SlideShare a Scribd company logo

Remarks security web_of_things_reusch

Frank Alexander Reusch
Frank Alexander Reusch

This period is marked by a variety of linked activities with a high degree of novelty: - Microprocessors with more power and memory for constrained devices - Customer boards (new design or Redesign) - Field devices with new functions - networks with autonomously communication - Batteries of today or smaller, increasing capacity - Integration hubs on top include multiple protocols - need for awareness within industry and product design regarding what technology can do and other. These parallel developments require an integrated view of the security of the Internet, embedded devices, and adjoining backend systems.

Technology
1 of 18
Download to read offline
7/12/2016 1 Remarks to Web of Things security Frank Alexander Reusch Lemonbeat GmbH F2F Meeting W3C, Web of Things 12th July 2016, Beijing Beihang University „LU JINRONG / Shutterstock.com
Disclaimer This document does not constitute an offer to sell or a solicitation of an offer to buy any securities. This document and the information contained herein are for information purposes only and do not constitute a prospectus or an offer to sell or a solicitation of an offer to buy any securities in the United States. Any securities referred to herein have not been and will not be registered under the U.S. Securities Act of 1933, as amended (the "Securities Act"), or the laws of any state of the United States, and may not be offered, sold or otherwise transferred in the United States absent registration or pursuant to an available exemption from registration under the Securities Act. Neither the Company nor one of its shareholders intends to register any securities referred to herein in the United States. No money, securities, or other consideration is being solicited, and, if sent in response to the information contained herein, will not be accepted. This document does not constitute an offer document or an offer of securities to the public in the U.K. to which section 85 of the Financial Services and Markets Act 2000 of the U.K. applies and should not be considered as a recommendation that any person should subscribe for or purchase any securities as part of the Offer. This document is being communicated only to (i) persons who are outside the U.K.; (ii) persons who have professional experience in matters relating to investments falling within article 19(5) of the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005 (as amended) (the "Order") or (iii) high net worth companies, unincorporated associations and other bodies who fall within article 49(2)(a) to (d) of the Order (all such persons together being referred to as "Relevant Persons"). Any person who is not a Relevant Person must not act or rely on this communication or any of its contents. Any investment or investment activity to which this communication relates is available only to Relevant Persons and will be engaged in only with Relevant Persons. This document should not be published, reproduced, distributed or otherwise made available, in whole or in part, to any other person without the prior consent of the company.
New… • Microprocessors with more power and memory for constrained devices • Customer boards (new design or Redesign) • Field devices with new functions • networks with autonomously communication • Batteries of today or smaller, increasing capacity • Integration hubs on top include multiple protocols • physical communications (e.g. IEEE 802.11 ah) • areas of knowledge for developers • fields for customer training (New products are more complex and therefore need of explanation) • need for awareness within industry and product design regarding what technology can do • market players and cooperations • Standards and real interoperability Altogether. Over years. IoT is a turning point in history This period is marked by a variety of linked activities with a high degree of novelty. 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 3
Web of Things Internet of Things World wide web Industry Building Automation Smart Energy Smart Cities Mobility Local Health Environ- ment Agriculture Smart Garden Smart Home Public Safety Logistics  Standards prevent wild ad hoc development. Isolated silos coming to their end.  Based on standards, everyone can focus on good customer solutions.  Through combining success strategies of the Web with IoT there are a lot of new opportunities.  Increasing complexity means a higher security risk. W3C gives IoT a structure. The prerequisite for enormous growth is fulfilled. 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 4
Everybody talks about security. But sometimes different terms are mixed. Security • Protection of an object against external influences • “protection of a person, building, organization, or country against threats such as crime or attacks by foreign countries:,…” (Cambridge.org/dictionary) • “things done to make people or places safe” (Merriam-Webster) Safety • Protection against an object (for example, protection against failures) • “protected, or free from danger etc”; “providing good protection (Cambridge.org) Privacy • „the quality or state of being apart from company or observation” or “freedom from unauthorized intrusion”, „the state of being alone” or “the state of being away from public attention” (Merriam-Webster) Definitions Examples: • Protection of data against access • Protection of a network against unauthorized access Examples: • Protection of an person against failures or functional disorder of a device (e.g. local health) That´s a challenge: • New services require the provision of private information (position/ current whereabouts, financial data etc.) 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 5
Interdependencies and the triangle of conflicting priorities Security Safety Privacy Cost Quality Time What is blocking the enhancement of current security levels in the IoT?  Lack of expertise (21 %)  Budget constraints (19 %)  Upper management buy-in (17 %) Source: IOT Analytics – Research and Survey results; Security of Things World Conference, Berlin, June 2016  Lack of knowledge about advanced security processes and technology (15 %)  Competiting priorities (10 %)  Organizational culture attitude about security (10%) 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 6 Constrained budget Conflicting aims Unrealistic timelines Qualified people Budget meet the requirements Ambitious but realistic goals
