SlideShare a Scribd company logo

The Internet of Things: Privacy and Security Issues

European Union Agency for Network and Information Security (ENISA)
European Union Agency for Network and Information Security (ENISA)

The Internet of Things: Privacy and Security Issues, Stefan Schiffner NIS expert, ENISA

Internet
1 of 21
The Internet of Things: Privacy and Security Issues Stefan Schiffner NIS expert, ENISA European Union Agency for Network and Information Security www.enisa.europa.eu
ENISA’’s Mission European Union Agency for Network and Information Security www.enisa.europa.eu
Securing Europe’s Information Society Operational Office in Athens Seat in Heraklion European Union Agency for Network and Information Security www.enisa.europa.eu
ENISA activities Policy Recommendations Implementation Mobilising Communities Hands on European Union Agency for Network and Information Security www.enisa.europa.eu
Privacy in the internet of things European Union Agency for Network and Information Security www.enisa.europa.eu
What is the internet of things? • Network of interconnected objects for data processing – Cyber physical – Self configuration • Specialized & Embedded – Seamless integration – Reduced HCI • Multiple stake holders – For common or individual goals • Integrated in legacy systems O i i d d t i f t t • Or in independent infrastructure European Union Agency for Network and Information Security www.enisa.europa.eu 6
Privacy concerns • An object can reveal information about the individual • IoT introduces new ways of collecting and processing such information from objects: – collection of data from different sources – correlation and association – > abuse potential S i i d h • Storing is easy and cheap European Union Agency for Network and Information Security www.enisa.europa.eu 7
Security concerns • Objects are small and everywhere – Prone to environmental influences – Unprotected places (unnoticed manipulation) – Weak calculation power (limited crypto) • Autonomous – Acting without user awareness European Union Agency for Network and Information Security www.enisa.europa.eu 8
The data protection challenge and requirements European Union Agency for Network and Information Security www.enisa.europa.eu
Trust assumption for crypto trusted environment trusted environment protected communication adversairial environment European Union Agency for Network and Information Security www.enisa.europa.eu 10
Security silos • The world is divided in In and Out group • They might be nested and intersecting • complex structures • Rather static •• Administrative overhead • Fragile European Union Agency for Network and Information Security www.enisa.europa.eu 11
To avoid new silos we need: • Reduction of management burden wrt security and privacy policies • Dynamic Automatic negotiation of policies •• Resilience • Leads to new (priority) of requirements European Union Agency for Network and Information Security www.enisa.europa.eu 12
Control • How to obtain informed consent? – How can information be presented? – How can individuals have overall control over their data? European Union Agency for Network and Information Security www.enisa.europa.eu 13
Liability and enforcement • Who is responsible • How can rights be exercised – access, deletion • How can data be safeguarded – Detection of attacks and damages European Union Agency for Network and Information Security www.enisa.europa.eu 14
Data Protection requirements • Privacy & security by design • Purpose limitation – no use beyond predefined purposes • Data minimization: – collect & process only necessary data – anonymize or delete data after use • Distributed protection models – move away from walled gardens – multi layer security – Resilience • Automated decisions European Union Agency for Network and Information Security www.enisa.europa.eu 15
The role and needs for standards • Privacy – as part of the IoT ontologies and semantics • New protection protocols • As an integral control mechanism for the development and implementation of M2M architectures European Union Agency for Network and Information Security www.enisa.europa.eu 16
ENISA’s work on IoT & data protection European Union Agency for Network and Information Security www.enisa.europa.eu
ENISA activities Policy Recommendations Implementation Mobilising Communities Hands on European Union Agency for Network and Information Security www.enisa.europa.eu
Current activities • Support all involved stakeholders in the translation of legal requirements to technical solutions: • Privacy by design and by default – Technical tools and mechanisms for information and control – Privacy Principles – Anonymisation and pseudonymisation techniques • Technical protection measures – Cryptographic algorithms, parameters, key sizes European Union Agency for Network and Information Security www.enisa.europa.eu 19
Published Reports – Survey of accountability, trust, consent, tracking, security and privacy mechanisms in online environments (2011) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/survey‐pat – Privacy, Accountability and Trust – Challenges and Opportunities (2011) http://www.enisa.europa.eu/activities/identity‐and‐trust/privacy‐and‐trust/pat/activities‐initiated‐in‐2010 – Bittersweet cookies. Some security and privacy considerations (2011) http://www enisa europa www.enisa.europa.eu/activities/identity‐and‐trust/library/pp/cookies – Study on the use of cryptographic techniques in Europe (2011) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/the‐use‐of‐cryptographic‐techniques‐in‐europe – Report on trust and reputation models (2011) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/trust‐and‐reputation‐models – Study on monetising privacy. An economic model for pricing personal information (2012) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/monetising‐privacy – Study on data collection and storage in the EU (2012) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/data‐collection – Privacy considerations of online behavioural tracking (2012) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/privacy‐considerations‐of‐online‐behavioural‐tracking – The right to be forgotten – between expectations and practice (2012) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/the‐right‐to‐be‐forgotten – Security certification practice in the EU ‐ Information Security Management Systems ‐ A case study (November,2013) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/security‐certification‐practice‐in‐the‐eu‐information‐security‐management‐systems‐a‐case‐study – Algorithms, Key Sizes and Parameters Report. 2013 Recommendations (October 2013) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/algorithms‐key‐sizes‐and‐parameters‐report – Recommended cryptographic measures ‐ Securing personal data (November 2013) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/recommended‐cryptographic‐measures‐securing‐personal‐data – Securing personal data in the context of data retention. Analysis and recommendations (December 2013) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/securing‐personal‐data‐in‐the‐context‐of‐data‐retention – On the security, privacy and usability of online seals. An overview . (December 2013) http://www www.enisa enisa.europa europa.eu/activities/identity identity‐and and‐trust/library/deliverables/on on‐the the‐security security‐privacy privacy‐and and‐usability usability‐of of‐online online‐seals European Union Agency for Network and Information Security www.enisa.europa.eu 20
Thank you very much for your attention Follow ENISA: European Union Agency for Network and Information Security www.enisa.europa.eu

