Friday August 2 2019, Security and Privacy Track, Cockle Bay, 09:30 AEST

As the old saying goes, when one door closes, it can only be reopened when identify yourself with a valid JSON Web Token.This talk introduces JWT, secure authentication, and delegated authority, to demonstrate how to secure IoT devices without exposing them to the internet.


Let’s connect our front door to the internet! What could possibly go wrong? Securing IoT is hard, and the last thing we want to do is let some stranger in!

Let’s take a step back and consider other ways of securing that door, and granting access remotely. How can we do this without connecting your door to the internet, and while adhering to common protocols and data formats throughout?

In this talk, you will learn:

  • how JSON Web Tokens can be used to transmit credentials to an air-gapped device;
  • how this process can still allow someone to grant remote access;
  • how to apply this theory to other IoT devices; and
  • how this theory can help even in IoT devices that need direct internet access.

The talk includes a live demo, featuring an actual door.


Ben Dechrai

Ben Dechrai


A technologist, public speaker, and community builder, Ben is passionate about sharing his ideas and views on security, identity, and privacy. In what spare time remains, he spends time with his family in Melbourne, Australia, and finds too many excuses to get out the soldering iron or dig trenches for the next fully-automated life hack that will hopefully one day save him time.