Efficient, interoperable, integrated, supplier independent, cheap, secure Expensive, inefficient, inflexible, not secure TODAY: CONVENTIONAL BUILDING AUTOMATION INFRASTRUCTURE FUTURE: BUILDING AUTOMATION INFRASTRUCTURE 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 7 Lemonbeat technology in the field of building automation – potential architecture Autonomous devices network without central control. Internet access is not mandatory
Mix between old and new technologies improves effort for security Cloud/Platform („collect, store, analyze data to provide operational efficiency“) Lemonbeat via radio, ethernet etc. (Direct communication to management level) Traditional communikation with various protocols Multiple vendors Different types/functions/ protocols of devices Primary equipment, Heating, cooling,.. with longtime lifecycle Radio Ethernet Connector (Without intelligence, low cost) Radio Controller Heating: e.g. redesign of Control board Integration platform Transformation of Building automation / Complexity of intermediate steps to real WOT 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 8 Ethernet
How is IoT security different from traditional system security?  Higher system complexity (49 %)  Distributed security across the network (49 %)  A novel hardware / software integration (44 %)  New software architecture (18 %) Source: IOT Analytics Why are additional measures in the security of IoT necessary? 9 The traditional scope of IT security is not sufficient for the IoT.
Field level increases the potential attack surfaces (examples) Purchasing Production CRM R&D connectors connectors connectors Radio Ethernet Radio Ethernet Impostor Email CEO Fraud Business Email Compromise (BEC)    Big Data read data from memory 1.Access to Customers data 2.auto-reload function 3.Authorized password change Denial of Service Man-in-the- Middle attack Sniffer / Replay Stealing Dongle (read key) 1. Buffer-Overflow 2. Linking return adress to malware Access after brute force attack Social Network Predictive Analytics Preventive Analytics 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 10
31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 11 Most known security breaches
Who is responsible in security ? 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 12 Source: IOT Analytics Here´s the answer of participants of a Security conference: Who holds responsibility will differ. If the company is • Device manufacturer, OEM: • Product Manager • CTO • For partly activities, everyone is responsible • Customer in the area of B2B: • Process owner • Department which is responsible for an use case • partly activities, everyone is responsible
Security is the result of many diverse activities in the value chain 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 13  Many stages in the value chain are involved to ensure this topic  Each involved person is responsible for their own part. This includes a look to the left and to the right side. Their task area is defined and cooperation with other is matched (adoption)  The result is a chain of tasks and responsibilities  The end customer receives 100% quality when all people in the chain do their job properly (TQM). Chip Manufacturer Device Manufacturer Automobile Manufacturer
Partner OEM (e.g. Chips) Device manufacturer System integrator Waterfall Agile Guidelines Universities Research institutes Require- ments Design Prototyping Review OptimizationSoftware developer Other vendors Security is a result of some complex activities Series production Continuous Improvement Policy Demand Concept Training Review Continuous Improvement Program- Management Software Hardware Knowledge Build / Test automation Requirements Design Development Testing Implementation Maintenance Plan Goals Collaboration Identity Mission Coaching 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 14 Value chain / company processes Results
Not every use case is critical, and not in each critical use case are all aspects critical Is a similar approach to "risk based testing" feasible? How can a "risk based security" work? Is a multistage approach feasible? • Step 1: Basic security • Step 2: Critical based security design The following objectives might be important: 1. Prevention 2. Deterrence 3. Automatism in case of attack How much security is needed? 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 15 Use case Security Safety Privacy Building Automation 1 2 2 Smart Energy 1 1 3 Local Health 1 1 1 Smart Home 1 2 1 Exemplary rating
IEEE IETFW3C Current activities of the world leading organisations Web Authentication Working Group Web Application Security Web Cryptography Working Group Web Payments Web Security Interest Group Privacy Interest Group Technical Architecture Group Web of Things (WOT) XML Security Hardware Based Secure Service Community Group and other Industry Connections Security Group IEEE Std 1686-2013 Standard for Intelligent Electronic Devices (IED) Cyber Security Capabil. Technical Committee on Security and Privacy Malware Working Group) IEEE Anti-Malware Support Service (AMSS) Malware MetaData Exchange Format (MMDEF) Working Group IEEE Std 1363.1-2008 Standard Specification for Public- Key Cryptographic Techniques IEEE Std 1363.3-2013 Standard for Identity-Based Cryptographic Techniques IEEE Std 2600-2008 Standard for ….Hardcopy Device and System Security IEEE Std 1667-2015 Standard for Discovery, Authentication, and Authorization in Host Attach- ments of Storage Devices Decentralized regu- lations eg. 802.11 ah,… NIST Advanced Encryption Standard, e.g. AES 128 IoT Security Foundation “promote knowledge and clear best practice “ 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 16 ISO/IEC 27001NIST Interagency Report (NISTIR) 7977 ISO/IEC 19790:2012 Security requirements for cryptographic modules GSMA IoT Security Guidelines GSMA ETSI TR 103 306: Global Cyber Security Ecosystem ETSI ENISA eg Critical Infrastructure and Services No claim to completeness DNS-based Authentication of Named Entities IP Security Maintenance and Extensions Transport Layer Security Secure Inter-Domain Routing Javascript Object Signing and Encryption Keying and Authentication for Routing Protocols Open Authentication Web Security Securing Neighbor Discovery
Current situation: • There are a variety of documents, guidelines and best practices relating to security. • The know-how is distributed and at first glance very intransparent. • The level of knowledge of each developer varies greatly. One suggestion: • One central hosted libary with all necessary knowledge regarding IoT Security („The living wall“). • and structured links to original sources and connected areas. • Free access for all developers. • True to the meaning of open source constant adaptation and enlargement. Knowledge is an important driver for IoT Security 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 17
Thank you !