Recommended

A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTUniversity of Ontario Institute of Technology (UOIT)
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issuesAnastasios Economides
 
Security of iot device
Security of iot deviceSecurity of iot device
Security of iot deviceMayank Pandey
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of thingssreelekha appakondappagari
 
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...CableLabs
 

Recommended

A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTUniversity of Ontario Institute of Technology (UOIT)
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issuesAnastasios Economides
 
Security of iot device
Security of iot deviceSecurity of iot device
Security of iot deviceMayank Pandey
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of thingssreelekha appakondappagari
 
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...CableLabs
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTAutomatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTautomatskicorporation
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prustyamarprusty
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015Hildebrand Technology
 
Security in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) EcosystemSecurity in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) Ecosystemrahulbindra
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security ElementsEurotech
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot securityUsman Anjum
 
IoT Security
IoT SecurityIoT Security
IoT SecurityPeter Waher
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesDenim Group
 
Security and Privacy Issues in IoT Environment
Security and Privacy Issues in IoT EnvironmentSecurity and Privacy Issues in IoT Environment
Security and Privacy Issues in IoT EnvironmentDr. Amarjeet Singh
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
 
Cyber Security - ICCT Colleges
Cyber Security - ICCT CollegesCyber Security - ICCT Colleges
Cyber Security - ICCT CollegesPotato
 
Iot and ethics
Iot and ethicsIot and ethics
Iot and ethicsErling Hesselberg
 
Wearable Technology for Enhanced Security.
Wearable Technology for Enhanced Security.Wearable Technology for Enhanced Security.
Wearable Technology for Enhanced Security.Dr. Michael Agbaje
 
Internet of things security challenges
Internet of things security challengesInternet of things security challenges
Internet of things security challengesHadi Fadlallah
 
Internet of things
Internet of thingsInternet of things
Internet of thingsvarungoyal98
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkClearnetwork
 
IoT security presented in Ada's List Conference
IoT security presented in Ada's List ConferenceIoT security presented in Ada's List Conference
IoT security presented in Ada's List ConferenceCigdem Sengul
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)SecPod Technologies
 
Trustworthy infrastructure for personal data management
Trustworthy infrastructure for personal data management Trustworthy infrastructure for personal data management
Trustworthy infrastructure for personal data management European Union Agency for Network and Information Security (ENISA)
 
Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure Protecting Europe's Network Infrastructure
Protecting Europe's Network InfrastructureEuropean Union Agency for Network and Information Security (ENISA)
 

More Related Content

What's hot

IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTAutomatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTautomatskicorporation
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prustyamarprusty
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015Hildebrand Technology
 
Security in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) EcosystemSecurity in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) Ecosystemrahulbindra
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security ElementsEurotech
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot securityUsman Anjum
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesDenim Group
 
Security and Privacy Issues in IoT Environment
Security and Privacy Issues in IoT EnvironmentSecurity and Privacy Issues in IoT Environment
Security and Privacy Issues in IoT EnvironmentDr. Amarjeet Singh
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
 
Cyber Security - ICCT Colleges
Cyber Security - ICCT CollegesCyber Security - ICCT Colleges
Cyber Security - ICCT CollegesPotato
 
Wearable Technology for Enhanced Security.
Wearable Technology for Enhanced Security.Wearable Technology for Enhanced Security.
Wearable Technology for Enhanced Security.Dr. Michael Agbaje
 
Internet of things security challenges
Internet of things security challengesInternet of things security challenges
Internet of things security challengesHadi Fadlallah
 
Internet of things
Internet of thingsInternet of things
Internet of thingsvarungoyal98
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkClearnetwork
 
IoT security presented in Ada's List Conference
IoT security presented in Ada's List ConferenceIoT security presented in Ada's List Conference
IoT security presented in Ada's List ConferenceCigdem Sengul
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)SecPod Technologies
 

What's hot (20)

IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTAutomatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoT
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prusty
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015
 
Security in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) EcosystemSecurity in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) Ecosystem
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security Elements
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot security
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
 
Security and Privacy Issues in IoT Environment
Security and Privacy Issues in IoT EnvironmentSecurity and Privacy Issues in IoT Environment
Security and Privacy Issues in IoT Environment
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
 
Cyber Security - ICCT Colleges
Cyber Security - ICCT CollegesCyber Security - ICCT Colleges
Cyber Security - ICCT Colleges
 
Iot and ethics
Iot and ethicsIot and ethics
Iot and ethics
 
Wearable Technology for Enhanced Security.
Wearable Technology for Enhanced Security.Wearable Technology for Enhanced Security.
Wearable Technology for Enhanced Security.
 
Internet of things security challenges
Internet of things security challengesInternet of things security challenges
Internet of things security challenges
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by Clearnetwork
 
IoT security presented in Ada's List Conference
IoT security presented in Ada's List ConferenceIoT security presented in Ada's List Conference
IoT security presented in Ada's List Conference
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)
 

Similar to The Internet of Things: Privacy and Security Issues

The European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaThe European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaEUBrasilCloudFORUM .
 
BigDataEurope - Big Data & Transport
BigDataEurope - Big Data & TransportBigDataEurope - Big Data & Transport
BigDataEurope - Big Data & TransportBigData_Europe
 
Cybercrime Risks Eu
Cybercrime Risks EuCybercrime Risks Eu
Cybercrime Risks Eumanelmedina
 
PrivacyOS2009
PrivacyOS2009PrivacyOS2009
PrivacyOS2009ULD62
 
28032012 Jacques Bus Privacy en Identiteit in Europese richtlijnen en program...
28032012 Jacques Bus Privacy en Identiteit in Europese richtlijnen en program...28032012 Jacques Bus Privacy en Identiteit in Europese richtlijnen en program...
28032012 Jacques Bus Privacy en Identiteit in Europese richtlijnen en program...Stichting ePortfolio Support
 
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...BigData_Europe
 
Isoc2011 new release
Isoc2011 new releaseIsoc2011 new release
Isoc2011 new releaseElena Zvarici
 
North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...DATA SECURITY SOLUTIONS
 
Smartie - Project overview
Smartie - Project overview Smartie - Project overview
Smartie - Project overview DunavNET
 

Similar to The Internet of Things: Privacy and Security Issues (20)

Trustworthy infrastructure for personal data management
Trustworthy infrastructure for personal data management Trustworthy infrastructure for personal data management
Trustworthy infrastructure for personal data management
 
Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure
 
The European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaThe European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agenda
 
