able to exploit that way before it got dark money dentist. But so basically the question is if you go down that path of suffering from Tatian of a cryptographic algorithm, how many bags do you have? Like, so everyone knows that perfect software is not possible. So if you want to have a secrecy turn based on something from the patient that means that you have to have is actually

perfect software. So that's something that he's an idiot go. So in that context they open the systems that are being accepted for connecting devices securely to remote service. I've been excited around six elements occur elements are pieces of Hardware that basically are designed for storing cryptographic keys and using those cryptographic keys to Safeway. Not a thing is if you're looking at your sister now you ending up with It's after unification office office. Why you have your main

computer in engine to make you taller in your thermostat for instance that we had a company called. We have memory we have code we have power and Clark sources. Now, you see payment we have all those blocks as well. So naturally the next question is why don't we combine that? Why don't we have Hardware products? That busy can combine all those features in one single piece of silicon. We are getting a lot of resources. We could really find ways to optimize. No. If we do that so many systems have been doing

that naturally. So if you share Francis the Corso China core in the institute's time is you can think about this as a busser that would be able to run code with multiple levels of privilege privilege. That's exactly what runs in any more than opening system to the Linux Windows. All those operating systems used concept where you have a kennel code that is privileged that has to have the has the right to access everything and use a space vehicle that has very limited access to To the Continental System. Naturally, you would put you or could you graphic tees your secrets

in the most privileged place where the vehicle user code will not have it access to so now this isolation is typically enforced by the hardware itself. So the processor with have capabilities of making sure that memory that is supposed to be accessible by the colonel is not accessible by the use of space now has like a meltdown and Spectre that are being mounted by teams back quite recently 2018. That didn't pack pretty much old PCS in the market. And that was marked by Google Zero project Cypress Technologies

and the garage University in Austria and what they've been able to do if they've been able to leverage Hardware applications of the process will basically dose all those hiring processes. They use speculative execution rights over to do is the access is so expensive because it's tolls the pipeline's of the processor for a very long time until the deal with the code to get into the processor then basically what they do is execute those forces Execute Order Cody can take everything. That's all you're going to have to be to cut it. And then once you know, which code is

useful this the trash out what is not useful But the side effect of offer. Speculative execution is the fact that you can actually do that to get into cash. So either cash or deposit so you have on that codeine memory did a memory basic and all the secrets of you could end up being there and they've been able to mount an attack that was able to feed those data out of the cash into the use of space. So basically what is really important for this attack is The Simpsons behind the room that basically they had no physical access to the system. So

this is something that you can do until you remotely and assuming that they had no weakness in the opening system. So there's no dog to Leverage. And these new software vulnerability in the system to support either so they were saying that the system was perfect. They had no physical access to it and it was still able to mount to gain access to privileged memory. And basically get access to the secrets that we're in the in that privileged memory. So again this sharing the core in that case was quite harmful harmful, you know, they was hard idle Ace Hardware

in Fort isolation between the different pieces of code. I'm looking at showing the closer. So that's another piece of the system where you may have you may want to share you power management or your closure sew in. Basically, this isn't act that is quite fascinating. So clock screw that was mounted by the cult Columbia University back in 2017 is physically limiting the fact that pretty much all modern hiring processes have power management features that allow them to scale frequency and voltage as needed. So if you need to perform a very demanding

thought you would be increasing the power to deposit you would be increasing the clock frequency to have it track faster and one you want to stay power because you're not doing that you will essentially be killing them down. So we will have lower potential or if I can see when you doing this you may end up violating some of the hardware. Timings of the of the of the past. So if you look at the the picture this is a a picture of the number of flip-flops are these other Gates you have in a processor and these need to be clocked at a certain frequency. If you

violating violating the frequency of those flip-flops, you will essentially introduce a fault into the chain. Now what they've been able to do is to basically build a remote photo tag, so they were able by just scaring the frequency of the cloud to inject a fault into into the the the hardware That Was Then starting to misbehave to the point where I basically it was leaking out. It was giving privileged access to the memory. So you could actually mount a remote photo tach without having any physical access to the device just by using

use it uses space code. And then injecting for the Tide Falls in the code that gives you access to the memory. Right. So now you not taste you get access to the Trust In memory with and privilege privilege code even though you have all those Hardware Banner is that plants in Surrey to have access to that memory you remotely start ceiling access. No glass pieces. How do you if you share a memory? What does it mean for your system? If you sang the memory