Recommended

170703 field fisher_chainstep
170703 field fisher_chainstep170703 field fisher_chainstep
170703 field fisher_chainstepFrank Bolten
 
Olaf Kolkman - FIRST Keynote on Collaborative Security
Olaf Kolkman - FIRST Keynote on Collaborative SecurityOlaf Kolkman - FIRST Keynote on Collaborative Security
Olaf Kolkman - FIRST Keynote on Collaborative SecurityInternet Technology Matters (Internet Society)
 
HDI - Blockchain White Paper
HDI - Blockchain White PaperHDI - Blockchain White Paper
HDI - Blockchain White PaperDavid MANSET
 
Blockchain security a different perspective
Blockchain security a different perspectiveBlockchain security a different perspective
Blockchain security a different perspectiveSecunoid Systems Inc
 
170720 chainstep meetp_next_bigthing
170720 chainstep meetp_next_bigthing170720 chainstep meetp_next_bigthing
170720 chainstep meetp_next_bigthingFrank Bolten
 
From Blockchain to Brexit - edtech trends for 2018 - BETT 2018
From Blockchain to Brexit - edtech trends for 2018 - BETT 2018From Blockchain to Brexit - edtech trends for 2018 - BETT 2018
From Blockchain to Brexit - edtech trends for 2018 - BETT 2018Martin Hamilton
 
Blockchain final 25112015 v1.1
Blockchain final 25112015 v1.1Blockchain final 25112015 v1.1
Blockchain final 25112015 v1.1Andrew Coakley
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenienceDon Lovett
 

Recommended

170703 field fisher_chainstep
170703 field fisher_chainstep170703 field fisher_chainstep
170703 field fisher_chainstepFrank Bolten
 
Olaf Kolkman - FIRST Keynote on Collaborative Security
Olaf Kolkman - FIRST Keynote on Collaborative SecurityOlaf Kolkman - FIRST Keynote on Collaborative Security
Olaf Kolkman - FIRST Keynote on Collaborative SecurityInternet Technology Matters (Internet Society)
 
HDI - Blockchain White Paper
HDI - Blockchain White PaperHDI - Blockchain White Paper
HDI - Blockchain White PaperDavid MANSET
 
Blockchain security a different perspective
Blockchain security a different perspectiveBlockchain security a different perspective
Blockchain security a different perspectiveSecunoid Systems Inc
 
170720 chainstep meetp_next_bigthing
170720 chainstep meetp_next_bigthing170720 chainstep meetp_next_bigthing
170720 chainstep meetp_next_bigthingFrank Bolten
 
From Blockchain to Brexit - edtech trends for 2018 - BETT 2018
From Blockchain to Brexit - edtech trends for 2018 - BETT 2018From Blockchain to Brexit - edtech trends for 2018 - BETT 2018
From Blockchain to Brexit - edtech trends for 2018 - BETT 2018Martin Hamilton
 
Blockchain final 25112015 v1.1
Blockchain final 25112015 v1.1Blockchain final 25112015 v1.1
Blockchain final 25112015 v1.1Andrew Coakley
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenienceDon Lovett
 
Health care: blockchain for provider data management
Health care: blockchain for provider data managementHealth care: blockchain for provider data management
Health care: blockchain for provider data managementEY
 
The Pan-Canadian Trust Framework (PCTF) for SSI
The Pan-Canadian Trust Framework (PCTF) for SSIThe Pan-Canadian Trust Framework (PCTF) for SSI
The Pan-Canadian Trust Framework (PCTF) for SSISSIMeetup
 
Understanding Emerging Technology - Blockchain
Understanding Emerging Technology - BlockchainUnderstanding Emerging Technology - Blockchain
Understanding Emerging Technology - BlockchainCompTIA
 
Blockchain in Education
Blockchain in EducationBlockchain in Education
Blockchain in EducationAnthony Fisher Camilleri
 
Blockchain in Industry 4.0 - How the Oil and Gas Industry is Utilizing these ...
Blockchain in Industry 4.0 - How the Oil and Gas Industry is Utilizing these ...Blockchain in Industry 4.0 - How the Oil and Gas Industry is Utilizing these ...
Blockchain in Industry 4.0 - How the Oil and Gas Industry is Utilizing these ...Mike Bingle-Davis
 
Streetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael BoydStreetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael BoydSSIMeetup
 
Blockcerts: The Open Standard for Blockchain Credentials
Blockcerts: The Open Standard for Blockchain CredentialsBlockcerts: The Open Standard for Blockchain Credentials
Blockcerts: The Open Standard for Blockchain CredentialsSSIMeetup
 
Uisg5sponsorreport eng v03_ay
Uisg5sponsorreport eng v03_ayUisg5sponsorreport eng v03_ay
Uisg5sponsorreport eng v03_ayGlib Pakharenko
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyIshay Tentser
 
Meetup 24/5/2018 - Digitale identiteit op blockchain (Self-Sovereign Identity)
Meetup 24/5/2018 - Digitale identiteit op blockchain (Self-Sovereign Identity)Meetup 24/5/2018 - Digitale identiteit op blockchain (Self-Sovereign Identity)
Meetup 24/5/2018 - Digitale identiteit op blockchain (Self-Sovereign Identity)Digipolis Antwerpen
 
Applied Blockchain - May 2020 - Issue 01
Applied Blockchain - May 2020 - Issue 01Applied Blockchain - May 2020 - Issue 01
Applied Blockchain - May 2020 - Issue 01Red Morley Hewitt
 
Cybersecurity and Internet Governance
Cybersecurity and Internet GovernanceCybersecurity and Internet Governance
Cybersecurity and Internet GovernanceKenny Huang Ph.D.
 
