Talk Feb2019 at Lakehead University for Rise of the Machines
In the near future, our smart devices will know almost everything about us. These devices offer the opportunity to vastly improve our healthcare, urban planning, safety, and more. However, these same devices also pose dramatic new challenges for privacy and for ethics. In this talk, I'll discuss how these smart devices work, what they can learn about us, and what we need to make sure that the benefits of these technologies vastly outweigh the costs.
https://www.lakeheadu.ca/about/news-and-events/news/archive/2019/node/50549
Keynote talk for VL/HCC 2018. I talk about why developers should care about privacy, what privacy is and why it is hard, some of our group's research in building better tools to help developers (in particular, Coconut IDE Plug-in and PrivacyStreams), and lastly some frameworks for thinking about privacy and developers.
CHIuXiD (Indonesia) keynote about privacy and security. Includes why care about privacy, design challenges, design opportunities, and brief discussion of some of my team's research on mobile sensing.
Privacy and Security for the Emerging Internet of ThingsJason Hong
Intel iSecCon2016 conference
I talk about the pyramid of IoT devices, sketch out some of the security and privacy issues, and present some of the ongoing work we are doing in this space at Carnegie Mellon University.
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsJason Hong
Talk Feb2019 at UCSD's Halıcıoğlu Data Science Institute, Security and Privacy at the Edge: Challenges and Future Directions
In the near future, our smart devices will know almost everything about us. These devices, combined with AI technologies, will offer many opportunities to vastly improve society in positive ways. However, these same technologies also pose dramatic new challenges for privacy and for ethics. In this talk, I'll sketch out why privacy is so hard to tackle, how and why we have failed in privacy and ethics in web and smartphones, and discuss some possible social, legal, and technical approaches for steering IoT in more positive directions.
http://datascience.ucsd.edu/security-and-privacy-symposium/venue.html
From Privacy Impact Assessment to Social Impact Assessment: Preserving TRrus...Lilian Edwards
Short paper by Laurence Diver and myself on why the IoT is a special problem for privacy and how we can and should try to build such systems using Privacy by Design
The Role of Social Influence In Security Feature Adoption, at CSCW 2015Jason Hong
Social influence is key in technology adoption, but its role in security-feature adoption is unique and remains unclear. Here, we analyzed how three Facebook security features—Login Approvals, Login Notifications, and Trusted Contacts—diffused through the social networks of 1.5 million people. Our results suggest that social influence affects one’s likelihood to adopt a security feature, but its effect varies based on the observability of the feature, the current feature adoption rate among a potential adopter’s friends, and the number of distinct social circles from which those feature-adopting friends originate. Curiously, there may be a threshold higher than which having more security-feature adopting friends predicts for higher adoption likelihood, but below which having more feature-adopting friends predicts for lower adoption likelihood. Furthermore, the magnitude of this threshold is modulated by the attributes of a feature—features that are more noticeable (Login Approvals, Trusted Contacts) have lower thresholds.
Keynote talk for VL/HCC 2018. I talk about why developers should care about privacy, what privacy is and why it is hard, some of our group's research in building better tools to help developers (in particular, Coconut IDE Plug-in and PrivacyStreams), and lastly some frameworks for thinking about privacy and developers.
CHIuXiD (Indonesia) keynote about privacy and security. Includes why care about privacy, design challenges, design opportunities, and brief discussion of some of my team's research on mobile sensing.
Privacy and Security for the Emerging Internet of ThingsJason Hong
Intel iSecCon2016 conference
I talk about the pyramid of IoT devices, sketch out some of the security and privacy issues, and present some of the ongoing work we are doing in this space at Carnegie Mellon University.
