i
Copyright © 2016 IEEE. All rights reserved.
MEETING RECAP
IEEE Trust and Security
Workshop for the
Internet of Things (IOT)
Washington, D.C.
4 February 2016
ii
Copyright © 2016 IEEE. All rights reserved.
TrademarksandDisclaimers
IEEEbelievestheinformationinthispublicationisaccurateasofitspublicationdate;suchinformationissubjecttochangewithoutnotice.IEEEisnotresponsibleforanyinadvertenterrors.
TheInstituteofElectricalandElectronicsEngineers,Inc.3ParkAvenue,NewYork,NY10016-5997,USACopyright©2016byTheInstituteofElectricalandElectronicsEngineers,Inc.Allrightsreserved.PublishedMonth20xx.PrintedintheUnitedStatesofAmerica.IEEEisaregisteredtrademarkintheU.S.Patent&TrademarkOffice,ownedbyTheInstituteofElectricalandElectronicsEngineers,Incorporated.IEEEprohibitsdiscrimination,harassment,andbullying.Formoreinformation,visithttp://www.ieee.org/web/aboutus/whatis/policies/p9-26.html.Nopartof thispublicationmaybe reproduced inany form, inanelectronic retrieval system,orotherwise,without thepriorwrittenpermissionofthepublisher.ToorderIEEEPressPublications,call1-800-678-IEEE.FindIEEEstandardsandstandards-relatedproductlistingsat:http://standards.ieee.org
iii
Copyright © 2016 IEEE. All rights reserved.
NoticeandDisclaimerofLiabilityConcerningtheUseofIEEE-SADocuments
This IEEE Standards Association (“IEEE-SA”) publication (“Work”) is not a consensus standard document.Specifically,thisdocumentisNOTANIEEESTANDARD.InformationcontainedinthisWorkhasbeencreatedby,orobtainedfrom,sourcesbelievedtobereliable,andreviewedbymembersofthe IndustryConnectionsIoTactivitythatproducedthisWork.IEEEandtheIndustryConnectionsIoTActivitymembersexpresslydisclaimallwarranties(express, implied, and statutory) related to this Work, including, but not limited to, the warranties of:merchantability; fitness for a particular purpose; non-infringement; quality, accuracy, effectiveness, currency, orcompletenessoftheWorkorcontentwithintheWork.Inaddition,IEEEandtheIndustryConnectionsIoTmembersdisclaimanyandallconditionsrelatingto:results;andworkmanlikeeffort.ThisIndustryConnectionsIoTdocumentissupplied“ASIS”and“WITHALLFAULTS.”Although the Industry Connections IoTmembers who have created thisWork believe that the information andguidance given in thisWork serve as an enhancement to users, all personsmust rely upon their own skill andjudgmentwhenmakinguseofit.INNOEVENTSHALLIEEEORIndustryConnectionsIoTMEMBERSBELIABLEFORANY ERRORS OR OMISSIONS OR DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIALDAMAGES(INCLUDING,BUTNOTLIMITEDTO:PROCUREMENTOFSUBSTITUTEGOODSORSERVICES;LOSSOFUSE,DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,WHETHER INCONTRACT, STRICT LIABILITY,OR TORT (INCLUDINGNEGLIGENCEOROTHERWISE)ARISING INANYWAYOUTOFTHEUSEOFTHISWORK,EVENIFADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGEANDREGARDLESSOFWHETHERSUCHDAMAGEWASFORESEEABLE.Further,informationcontainedinthisWorkmaybeprotectedbyintellectualpropertyrightsheldbythirdpartiesororganizations,and theuseof this informationmay require theuser tonegotiatewithany such rightsholders inorder to legallyacquire the rights todoso. IEEEandthe IndustryConnections IoTmembersmakenoassurancesthattheuseofthematerialcontainedinthiswork isfreefrompatent infringement.EssentialPatentClaimsmayexistforwhichnoassuranceshavebeenmadetotheIEEE,whetherbyparticipantsinthisIndustryConnectionsIoTactivityorentitiesoutsidetheactivity.TheIEEEisnotresponsibleforidentifyingessentialpatentclaimsforwhichalicensemayberequired,forconductinginquiriesintothelegalvalidityorscopeofpatentsclaims,ordeterminingwhether any licensing terms or conditions, if any, or any licensing agreements are reasonable or non-discriminatory.Usersareexpresslyadvisedthatdeterminationofthevalidityofanypatentrights,andtheriskofinfringement of such rights, is entirely their own responsibility. No commitment to grant licenses under patentrightsonareasonableornon-discriminatorybasishasbeensoughtorreceivedfromanyrightsholder.Thepoliciesand procedures under which this document was created can be viewed athttp://standards.ieee.org/about/sasb/iccom/.ThisWorkispublishedwiththeunderstandingthatIEEEandtheIndustryConnectionsIoTmembersaresupplyinginformationthroughthisWork,notattemptingtorenderengineeringorotherprofessionalservices.Ifsuchservicesare required, the assistance of an appropriate professional should be sought. IEEE is not responsible for thestatementsandopinionsadvancedinthisWork.
iv
Copyright © 2016 IEEE. All rights reserved.
Contents
ExecutiveSummary ............................................................................................. 1InvitedSpeakers ................................................................................................. 3OpeningRemarks ............................................................................................... 2OpeningPanel:TheNeedsandChallengesinTrust,Security,andPrivacyfortheIoT ...... 4PresentationsonTrustandSecurityfortheInternetofThings .............................. 5AccessControlandIdentityManagement ............................................................ 7KeyPointsfromAccessControl&IdentityManagementBreakoutSession .......... 9ArchitecturalFramework ................................................................................... 10KeyPointsfromArchitecturalFrameworkBreakoutSession ............................. 12Policy&Standards ............................................................................................ 13KeyPointsfromPolicy&StandardsBreakoutSession ...................................... 15ScenariosandUseCases .................................................................................... 17KeyObservationsfromBrainstormingSessions ................................................ 19
1
Copyright © 2016 IEEE. All rights reserved.
IEEETrustandSecurityWorkshopfortheInternetofThings
ExecutiveSummary
Estimatesrunashighas50to200billionInternetofThings(IoT)-connecteddeviceswillbeintheworldby2020-2025—everythingfromhomeappliancestohealthmonitorstocountlessdevicesinourenvironmentmakingsurethatcropsaregrowing,thatpowerisflowing,thatthingsareworkingandsafe.
