Post on 22-Nov-2014
description
iBeacons:Security and
Privacy?
Jim FentoniBeacon Makers’ Workshop
29 April 2014
Introduction
• Security
• What is the threat model?
• What are the threat countermeasures?
• [User] Privacy
• How might iBeacons impact users?
Threat Analysis
• Who are the bad actors?
• What are their capabilities?
• What are the bad acts we want to protect against?
Bad Actors
• Competitors
• Competitive analysis, offers
• Vandals
• Physically move and/or destroy beacons
• Script kiddies
• Opportunists - Gaming the system “Security Checks” by Flickr user David Woo
used under CC BY-ND 2.0 license
Bad Actors’ Capabilities
• Create beacon clones
• Place your beacons in unauthorized places
• Disable beacons
• Move beacons
• Monitor interactions with beacons
Bring In The Clones!• Place duplicates of existing beacons
• Pollutes analytics
• Can be used to annoy users, encourage them to disable app
• Might be used to “game” special offers
• Countermeasure: Fusion of beacon location with rough geolocation from other sources
• No effective crypto countermeasure
Beacon Planting
• Place beacons in unauthorized places, like competitors’ premises
• Car salesman gives user an app
• Salesman gets notified when prospective customer enters competitors’ showroom
• Salesman calls customer and sweetens offer
• Countermeasures: WarBeaconing, public shaming, search-and-destroy
Beacon Abuse • Destruction or
movement of existing beacons
• Countermeasures
• Detect unexpected loss of beacon “hits”
• Geolocation fusion
• Camouflage“beacons” by Flickr user jnxyz.educationused under CC BY-2.0 license
Privacy Issues
• Alerts and user visibility
• Aggregation
User Alerts
• Concern about over-alerting users
• But this problem is self-correcting
• Not alerting users can be a concern -- users may not know they’re being tracked “estimote” by Flickr user Sam Churchill
used under CC BY-2.0 license
Aggregation
• Beacon services potentially have access to lots of behavioral information
• Shopping center apps can aggregate behavior within centers (and co-owned centers)
• Popular apps (Facebook, Google) could roll out beacon services with great potential to aggregate user data
Summary
• Significant security threats exist
• Beacons will require active management to mitigate loss, cloning, and movement
• Deployment scenarios that support wide aggregation of beacon data are problematic for privacy