the memory in no symptoms either, So do you want cells are quite act together in the city, so she can space East Coast for possible. Right? So you want to have them as close as possible when you get them very close what happens if they will be coupled capacity of Levi's so when you changing the value of one cell you main entrance the cell that is the neighbor. So basically what is called Warhammer, that's another Google Zero project that was released in 2015 would have been able to execute code

that was Successfully being able to so use a space code not privileged code that was able to change the memory footprint in some roles of the of the memory that weight difference in the neighboring cells enough for those cells to basically flip the beat for a private code. Now, it's only you are privileged memory is not privileged anymore you had access to it because you just hit that bit by just changing user space code. So it's quite fascinating the fact that those memories I'll share them back together, basically.

No intrusion is a key showing resources in a secure system is quite up complex. Right. So then you need to think about how you can defend yourself against all those type of attacks that are quite better. But all those attacks have one thing in common. They have access to these ones season with all those resources are together. and physically all those attacks are leveraging the fact that these are weakness in me from addiction is a hardware raid weakness. That's very clear. But it's a weakness based on the fact that those resources are

shared. So basically the point is if you want to make sure that none of those attacks are possible that all you want to have it perfect isolation. So you don't want to ask you combine those resources. You want to keep them separate you can keep them separate. There's no way of Mounting any of those attacks is what six elements busy could do bicycle keep all those resources can be separate. They have dedicated Computing core for a handicap the graphic. They have dedicated memories for storing the the keys and secrets and they have dedicated power and customer says that you

cannot manipulate on the outside. Go fund sense. So that's why we basically success that's for best-in-class security in competitions. You can use you should be using a product that is specifically designed for security in my face. So basically Sakura elements are devices that are not designed for power consumption optimization of computing power position like those processes that talked about the DL design reading for security as number one goal. So don't devices have many Define different type of defense is to basically be

able to defend against any known attack. So that's really what they meant design for so don't devices have typically active shield on the top. So you can see that on that picture. We're basically has no physical access to the device itself. If you get if you went to get access to the United States, did you clean you would not be able to get to the secret? So those secrets are active Shield where you basically the transaction to the end of the underneath logic memories on Cryptids features like his math operations, which means that every

single operation. Regardless of the the day that you manipulate will always take the same amount of time because you don't want to leak out any information by just executing the command by Humira creating a certainty. You don't want to you don't want the duration of that manipulation to be dependent on the Keith self or you would be leaking out information about the key. He's obviously no external clock input. So the clock is generated internally. And he's no JTAG devices that are designed for security in mind as a first as the

first coat. Now, how does that play with the cloud so push that will talk to you about the Seedy side of the cloud and how those Economist can be used in the context? So when we think about our team Google call meeting and van because ultimately what matters to you is the business called which is on the right hand side of the Spectre basically is an application you trying to Mabel and what you have on the left on the extreme left side of the use of the answers that you care about. These are

devices are factories. These are Vehicles you train your tracking are there is a Telemetry which they're producing and you want to make sure that gets to the final goal that you cook you can make sense of it. So we have lot of products along the way in the Journey of the data, which basically I would help you to process the data and some support right of starting off on the left hand side of it. You have a gateway gateway visit device with with the wireless connectivity to the cloud over when and what day was the primary goal is to secure that connectivity because because

these other devices out in the wild you want to make sure they're secure sweet offer secured elements, that would be one thing and we'll talk a lot more. Can you use the best security practices and that has been our number one goal when we designed the the front end for that which is the Cloud iot Core. So that's the product of which MyTeam to the goal of the project is to enable this planet scale connectivity of devices security at scale so that you don't have to worry about Security on my dog. And then the data goes into pops up. And from there on what you really

looking to do is sort of ETL and processing of that data. So we have different product data for dinner prep. You can do Cloud functions for Russo you want to trigger off certain route based on the different event. You can do that and you can still do that in two different kind of their business whether it's a time-series database SQL database depending on the type of database that are multiple choices. But ultimately what you trying to do either you can display a real-time what's going on or as you can start going to start a used tire machine learning you want to start to predict for

example, essay in a factory environment if you have a machine and its producing whole bunch of data, but you want to create a predictive model of what what the film look like. And when will it happen and what would be the factors for those failures? That's where you would start using Ai and machine learning Creator a model train that model using your path. Do. And then use the current data to in France weather what the probability looks like? And what are the the factors which could be affecting the failure for example? Until you have in a Firebase and data studio for visualization

and application development. So we haven't went sweet for you from a entirety application development. Plastic Model T car so I don't think that's actually has two parts. One is the protocol Bridge it support HDPE and an MPT for the calls. I said that basically means that all your devices can now connect over these protocols and and and publish data injection. And the reason we calling a plant plants care because it uses a Google front end and it is a front end for all the Google applications right weather to email YouTube. They all use the same