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsJason Hong
Talk Feb2019 at UCSD's Halıcıoğlu Data Science Institute, Security and Privacy at the Edge: Challenges and Future Directions
In the near future, our smart devices will know almost everything about us. These devices, combined with AI technologies, will offer many opportunities to vastly improve society in positive ways. However, these same technologies also pose dramatic new challenges for privacy and for ethics. In this talk, I'll sketch out why privacy is so hard to tackle, how and why we have failed in privacy and ethics in web and smartphones, and discuss some possible social, legal, and technical approaches for steering IoT in more positive directions.
http://datascience.ucsd.edu/security-and-privacy-symposium/venue.html
From Privacy Impact Assessment to Social Impact Assessment: Preserving TRrus...Lilian Edwards
Short paper by Laurence Diver and myself on why the IoT is a special problem for privacy and how we can and should try to build such systems using Privacy by Design
The Role of Social Influence In Security Feature Adoption, at CSCW 2015Jason Hong
Social influence is key in technology adoption, but its role in security-feature adoption is unique and remains unclear. Here, we analyzed how three Facebook security features—Login Approvals, Login Notifications, and Trusted Contacts—diffused through the social networks of 1.5 million people. Our results suggest that social influence affects one’s likelihood to adopt a security feature, but its effect varies based on the observability of the feature, the current feature adoption rate among a potential adopter’s friends, and the number of distinct social circles from which those feature-adopting friends originate. Curiously, there may be a threshold higher than which having more security-feature adopting friends predicts for higher adoption likelihood, but below which having more feature-adopting friends predicts for lower adoption likelihood. Furthermore, the magnitude of this threshold is modulated by the attributes of a feature—features that are more noticeable (Login Approvals, Trusted Contacts) have lower thresholds.
Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...Dana Gardner
Transcript of a BriefingsDirect podcast on how Dell Software is helping to bring standardized and flexible approaches to making BYOD a positive new force to enterprise productivity.
Lee Rainie, director of Internet, Science and Technology Research at the Pew Research Center, spoke on May 10, 2017 to the American Bar Association’s Section of Science and Technology Law about the rise of the Internet of Things and its implications for privacy and cybersecurity. The velocity of change today is remarkable and increasingly challenging to navigate. Rainie discussed Pew Research Center’s reports about “Digital Life in 2025” and “The Internet of Things Will Thrive by 2025,” which present the views of hundreds of “technology builders and analysts” on the future of the internet. He also highlighted the implications of the Center’s reports on “Americans and Cybersecurity” and “What the Public Knows about Cybersecurity.”
The aim of the project is to provide
User a “Digitally Inclusive” platform,
for “Security” needs, by which he
or she can feel secure, by assisting Decision Making complemented by Augmented Intelligence.
New trends of IoT in 2018 and beyond (SJSU Conference ) Ahmed Banafa
The Internet of things (IoT) is growing rapidly and 2018 will be a fascinating year for the IoT industry. IoT technology continues to evolve at an incredibly rapid pace. Consumers and businesses alike are anticipating the next big innovation. They are all set to embrace the ground-breaking impact of the Internet of Things on our lives like ATMs that report crimes around them, forks that tell you if you are eating fast, or IP address for each organ of your body for doctors to connect and check
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...mkeane
The american workplace is in a period of unprecedented change as the combination of mobile technology and social media is changing the "who, what, when and where" of work.
Lee Rainie, Director of the Pew Research Center's Internet & American Life Project, gave this speech during Washington, D.C.'s "Digital Capital Week" at the auditorium of the National Geographic.
Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...Dana Gardner
Transcript of a BriefingsDirect podcast on how Dell Software is helping to bring standardized and flexible approaches to making BYOD a positive new force to enterprise productivity.
Lee Rainie, director of Internet, Science and Technology Research at the Pew Research Center, spoke on May 10, 2017 to the American Bar Association’s Section of Science and Technology Law about the rise of the Internet of Things and its implications for privacy and cybersecurity. The velocity of change today is remarkable and increasingly challenging to navigate. Rainie discussed Pew Research Center’s reports about “Digital Life in 2025” and “The Internet of Things Will Thrive by 2025,” which present the views of hundreds of “technology builders and analysts” on the future of the internet. He also highlighted the implications of the Center’s reports on “Americans and Cybersecurity” and “What the Public Knows about Cybersecurity.”
The aim of the project is to provide
User a “Digitally Inclusive” platform,
for “Security” needs, by which he
or she can feel secure, by assisting Decision Making complemented by Augmented Intelligence.