Essentialtoreachingthisfuture,however,isthatthepublictrustsit—thattheybelievethattheirprivacyisprotectedandtheirsecurityisnotcompromised.TheEndtoEndTrust&SecurityWorkshopfortheInternetofThingsheldinFebruary2016inWashington,DCincludeddozensofpresentationsonaspectsofthesequestions,developedandpresentedbythoughtleadersinacademia,industry,not-for-profits,technicalorganizations,consortiums,andgovernmentsfromaroundtheworld.
IEEE,Internet2, and theNational Science Foundation (NSF)as well as a host of other sponsors workedtogethertogather industrytechnologists forthisworkshopwhocanhelpdrivethe InternetofThings (IoT)conversation and contribute to the development of an open architectural framework. The focus of theworkshop submissions anddiscussionswas to address the TIPPSS elements of IOT: trust, identity, privacy,protection,safety,andsecurity.
Thepresentationsenabledrichdiscussionsfocusedinthefollowingbroadareas:
EndtoEndTrustandSecurity
Dependingonwhereyouaredefinitionsofprivacyandsecuritydifferandsometimessignificantly,yetthechallengewillbetomaketheIoT’sarchitectureasuniversalaspossibletomeetthoseexpectationswhileenablingbroadsystemlevelinteroperabilityandeliminatevulnerabilities.Differentsolutionstoaspectsofthisquestionrangefromcreatinganarchitecturalmodel,tosecure,self-monitoringfiberopticandwirelessnetworks,tochangingthewaydevicesaredevelopedtomakeTIPPSS–trust,identity,privacy,protection,safetyandsecurity-aprimaryobjectivefromthestart.
AccessControl&IdentityManagement
Withnewdevicescomingontothenetworkconstantly,howtheyareverifiedandwhattheyareallowedtodoisessentialtonotallowingthemtointroducevulnerabilities.Atthesametime,noteverydevicehastobeidentifiedinthesameway,andinfactdoingsopresentsprivacyrisksifeveryinteractionidentifiestheuserfully.Inthehighlyinterconnectedworldusersgainaccesstotheinformationthatmayresideintheneighboringapplicationdomains.Biometricsasasecureformofidentification,theSemanticWebasawaytostandardizedefinitionsforprivacyandsecurity,securewaystobringnewdevicesintouse,andnewschemessuchasVirtualOrganizationsforsecuritywerealldiscussedinthesesessions.
2
Copyright © 2016 IEEE. All rights reserved.
ArchitecturalFramework
TIPPSSelementsareimportanttobebuiltinwithdefenseindepth,whichcanbebakedinatthehardware,firmware,softwareandservicelevelofthedeviceandapplication—butit’salsoimportantthatitbedoneinanefficientwaythatdoesn’thaveahighresourcecost.Approachestoimprovingsecuritywhilekeepingitscostlowwerediscussed.Thisincludedalayeredapproachtosecurity,hardwareapproachessuchasdeterministicphotonicpacketswitches,animprovedtaxonomyoferrorcontrol,andacentralizedauthoritytomanagesecurityissuessothateverydevicedoesn’thavetoontheirown.Theopportunitytoprovideanabilityfordevicedemocracyforapplicationsandusecasesthatrequirein-siturealtimetrust,identityandsecuritywasalsodiscussed.TheapplicationoftheseTIPPSSideasinanarchitecturalframeworkthatwouldapplyinmultiplescenarioswasexplored,includinghowalltheseconcernsinteractwiththedynamicenvironmentofintelligenthighways,connectedvehiclesandconnectedhealthcare.
Policy&StandardsTheIoT’sfuturedependsonacceptanceofstandardsforprivacyandsecurity;italsorequiresknowingwhatauthoritiescanandwillestablishsuchstandardsinordertomakenormsaccepted.Policyissuesbeginwithagreementastowheregovernanceiscomingfrom,makingittechnologicallypossibleinlowpowerenvironments,whileprovidingtransparencyfromallparties,incentivizationformanufacturers,andapplicationtonewareasthatopenupnewlawandpolicysuchasdronesandbrain-digitalinterfaces.Thediscussionalsotouchedthesubjectofthegapthatexistsbetweenpoliciesandtechnologiesandhowthisgapcanbeclosedthroughthecollaborativeeffortsofpolicymakersandtechnologydevelopers.ScenariosandUseCasesIntherealworld,consumersdon’tthinkaboutsecurityenough,andtheyoftenconsideritthemanufacturer’sresponsibility.,ManyofthesystemsthatarebeingimplementedsuchastheSmartGridarevulnerabletoattackorpresentprivacyconcerns.Connectedvehicleswon’tsellifthey’reseenasreportingeverytimeyouspeedtoauthorities.Privacyneedscallforprivacymediatorswhoadvocateforusersandanonymizetheminordetailsofourdailylives.TheDIY(DoItYourself)and“maker”culturecallsforwideeducationontheissuesoftrust,identity,privacy,protection,safetyandsecurity,leadingtoadiscussionofIoTEthicsandeducation.
3
Copyright © 2016 IEEE. All rights reserved.
IEEETrustandSecurityWorkshopfortheInternetofThings
InvitedSpeakers
FlorenceHudson,Internet2RosioAlvarez,USDepartmentofEnergyOlegLogvinov,IEEE(IEEEInternetInitiativeandIEEEP2413WorkingGroup)RobertMartin,MITRE,IndustrialInternetConsortium(IIC)SteeringCommitteeAnitaNikolich,NSFSarahCooper,M2MiAlanKarp,EarthComputingIraKovalinka,DSPOmniaInc.RobGingell,ResilientNetworkSystemsProf.ScottStreit,JasonBravermanandHectorHoyos,HoyosLabsKenKlingenstein,Internet2BrianScriber,CableLabsDr.WenjiaLi,NewYorkInstituteofTechnologyDr.CraigA.Lee,TheAerospaceCorporationDr.ErfanIbrahim,MauriceMartin,NationalRenewableEnergyLabTedSzymanski,McMasterUniversityCleonRogers,LRDCSystemsLLCYiorgosMakris,Dr.AngelosAntonopolous,KirubaS.Subramani,AriaNosratinla,Trela,UniversityofTexasatDallasMargaretLyell,ExplorationsMinervaLLCVamsiGondi,DavidL.White,JillGemmillandChristopherW.Post,ClemsonUniversityVyacheslavZolotnikov,SemenKort,EkaterinaRudina,KasperskyLabsWilliamJ.Miller,ISO/IEC/IEEEP21451-1-4(Sensei-IoT*)
WilliamWoodward,SAEInternationalGlennFink,PacificNorthwestNationalLaboratoryKarenO’Donoghue,InternetSocietyLillieConey,chair,IEEEPAR1912PrivacyandSecurityArchitectureforConsumerWirelessDevicesWorkingGroupJuanCarlosZuniga,InterDigitalLabsJohnMurray,SRIInternationalDr.BertrandCambou,PaulFlikkerma,ConstantinCiocanel,NorthernArizonaUniversityEdwardAractingi,MarshallUniversity/Internet2CINO-IoTWorkingGroupMichaelA.Eisenberg,UniversityofColorado-BoulderMartinMurillo,UniversityofNotreDameMarkCather,UMBCChiefInformationSecurityOfficerPamelaGupta,OutSecureInc.CarlHewitt,StandardIoTFoundationLukeRussell,CarletonUniversityDr.RezaArghandeh,FloridaStateUniversityNigelDavies,LancasterUniversityDr.GeorgeCorser,SaginawValleyStateUniversityDr.RabindraChakraborty,SenslyticsRonWinward,RadwareUlfLindqvist,SRIInternationalSteveWallace,IndianaUniversity
2
Copyright © 2016 IEEE. All rights reserved.