Blockchain Healthcare Situation Report (BC/HC SITREP) Volume 2 Issue 4, 22 - ...
Blockchain Healthcare Situation Report (BC/HC SITREP) Volume 2 Issue 4, 22 - ...Blockchain Healthcare Situation Report (BC/HC SITREP) Volume 2 Issue 4, 22 - ...
Blockchain Healthcare Situation Report (BC/HC SITREP) Volume 2 Issue 4, 22 - ...Sean Manion PhD
 
Discovering Blockchain Applications in Education
Discovering Blockchain Applications in EducationDiscovering Blockchain Applications in Education
Discovering Blockchain Applications in EducationRizal Mohd Nor
 
Potential of blockchain into industry 4.0
Potential of blockchain into industry 4.0 Potential of blockchain into industry 4.0
Potential of blockchain into industry 4.0 TechXpla
 
IRJET- Secured Real Estate Transactions using Blockchain Technology
IRJET- Secured Real Estate Transactions using Blockchain TechnologyIRJET- Secured Real Estate Transactions using Blockchain Technology
IRJET- Secured Real Estate Transactions using Blockchain TechnologyIRJET Journal
 
Introducing the SSI eIDAS Legal Report – Ignacio Alamillo
Introducing the SSI eIDAS Legal Report – Ignacio AlamilloIntroducing the SSI eIDAS Legal Report – Ignacio Alamillo
Introducing the SSI eIDAS Legal Report – Ignacio AlamilloSSIMeetup
 
W3 presentation gfii 6 dec 2013
W3 presentation gfii 6 dec 2013W3 presentation gfii 6 dec 2013
W3 presentation gfii 6 dec 2013Bernard Odier
 
Clouds and Chains
Clouds and ChainsClouds and Chains
Clouds and ChainsTim Swanson
 
eIDAS regulation: anchoring trust in Self-Sovereign Identity systems
eIDAS regulation: anchoring trust in Self-Sovereign Identity systemseIDAS regulation: anchoring trust in Self-Sovereign Identity systems
eIDAS regulation: anchoring trust in Self-Sovereign Identity systemsSSIMeetup
 
Io t whitepaper_5_15_17
Io t whitepaper_5_15_17Io t whitepaper_5_15_17
Io t whitepaper_5_15_17Aravindharamanan S
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati
 

More Related Content

What's hot

Health care: blockchain for provider data management
Health care: blockchain for provider data managementHealth care: blockchain for provider data management
Health care: blockchain for provider data managementEY
 
The Pan-Canadian Trust Framework (PCTF) for SSI
The Pan-Canadian Trust Framework (PCTF) for SSIThe Pan-Canadian Trust Framework (PCTF) for SSI
The Pan-Canadian Trust Framework (PCTF) for SSISSIMeetup
 
Understanding Emerging Technology - Blockchain
Understanding Emerging Technology - BlockchainUnderstanding Emerging Technology - Blockchain
Understanding Emerging Technology - BlockchainCompTIA
 
Blockchain in Industry 4.0 - How the Oil and Gas Industry is Utilizing these ...
Blockchain in Industry 4.0 - How the Oil and Gas Industry is Utilizing these ...Blockchain in Industry 4.0 - How the Oil and Gas Industry is Utilizing these ...
Blockchain in Industry 4.0 - How the Oil and Gas Industry is Utilizing these ...Mike Bingle-Davis
 
Streetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael BoydStreetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael BoydSSIMeetup
 
Blockcerts: The Open Standard for Blockchain Credentials
Blockcerts: The Open Standard for Blockchain CredentialsBlockcerts: The Open Standard for Blockchain Credentials
Blockcerts: The Open Standard for Blockchain CredentialsSSIMeetup
 
Uisg5sponsorreport eng v03_ay
Uisg5sponsorreport eng v03_ayUisg5sponsorreport eng v03_ay
Uisg5sponsorreport eng v03_ayGlib Pakharenko
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyIshay Tentser
 
Meetup 24/5/2018 - Digitale identiteit op blockchain (Self-Sovereign Identity)
Meetup 24/5/2018 - Digitale identiteit op blockchain (Self-Sovereign Identity)Meetup 24/5/2018 - Digitale identiteit op blockchain (Self-Sovereign Identity)
Meetup 24/5/2018 - Digitale identiteit op blockchain (Self-Sovereign Identity)Digipolis Antwerpen
 
Applied Blockchain - May 2020 - Issue 01
Applied Blockchain - May 2020 - Issue 01Applied Blockchain - May 2020 - Issue 01
Applied Blockchain - May 2020 - Issue 01Red Morley Hewitt
 
Cybersecurity and Internet Governance
Cybersecurity and Internet GovernanceCybersecurity and Internet Governance
Cybersecurity and Internet GovernanceKenny Huang Ph.D.
 
