The IoT Architect's Guide to Attainable Security and Privacy

David M. Wheeler, CISSP, CSSLP, GSLC, GREM, is a Senior Principal Engineer in the Platform Security Division of the Architecture Graphics and Software group at Intel Corporation and has thirty years' experience in software, security, and networking for both commercial and government systems. In his current role, Dave is responsible for the research and development of new cryptographic algorithms and protocols, several security APIs, and libraries across Intel including for IoT platforms. He performs security reviews for both Intel's IoT and cryptographic implementations and represents Intel at the IETF. Within the Internet of Things, Dave has contributed to Intel's Software-Defined Industrial Systems architecture and Intel's Internet of Things group's Health Application Platform. Prior to Intel, Dave held various lead software and systems architecture positions at Motorola, Honeywell Bull, General Dynamics, as well as his own firm. Dave has designed and built several hardware security engines, including a Type-2 security coprocessor for a software-defined radio, and the Intel Wireless Trust Module-a hardware cryptographic coprocessor on the Intel XScale processor. He has implemented several cryptographic libraries and protocol layers, including an IPSec-type implementation for an SDR radio; header compression protocol layers for IP, TCP, and UDP over multicast; a connectionless network layer protocol; two-factor authentication verification over RADIUS for a firewall VPN; PPP for serial; an instant messaging protocol over Bluetooth; and many others. of Intel's Internet of Things to make Intel's products and software projects secure. Blog: http://crypto-corner.typepad.com Twitter: @dmwheel1 LinkedIn: https://www.linkedin.com/in/davidmwheeler/ Damilare D. Fagbemi CISSP, GXPN, had what might be considered the best possible introduction to the field of information security. An innovative software system that he built, the first of its kind in Nigeria at the time, was hacked minutes before a highly publicized deployment. After that, needless to say, Damilare got interested in information security fairly quickly. He began learning about the security of data and networks, then took and passed the CISSP. Considering his background in software development, he wondered where the intersection might be between the vast disciplines of software and security. A few years later, in Ireland, he stumbled upon a job advertisement for product security engineering. Th e rest as they say, is history. Since then, Damilare has had the opportunities to serve as an engineer, architect, and technical leader at high-tech firms such as Intel Corporation and McAfee LLC, in the United States and Ireland. In those roles, he has had the pleasure of working with talented product teams to architect and build secure Internet of Things (IoT), web, and mobile solutions. As part of Intel's innovation in Smart Cities, he designed an IoT solution for Intelligent Transportation and contributed to the architecture of an artificial intelligence (AI)-powered platform for rapid decision making at the IoT edge. Damilare leads the Libraries Product Security Expert Center in Intel's Architecture Graphics and Software group, where he has enjoyed creating and leading a cross-organizational and cross-located security engineering team. He has taught security architecture and design across three continents-North America, Africa, and Europe-and served as Chapter leader of the Open Web Application Security Project (OWASP) in Nigeria. He is also a former co-founder of a software development company, with clients spanning private and government sectors. Blog: https://tech.edgeofus.com Twitter: @damilarefagbemi LinkedIn: https://www.linkedin.com/in/damilarefagbemi/ JC Wheeler began her career at US West Cellular analyzing analog network traffic and contributing to the rollout of one of the first commercial CDMA infrastructures in the nation, where she helped design the metrics and tools for CDMA traffic analysis. She then moved to Motorola to design cellular and satellite network protocols, authentication, crypto key management, and end-user features. She began consulting at General Dynamics in 2005, where she designed and integrated VoIP, header compression, multicast communications protocols, over-the-air provisioning, and IPSec variants for both MANET and satellite SDR waveforms. Th e small business she co-owned won a DoD SBIR and was a semifinalist in Th e Arizona Innovation Challenge for its smartphone secure framework; it was also a Navy Phase 2 SBIR subcontractor, building an AI engine to troubleshoot MANET radio configurations. JC is now retired and enjoys researching new technologies and macroeconomic trends.