Google find my device wakes up and tries to connect it goes as fast as possible to the Google infrastructure. And then you do not have to specify different hubs in different regions. It's a single and point. It needs to add to that means that you don't have to admit faction. You don't have to worry about what and point the devices may end up going is a single endpoint. That's a Google front end and the second part is the load balancing, you know, if you are running your own a.m. PDT application like mosquito, for example, you have to manage that as a VM, you need to scale up

and down as a Duda as you adding more and more devices. You need to manage those vans or even a containers would crack right? So what we have an ivd Court we just manage it for you. Are you simply pay by the you said you don't worry about number of devices. Rachel. Something is automatically taken care of you for you. The second aspect is a device manager and this is where the repository of devices basically he would Define the devices give you the name. I'll give you the metadata and however, you want to Define your devices and then would be a

public key and we'll talk about why that's important to establish the connection to the private TV channel. I just talked about. And this allows you to have a lot of money to buy directional second of all, I mean is Not Just One Direction. I mean you can do it in ten commands back to the devices. You can I can do a configuration of days you can do what you say is the truth. Configuration updates and then it also allows you find gain access through our I am so there, you know, you can create your own rules and their permission based on the different resources

type on it. So I essentially you grouping these devices into different regions and and different Registries and then you can provide different level of access. Login API in console access for you to do the full application development as well. Can I talk about authentication? Right? So what we are using is it standard TLS there is no difference is is TLS HTTP. And what was he at the difference here? Is it that you pretty Innovative a feature from Google and that we are using

JWT tokens of using this as opposed to using certificate that means that you do not have to store the certificates on the other device and that basically freeze up Lord of memory from a constrained devices a perspective and you don't have to go work with the Minnesota get certificate for each device isn't have the infrastructure about you. Simply. Do you sign it with the private key which isn't in the device itself and use that in the password field and you establish the the TLs connection connection is the date.

Do a full Mutual TLS. Every support body cc&r is a type of keys. So so that's the connection but then you know, you have to think about how the onboarding works. Like. How would I just make it not just one device but how do I do it for in a multiple devices in Factory and there are pros and cons. I'll talk about it. So typically what would happen is that you would have to wait for the device to connect the bottom part here for you to connect you need to know is the device ID. It needs to be in a sign of

Jordan send that over in the connection and it needs to know where it needs to go. I mean you need to know what registry Wattpad with project on the couch. And then the question is how does the device get to know that that's where the provisioning aspect comes in? You have to you have to create that as a provision. You have to pay the public-private key pears and an embedded into the device and created device ID on and put it in the device and how to make sure the same device ID and a public keys on the cloud as well and in the right projects to this is sort of two-step process. We have

to do at this is where the complexity lies where first of all there's one problem is how do you ensure these private Keys electricity because you're actually working with a manufacturer that potentially most likely the 3rd party manufacturer. How do you make sure these keys are not compromised? So you end up spending a lot of effort and money on overhead and security manufacturing practices of it, which is expensive. So that's how we can tell that and the second aspect is how do you do at Skylake? How do you get this device ID in public keys and put that into the

into the cloud without registry and how do you register them in the cloud? So I was trying to solve these problems will show you how we're going to do that. So first we talk more secure secure element gives you a good way to solve the first problem because when this the private key is never is never exist outside. The device are these private key pears are expired can the public see this keep her side actually generated inside the device so you can expect the public key from it, but you will never find out about the private

key, right? So that means that you can just buy the secret elements you can ship it to your manufacturer and you can keep it on real like this. And you know, they just take those reels populate on the on the hardware they ship it and you do not have to worry about whether this private key has been Sakura. Somebody else has access to it. That's very cool thing and secondly the Georgian to meditation and signing so it it can't do that sofa lamp with your other men care with Michael Jackson when you can sign the jar create a chart sign a job and send it to now we can do the software