Blockchain Healthcare Situation Report (BC/HC SITREP) Volume 2 Issue 4, 22 - ...
Blockchain Healthcare Situation Report (BC/HC SITREP) Volume 2 Issue 4, 22 - ...Blockchain Healthcare Situation Report (BC/HC SITREP) Volume 2 Issue 4, 22 - ...
Blockchain Healthcare Situation Report (BC/HC SITREP) Volume 2 Issue 4, 22 - ...Sean Manion PhD
 
Discovering Blockchain Applications in Education
Discovering Blockchain Applications in EducationDiscovering Blockchain Applications in Education
Discovering Blockchain Applications in EducationRizal Mohd Nor
 
Potential of blockchain into industry 4.0
Potential of blockchain into industry 4.0 Potential of blockchain into industry 4.0
Potential of blockchain into industry 4.0 TechXpla
 
IRJET- Secured Real Estate Transactions using Blockchain Technology
IRJET- Secured Real Estate Transactions using Blockchain TechnologyIRJET- Secured Real Estate Transactions using Blockchain Technology
IRJET- Secured Real Estate Transactions using Blockchain TechnologyIRJET Journal
 
Introducing the SSI eIDAS Legal Report – Ignacio Alamillo
Introducing the SSI eIDAS Legal Report – Ignacio AlamilloIntroducing the SSI eIDAS Legal Report – Ignacio Alamillo
Introducing the SSI eIDAS Legal Report – Ignacio AlamilloSSIMeetup
 
W3 presentation gfii 6 dec 2013
W3 presentation gfii 6 dec 2013W3 presentation gfii 6 dec 2013
W3 presentation gfii 6 dec 2013Bernard Odier
 
Clouds and Chains
Clouds and ChainsClouds and Chains
Clouds and ChainsTim Swanson
 
eIDAS regulation: anchoring trust in Self-Sovereign Identity systems
eIDAS regulation: anchoring trust in Self-Sovereign Identity systemseIDAS regulation: anchoring trust in Self-Sovereign Identity systems
eIDAS regulation: anchoring trust in Self-Sovereign Identity systemsSSIMeetup
 

What's hot (20)

Health care: blockchain for provider data management
Health care: blockchain for provider data managementHealth care: blockchain for provider data management
Health care: blockchain for provider data management
 
The Pan-Canadian Trust Framework (PCTF) for SSI
The Pan-Canadian Trust Framework (PCTF) for SSIThe Pan-Canadian Trust Framework (PCTF) for SSI
The Pan-Canadian Trust Framework (PCTF) for SSI
 
Understanding Emerging Technology - Blockchain
Understanding Emerging Technology - BlockchainUnderstanding Emerging Technology - Blockchain
Understanding Emerging Technology - Blockchain
 
Blockchain in Education
Blockchain in EducationBlockchain in Education
Blockchain in Education
 
Blockchain in Industry 4.0 - How the Oil and Gas Industry is Utilizing these ...
Blockchain in Industry 4.0 - How the Oil and Gas Industry is Utilizing these ...Blockchain in Industry 4.0 - How the Oil and Gas Industry is Utilizing these ...
Blockchain in Industry 4.0 - How the Oil and Gas Industry is Utilizing these ...
 
Streetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael BoydStreetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael Boyd
 
Blockcerts: The Open Standard for Blockchain Credentials
Blockcerts: The Open Standard for Blockchain CredentialsBlockcerts: The Open Standard for Blockchain Credentials
Blockcerts: The Open Standard for Blockchain Credentials
 
Uisg5sponsorreport eng v03_ay
Uisg5sponsorreport eng v03_ayUisg5sponsorreport eng v03_ay
Uisg5sponsorreport eng v03_ay
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technology
 
Meetup 24/5/2018 - Digitale identiteit op blockchain (Self-Sovereign Identity)
Meetup 24/5/2018 - Digitale identiteit op blockchain (Self-Sovereign Identity)Meetup 24/5/2018 - Digitale identiteit op blockchain (Self-Sovereign Identity)
Meetup 24/5/2018 - Digitale identiteit op blockchain (Self-Sovereign Identity)
 
Applied Blockchain - May 2020 - Issue 01
Applied Blockchain - May 2020 - Issue 01Applied Blockchain - May 2020 - Issue 01
Applied Blockchain - May 2020 - Issue 01
 
Cybersecurity and Internet Governance
Cybersecurity and Internet GovernanceCybersecurity and Internet Governance
Cybersecurity and Internet Governance
 
Blockchain Healthcare Situation Report (BC/HC SITREP) Volume 2 Issue 4, 22 - ...
Blockchain Healthcare Situation Report (BC/HC SITREP) Volume 2 Issue 4, 22 - ...Blockchain Healthcare Situation Report (BC/HC SITREP) Volume 2 Issue 4, 22 - ...
Blockchain Healthcare Situation Report (BC/HC SITREP) Volume 2 Issue 4, 22 - ...
 
