IoT - Taking PKI Where No PKI Has Gone Before

Explore the challenges and opportunities of implementing Public Key Infrastructure (PKI) in the Internet of Things (IoT) landscape through this insightful conference talk from OWASP AppSec California 2015. Delve into the complexities of adapting traditional PKI concepts to dynamic IoT environments, focusing on smart grid examples. Examine the importance of contextual information in device authentication and authorization, and consider various approaches to integrating this data with existing PKI systems. Analyze the implications of device ownership changes, repairs, and contextual shifts on security infrastructure. Investigate potential solutions, including modified identity-based PKI, attribute certificates, and supplementary databases. Address critical questions surrounding update authorization, attestation authority, and revocation processes in complex IoT ecosystems. Gain actionable insights for building secure and scalable identification and attribute systems for the interconnected future.