Explore the intricacies of designing user-friendly IoT security in this 42-minute conference talk by Damilare D. Fagbemi. Delve into the challenges of making security comprehensible and appealing to regular users, and learn strategies to overcome barriers in necessary workflows. Discover how to implement secure defaults, display targeted risk information, and assist users with pre-configured security levels. Examine the importance of scalable design, including zero-touch device provisioning, and understand the need for runtime anomaly detection and device health checks. Learn about revoking previously granted authority, keeping secrets secure, and monitoring circumvention of security controls. Gain insights on achieving clarity and simplicity in IoT security design, ensuring a balance between robust protection and user-friendly interfaces.
The Security We Need - Designing Usable IoT Security
Overview
Syllabus
Intro
A little About Me
Learning Objectives
Security Intricacies Don't Make Sense To Users - Type 1
Security is Not Interesting to the Regular User
Barriers to Necessary Workflow
Differing Views of Security
Put on your "User" Hat
P2: Secure Defaults Only ctd.
Display Targeted Risk Information for Security Config
Assist your User with Pre-configured Security Levels
Design to Scale (Zero-Touch Device Provisioning Example)
Do Not Allow Passive or Transitive Authorization
Implement Runtime Anomaly Detection & Device Health Checks
Ensure lot Admins Can Seamlessly Revoke Previously Granted Authority Ctd.
Just Keep Secrets Secret
Monitor Circumvention of Security Controls
In closing, Aim for Clarity & Simplicity
My Social Networking
Taught by
OWASP Foundation