Discovering Blockchain Applications in Education
Discovering Blockchain Applications in EducationDiscovering Blockchain Applications in Education
Discovering Blockchain Applications in Education
 
Potential of blockchain into industry 4.0
Potential of blockchain into industry 4.0 Potential of blockchain into industry 4.0
Potential of blockchain into industry 4.0
 
IRJET- Secured Real Estate Transactions using Blockchain Technology
IRJET- Secured Real Estate Transactions using Blockchain TechnologyIRJET- Secured Real Estate Transactions using Blockchain Technology
IRJET- Secured Real Estate Transactions using Blockchain Technology
 
Introducing the SSI eIDAS Legal Report – Ignacio Alamillo
Introducing the SSI eIDAS Legal Report – Ignacio AlamilloIntroducing the SSI eIDAS Legal Report – Ignacio Alamillo
Introducing the SSI eIDAS Legal Report – Ignacio Alamillo
 
W3 presentation gfii 6 dec 2013
W3 presentation gfii 6 dec 2013W3 presentation gfii 6 dec 2013
W3 presentation gfii 6 dec 2013
 
Clouds and Chains
Clouds and ChainsClouds and Chains
Clouds and Chains
 
eIDAS regulation: anchoring trust in Self-Sovereign Identity systems
eIDAS regulation: anchoring trust in Self-Sovereign Identity systemseIDAS regulation: anchoring trust in Self-Sovereign Identity systems
eIDAS regulation: anchoring trust in Self-Sovereign Identity systems
 

Similar to Remarks security web_of_things_reusch

Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati
 
IoT Policy and Regulatory Framework
IoT Policy and Regulatory FrameworkIoT Policy and Regulatory Framework
IoT Policy and Regulatory FrameworkGwanhoo Lee
 
Keita Nishiyama, Opening session
Keita Nishiyama, Opening sessionKeita Nishiyama, Opening session
Keita Nishiyama, Opening sessionOECD Governance
 
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic ApproachCloud Services As An Enabler: the Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic ApproachSLA-Ready Network
 
20161201 witdom bdva summit
20161201 witdom bdva summit20161201 witdom bdva summit
20161201 witdom bdva summitElsa Prieto
 
Security in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) EcosystemSecurity in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) Ecosystemrahulbindra
 
iDate: AI and blockchain
iDate: AI and blockchainiDate: AI and blockchain
iDate: AI and blockchain3G4G
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sDr Lendy Spires
 
How Can Policymakers and Regulators Better Engage the Internet of Things?
How Can Policymakers and Regulators Better Engage the Internet of Things? How Can Policymakers and Regulators Better Engage the Internet of Things?
How Can Policymakers and Regulators Better Engage the Internet of Things? Mercatus Center
 
Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...
Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...
Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...Adam Thierer
 
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACTSECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACTvishal dineshkumar soni
 
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong AuthenticationFIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong AuthenticationFIDO Alliance
 
Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
Malcolm Crompton, IIS Partners Irish Future Internet Forum - SocioeconomicsMalcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
Malcolm Crompton, IIS Partners Irish Future Internet Forum - SocioeconomicsIrish Future Internet Forum
 
threats
threatsthreats
threatsmalvvv
 
An Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductAn Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductSalesforce Developers
 
Written by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxWritten by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxjeffevans62972
 
Written by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxWritten by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxodiliagilby
 
WP-Privacy-IoT-Era - PRODUCTION
WP-Privacy-IoT-Era - PRODUCTIONWP-Privacy-IoT-Era - PRODUCTION
WP-Privacy-IoT-Era - PRODUCTIONJohn Pinson
 

Similar to Remarks security web_of_things_reusch (20)

Io t whitepaper_5_15_17
Io t whitepaper_5_15_17Io t whitepaper_5_15_17
Io t whitepaper_5_15_17
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
 
IoT Policy and Regulatory Framework
IoT Policy and Regulatory FrameworkIoT Policy and Regulatory Framework
IoT Policy and Regulatory Framework
 
Keita Nishiyama, Opening session
Keita Nishiyama, Opening sessionKeita Nishiyama, Opening session
Keita Nishiyama, Opening session
 
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic ApproachCloud Services As An Enabler: the Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic Approach
 
20161201 witdom bdva summit
20161201 witdom bdva summit20161201 witdom bdva summit
20161201 witdom bdva summit
 
Security in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) EcosystemSecurity in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) Ecosystem
 
AM Briefing: Security for the internet of things
AM Briefing: Security for the internet of things AM Briefing: Security for the internet of things
AM Briefing: Security for the internet of things
 
iDate: AI and blockchain
iDate: AI and blockchainiDate: AI and blockchain
iDate: AI and blockchain
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
 
How Can Policymakers and Regulators Better Engage the Internet of Things?
How Can Policymakers and Regulators Better Engage the Internet of Things? How Can Policymakers and Regulators Better Engage the Internet of Things?
How Can Policymakers and Regulators Better Engage the Internet of Things?
 
Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...
Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...
Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...
 