OpeningRemarks
OlegLogvinov,Director,SpecialAssignments,Industrial&PowerConversionDivision,STMicroelectronics;Chair,IEEEInternetInitiativeandIEEEP2413Standard
ThiseventwasbornattheintersectionoftwoIEEEInitiatives:
- IEEEInternetInitiative(internetinitiative.ieee.org)- IEEEIoTInitiative(http://iot.ieee.org/)
IEEEInternetInitiative
Themission of the IEEE Internet Initiative is to raise IEEE’s influence and profile in global technologypolicy in the areas of Internet governance, cybersecurity and cyberprivacy policy development byprovidingaconsensusofsoundtechnicalandscientificknowledgeandguidancetotheprocess.
The IEEE Internet Initiative is a cross-organizational, multi-domain community that connectstechnologists and policymakers from around the world to foster a better understanding of, and toimprove decisions affecting, Internet governance, cybersecurity, and privacy issues. Regardless of thespecificareasofInternet-relatedtechnologyandpolicyyouworkin,nearlyeveryonehasastakeinthefuture of Internet governance and the related issues of cybersecurity and privacy. Both technologistsand policymakers can derive practical benefits from learning more about each other’s perspectives,challengesandopportunities.For technologists,anadvancedawarenessofpublicpolicy issuesshouldlead to the development of sound technical solutions andbest practices. For policymakers, access totechnologists and an improved grasp of technologywill help clarify the trade-offs inherent in relatedpublicpolicychoicesanddecisions.
Tohelptechnologistsandpolicymakersaccomplishtheseandothergoals,theIEEE–recognizedforitsopen, transparent, collaborative processes – is convening neutral platforms to support mutuallybeneficial dialogue and engage other pertinent stakeholders. The IEEE Internet Initiativewebsite, forinstance,offers aone-stopdestination for currentnews,upcomingevents, recentpublications, andagrowingtroveofrichresources.Otherkeyrelatedactivities,include:
- supporting and facilitating the development of open standards to address cybersecurity andprivacychallenges;
- workingtoidentifysocietalimplicationsofalternativetechnologypolicysolutions;- monitoringthetechnologypolicylandscape;- supporting,collaboratingandpartneringwithInternetecosystementities,and- connectingstakeholderstoacomprehensiveframeworkofconferences,educationalprograms,
andstandards.
DialoguewithallinterestedstakeholdersisanessentialelementofIEEEInternetInitiative’smission.
IEEEIoTInitiative
The mission of the IEEE IoT Initiative is to serve as the gathering place for the global technicalcommunityworkingontheInternetofThings;toprovidetheplatformwhereprofessionalslearn,shareknowledge,andcollaborateon this sweepingconvergenceof technologies,markets,applications,andtheInternet,andtogetherchangetheworld.
3
Copyright © 2016 IEEE. All rights reserved.
TheIEEEInternetofThingsisoneofIEEE’s important,multi-disciplinary,cross-platformInitiatives.TheInternetofThings(IoT) isoneofthemostexcitingtechnologicaldevelopmentsintheworldtodayandthe global technical community is coalescing around the thought-leading content, resources, andcollaborativeopportunitiesprovidedbytheIEEEIoTInitiative.
MoreinformationisrevealeddailyabouttheInternetofThingsanditspotentialtotransformhowwecommunicatewithmachinesandeachother.Tobringclarity toanddisseminate informationglobally,IEEE Future Directions launched the IEEE IoT Initiative in 2014. It serves as a home for the globalcommunityofengineeringandtechnologyprofessionalsinindustry,academia,andgovernmentworkingin related technologies.Here,professionals learn, share knowledge, and collaborateon this sweepingconvergence of technologies, markets, applications, and the Internet. Participants in the communityhave access to the most trusted resources developed including publications, videos, articles, andinterviews,aswellaswebinars,Hangouts,presentations,workshops,andconferences,thiswebportal,andmuchmore.
4
Copyright © 2016 IEEE. All rights reserved.
OpeningPanel:TheNeedsandChallengesinTrust,Security,andPrivacyfortheIoT
Panelists:
RosioAlvarez,ChiefInformationOfficer,LawrenceBerkeleyNationalLaboratory
SarahCooper,ChiefOperatingOfficer,M2Mi
OlegLogvinov,Director,SpecialAssignments,Industrial&PowerConversionDivision,STMicroelectronics;Chair,IEEEInternetInitiativeandIEEEP2413Standard
BobMartin,SeniorPrincipalSecureSoftware&TechnologyEngineer,MITRECorporation;SteeringCommittee,IndustrialInternetConsortium
AnitaNikolich,CybersecurityProgramDirector,NationalScienceFoundation
Moderator:FlorenceHudson,SeniorVicePresident&ChiefInnovationOfficer,Internet2TheopeningpanelpresentedperspectivesfrommultipleleadersfromacrossthepublicandprivatesectoronTIPPSS–Trust,Identity,Privacy,Protection,SafetyandSecurity–inIoT.Fromindustrialapplications,togovernmentassets,toconsumerapplications,cybersecurityandTIPPSSareprimeareasofrequiredfocus.ThediscussionincludedarchitecturalframeworksalreadybeingdevelopedbytheIndustrialinternetConsortium,IEEE,theNationalinstituteofStandardsandTechnology(NIST)alongwiththeneedtoensureinteroperabilityandsafe,securesystemswhetherinbrownfieldorgreenfieldapplications.Thereisresearch,developmentanddiscoveryyettobedoneinIoTandthoseareasneedtobeexplicitlyenunciatedandaddressed.FromdefenseindepthstrategiesinanIoTdevice,totheprocessofensuringtrustandidentityofusersanddevices,toensureweprotectthedataandprivacyoftheindividualorentitytowhichthedatapertains,toincreasingthesafetyandsecurityoftheapplicationanddevice,thereismuchmoretodo.Thereiscriticalinfrastructurethatrequirestheutmostsafetyandsecurity,whichcanalsobeinanorganizationwithanopencollaborativeculture,requiringanambidextrousmanagementparadigm.
