Your SlideShare is downloading. ×
Io t   privacy and security considerations
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Io t privacy and security considerations

302
views

Published on

In this session I discuss some of my thoughts on privacy and security considerations that threathen and are raised by the upcoming internet of things. Warning, you may leave with more questions than …

In this session I discuss some of my thoughts on privacy and security considerations that threathen and are raised by the upcoming internet of things. Warning, you may leave with more questions than answers

Published in: Technology, Business

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
302
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
22
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Real time message processing as a service
    Think of it as IFTTT for internet of things

    Solves today’s integration issues
    Scalability, data volume, multitude protocols & platforms, multitude of integration points, saas & social integration, mobile platforms, business ecosystems, ownership & centralized management, …
  • Real and present dangers
    Are a threat to IOT
    Are caused by IOT
  • Investigation and understanding is required
  • Can third parties (ab)use this information?
    ‘Personally wellbeing’: Doctors, physicians, …
    ‘Social purposes’: Government, police, judges, …
    ‘Commercial purposes’: Insurance, lawyers, markting…
    ‘Pure evil’: Identity theft, extortion, …
  • What about the small things in life?
    Occasional white lie <> activity/location tracking
    Socially unacceptable (yet totally normal) behaviour <> Sensors
  • Prevent physical tampering
    Seals, marks
    Alarms, camera’s

    Prevent virtual tampering
    Bootloader in chip or ROM
    Checks firmware origin before loading into RAM
    Updating (incl. security fixes) now just got a lot harder though
  • All this comes at a cost, both in time and money.
    And not just on the producer side
    Is it worth it, do people care enough?
    Or will convenience be more important than privacy?
  • Transcript

    • 1. Yves Goeleven #IoT: Privacy and security considerations Thanks to
    • 2. Yves Goeleven • Founder of MessageHandler.net – Shipping software since 2001 – Windows Azure MVP – Developer on NServiceBus 2
    • 3. Exhibition theater @ kinepolis
    • 4. Agenda • Why this talk? • What are the dangers? • Security options • Privacy options 4
    • 5. Agenda Why this talk? 5
    • 6. 6
    • 7. 7
    • 8. You might just leave this session with more questions than answers
    • 9. Talk! Let’s start a conversation! 11
    • 10. Challenge! I challenge anyone to do a follow up session with your own questions and ideas. 12
    • 11. Agenda What are the dangers? 13
    • 12. 14 Internet of Things
    • 13. 15
    • 14. What are the dangers? Personal 17
    • 15. & invisible
    • 16. White lies are the common decency holding us together 20
    • 17. Agenda What can we do? 22
    • 18. Security options • Prevent physical access – Behind locked doors – Secure casing – Do not expose physical ports (usb, ethernet, ...) 24
    • 19. Security options • Prevent virtual access – Do not open inbound ports – Design without ’listeners’ or ‘servers’ on the devices – Instead use ‘workers’ or ‘agents’ and remote queues with outbound connections only 25
    • 20. 26
    • 21. Security options • Prevent physical tampering – Seals, markers – Alarms – Camera’s 27
    • 22. Security options • Prevent virtual tampering – Bootloader in chip or ROM, checks firmware origin before loading into RAM – Note: Updating (incl. security fixes) now just got a lot harder though 28
    • 23. Security options • Keep track of device identity – Let devices register themselves/call home – Do this on boot & periodically 30
    • 24. Security options • Analyze device behavior – Include device specific & variable information – Analyze it server side to detect hacked or spoofed devices 31
    • 25. Security options • Block compromised devices – Access control lists – Protocol/package filtering – Signal Jamming – Unplug the power – On the device, or a specialized device 32
    • 26. Security options • Many low-power devices cannot encrypt data using standard encryption techniques – Not enough memory – Drains battery too fast 34
    • 27. Security options • Do not store unencrypted data – On publicly accessible devices – Better send it elsewhere, unencrypted if needed, to store it safely 35
    • 28. Security options • Do not send unencrypted data over long distances – Use a local ‘gateway’, a powerfull local device to encrypt it on behalf of dumb devices 36
    • 29. Security options • Use alternative encryption & data mangling strategies – Signed at the foundry, if you can live with lock-in – Ciphers, hashes & arithmetic algorithms 37
    • 30. Security options • Audit your physical environment – Know which devices are ‘smart’ – And how they communicate – Include all technologies (IR, RF, Bluetooth) 39
    • 31. Security options • Spy on your things – Intercept communication between your ‘things’ – Analyze the communication & detect anomalies 40
    • 32. Security options • Physical canary – Apply ‘social control’ amongst devices – Let devices report that other devices are talking to them inappropriately 41
    • 33. Internet of things, reference architecture 42
    • 34. Privacy options • There are privacy laws – Make sure not to break these! – Do not store, send or process information that you’re not allowed to – http://en.wikipedia.org/wiki/Data_Protection_Directiv e 44
    • 35. Privacy options • Is it clear what laws apply when? – Multinationals spread across different countries – Difference in laws where data is collected vs data is processed or stored – US vs EU: direct conflict 45
    • 36. Privacy options • Trust is paramount for adoption of IoT – Make it your policy not to break it – People may choose not to buy products from violators 48
    • 37. Privacy options • Question is: is this really true? – Facebook is huge, yet no one trusts them (I hope) – Will convenience win over privacy concerns for majority of people? 49
    • 38. Privacy options • Build trust by asking for user consent – On data collection devices – Oauth great for this!? – But how about devices without a screen? 50
    • 39. Privacy options • And how about exchanging and correlating information with 3rd parties in backend? – Need for federated authorization? – With context? – F.e. I allow you to analyse my energy consumption, send the results to government, but not to utility? 52
    • 40. 55 Loyalty plan Give me your address and you'll get 10% off on your next pair of jeans…
    • 41. Other things we can do? There’s a lot we can do 56
    • 42. Other things we can do? Also a lot of open questions 57
    • 43. Other things we can do? But maybe consumers just don’t care (aren’t prepared to pay for it?) 58
    • 44. Other things we can do? What do you think? 59
    • 45. 60 A big thank you to our sponsors Gold Partners Silver & Track Partners Platinum Partners

    ×