New trends of IoT in 2018 and beyond (SJSU Conference ) Ahmed Banafa
The Internet of things (IoT) is growing rapidly and 2018 will be a fascinating year for the IoT industry. IoT technology continues to evolve at an incredibly rapid pace. Consumers and businesses alike are anticipating the next big innovation. They are all set to embrace the ground-breaking impact of the Internet of Things on our lives like ATMs that report crimes around them, forks that tell you if you are eating fast, or IP address for each organ of your body for doctors to connect and check
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...mkeane
The american workplace is in a period of unprecedented change as the combination of mobile technology and social media is changing the "who, what, when and where" of work.
Lee Rainie, Director of the Pew Research Center's Internet & American Life Project, gave this speech during Washington, D.C.'s "Digital Capital Week" at the auditorium of the National Geographic.
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015Jason Hong
Short 10 minute talk presenting two research projects looking at how to use big data to help with privacy. Ends with three thoughts about privacy: ecosystem, human-in-the-loop, and scalability.
What should organizations be concerned about when using Machine Learning for Predictive Modeling techniques? Divergence Academy and Divergence.AI are leading efforts to bring Algorithmic Accountability awareness to masses.
Leveraging Human Factors for Effective Security Training, for ISSA 2013 CISO ...Jason Hong
Talk I gave at ISSA 2013 CISO forum, looking at some human factors issues in cybersecurity. I discuss some of our research in anti-phishing, user interfaces, mental models of cybersecurity, and ways of motivating people.
Charith Perera and Arkady Zaslavsky, Improve the Sustainability of Internet of Things Through Trading-based Value Creation, Proceedings of the IEEE World Forum on Internet of Things (WF-IoT), Seoul, Korea, March, 2014
In this presentation, Anusha introduces the topic of SMAC and associated trends in the area. Machine learning is where her interest area is and she is fascinated about making sense of vast amounts of data that is generated all around.
Next Generation of the Previously Unthinkableqmatheson
Presented by Patrick Vice, Insurance-Canada.ca
ORBiT Annual Members' Meeting, Nov 11th 2014
ORBiT's Annual Members' Meeting is our industry learning, sharing and strategic planning event, focused on shaping the real time agenda for the coming year.
It has been said that Mobiles +Cloud + Social + Big Data = Better Run The World. IBM has invested over $20 billion since 2005 to grow its analytics business, many companies will invest more than $120 billion by 2015 on analytics, hardware, software and services critical in almost every industry like ; Healthcare, media, sports, finance, government, etc.
It has been estimated that there is a shortage of 140,000 – 190,000 people with deep analytical skills to fill the demand of jobs in the U.S. by 2018.
Decoding the human genome originally took 10 years to process; now it can be achieved in one week with the power of Analytic and BI (Business Intelligence). This lecture’s Key Messages is that Analytics provide a competitive edge to individuals , companies and institutions and that Analytics and BI are often critical to the success of any organization.
Methodology used is to teach analytic techniques through real world examples and real data with this goal to convince audience of the Analytics Edge and power of BI, and inspire them to use analytics and BI in their career and their life.
The Web and the Collective Intelligence - How to use Collective Intelligence ...Hélio Teixeira
The Web and the Collective intelligence - How to use Collective Intelligence techniques to ensure that your web application can extract valuable data from its usage and deliver that value right back to the users.
Web 2.0 Collective Intelligence - How to use collective intelligence techniqu...Paul Gilbreath
Source: http://www.helioteixeira.org/ How to use Collective Intelligence techniques to ensure that your web application can extract valuable data from its usage and deliver that value right back to the users. (MODULE 1)
The digital and social media trends to watch. 2015 and beyond seminar: are yo...CharityComms
Ashley Friedlein, CEO, Econsultancy
Visit the CharityComms website to view slides from our past events, see what events we have coming up and to check out what else we do.
http://www.charitycomms.org.uk
Unlocking Value of Data in a Digital AgeRuud Brink
InfoGraphic about Intelligence Hubs as accelerator of the Digital organisation. Five steps how you could think big, and act small to unlock value of Data in your organisation. Contact me for the office A0 poster.