ThepanelagreedthepotentialvalueofIoTisindeeddrivingthedevelopmentofusecasesanddevices,requiringallofustoworktogethertoensurethediligenceofarchitectingtrust,safety,security,andprivacyintotheIoTtechnologiesandprocessestodayandintothefuture.
5
Copyright © 2016 IEEE. All rights reserved.
PresentationsonTrustandSecurityfortheInternetofThings
TrustAndSecurityDraftStandardUsingTheSemanticWeb–W.J.Miller
OneimportantgoalistoprovideanIoTapproachthatmeetsdifferingdefinitionsofprivacyforpersonaldataaroundtheworld.ISO/IEC/IEEEP21451-1-4offersSemanticWeb3.0capabilitiesthatincludeuniqueidentification,accesscontrolandidentitymanagement,devicesharing,built-inTransportLayerSecurity(TLS),acommonreferencearchitecturefordataexchangethatistechnologyagnosticandprotocolindependent.Privacyisprotectedbyuseof“ThingRegistries”limitingaccesstothoseauthorizedandtrustedbytheowneroftheThing.
IIRAMeta-ReferenceArchitectureForDiverseApplications–RobertMartin
TheIndustrialInternetConsortium’sIIRA(industrialinternetreferencearchitecture)definesandsupportsawideanddiversesetofsystemtypesinmanyconfigurations,connectedinmanydifferentwaysacrossawiderangeofindustries,sectorsandusecasecontexts.Itsupportsandguidesanycreationofsolutionsforarchitecturalneeds,anditsopenarchitectureandinteroperabilityandtheuseofalliedtestbedshelpsadvanceinnovationandbestpractices.
NetworkEndtoEndDataLinkEvaluationSystem(NEEDLES)ForOpticalCableMonitoring–WilliamWoodward
OriginallydevelopedfortheNavy,NEEDLESisastandardfordetectingimpairmentinfiberoptics.Itconsistsofonemaindocumentandseveralslashsheets.Designedtobenon-intrusiveandnon-destructive,itprovidesa24/7-conditionstatusoftheentirefiberopticnetwork,detectingfaultsandisolatingtheminrealtime.
Reporton2015IoTSecurityandPrivacyKeynotesWorkshop–GlennFink
Atthe2015IoTSecurityandPrivacyKeynotesWorkshop,heldinconjunctionwiththeIoTWorldForuminMilan,participantsidentifiedsixkeyareaswheresecurityandprivacyimprovementswereneededfortheIoT’sfuturegrowth:dataprivacy,dataprovenance,lifecycledataencryption,scalableinfrastructures,standardprotocolsandstandardizedriskmetrics.Topissuesthatwereidentifiedincludeanalysisanduseofdatawhileencryptedtoensureconfidentialityandintegrity,standardizationofvendorprotocols,sensoridentityverificationanddatasecurity,andpoliciesfordatasensitivityandprivacyinaworldofsophisticateddataanalysis.
6
Copyright © 2016 IEEE. All rights reserved.
IoT:IssuesAndChallengesOfAMoreConnectedWorld–KarenO'Donoghue
DevicesontheInternetarenotnew,buttheirabilitiesandthescaleoftheIoTwillbe.ThekeychallengesoftheIoTincludesecurity,privacy,interoperability/standards,legalandregulatoryissuesandrights,andissuesrelatedtotheemergingeconomyandeconomicdevelopment.Securitychallengesincludenotonlythescalebutalsotheinvisibilityofinternalworkingsandtherelativelackofphysicalsecurityforeverydayobjects.Similarly,privacyissuesmustbedealtwithinacontextwhoseubiquitymakesithardtokeepprivacy.TheIoTpresentsamazingopportunitiesbutalsoseriouschallengesthatmustbesolvedcollaboratively.
DefendingAgainstTheSilentIntruder–LillieConey
IEEEPAR1912isworkingtodevelopastandardforacommonprivacyandsecurityarchitectureforconsumerwirelessdevices,makingiteasierforconsumerstointegratethosetechnologiesintotheirlivesandhavegreatercontroloverdevicesandtechnology.Recommendationsincluderethinkingoperatingsystemsfromasecurityandprivacyperspective,makingthemfail-safeorfail-secure,referencelibrariesforsoftwarereflectinghigherlevelsofsecurity,greatertransparencyforapps,andaccountabilityregardingthechainofcustodyforboththedigitalandphysicalIoT.
7
Copyright © 2016 IEEE. All rights reserved.
BREAKOUTGROUPPRESENTATIONS
AccessControlandIdentityManagementA New Model For IoT Sharing And Access Control – Vyacheslav Zolotnikov, Semen Kort,EkaterinaRudina
Aneffectivesharingsystemhassixaspects—it’sdynamic,attenuated(can’tbesharedfurtherwithoutyour permission), chained (tied to the person who shares), composable (you set the terms for eachtransaction).accountable,anditworksacrossdomains.Atpresentyourarelyhaveanyoftheselevelsofcontrolwhilesharingelectronicfilesorpermissions,andIoTmaywellmaketheproblemsworse.Anewmodelbuiltontokensavoidsthoseproblems.PrivateBiometricVerificationInIoTAuthorization-IraKonvalinka
Existingone-to-manymodelsforbiometricverificationhavemultiplepointsofvulnerability.Spoofingcanoccuratanyofthesepoints,themostvulnerableofallbeingalsothemostcommon,handheldpersonaldevicessuchascellphones.Anewone-to-onemodelshiftskeypartsoftheprocessoutsidethereachofthesevulnerabilitiestoanencrypteddomain,usingarevocablehardwiredkeyandPUF(PhysicalUnclonableFunction)thatauthenticatesdevicesassurelyasirisscansauthenticatehumans.NoTInTheIoTIsAnIsland-RobGingell
Atleastthat’sthegoal.RightnowwearestillintheislandphasewhereThingsarerelativelyisolatedonthenetwork,butsoontherewillbeadynamicnetworkofinterconnecteddevicesformingtrustrelationshipsquicklyandwithlowoverhead.Togetthere,though,weneedeffortstopreserveprivacythroughbetteruseoftrustrelationships,andexplicitpoliciesforconnectionsbetweenauthorities.SystematictrustmaximizesIoTutilityandhelpsprotectthenetworkasawhole.IoT Security: “A Nightmare In Progress” - Prof. Scott Streit, Jason Braverman, and HectorHoyos
Awide-ranginglistofthesecurityproblemsintheIoTwaspresented:“Usernamesandpasswordsarebroken,”there’snotwo-factorauthenticationforconnecteddevices,Oauth-typeloginshavealargesurfaceofattack,mobileappsstayloggedin,hackersleveragemobiledevicestoattackothers,unencrypteddataiseverywhere,andfewdevicesusetwo-wayTSLconnections.OpenSesame™offersasmarter,biometric-basedwaytolockconnecteddevices.TogetherwithBOPS—BiometricsOpenProtocolStandard—itsecuresphysicalaccessthroughbiometricauthenticationandencryptsalldatatoprotecttheuser.LessonsfromtheInternetofPeople-KenKlingenstein
TheInternetasitexistsnowforhumanusershaslessonstoteachabouttheshapeoftheIoT.Internetidentityevolvedwiththeriseoffederatedauthentication.Metadatacametoplaya
8
Copyright © 2016 IEEE. All rights reserved.