implementation part for you as well and it works with a client SDK and she has to get published as if you can make it work into and without much hassle prices taxi very easy to implement and it's secure at the same time. Last one aspect aspect is the how do you do it at scale? Right and and the the elements you can get where they have not been programmed by Dan Hartman pre-provision day you get blank program and then at manufacturing you can say hey and I'm going to

create my own, private key or and then and I can I can injectors supposed to fall you have to have this SM capability very know. You would have to work with a third party and clear those keys in his 30s Goods in it. And the second aspect is that you have to do a careful Cloud II registry mapping as well right at the problem is that when you do that is the overhead of having these extra steps of programming that may give you customisation capabilities, but that is not really important to use

cases. You don't really need it. So the second aspect is a pre-provision secure element, which is the microchip has already use the configuration which is most common 90% of the time. You don't need to change it and people region one and you can order the minimum quantity equals one so you don't have to order it other than minimum qualities you get this devices in in different packaging options, and then you can you can simply use in right away. If you don't have to have extra steps of customisation or programming of those cuz they're already pre-programmed so that I can be very

helpful from a supply chain and an overhead standpoint. So I will let headed back over to Nicola and he'll talk about how they're actually also helping with the with the clouds site for reasoning as well. Thank you. Physically as well mention Saudi devices can be shipped pre-programmed and the volume is down to one unit. So that's quite unique and industry but mostly volume can go up to whatever you can imagine. We should bring a lot of those devices every year. So

overall the question is how do you map those devices that we ship to the individual projects in the cloud? So you need to have a way to extract actor Mickey that would be there to verify the doctor can that the device will sign when connecting to the cloud and after bikini to be loaded into the right Cloud registry so busy but we do is when we keep products, we also ship a 5lb call the Manifest file that contains the public use of all the devices be shipped. So then you can you upload that the contact. 90 ft 5 in to the registry of your

choice, and that's what is Dippity Donuts on that the diagram way basically the provisioner which in that case is microchip it is I'm sorry. He's the one that is building a device is getting the creeper Michael Chapin and Candice actually use the switch to load to Toby Keith into their registry. So basically as a summary of what we suggest is done when designing an attitude advice is to have a highway with your trust. That's the step number one which in that case means you have to have a unique identity and also be able to verify that you couldn't even when you're running it.

The second step is we to make sure that you can scare Latin volume and you can use find such a nutcase pre-provision secret elements. And you also need to use a trusted sender that has a real end-to-end security opposed to to those to those issues. Now we will try to show you how those type of devices can be used in an easy way. So we have a demonstration here. That is obviously we just one device. So we not trying to demonstrate how discretion is easy, but she's at 1 to buy two seats pretty simple. Really we have

if you can show it to you. So we have busy. Could you make you taller we have sensors so light sensor temperature sensor and we have on these boards a secure element. So that's what I meant. He's basically a device that these people that comes directly from a for microchip. And that body connected to the network over the internet. And basically the first thing we do is to build the firmware and do what we do is typically as we build the from where we also have it signed

with a with a signing party for the family. So you could switch today. Thank you. So that's at messaging which is the tool that make a trapeze using for developing software for photos my controllers. and so the Portuguese already basically built for the demo and then sign so the family is always signed. So then I will then basically program. Give me one second. Sorry, I forgot to power the boat that can be better. So basically what will program your device is the sign for more so So I can

color we get Pokemon with a different way. So the family is actually running the Google CSE case. That's the library that Google is providing for my controllers of that nature to this physical exam for and basically. Stock provide you with all the necessary tools. You need to connect to look out. So once you have done that, so as I mentioned we need to make sure that the firm of those running there is General Tso one way of doing easy to make sure that we are his to verify the hatching of that from where at at boot up and basically

very fight with a public-key of the party. It was used to sign the time. I saw the party that was you that it was you to sign up on the laptop. So I will research program that Public Authority to the secret is basically exactly the way with come with everything pre-program to connect to the cloud. except for the public key for this political boots So that's a commitment we have an adaptable that allows you to program to program over USB to contact of the secret image.