The 10 Fallacies, Myths and Legends of Planning for Digital – With an Extra S...VCU Brandcenter
Jonathan Lee, Managing Director, Marketing Strategy at Huge, gave this presentation at "Ambidexterity," the VCU Brandcenter's executive education program for account planning, on July 18th, 2013 at the VCU Brandcenter in Richmond.
Breakout 3. AI for Sustainable Development and Human Rights: Inclusion, Diver...Saurabh Mishra
This group reviewed data and measurements indicating the positive potential of AI to serve Sustainable Development Goals (SDG’s). Alongside these optimistic inquiries, this group also investigated the risks of AI in areas such as privacy, vulnerable populations, human rights, workplace and organizational policy. The socio-political consequences of AI raise many complex questions which require continued rigorous examination.
Is big data just a buzzword -Big data simply explainedVivek Srivastava
Big data helps us to uncover and discover those facets of data which we are not aware of . Using predictive science it helps us to provide insights on which actions can be taken and suggests those actions which will impact the business significantly boosting the revenue or market reach.For example, using large amount of data and appropriate tools, we can categorize different strata of population and build customize products. So whether companies deploy it or not, all depends on what factor constitute the value of company and where the center of value creation lies. It may be money or it may be geographic reach. - Watch this video at https://www.youtube.com/watch?v=ELyOl0fkqNM
Similar to Are my Devices Spying on Me? Living in a World of Ubiquitous Computing (20)
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
https://www.lakeheadu.ca/research-and-innovation/about/research-and-innovation-week/schedule
I’ve been working on privacy and security issues for about 15 years, looking a lot at the human factors issues. I was invited to give a talk about some of the challenges ahead for the Internet of Things. I wanted to start out by giving some background about IoT first.
I’ve been working on sensor-based systems for about 15 years now
I believe in the near future, our smart devices will know pretty much everything about us
They are going to know how well we are sleeping, whether we are depressed or not, and how sustainable or green we are
You probably have many questions about this simple statement:
How did we get here?
How do these technologies work?
What will this all mean for you and for society? And given the title of my talk, what will this all mean for privacy?
Let’s start with the first question, how did we get here?
https://commons.wikimedia.org/wiki/File:Dell_Desktop_Computer_in_school_classroom.jpg
About 30 years ago, computers were primarily large boxes that came with a monitor, keyboard, and mouse
Emphasis is on large here, really takes up the entire desk
You could also only get computers in one color:ugly
Today, computers come in all kinds of form factors
Smartphones, tablets, glasses, cars, watches, clothes, fitness trackers, health monitoring devices, parking meters, electronic locks, smart mirrors, drones, and yes, even smart toilets.
All of these smart devices are part of the third big wave of computing.
The first wave focused on computation, making the basics of computing work.
The second wave centered on networking, connecting all of these computers together in a global network.
The third wave, of which we are in the early stages, looks at making computers part of the physical world in which we live. Computation and communication are being embedded into everyday objects.
All of this is possible because of shifts in the costs and capabilities of technology.
What will this world be like?
Will just focus on smartphones for now, since they are the most pervasive devices we have today
Representative of many of the problems and opportunities we will be grappling with in the future
Smartphones are everywhere
http://marketingland.com/report-us-smartphone-penetration-now-75-percent-117746
http://www.pewinternet.org/fact-sheets/mobile-technology-fact-sheet/
http://www.androidauthority.com/google-play-store-vs-the-apple-app-store-601836/
These devices are also incredibly intimate, perhaps the most intimate computing devices we’ve ever created.