criticalroleinauthenticationandaccesscontrol.Differentformsoftrustcametoworktogetherindifferentcircumstances.Inall,thereareemergingtoolsonthepeoplesidethatcanaddresstheprivacy,personalizationandsecurityneedsforthePtoTinterface,thoughtheIoThasotherissuesasyetunexplored.SecurityImprovementsInNewDeviceOnboarding-BrianScriber
Bringingnewdevicesonboardposes,andexposes,commonsecurityrisks,thatcanmakethedevicetheentrypointtofutureattacks.AnonymousdevicesaremostvulnerablebutPIN-basedonesarenearlyasrisky,notleastbecausetheyseemtooffermoresecuritythantheyreallydo.Weneednewsystemsrootedinsecurelystoredkeysandmanufacturer-basedcertificates.TrustandSecurityfortheIoT-WenjiaLi
TrustandsecurityarerealandseverechallengesthatthreatenthewidedeploymentofIoT—theycanevenbelife-threatening.Themajorityofcurrenttrustmanagementschemesmodeltrustinonesinglescalarorvalue,whichistoocrudeforsophisticatedsystems.Anewmodeloftrustmanagementwouldcollectandevaluatepriorbehaviorofothernodesandbuildatrustvalueforeachnodebasedonthebehaviorassessment,identifyingharmfulplayersmorequickly.Atthesametime,evaluatingthetrustworthinessofthedataitselfcanbeasimportantasevaluatingindividualnodes.VirtualOrganizationsForManagingTrustAndCollaboration-Dr.CraigA.Lee
Federationsareawaytomanagecollaborationsutilizingthecloud,andcanbedoneatanylevelinthesystemstacktosecurelymanagecollaborationsandthesharingorresourcesacrossawidespectrumofapplicationandadministrativedomains.Thisvastlyexpandstheapplicabilityandpotentialimpactofwhatcloudfederationcouldmean,allthewaytoaglobalintercloudofthings.Forthistoberealized,certainthingswillbeneededincludingsemanticinteroperability,astandardfederationgatewayoragentandmodulartrustcomponents.SuchVirtualOrganizationsalreadyrunundertheInteroperableGlobalTrustFederation,andthenextstepiscreatingaKeystone-based,GeneralFederationAgent.GoalsoftheIEEECyberSecurityInitiative-UlfLindqvist
TheIEEECyberSecurityInitiativehasthreeprimarygoals—tobecomethego-toonlinepresenceforsecurityandprivacy,toimproveunderstandingoftheissuesatthestudentlevel,andtoimprovedesignsandimplementationattheprofessionallevel.TothatendIEEEhasanumberofsecondaryinitiativesinprocess.TheTryCyberSecurityInitiativefocusesonraisingawarenessofa“Top10”ofsecurityflaws,whiletheCenterforSecureDesign(CSD)bringstogethersoftwaresecurityexpertisefromindustry,academiaandgovernmenttodevise“buildingcodes”forsoftware.
9
Copyright © 2016 IEEE. All rights reserved.
KeyPointsfromAccessControl&IdentityManagementBreakoutSession
o Identityvs.Identifiers:• Establishing identity requires authenticationand canworkagainstprivacy concerns in
manycases.Thereare,ofcourse,circumstanceswhere Identityhas tobeestablished,butanextensibleIoTenvironmentwon’tbeabletodothiseffectively.
• Identifierscanbeused to showauthorization toperformsomeactionoraccess someresource,butcanbedeployedinaprivacy-protectingmanner.
o Biometrics have the potential to address questions of strong authentication and allow
users/entitiestocontrolaccesstotheirdatabybindingtheauthenticationtodataorotherresources.
o Standardsareneededtoallowforinteroperability,heterogeneity,commonsemantics,etc.Thesoonerthesecanbeputintoplace,theeasieritwillbeforabroad-basedIoTecosystemtodevelopthatsupportssecurity,trust,andprivacy.• Manyoftheactualissueshavetechnicalsolutions.• Theneedisforstandardstolayouthowsolutionsworktogetherinacoherent/cohesive
whole.
o Accesscontrol:Thereneedstobeamechanismtokeepdevicesseparated.Simplybecausealightbulbisonthenetworkdoesn’tmeanitshouldbeabletoaccessanythingelseonthenetwork.
o Inordertopreserveprivacy,anythingshouldonlybechallengedtoauthenticatewhereneeded.It’snotneededeverywhereortoeverything.Thatis,device-to-deviceinteractionsshouldn’tnecessarilyrequireauthenticationwhentheycanshowthattheyareauthorized.
o TheredoesnotyetseemtobeameaningfuldefinitionofthelifecycleofanIoTdeviceandwhataretherequirementsateachstage.Specificstagesthatneedattention:on-boarding,normaloperation,endoflifeortransition.
o Authorization:architecturedesignwithpoliciesstoredelsewhereforexamination.
10
Copyright © 2016 IEEE. All rights reserved.
ArchitecturalFrameworkALayeredSolutionToCybersecurity-Dr.ErfanIbrahim,Martin,Maurice
TheNationalRenewableEnergyLaboratory(NREL)hasdemonstratedendtoendsecurityusingofftheshelftechnology,testedonNREL’sDistributionGridManagement(DGM)testbed.Thekeyischoosingtechnologytocover9systemlayers:7logicallayersintheOSIBasicReferenceModel,1semanticlayerand1businesslayer.ThetechnologychallengeofsecuringDGMhasbeenlargelysolvedwithofftheshelfproductstoday.Themoreimportantmatterissoundnetworkdesign,propertechnologyintegration,strictsecuritypoliciesonroutersandfirewalls,welldefinedsecuritypatchmanagementprocessesintheorganization,regularemployeetrainingonsecurityawareness,anddefeatingsocialengineeringschemesfordataexfiltrationandinsiderthreat.
