Azure Io T Hub and Device Provisioning Service

Azure Io. T Hub and Device Provisioning Service Rasmus Wätjen @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 1

Key takeaways • Azure Io. T Hub is cheap and easy to get started with data collection • Built for pre-configured devices • Can be used for PC software @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 2

INTRODUCING WIDEX 3

Goal • Make the initial hearing aid adjustment better and faster • Help users who are unfamiliar with advanced adjustments @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 4

Solution • Machine Learning Problem • How do we get the data? @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 5

Data ingestion • Azure Io. T Hub • • Device to Cloud and Cloud to Device communication Per device authentication Automated provisioning with Device Provisioning Service Large file upload @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 6

@dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 7

Io. T Hub Device Provisioning Service • Provision devices/clients without hardcoding Io. T Hub credentials • Load balance devices across Io. T Hubs • Provision devices to nearest Hub @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 8

Device Provisioning Process @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 9

Device Attestation X. 509 CERTIFICATES @dkrasmusw TRUSTED PLATFORM MODULE Global Azure Bootcamp – Copenhagen – 2019 -04 -26 SYMMETRIC KEYS 10

Certificate Provisioning • DPS must know root CA • Clients must provide a certificate in same chain of trust Image: Yanpas, CC BY-SA 4. 0, https: //commons. wikimedia. org/w/index. php? curid=46369922 @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 11

How we use Io. T Hub DPS 2 1 API management Certificate Generator web app 5 Io. T Hubs Clients 4 3 Io. T Hub DPS @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 12

Provisioning in Io. T Hub DPS with symmetric keys 2 1 API management Key generator function 5 Io. T Hubs Clients 4 3 Io. T Hub DPS @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 13

Symmetric key attestation 1. Client requests hash of secret key and device ID from Azure Function Device ID Key HMAC SHA-256 2. Client transmits hash to DPS along with device ID HMAC SHA-256 Device ID 3. DPS has knowledge of secret key, and performs same has operation as step 1 Device ID Key HMAC SHA-256 4. If client provided and server generated hashes are identical, DPS can verify that client may connect Client HMAC SHA 256 @dkrasmusw DPS HMAC SHA-256 Global Azure Bootcamp – Copenhagen – 2019 -04 -26 14

IOT HUB IS SUITED FOR MORE THAN JUST IOT DEVICE MESSAGING AND TELEMETRY @dkrasmusw WITH DPS IT IS EASY AND SECURE TO PROVISION NEW CLIENTS Global Azure Bootcamp – Copenhagen – 2019 -04 -26 NOW YOU DON’T HAVE TO BECOME A CA 15

Questions? @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 16

• Source code • https: //github. com/rwatjen/Azure. Io. TDPSCertificates • Blog • https: //blog. rassie. dk • Rasmus Wätjen • @dkrasmusw • www. rassie. dk @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 17

Image credits • The Digital Artist @ pixabay • geralt @ pixabay • xresh @ pixabay • qimono @ pixabay • Microsoft • Yanpas @ Wikimedia Foundation @dkrasmusw Global Azure Bootcamp – Copenhagen – 2019 -04 -26 18