Io t privacy and security considerations
-
Upload
yves-goeleven -
Category
Technology
-
view
247 -
download
4
description
Transcript of Io t privacy and security considerations
![Page 1: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/1.jpg)
Yves Goeleven
#IoT: Privacy and security considerations
Thanks to
![Page 2: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/2.jpg)
2
Yves Goeleven
• Founder of MessageHandler.net– Shipping software since 2001– Windows Azure MVP– Developer on NServiceBus
![Page 3: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/3.jpg)
Exhibition theater @ kinepolis
![Page 4: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/4.jpg)
4
Agenda
• Why this talk?• What are the dangers?• Security options• Privacy options
![Page 5: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/5.jpg)
5
Agenda
Why this talk?
![Page 6: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/6.jpg)
![Page 7: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/7.jpg)
![Page 8: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/8.jpg)
![Page 9: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/9.jpg)
![Page 10: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/10.jpg)
You might just leave this session with more questions than answers
![Page 11: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/11.jpg)
11
Talk!
Let’s start a conversation!
![Page 12: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/12.jpg)
12
Challenge!
I challenge anyone to do a follow up session with your own questions and ideas.
![Page 13: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/13.jpg)
13
Agenda
What are the dangers?
![Page 14: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/14.jpg)
Internet of Things
![Page 15: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/15.jpg)
![Page 16: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/16.jpg)
![Page 17: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/17.jpg)
What are the dangers?Personal
![Page 18: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/18.jpg)
& invisible
![Page 19: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/19.jpg)
![Page 20: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/20.jpg)
White lies are the common decency
holding us together
![Page 21: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/21.jpg)
![Page 22: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/22.jpg)
22
Agenda
What can we do?
![Page 23: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/23.jpg)
![Page 24: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/24.jpg)
24
Security options
• Prevent physical access– Behind locked doors– Secure casing– Do not expose physical ports (usb, ethernet, ...)
![Page 25: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/25.jpg)
25
Security options
• Prevent virtual access– Do not open inbound ports– Design without ’listeners’ or ‘servers’ on the devices– Instead use ‘workers’ or ‘agents’ and remote queues
with outbound connections only
![Page 26: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/26.jpg)
![Page 27: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/27.jpg)
27
Security options
• Prevent physical tampering– Seals, markers– Alarms– Camera’s
![Page 28: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/28.jpg)
28
Security options
• Prevent virtual tampering– Bootloader in chip or ROM, checks firmware origin
before loading into RAM
– Note: Updating (incl. security fixes) now just got a lot harder though
![Page 29: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/29.jpg)
![Page 30: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/30.jpg)
30
Security options
• Keep track of device identity– Let devices register themselves/call home– Do this on boot & periodically
![Page 31: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/31.jpg)
31
Security options
• Analyze device behavior– Include device specific & variable information– Analyze it server side to detect hacked or spoofed
devices
![Page 32: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/32.jpg)
32
Security options
• Block compromised devices– Access control lists– Protocol/package filtering– Signal Jamming– Unplug the power– On the device, or a specialized device
![Page 33: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/33.jpg)
![Page 34: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/34.jpg)
34
Security options
• Many low-power devices cannot encrypt data using standard encryption techniques– Not enough memory– Drains battery too fast
![Page 35: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/35.jpg)
35
Security options
• Do not store unencrypted data– On publicly accessible devices– Better send it elsewhere, unencrypted if needed, to
store it safely
![Page 36: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/36.jpg)
36
Security options
• Do not send unencrypted data over long distances– Use a local ‘gateway’, a powerfull local device to
encrypt it on behalf of dumb devices
![Page 37: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/37.jpg)
37
Security options
• Use alternative encryption & data mangling strategies– Signed at the foundry, if you can live with lock-in– Ciphers, hashes & arithmetic algorithms
![Page 38: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/38.jpg)
![Page 39: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/39.jpg)
39
Security options
• Audit your physical environment– Know which devices are ‘smart’– And how they communicate– Include all technologies (IR, RF, Bluetooth)
![Page 40: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/40.jpg)
40
Security options
• Spy on your things– Intercept communication between your ‘things’– Analyze the communication & detect anomalies
![Page 41: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/41.jpg)
41
Security options
• Physical canary– Apply ‘social control’ amongst devices– Let devices report that other devices are talking to
them inappropriately
![Page 42: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/42.jpg)
42
Internet of things, reference architecture
![Page 43: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/43.jpg)
![Page 44: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/44.jpg)
44
Privacy options
• There are privacy laws– Make sure not to break these!– Do not store, send or process information that you’re
not allowed to
– http://en.wikipedia.org/wiki/Data_Protection_Directive
![Page 45: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/45.jpg)
45
Privacy options
• Is it clear what laws apply when?– Multinationals spread across different countries– Difference in laws where data is collected vs data is
processed or stored
– US vs EU: direct conflict
![Page 46: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/46.jpg)
![Page 47: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/47.jpg)
![Page 48: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/48.jpg)
48
Privacy options
• Trust is paramount for adoption of IoT– Make it your policy not to break it– People may choose not to buy products from
violators
![Page 49: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/49.jpg)
49
Privacy options
• Question is: is this really true?– Facebook is huge, yet no one trusts them (I hope)– Will convenience win over privacy concerns for
majority of people?
![Page 50: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/50.jpg)
50
Privacy options
• Build trust by asking for user consent– On data collection devices– Oauth great for this!?– But how about devices without a screen?
![Page 51: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/51.jpg)
![Page 52: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/52.jpg)
52
Privacy options
• And how about exchanging and correlating information with 3rd parties in backend?– Need for federated authorization?– With context?– F.e. I allow you to analyse my energy consumption,
send the results to government, but not to utility?
![Page 53: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/53.jpg)
![Page 54: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/54.jpg)
![Page 55: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/55.jpg)
Loyalty plan
Give me your address and you'll get 10% off on your next pair of jeans…
![Page 56: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/56.jpg)
56
Other things we can do?
There’s a lot we can do
![Page 57: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/57.jpg)
57
Other things we can do?
Also a lot of open questions
![Page 58: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/58.jpg)
58
Other things we can do?
But maybe consumers just don’t care
(aren’t prepared to pay for it?)
![Page 59: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/59.jpg)
59
Other things we can do?
What do you think?
![Page 60: Io t privacy and security considerations](https://reader033.fdocuments.in/reader033/viewer/2022061118/545c0853b1af9f460a8b461e/html5/thumbnails/60.jpg)
60
A big thank you to our sponsors
Gold Partners
Silver & Track Partners
Platinum Partners