ASecure,LowerOverhead“IndustrialInternetOfThings”(IIoT)-TedSzymanski
SecurityiscriticalinindustrialIoTapplications,butwillalsorequirehugeresources.DeterministicphotonicpacketswitchesofferawaytodesignasecureIIoTatalowerresourcecost,byembeddingmillionsofsecurevirtualnetworksinlayers2or3,usinglow-energy-usagefield-programmablegatearrayswithOpticalI/O.Thisallowsforasignificantincreaseincyber-security,asVNpackettransmissionscanbeencryptedanddecryptedinFPGAs,whilereducingcongestion(andeffortstocombatit).
TaxonomyOfErrorControlRequirements–Author???
TworecentpapersquestionedtheadequacyofCRCStandardsinmodernsoftwaredevelopment,andrecommendednewresearchonerrorcontrolincriticalsoftware-intensivesystems.Theresultingproposalisforataxonomytoclassifyandaidthespecificationandverificationoferrorcontrolsolutions,followedbyimplementationofthestandardsbytrainingandauthorizingtheappropriateauthoritiesglobally.Themodelforthiseffortwouldbetheadvancedpracticesalreadyusedtoensureahighleveloferrorcontrolintheaviationsector.
VulnerabilitiesThatBeginWithTheHardware-VamsiGondi,DavidL.White,JillGemmillandChristopherW.Post
DoyoutrustyourIoThardware?Insecurenetworkservices(UPnP),cloudservices,andinsecurewirelesscommunicationsallrepresentvulnerabilities.Hardwaretrojansatthedeviceornetworklevelcanstealsensitiveinformationbyexploitinggapsbetweenwirelessstandards,andthesegapscanbeamplifiedinthepresenceofmultipleintroperablecommunicationprotocols,linksanddevices.Weneedtoaddresstheabilityofdevicestobesensitivetodatamisuse,andtoalerttheuser.
11
Copyright © 2016 IEEE. All rights reserved.
PreparingForTheEraOfConnectedVehiclesAndIntelligentRoadways-MargaretLyell
TheIntelligentTransportationSystem(ITS)andConnectedVehicle(CV)provideasystemslevelexemplaroftheInternetofThings.ITS/CVwillmakeuseofwirelesstechnologiesandembeddeddevicesandalgorithmstocontrolavehicle'sbehaviorwhileintraffic,evenifoverridingdriverinstructions.Providingforsafety,security,privacyandreliabilityisamust,andtheinterfaceofITS/CVwithcurrentbusiness/societalstructures(cardealerships,embeddeddevicemanufacturers,insurancecompanies,etc.)mustbecarefullyworkedthrough.
CentralizedAuthorityToManageSecurityIssuesWithIoTInstallations–Author???
ResourceconstrainedCPUs,memoryandcommunicationcapabilitiescoupledwithlowenergyconsumptionresultinlimitedsecurityusinglow-endalgorithms.Addinthephysicalrisktomonitorsanddata,therisksofthingslikedenialofserviceattacks,andvulnerabilitiesonthecommunicationandapplicationlayers,andtheIoTisvulnerableinmanyways.Thereisaneedforacentralizedfederatedmanagementauthoritytogenerate,distributeandmanagethecredentialsacrosssecuritylayersintheIoTframeworkandacrossmultipleapplicationenvironments.
TheSecurityToSafetyModel-VyacheslavZolotnikov,SemenKort,EkaterinaRudina
Cyberphysicalsystemsexistinatleasttwotypesofenvironment:theinformationalenvironmentandthephysicalenvironment.Issuesmayarisefrombothtypesofenvironmentandaffectphysicalaspects,informationalaspectsandthesystemitself.ConductedresearchhelpsussimplifydeterminingofsignificantthreatsinIoTsystems,identifythepossibleweaknessesinsecuritysolutions,andreasonablyenhancetheapproachtothesecurityandsafetyenforcementusingtheprinciplesofsecurearchitecturaldesign.
SecureDataArchitecture:Ensuringdataintegrityatthebeginningofthescientificworkflow;aMini-ScienceDMZ1(Mini-DMZ)forinstruments-StevenWallace
12
Copyright © 2016 IEEE. All rights reserved.
KeyPointsfromArchitecturalFrameworkBreakoutSession
Whilemanyhavebeentalkingabout“EndtoEndSecurity,”thereal issuetobediscussedforenterpriseuseofIoTis“EndtoEndSecurityandSafety”whichisnotjustanetworkissuereally,ratheritisaboutthesecurityandsafetyofeachoftheelements,eachofthecomponents,theirconnections,howtheyaremaintained,howtheyareused.Weneedtomakesurewedon’tgetfixatedonthe“network”partofIoTonly.
o ThefirstthingwecameupwithisthatforIoT,safetyneedstobeconsideredalongwiththeprivacyandperformance typesof issues (reliabilityand resiliency),andof course securityforthesesystems.
o Thenextthingthatneedstobeaddressedistheliabilityofsoftwaredevelopmentandthesoftwaredrivencapabilitiesofthedevicesthemselves.
Thatleadsusintoamorerigorous,holisticsystemsapproachanddevelopingthatprocess.More specifically, what is the role of policy, both public and private policy, and definingsomegeneralguidelinesandrulesforIoTtypesystems?
A. Issuesofscale–bothscaleupandscaledown
B. Professionalismofthesoftwareworkforceisreallyanopenquestionthatisalmosttheothersideoftheliabilityissue.Everyotherengineeringtradehaslicensing,certifications,andithasahistoryoffailuresandwhatyoudotoresolvethoseandavoidthem
C. Theneedforstandardizationofbestpracticesandreallyknowingthatthingsarenotgoingtofalloverwhenthefirst“wrong”thingcomesatthemorsomethingmalicious.
o IoTisgoingtobeextremelydisruptivetotoday’spolicyregimes.Inanyindustryinanyarea,because there are very entwined groups driving policy, there is going to be a lot ofresistanceandalotofmisunderstanding
13
Copyright © 2016 IEEE. All rights reserved.
Policy&Standards
DevelopingEthicsForAData-DrivenWorld-JohnMurray
Privacyandsecurityhavebeenmuchinthenews,andhaveraisedawarenessnotonlyofhowmuchdataiscollectedbuthowanalyticsuseitwithoutourpermission,resultinginprofiling,surveillance,andsocialdiscrimination.Theeffectofadata-centricapproachcanbeharmfultohumans,andweneedanewapproachinwhichthecollectionandenduseofdataarebothdrivenbyanethical,honestapproach.