From Pew Internet and Cisco 2012 study
Main stats on this page are from:
http://www.cisco.com/c/en/us/solutions/enterprise/connected-world-technology-report/index.html#~2012
Additional stats about mobile phones:
http://www.pewinternet.org/fact-sheets/mobile-technology-fact-sheet/
-----------------------
What’s also interesting are trends in how people use these smartphones
http://blog.sciencecreative.com/2011/03/16/the-authentic-online-marketer/
http://www.generationalinsights.com/millennials-addicted-to-their-smartphones-some-suffer-nomophobia/
In fact, Millennials don’t just sleep with their smartphones. 75% use them in bed before going to sleep and 90% check them again first thing in the morning. Half use them while eating and third use them in the bathroom. A third check them every half hour. Another fifth check them every ten minutes. A quarter of them check them so frequently that they lose count.
http://www.androidtapp.com/how-simple-is-your-smartphone-to-use-funny-videos/
Pew Research Center
Around 83 percent of those 18- to 29-year-olds sleep with their cell phones within reach.
http://persquaremile.com/category/suburbia/
From Cisco report
Also from Cisco report
But it’s not just the devices that are intimate, the data is also intimate.
Location, call logs, SMS, pics, more
A grand challenge for computer science
http://www.flickr.com/photos/robby_van_moor/478725670/
https://newyork.cbslocal.com/2018/04/24/china-assigns-every-citizen-a-social-credit-score-to-identify-who-is-and-isnt-trustworthy/
https://www.wired.co.uk/article/china-social-credit-system-explained
deductions for bad behaviour like traffic violations
add points for good behaviour such as donating to charity
Facial recognition is used to spot jaywalkers / how much time they spend playing video games
"not qualified" to buy a plane ticket, and banned from travelling some train lines, buying property, or taking out a loan
Pressure sensor too
Pressure sensor too
Let me convey to you the intuition behind how we transform low level sensor data into higher level activities
Here is an example of sensor data from a participant’s smartphone
Autonomous
Capable of independent thought, decision making
Experience compassion and love, or anger and revenge
This is closer to what the state of the art for Artificial Intelligence is
This was considered a major breakthrough a few years ago
Object detection and identification in images
https://research.googleblog.com/2014/09/building-deeper-understanding-of-images.html
Captioning images. Note the errors. See the “cat” on the bottom
http://cs.stanford.edu/people/karpathy/deepimagesent/
When you have razor thin margins, anything that improve things will be adopted
0.1% based on our paper Why People Hate Your App
Grade 12.5
About 10 min to read
So based on Lorrie and Aleecia’s work, it will take 25 full days to read all privacy policies of all web sites
But this assumes people read it
Rationale behavior not to read privacy policies: we want to use the service, painful to read, clear cost but unclear benefit
Like literacy or civil rights, every generation will have to face this issue, will have to invest in addressing these issues
https://www.flickr.com/photos/johnivara/536856713
https://creativecommons.org/licenses/by-nc-nd/2.0/
I want to wrap up by taking a big step back and looking at the big picture.
Today, we are at a crossroads. There is only one time in human history when a global network of computers is created, and that time is now. And there is only one time in human history when computation, communication, and sensing is woven into our everyday world, and that time is now. We’re already in the early stages of IoT. And it will offer tremendous benefits to society in terms of safety, sustainability, transportation, health care, and more, but only if we can address the real privacy problems that these same technologies pose. So I’ll end with a question for you to consider:
https://www.flickr.com/photos/johnivara/536856713
https://creativecommons.org/licenses/by-nc-nd/2.0/
Today, we are at a crossroads. There is only one time in human history when a global network of computers is created, and that time is now. And there is only one time in human history when computation, communication, and sensing is woven into our everyday world, and that time is now. Now, I’ve avoided using the term Internet of Things because as you may remember from yesterday, I don’t really like the term. But regardless of what it’s called, it’s coming, and coming soon. And it will offer tremendous benefits to society in terms of safety, sustainability, transportation, health care, and more, but only if we can address the real privacy problems that these same technologies pose. So I’ll end with a question for you to consider:
While IoT is often talked about as a single monolithic concept, it is more useful to think of it as a three-tier pyramid. Each tier represents a different class of device, based on the computational power of the device, as well as the amount of interaction and attention a person needs to devote to each device. Each tier also poses different kinds of security challenges due to the nature of the devices in that tier.
At the top of the pyramid are devices with a great deal computational heft, rich sensing capabilities, fast networking, long battery life, and high interactivity. These devices will be highly personal and be what people typically think of as computers. Example devices here include laptops, smart glasses, tablets, smartphones, and gaming devices. Each person will only have a few of these devices but will also spend a lot of time with them. Most of these devices will have common operating systems, can run third-party software, and will be manufactured by large corporations with a great deal of experience in developing secure software.