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACTSECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
 
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong AuthenticationFIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
 
Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
Malcolm Crompton, IIS Partners Irish Future Internet Forum - SocioeconomicsMalcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
 
threats
threatsthreats
threats
 
An Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductAn Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT Product
 
Written by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxWritten by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docx
 
Written by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxWritten by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docx
 
WP-Privacy-IoT-Era - PRODUCTION
WP-Privacy-IoT-Era - PRODUCTIONWP-Privacy-IoT-Era - PRODUCTION
WP-Privacy-IoT-Era - PRODUCTION
 

Recently uploaded

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Remarks security web_of_things_reusch

  • 1. 7/12/2016 1 Remarks to Web of Things security Frank Alexander Reusch Lemonbeat GmbH F2F Meeting W3C, Web of Things 12th July 2016, Beijing Beihang University „LU JINRONG / Shutterstock.com
  • 2. Disclaimer This document does not constitute an offer to sell or a solicitation of an offer to buy any securities. This document and the information contained herein are for information purposes only and do not constitute a prospectus or an offer to sell or a solicitation of an offer to buy any securities in the United States. Any securities referred to herein have not been and will not be registered under the U.S. Securities Act of 1933, as amended (the "Securities Act"), or the laws of any state of the United States, and may not be offered, sold or otherwise transferred in the United States absent registration or pursuant to an available exemption from registration under the Securities Act. Neither the Company nor one of its shareholders intends to register any securities referred to herein in the United States. No money, securities, or other consideration is being solicited, and, if sent in response to the information contained herein, will not be accepted. This document does not constitute an offer document or an offer of securities to the public in the U.K. to which section 85 of the Financial Services and Markets Act 2000 of the U.K. applies and should not be considered as a recommendation that any person should subscribe for or purchase any securities as part of the Offer. This document is being communicated only to (i) persons who are outside the U.K.; (ii) persons who have professional experience in matters relating to investments falling within article 19(5) of the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005 (as amended) (the "Order") or (iii) high net worth companies, unincorporated associations and other bodies who fall within article 49(2)(a) to (d) of the Order (all such persons together being referred to as "Relevant Persons"). Any person who is not a Relevant Person must not act or rely on this communication or any of its contents. Any investment or investment activity to which this communication relates is available only to Relevant Persons and will be engaged in only with Relevant Persons. This document should not be published, reproduced, distributed or otherwise made available, in whole or in part, to any other person without the prior consent of the company.
  • 3. New… • Microprocessors with more power and memory for constrained devices • Customer boards (new design or Redesign) • Field devices with new functions • networks with autonomously communication • Batteries of today or smaller, increasing capacity • Integration hubs on top include multiple protocols • physical communications (e.g. IEEE 802.11 ah) • areas of knowledge for developers • fields for customer training (New products are more complex and therefore need of explanation) • need for awareness within industry and product design regarding what technology can do • market players and cooperations • Standards and real interoperability Altogether. Over years. IoT is a turning point in history This period is marked by a variety of linked activities with a high degree of novelty. 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 3
  • 4. Web of Things Internet of Things World wide web Industry Building Automation Smart Energy Smart Cities Mobility Local Health Environ- ment Agriculture Smart Garden Smart Home Public Safety Logistics  Standards prevent wild ad hoc development. Isolated silos coming to their end.  Based on standards, everyone can focus on good customer solutions.  Through combining success strategies of the Web with IoT there are a lot of new opportunities.  Increasing complexity means a higher security risk. W3C gives IoT a structure. The prerequisite for enormous growth is fulfilled. 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 4
  • 5. Everybody talks about security. But sometimes different terms are mixed. Security • Protection of an object against external influences • “protection of a person, building, organization, or country against threats such as crime or attacks by foreign countries:,…” (Cambridge.org/dictionary) • “things done to make people or places safe” (Merriam-Webster) Safety • Protection against an object (for example, protection against failures) • “protected, or free from danger etc”; “providing good protection (Cambridge.org) Privacy • „the quality or state of being apart from company or observation” or “freedom from unauthorized intrusion”, „the state of being alone” or “the state of being away from public attention” (Merriam-Webster) Definitions Examples: • Protection of data against access • Protection of a network against unauthorized access Examples: • Protection of an person against failures or functional disorder of a device (e.g. local health) That´s a challenge: • New services require the provision of private information (position/ current whereabouts, financial data etc.) 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 5
  • 6. Interdependencies and the triangle of conflicting priorities Security Safety Privacy Cost Quality Time What is blocking the enhancement of current security levels in the IoT?  Lack of expertise (21 %)  Budget constraints (19 %)  Upper management buy-in (17 %) Source: IOT Analytics – Research and Survey results; Security of Things World Conference, Berlin, June 2016  Lack of knowledge about advanced security processes and technology (15 %)  Competiting priorities (10 %)  Organizational culture attitude about security (10%) 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 6 Constrained budget Conflicting aims Unrealistic timelines Qualified people Budget meet the requirements Ambitious but realistic goals