ReducingTheThreatAndEnhancingTheOpportunitiesOfDrones-Dr.BertrandCambou
UAVs,unmannedaerialvehicles—betterknownasdrones—makeillegalactivitieseasier;theyalsoofferenormousbenefitstosociety,muchlikecars,telephones,ormanyotherthingswe’vegrownusedtoandforwhichwehavemadepolicies.Fivetechnologicalchangesweresuggestedforhelpingusadapttoanewdroneworld:connectUAV’swirelesslytotheinternet,addasecureelementsuchasaSIMcard,personalizethemusingsecretkeys,hostauthenticationonasecureserverusingPKI,andrequireflightplanningandregistrationviatheweb.
Threenewtechnologyadvancementswerealsosuggested:increasedsecuritytechnologythatpreventstheirbeinghijacked,sensingofaerialvehiclessowarningscanbeissued,andsaferpowersourcesintheformofstructuralsupercapacitors.
AModelForIoTAssurance-EdwardAractingi
TheIoTdidnothavesecurityasafocusinitsdevelopmentalstages.Duetolowpower,minimalcomputingresourcesandslownetworks,theoverheadofencryptionwasabarriertodevelopment,andunderlyingprotocolssuchasHTTPandMQTTlackbuilt-insecurity.It’struethatnotallIoTapplicationsneedthesamelevelofprotection.Butthereisaneedforastandardsystemofsecuritylevelsfordifferentapplications.
RecommendationsincludeusingIPwhitelistingandlowoverheadnetworkACL,consideringtheuseofsessiontokensinReST,usingMACaddressesfordeviceauthentication,usingJSON&XMLencoding,andusingCertificateswhenpossible.There’saneedforcollaborationbetweenorganizationslikeIEEE,Internet2,NISTandotherstosolidifyandcertifytheIoTassurancemodel.
14
Copyright © 2016 IEEE. All rights reserved.
IsIoTGovernanceCreatingAsWellAsSolvingProblems?-MichaelAAisenberg
TheproliferationoforganizationalbodieswhereIoTnormsarebeingdebatedandcreatedreflectsimportantattentionbeingpaidtoanimportantprocess.Buttheabsenceofstandardprocessesforengagement,collaborationorevencommunicationthreatensdevelopmentofinconsistentorconflictingnormsinsomeareas,ortheabsenceofnormsaltogether.Developingnormswillprovidecertaintytostakeholders,enhanceutilityandavailabilityoftechnology,andguideorganizationalandindividualbehavior.
OpenSolutionsForMaintainingPrivacyAndSecurityAcrossDevices,NetworksAndMore -MarkCather
TheInternetofThingscouldgrowto50-200billiondevicesby2020,inmanydifferentareasoflife.Openmulti-vendorsolutionswillbenecessarytomeettheseneeds.Butthereareoftensubcontractorsbehindthesubcontractorsbehindtheleadvendors,andopencommunicationbetweenallofthemisessential,especiallyonsensitivesubjectssuchasprivacy.Opennessinhowdataisusedandprotectedwillbeakeyissue.Taggingtomaintainandshareconsumerpreferenceswillbeanother,andadataownershipandmanagementframeworkwillbeneededtoensuredataownersretaincontroloftheirdata.Andthemaintenanceofsuchsecurityondifferentnetworks—orwhileunconnected—isalsoacrucialconcernthatmustbeconsistentacrossmanufacturersanddevices.
PrivacyAndSecurityStandardsEnsureIoTViability-PamelaGupta
WhataretheproblemsthattheIoTfaces?Itisnotviableorscalablewithouttrust,yetdevelopersaretrainedtofocusnotonthoseissuesbutonfunctionalityandtimetomarket.We’vealreadyseentheseissuesinproductsthatturnedouttohavesecurityproblems,likeSamsungsmartTVsorZ-Waveenableddoorlocks.Weneedstandardsforauthentication,devicesecurity,webinterfaces,cloudinterfaces,3rdpartyAPIs,updatesandotheraspectsofdevices,butmostofall,weneedacultureofapproachingtheecosystemholisticallytoensuresecurityandprivacyfromthebeginning.
SecurityWithoutIoTMandatoryBackdoors-CarlHewitt
Itsoundslikesciencefiction—andforthemomentitstillis,butDARPAisdevelopinganimplantableneuralinterfacefordatatransferbetweenthehumanbrainandthedigitalworld.LongbeforewereachsuchalevelofmedicalIoT,however,theissuesofbackdoorsintotheprivateinformationIoTdevicescollectpresentsitself.Backdoorshelpdevicesinteroperate,buttheyalsonecessarilydecreasesecurity,andruntheriskofharmingeconomicdevelopmentofIoT,hamperingexportsandimports,aswellascreatingcivillibertiesissueswhensomuchdataaboutindividualsisavailablewithoutwarrantstogovernment.
15
Copyright © 2016 IEEE. All rights reserved.
KeyPointsfromPolicy&StandardsBreakoutSession
WhatistheIOT?
o IOTiseverythingandscaleandinterconnectednessmustbeconsideredupfront.
o 50-200BillionDevicesin2020-2025
o TrustwillbeessentialtoIOTgrowth.40%ofconsumerswouldavoidIOTwithoutTrust.
o Vendor-Neutrality,OpennessandInternationalStandardswillbenecessarytoensurethateveryone’sdevicescanworktogetherandprotectTIPPSStogether.
o Devicesinthemselvesarenotrisky.Adevice’sriskisrelatedtohowitisused.Alightbulbinahomeposeslessofarisktolifethanthelightoveranoperatingtable.Youmustunderstandthedevicewithinitsentiresystem.
o Keyprinciples:Trust,Identity,Privacy,Protection,Safety,Security
WithbillionsofdevicesacrosstheIOT,thevolumeofdevicesanddatawilldrowncentralizedarchitecturesandtraditionallyrigidframeworkswillbreak.TheTIPPSSconceptswillneedtobepusheddowntothedevicesinordertoscale.
AllpartsoftheentireIOTdevicemustbeintegratedacrossTIPPSSfromtheperspectiveofprivacyandsecurity.Thedevicehardware,firmware,cloud,mobileapplication,interfaces,software,encryption,authentication,service,everything.
OpenDataControl,Ownership,andDeviceOrganization
AnassociationlayermustbeoverlaidontheopentransportnetworktoprovideTIPPSS,dataownership,compliance,andcontrol.TheAssociationlayerwillallowdevicestorelatetoeachotherinasimilarmannertothewaythatpeoplerelatetoeachother.