So I need to switch off. When can I cut that is way too small for 5 for my fingers. So sorry about that. The switch didn't work. prior to the time Good. So we've been able to serve a data communication issues. So that was a we have a little switch there that he's basically needs to be switched between that connection and the connection of the board. So I'll try to fix that switch it back correctly. Answer then I could take you to the board. When the Google CSE K will be able to leverage that turn the key

when booting. So I can show you basically how we have it you look for it on that board that will be displayed on the screen that shows you what the the device is doing when it starts. So I'm holding it in reset right now. And this is when he started starts biting the from what's the wait wait, so he divided the firmware with the public. I just injected into sacrement. And then from there he basically gets you there. Give out your number and tells you what to

do parakeet at the cloud is getting now. I'm not sure the device has internet access right now. We had issues before the second cuz he didn't actually get an IP address. For some reason so I can rest of the day. So now the next step is to load the device public key into the into the registry. So if I go to the registry right now in a Google project is no device that is listed. Now as mentioned we have we when we ship wheels are devices. We also provide a file that contains is Ashley all the public use of the of the

device is worship so you can load those are The Punisher Style do I get you to the registry? So that divided the street has knowledge of the credentials of the project everything. and basically we load all those devices into the cloud. So now all the devices that were shipped that we old top of that money. This file has been loaded into the cloud. So you see on boating devices is has become very very simple. It's really about loading a single file. and the either device has internet access we should be able to get

to Hobby Lobby, Sedalia so let's So, I don't know if you have it you said taxes so it right now pulling up. Tokyo I don't think the device is capable of connecting to the internet right now. So sorry about that, but that shows you all the steps we have in order to unblock devices. So you could go back to the station. So sorry I gave it to you so you can so that you see there are two sense. So basically these One sensor that is a light-sensitive. That's one of the top

of the of the graph so you can go back to the graph. Supply sensor is there and is the temperature sensor and if I basically hide the last light sensor the green line we go down. So you started the Dana I basically captured on another device to device. He's autistic eating its own firmware with those create event. Then he's using also the sacrament preparation party to connect to the cloud and then Patti the data to The Entity broker Pub sub and then finally

gets into database and gets displayed in in the water in Gahanna. So that's a to show you that it's quite simple to you using all the tools. We provide so secret that is people resent that can be in very low volume or has high volume as you want. And you can't exactly income and all the different steps. We talked about today with the Google cloud and have those devices loaded into the clouds very easily. You could go back to the main site. Okay, so that's basically while showing the all the steps we have in the demo. And

as I mentioned we busy compiled the firmware Florida public key into the secret event, then we uploaded the Manifest file into the Google Cloud repository and basically wants all that. It could be done at very large-scale. I mean, obviously he just with one device but you could be with the loading of the public is not something that you would have to do one by one we can do this for you in line at volume. Loading am I satisfied? Is this something that loads all devices at once and it finally wants all of that is done with chicken and mint in the Google Cloud SDK come together. They

work together to connect to the cloud. So, thanks for your attention you feedback. He's really appreciate it. So if you could provide the feedback on that site that would that would be very helpful for future sessions. Thank you.

Cackle comments for the website

Buy this talk

Access to the talk “Internet of Things (IoT) Security Best Practices With Google Cloud (Cloud Next '19)”
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free

Access to all the recordings of the event

Get access to all videos “Google Cloud Next 2019”
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Ticket

Interested in topic “IT & Technology”?

You might be interested in videos from this event

September 28, 2018
Moscow
16
173
app store, apps, development, google play, mobile, soft

Similar talks

Alexandr Tcherniakhovski
ДолжностьSecurity Software Engineer at Google
+ 1 speaker
Seth Vargo
Senior Staff Engineer at Google
+ 1 speaker
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Jeff Allen
Solutions Architect at Google Cloud
+ 2 speakers
Rick Dehlinger
Principal Solutions Architect at Citrix Systems, Inc.
+ 2 speakers
Rich Meesters
Enterprise Architect at Citrix Systems, Inc
+ 2 speakers
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Dan Sullivan
Principal Engineer/Architect at New Relic, Inc.
+ 1 speaker
Mike Truty
Technical Curriculum Lead - Hybrid/Application Development at Google
+ 1 speaker
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free

Buy this video

Video

Access to the talk “Internet of Things (IoT) Security Best Practices With Google Cloud (Cloud Next '19)”
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv, you get access to our library of the world's best conference talks.

Conference Cast
647 conferences
26477 speakers
9839 hours of content
Nicolas Schieli
Pushkar Sharma