  • 7. Efficient, interoperable, integrated, supplier independent, cheap, secure Expensive, inefficient, inflexible, not secure TODAY: CONVENTIONAL BUILDING AUTOMATION INFRASTRUCTURE FUTURE: BUILDING AUTOMATION INFRASTRUCTURE 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 7 Lemonbeat technology in the field of building automation – potential architecture Autonomous devices network without central control. Internet access is not mandatory
  • 8. Mix between old and new technologies improves effort for security Cloud/Platform („collect, store, analyze data to provide operational efficiency“) Lemonbeat via radio, ethernet etc. (Direct communication to management level) Traditional communikation with various protocols Multiple vendors Different types/functions/ protocols of devices Primary equipment, Heating, cooling,.. with longtime lifecycle Radio Ethernet Connector (Without intelligence, low cost) Radio Controller Heating: e.g. redesign of Control board Integration platform Transformation of Building automation / Complexity of intermediate steps to real WOT 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 8 Ethernet
  • 9. How is IoT security different from traditional system security?  Higher system complexity (49 %)  Distributed security across the network (49 %)  A novel hardware / software integration (44 %)  New software architecture (18 %) Source: IOT Analytics Why are additional measures in the security of IoT necessary? 9 The traditional scope of IT security is not sufficient for the IoT.
  • 10. Field level increases the potential attack surfaces (examples) Purchasing Production CRM R&D connectors connectors connectors Radio Ethernet Radio Ethernet Impostor Email CEO Fraud Business Email Compromise (BEC)    Big Data read data from memory 1.Access to Customers data 2.auto-reload function 3.Authorized password change Denial of Service Man-in-the- Middle attack Sniffer / Replay Stealing Dongle (read key) 1. Buffer-Overflow 2. Linking return adress to malware Access after brute force attack Social Network Predictive Analytics Preventive Analytics 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 10
  • 11. 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 11 Most known security breaches
  • 12. Who is responsible in security ? 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 12 Source: IOT Analytics Here´s the answer of participants of a Security conference: Who holds responsibility will differ. If the company is • Device manufacturer, OEM: • Product Manager • CTO • For partly activities, everyone is responsible • Customer in the area of B2B: • Process owner • Department which is responsible for an use case • partly activities, everyone is responsible
  • 13. Security is the result of many diverse activities in the value chain 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 13  Many stages in the value chain are involved to ensure this topic  Each involved person is responsible for their own part. This includes a look to the left and to the right side. Their task area is defined and cooperation with other is matched (adoption)  The result is a chain of tasks and responsibilities  The end customer receives 100% quality when all people in the chain do their job properly (TQM). Chip Manufacturer Device Manufacturer Automobile Manufacturer
  • 14. Partner OEM (e.g. Chips) Device manufacturer System integrator Waterfall Agile Guidelines Universities Research institutes Require- ments Design Prototyping Review OptimizationSoftware developer Other vendors Security is a result of some complex activities Series production Continuous Improvement Policy Demand Concept Training Review Continuous Improvement Program- Management Software Hardware Knowledge Build / Test automation Requirements Design Development Testing Implementation Maintenance Plan Goals Collaboration Identity Mission Coaching 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 14 Value chain / company processes Results
  • 15. Not every use case is critical, and not in each critical use case are all aspects critical Is a similar approach to "risk based testing" feasible? How can a "risk based security" work? Is a multistage approach feasible? • Step 1: Basic security • Step 2: Critical based security design The following objectives might be important: 1. Prevention 2. Deterrence 3. Automatism in case of attack How much security is needed? 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 15 Use case Security Safety Privacy Building Automation 1 2 2 Smart Energy 1 1 3 Local Health 1 1 1 Smart Home 1 2 1 Exemplary rating
  • 16. IEEE IETFW3C Current activities of the world leading organisations Web Authentication Working Group Web Application Security Web Cryptography Working Group Web Payments Web Security Interest Group Privacy Interest Group Technical Architecture Group Web of Things (WOT) XML Security Hardware Based Secure Service Community Group and other Industry Connections Security Group IEEE Std 1686-2013 Standard for Intelligent Electronic Devices (IED) Cyber Security Capabil. Technical Committee on Security and Privacy Malware Working Group) IEEE Anti-Malware Support Service (AMSS) Malware MetaData Exchange Format (MMDEF) Working Group IEEE Std 1363.1-2008 Standard Specification for Public- Key Cryptographic Techniques IEEE Std 1363.3-2013 Standard for Identity-Based Cryptographic Techniques IEEE Std 2600-2008 Standard for ….Hardcopy Device and System Security IEEE Std 1667-2015 Standard for Discovery, Authentication, and Authorization in Host Attach- ments of Storage Devices Decentralized regu- lations eg. 802.11 ah,… NIST Advanced Encryption Standard, e.g. AES 128 IoT Security Foundation “promote knowledge and clear best practice “ 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 16 ISO/IEC 27001NIST Interagency Report (NISTIR) 7977 ISO/IEC 19790:2012 Security requirements for cryptographic modules GSMA IoT Security Guidelines GSMA ETSI TR 103 306: Global Cyber Security Ecosystem ETSI ENISA eg Critical Infrastructure and Services No claim to completeness DNS-based Authentication of Named Entities IP Security Maintenance and Extensions Transport Layer Security Secure Inter-Domain Routing Javascript Object Signing and Encryption Keying and Authentication for Routing Protocols Open Authentication Web Security Securing Neighbor Discovery
  • 17. Current situation: • There are a variety of documents, guidelines and best practices relating to security. • The know-how is distributed and at first glance very intransparent. • The level of knowledge of each developer varies greatly. One suggestion: • One central hosted libary with all necessary knowledge regarding IoT Security („The living wall“). • and structured links to original sources and connected areas. • Free access for all developers. • True to the meaning of open source constant adaptation and enlargement. Knowledge is an important driver for IoT Security 31.10.2018 W3C F2F Beijing, Remarks to the security of Web of Things, Reusch 17