Resilience of the Interdomain Routing System
Resilience of the Interdomain Routing System Resilience of the Interdomain Routing System
Resilience of the Interdomain Routing System
 
European priorities in information security
European priorities in information securityEuropean priorities in information security
European priorities in information security
 
BigDataEurope - Big Data & Transport
BigDataEurope - Big Data & TransportBigDataEurope - Big Data & Transport
BigDataEurope - Big Data & Transport
 
Enisa and cyber security standards
Enisa and cyber security standardsEnisa and cyber security standards
Enisa and cyber security standards
 
FIRE overview
FIRE overviewFIRE overview
FIRE overview
 
Steve Purser
Steve Purser Steve Purser
Steve Purser
 
European Critical Internet Infrastructure: past, present and future challenges
European Critical Internet Infrastructure: past, present and future challengesEuropean Critical Internet Infrastructure: past, present and future challenges
European Critical Internet Infrastructure: past, present and future challenges
 
Cybercrime Risks Eu
Cybercrime Risks EuCybercrime Risks Eu
Cybercrime Risks Eu
 
PrivacyOS2009
PrivacyOS2009PrivacyOS2009
PrivacyOS2009
 
28032012 Jacques Bus Privacy en Identiteit in Europese richtlijnen en program...
28032012 Jacques Bus Privacy en Identiteit in Europese richtlijnen en program...28032012 Jacques Bus Privacy en Identiteit in Europese richtlijnen en program...
28032012 Jacques Bus Privacy en Identiteit in Europese richtlijnen en program...
 
EU data protection issues in IoT
EU data protection issues in IoTEU data protection issues in IoT
EU data protection issues in IoT
 
Day 02 - EDPS Technology & Privacy unit.pdf
Day 02 - EDPS Technology & Privacy unit.pdfDay 02 - EDPS Technology & Privacy unit.pdf
Day 02 - EDPS Technology & Privacy unit.pdf
 
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
 
Gérald Santucci
Gérald SantucciGérald Santucci
Gérald Santucci
 
Isoc2011 new release
Isoc2011 new releaseIsoc2011 new release
Isoc2011 new release
 
North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...
 
Smartie - Project overview
Smartie - Project overview Smartie - Project overview
Smartie - Project overview
 

Recently uploaded

Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 

Recently uploaded (20)

Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 

The Internet of Things: Privacy and Security Issues

  • 1. The Internet of Things: Privacy and Security Issues Stefan Schiffner NIS expert, ENISA European Union Agency for Network and Information Security www.enisa.europa.eu
  • 2. ENISA’’s Mission European Union Agency for Network and Information Security www.enisa.europa.eu
  • 3. Securing Europe’s Information Society Operational Office in Athens Seat in Heraklion European Union Agency for Network and Information Security www.enisa.europa.eu
  • 4. ENISA activities Policy Recommendations Implementation Mobilising Communities Hands on European Union Agency for Network and Information Security www.enisa.europa.eu
  • 5. Privacy in the internet of things European Union Agency for Network and Information Security www.enisa.europa.eu
  • 6. What is the internet of things? • Network of interconnected objects for data processing – Cyber physical – Self configuration • Specialized & Embedded – Seamless integration – Reduced HCI • Multiple stake holders – For common or individual goals • Integrated in legacy systems O i i d d t i f t t • Or in independent infrastructure European Union Agency for Network and Information Security www.enisa.europa.eu 6
  • 7. Privacy concerns • An object can reveal information about the individual • IoT introduces new ways of collecting and processing such information from objects: – collection of data from different sources – correlation and association – > abuse potential S i i d h • Storing is easy and cheap European Union Agency for Network and Information Security www.enisa.europa.eu 7
  • 8. Security concerns • Objects are small and everywhere – Prone to environmental influences – Unprotected places (unnoticed manipulation) – Weak calculation power (limited crypto) • Autonomous – Acting without user awareness European Union Agency for Network and Information Security www.enisa.europa.eu 8
  • 9. The data protection challenge and requirements European Union Agency for Network and Information Security www.enisa.europa.eu
  • 10. Trust assumption for crypto trusted environment trusted environment protected communication adversairial environment European Union Agency for Network and Information Security www.enisa.europa.eu 10
  • 11. Security silos • The world is divided in In and Out group • They might be nested and intersecting • complex structures • Rather static •• Administrative overhead • Fragile European Union Agency for Network and Information Security www.enisa.europa.eu 11
  • 12. To avoid new silos we need: • Reduction of management burden wrt security and privacy policies • Dynamic Automatic negotiation of policies •• Resilience • Leads to new (priority) of requirements European Union Agency for Network and Information Security www.enisa.europa.eu 12
  • 13. Control • How to obtain informed consent? – How can information be presented? – How can individuals have overall control over their data? European Union Agency for Network and Information Security www.enisa.europa.eu 13
  • 14. Liability and enforcement • Who is responsible • How can rights be exercised – access, deletion • How can data be safeguarded – Detection of attacks and damages European Union Agency for Network and Information Security www.enisa.europa.eu 14
  • 15. Data Protection requirements • Privacy & security by design • Purpose limitation – no use beyond predefined purposes • Data minimization: – collect & process only necessary data – anonymize or delete data after use • Distributed protection models – move away from walled gardens – multi layer security – Resilience • Automated decisions European Union Agency for Network and Information Security www.enisa.europa.eu 15
  • 16. The role and needs for standards • Privacy – as part of the IoT ontologies and semantics • New protection protocols • As an integral control mechanism for the development and implementation of M2M architectures European Union Agency for Network and Information Security www.enisa.europa.eu 16
  • 17. ENISA’s work on IoT & data protection European Union Agency for Network and Information Security www.enisa.europa.eu
  • 18. ENISA activities Policy Recommendations Implementation Mobilising Communities Hands on European Union Agency for Network and Information Security www.enisa.europa.eu
  • 19. Current activities • Support all involved stakeholders in the translation of legal requirements to technical solutions: • Privacy by design and by default – Technical tools and mechanisms for information and control – Privacy Principles – Anonymisation and pseudonymisation techniques • Technical protection measures – Cryptographic algorithms, parameters, key sizes European Union Agency for Network and Information Security www.enisa.europa.eu 19
  • 20. Published Reports – Survey of accountability, trust, consent, tracking, security and privacy mechanisms in online environments (2011) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/survey‐pat – Privacy, Accountability and Trust – Challenges and Opportunities (2011) http://www.enisa.europa.eu/activities/identity‐and‐trust/privacy‐and‐trust/pat/activities‐initiated‐in‐2010 – Bittersweet cookies. Some security and privacy considerations (2011) http://www enisa europa www.enisa.europa.eu/activities/identity‐and‐trust/library/pp/cookies – Study on the use of cryptographic techniques in Europe (2011) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/the‐use‐of‐cryptographic‐techniques‐in‐europe – Report on trust and reputation models (2011) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/trust‐and‐reputation‐models – Study on monetising privacy. An economic model for pricing personal information (2012) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/monetising‐privacy – Study on data collection and storage in the EU (2012) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/data‐collection – Privacy considerations of online behavioural tracking (2012) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/privacy‐considerations‐of‐online‐behavioural‐tracking – The right to be forgotten – between expectations and practice (2012) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/the‐right‐to‐be‐forgotten – Security certification practice in the EU ‐ Information Security Management Systems ‐ A case study (November,2013) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/security‐certification‐practice‐in‐the‐eu‐information‐security‐management‐systems‐a‐case‐study – Algorithms, Key Sizes and Parameters Report. 2013 Recommendations (October 2013) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/algorithms‐key‐sizes‐and‐parameters‐report – Recommended cryptographic measures ‐ Securing personal data (November 2013) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/recommended‐cryptographic‐measures‐securing‐personal‐data – Securing personal data in the context of data retention. Analysis and recommendations (December 2013) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/securing‐personal‐data‐in‐the‐context‐of‐data‐retention – On the security, privacy and usability of online seals. An overview . (December 2013) http://www www.enisa enisa.europa europa.eu/activities/identity identity‐and and‐trust/library/deliverables/on on‐the the‐security security‐privacy privacy‐and and‐usability usability‐of of‐online online‐seals European Union Agency for Network and Information Security www.enisa.europa.eu 20
  • 21. Thank you very much for your attention Follow ENISA: European Union Agency for Network and Information Security www.enisa.europa.eu