ConsumersandIOTdataownersneedtoretaincontroloftheirdataregardlessofwherethedatagoes.
DataOwnershipandTransparency
InordertobuildandmaintaintrustintheIOT,thegovernmentandprivatesectormustactwithethicsandopenlyandtransparentlycommunicatewithconsumers.Transparencycomesinmanyways,suchashowthedataandsystemswillbeusedaswellaschangesinaccesstodataandsystems.
16
Copyright © 2016 IEEE. All rights reserved.
CentralizedOpenCross-VendorTools
Peopledon’tcurrentlypatchandmaintaintheirdevices.Managementofconfiguration,securityandprivacyfactorsrelatedtobillionsofdeviceswilloverloadpeopleifnotautomatedandcentralized.
Policy/Standards/Law/Litigation
Betterpoliciesandstandardsaroundcybersafety,cyberprofiling,cyberprivacyareneeded.DataCentricapproachmaybenecessary.Morecommunicationandcoordinationbetweenstandardsbodies.
HowdoyouincentivizemanufacturersandcompaniestoputresourcesbehindTIPPSS?Vendorsneedtobakesecurityintothesolutionfromtheverybeginning,butwhatwillmotivatethemtodoso?
AssuranceatScalewillbechallenging.MutualagreementisneededtoassurepartiesaboutthesecurityofaparticularIOTimplementation.Industrywideassurancestandardscouldbeawaytostandardizeandprovideapointofreferencetotheindustryandconsumer.Level0barbiedoll(basicauthandencryption->Level5pacemaker2048bitkeys/multifactordevice/userauth,sessioncontrol).
Snowden’sstatementsabouttheNationalSecurityAgency’s(NSA)activitiesareonlyadropinthebucketcomparedtothewhistle-blowerstatementsthatcouldcomeinthefutureifwedon’taddressTIPPSSrightupfront.
17
Copyright © 2016 IEEE. All rights reserved.
ScenariosandUseCases
UsersDon’tConsiderSecurityTheirProblem-LukeRussell
Securityisoftenanafterthoughtinafieldwherethebarrierofentryislow.Theexamplewasmadeofasmartlivingroomwherethehomeownercreatesabuildthatisdistributedtoothers;thesecurityflawsarethusspreadwidely.Wemaygivetoomuchdatatoourconnectedsystemsthroughpersonaltools;yetthepublicexpectseasyaccessibility,andregardssecurityasthedeveloper’sproblem.Privacyandsecuritymustbebuilt-inearlyinthedevelopmentprocess.
Consumer-Oriented,Closed-LoopSystemsAreVulnerable-MartinMurillo
AsconsumersystemsinareaslikepowerandcommunicationmovefromindustrialcontroltobeingIoT-based,theyarevulnerableinnewways,fromtechnicalfailuretoattacks.TheNortheastblackoutof2003isanexamplewhereasoftwarebugledtovulnerability,withnoalertsysteminplace.
SmartGridSecurityChallengesComeFromManyDirections-RezaArghandeh
Software,IThardware,powersystems,andnotleasthumansallrepresentpotentialsecurityriskpoints.Asaresult,there’saneedforsystem-widesecuritythatreflectsbothcybersecurityandcyber-physicalsystemssecurity;therewasanexampleinTurkeyinMarch2015,wheretheattempttoshutdowntwosubstationsknockedoutpowerforanentireregion.Answerswillincludeavulnerabilityassessmenttoidentifykeyriskpoints,andalgorithmstocreatesituationalawarenesstodetectnewformsofattacks.
PrivacyNeedsCallForPrivacyMediators-NigelDavies
PrivacyconcernsaboutthecentralizationofIoTsystemsareagrowingthreattoIoTadoption,whichcarrythepossibilityofstallingitsacceptancebyawidermarketplace.Onekeyprincipleisthatusersshouldbeabletocontrolthereleaseoftheirowndata.Privacymediatorswouldadvocateonbehalfofusersandcreatealayerbetweenpersonaldataandthecloudcalledcloudlets,whiletoolswouldenableuserstocontrolanonymizationanddeletion.
VehiclesProvideAUniqueSetOfPrivacyConcerns-Dr.GeorgeCorser
Vehiclesareoutintheopenandsoisthedatatheycreate.Weneedstandardsandguidelinesforhowthatdataislinkedbacktoindividualsandused.Yetsomedegreeofopenidentityisneededtoensurevehiclesafety.Weneednewmetricsforprivacyindrivingsituations,anddefinitionsoflocationprivacyandcontinuouspreciselocationprivacy.
18
Copyright © 2016 IEEE. All rights reserved.
RoleOfIoTAnalytics-DrivenWarningOfAccidentsAndOtherEvents-RabiChakraborty
IoTanalyticscanbeusedforsafetymanagement,environmentalprotectionandresourcepreservation,warningwhereincidentsaremostlikelytohappenbasedonobservednoncompliancedata.Whereforewarningisbasedonpastexperience(i.e.,thatfailurecanbeexpectedafteracertainamountoftime),event-drivenpredictionisbasedonobserveddata(thataspecificdevicebeingmonitoredisclosetofailing).Thisdatacanalsobeusedtoinformpublicpolicyandregulation;examplesincludeoilandgas(pipelineandstoragemonitors),agriculture(trackingchemicalusagedata),andsmartwater(predictiveanalyticsprotectingagainstwaste,leakageandsabotage).
DefiningOurselvesByOurData-RonWinward
Ouronlinepresencedefineswhowearenotonlytoourfriends,butalsotobusinessandindustry.Wearedefinedbyourdata.YetourprivacyisweaklydefinedinU.S.law,incontrasttomanyothers.Andwehavegrowncomfortablewithallowingagreatdealofdatacollection—andevenriskofthingslikeransomware—inreturnfortheconvenienceofonlinelife.Intheend,automationisboththethreatandthesolution.
19
Copyright © 2016 IEEE. All rights reserved.
KeyObservationsfromBrainstormingSessions
o Policymovesslowlyandinresponsetointerestgroupsandpositions;productsarebeingcreatedmoreandmorequickly.
o Developersneedtoknowtheyhaveresponsibilityforprivacy,securityandtrust.
o Differentindustriesneedtoworktowardcommongoalswithindifferentregulatoryframeworksandwithdifferentgovernmentalbodies.
o Makersanddo-it-yourselfershavetobeeducatedastoprivacy/securityneedswithoutimpedinginnovation.
o Cansecurity,privacyandethicsbebuiltintosystemsanddevelopertools?
o Technologistsneedtoleadthecreationofdefinitions,whilereflectinglocalcultures/legalsystems.
Top Related