In the middle are devices that offer basic interactivity, such as TVs, smart watches, refrigerators, thermostats, electronic whiteboards, cable boxes, and interactive toys. Some of these devices will have advanced sensing and computing capabilities, but the key characteristic here is that people will only use these devices at most a few times a day, and they will also only require a little bit of their attention to use. There will also be greater diversity here in terms of manufacturers, operating systems, and software development experience.
At the bottom of the pyramid there will be hundreds of devices per person, each of which lie far in the background of our attention. These might include RFID-enabled ID cards and badges, clothes, HVAC, digital lightbulbs, smart toilets, smart meters, security systems, implanted medical devices, digital picture frames, cheap environmental sensors, electronic locks, and more. Most of these devices will be embedded or situated in homes, buildings, and public places. Devices in this tier will have very little computational resources, basic sensing, few (if any) software capabilities, and a wide range of software and operating systems. Many of the manufacturers of devices in this tier will also have little experience in developing reliable software and pushing out updates.
The sheer number of these devices will make what would ordinarily be trivial tasks into significant challenges. For example, configuring a security policy for a single device is tractable. Configuring a security policy for hundreds of devices, each of which has a different user interface, is not. Similarly, it is easy to have unique passwords for a few devices, but less so for a house or building full of devices, many of which do not even have keyboard input or displays. It is also easy to physically lock down a few computers to prevent
them from being stolen, but it is very difficult to do the same for large numbers of IoT devices. Even worse, many of these IoT devices can be easily lost or stolen due to their small size, or even tampered with to send back fake data.
Screenshot from Sep 11 2017
Example of a webcam type that likely has well-known password (admin / admin)
Note that shodan reports tens of thousands of these
Your blood glucose monitor doesn’t need to contact Facebook (or at least I hope it won’t)
Proximity: might be NFC, Bluetooth, makes attack much harder to scale
The diversity of these devices will make it hard for any single cybersecurity approach to dominate. First, the vast majority of IoT devices will be those at the bottom of the pyramid, having very little CPU processing power and limited battery life. Devices like digital light bulbs will not be able to run conventional encryption algorithms or security software. Second, there will be hundreds of IoT manufacturers all using different kinds of operating systems, different kinds of wireless networking (Zigbee, Z-Wave, Bluetooth, Wi-Fi), different kinds of configuration software, and different kinds of formats for access logs. The upshot is that compatibility and interoperability will be extremely difficult in the near future.
The sheer number of these
devices will make what would ordinarily be trivial
tasks into significant challenges. For example,
configuring a security policy for a single device is
tractable. Configuring a security policy for hundreds
of devices, each of which has a different user
interface, is not. Similarly, it is easy to have unique
passwords for a few devices, but less so for a house
or building full of devices, many of which do not
even have keyboard input or displays. It is also easy
to physically lock down a few computers to prevent
them from being stolen, but it is very difficult to
do the same for large numbers of IoT devices. Even
worse, many of these IoT devices can be easily lost
or stolen due to their small size, or even tampered
with to send back fake data.
This was as of Sep 2017
Ex. Operating system support, what are ways of making things secure by default, make the easy path the safe path
Image from wired.com
A friend told me that a person once annoyed a bunch of people wearing Google Glass by shouting out “Ok Glass, take a picture,” causing everyone’s wearable to take a picture.
In my first year teaching at CMU, I taught a project-based capstone course. I met with students in their lab space every week, and it wasn’t until the last week of class that they incidentally mentioned that we had been streaming on the Internet the entire semester. There was a small webcam that I had never noticed.
air-temperature, humidity, pressure, a 6-axis IMU, a 3 axis magnetometer, a AMG8833 grid eye sensor (a PIR sensor array), an ambient light and color sensor, a PIR sensor, and a wirewound inductor for EMI sensing
Better programming abstractions
Ex. app only needs “loudness” vs raw microphone
Make it easier for devs to get the data they want, but also make it easier to check
See privacystreams.github.io