SlideShare a Scribd company logo

IoT: Privacy and security considerations in the Internet of Things

Download as PPTX, PDF
Yves Goeleven
Yves Goeleven

This document discusses privacy and security considerations for the Internet of Things (IoT). It outlines several dangers posed by IoT devices, including lack of physical and virtual security, potential for tampering, and privacy issues if personal data is not properly protected or consent is not obtained. The document then provides options for improving IoT security, such as preventing physical/virtual access, detecting tampering, tracking device identities, analyzing behavior for anomalies, and blocking compromised devices. It also discusses challenges of encryption for low-power devices and the importance of data privacy laws and user consent. Overall, the document examines both security and privacy risks posed by IoT and potential strategies to address them.

TechnologyBusiness
1 of 60
Yves Goeleven #IoT: Privacy and security considerations Thanks to
Yves Goeleven • Founder of MessageHandler.net – Shipping software since 2001 – Windows Azure MVP – Developer on NServiceBus 2
Exhibition theater @ kinepolis
Agenda • Why this talk? • What are the dangers? • Security options • Privacy options 4
Agenda Why this talk? 5
6
7
You might just leave this session with more questions than answers
Talk! Let’s start a conversation! 11
Challenge! I challenge anyone to do a follow up session with your own questions and ideas. 12
Agenda What are the dangers? 13
14 Internet of Things
15
What are the dangers? Personal 17
& invisible
White lies are the common decency holding us together 20
Agenda What can we do? 22
Security options • Prevent physical access – Behind locked doors – Secure casing – Do not expose physical ports (usb, ethernet, ...) 24
Security options • Prevent virtual access – Do not open inbound ports – Design without ’listeners’ or ‘servers’ on the devices – Instead use ‘workers’ or ‘agents’ and remote queues with outbound connections only 25
26
Security options • Prevent physical tampering – Seals, markers – Alarms – Camera’s 27
Security options • Prevent virtual tampering – Bootloader in chip or ROM, checks firmware origin before loading into RAM – Note: Updating (incl. security fixes) now just got a lot harder though 28
Security options • Keep track of device identity – Let devices register themselves/call home – Do this on boot & periodically 30
Security options • Analyze device behavior – Include device specific & variable information – Analyze it server side to detect hacked or spoofed devices 31
Security options • Block compromised devices – Access control lists – Protocol/package filtering – Signal Jamming – Unplug the power – On the device, or a specialized device 32
Security options • Many low-power devices cannot encrypt data using standard encryption techniques – Not enough memory – Drains battery too fast 34
Security options • Do not store unencrypted data – On publicly accessible devices – Better send it elsewhere, unencrypted if needed, to store it safely 35
Security options • Do not send unencrypted data over long distances – Use a local ‘gateway’, a powerfull local device to encrypt it on behalf of dumb devices 36
Security options • Use alternative encryption & data mangling strategies – Signed at the foundry, if you can live with lock-in – Ciphers, hashes & arithmetic algorithms 37
Security options • Audit your physical environment – Know which devices are ‘smart’ – And how they communicate – Include all technologies (IR, RF, Bluetooth) 39
Security options • Spy on your things – Intercept communication between your ‘things’ – Analyze the communication & detect anomalies 40
Security options • Physical canary – Apply ‘social control’ amongst devices – Let devices report that other devices are talking to them inappropriately 41
Internet of things, reference architecture 42
Privacy options • There are privacy laws – Make sure not to break these! – Do not store, send or process information that you’re not allowed to – http://en.wikipedia.org/wiki/Data_Protection_Directiv e 44
Privacy options • Is it clear what laws apply when? – Multinationals spread across different countries – Difference in laws where data is collected vs data is processed or stored – US vs EU: direct conflict 45
Privacy options • Trust is paramount for adoption of IoT – Make it your policy not to break it – People may choose not to buy products from violators 48
Privacy options • Question is: is this really true? – Facebook is huge, yet no one trusts them (I hope) – Will convenience win over privacy concerns for majority of people? 49
Privacy options • Build trust by asking for user consent – On data collection devices – Oauth great for this!? – But how about devices without a screen? 50
Privacy options • And how about exchanging and correlating information with 3rd parties in backend? – Need for federated authorization? – With context? – F.e. I allow you to analyse my energy consumption, send the results to government, but not to utility? 52
55 Loyalty plan Give me your address and you'll get 10% off on your next pair of jeans…
Other things we can do? There’s a lot we can do 56
Other things we can do? Also a lot of open questions 57
Other things we can do? But maybe consumers just don’t care (aren’t prepared to pay for it?) 58
Other things we can do? What do you think? 59
60 A big thank you to our sponsors Gold Partners Silver & Track Partners Platinum Partners

Recommended

Privacy
PrivacyPrivacy
PrivacyTalha Mudassar
 
ADD2016
ADD2016ADD2016
ADD2016Tom Ripley
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingSamip Shah
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityantitree
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embeddedantitree
 
"Hacking"
"Hacking""Hacking"
"Hacking"Ameesha Indusarani
 
Computer forensics and investigation module 1 topic 2
Computer forensics and investigation module 1 topic 2Computer forensics and investigation module 1 topic 2
Computer forensics and investigation module 1 topic 2Neha Raju k
 
Basic penetration testing & Ethical Hacking 2nd module
Basic penetration testing & Ethical Hacking 2nd module Basic penetration testing & Ethical Hacking 2nd module
Basic penetration testing & Ethical Hacking 2nd module ankit sarode
 

Recommended

Privacy
PrivacyPrivacy
PrivacyTalha Mudassar
 
ADD2016
ADD2016ADD2016
ADD2016Tom Ripley
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingSamip Shah
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityantitree
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embeddedantitree
 
"Hacking"
"Hacking""Hacking"
"Hacking"Ameesha Indusarani
 
Computer forensics and investigation module 1 topic 2
Computer forensics and investigation module 1 topic 2Computer forensics and investigation module 1 topic 2
Computer forensics and investigation module 1 topic 2Neha Raju k
 
Basic penetration testing & Ethical Hacking 2nd module
Basic penetration testing & Ethical Hacking 2nd module Basic penetration testing & Ethical Hacking 2nd module
Basic penetration testing & Ethical Hacking 2nd module ankit sarode
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actorsOWASP EEE
 
ethical Hacking [007]
ethical Hacking [007]ethical Hacking [007]
ethical Hacking [007]SiddheshPowar
 
The Internet of Things and You
The Internet of Things and YouThe Internet of Things and You
The Internet of Things and YouTechWell
 
Information technology Vs Information security
Information technology Vs Information securityInformation technology Vs Information security
Information technology Vs Information securityS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
The State Department and Net Freedom: A year of great challenges & opportunities
The State Department and Net Freedom: A year of great challenges & opportunitiesThe State Department and Net Freedom: A year of great challenges & opportunities
The State Department and Net Freedom: A year of great challenges & opportunitiesFreedom House
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and InvestigationNeha Raju k
 
Information security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information securityInformation security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information securityNeha Raju k
 
ISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_IntindoloISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_IntindoloJohn Intindolo
 
Lect 6 computer forensics
Lect 6 computer forensicsLect 6 computer forensics
Lect 6 computer forensicsKabul Education University
 
Open Access: Data Protection, Storage and Sharing
Open Access: Data Protection, Storage and SharingOpen Access: Data Protection, Storage and Sharing
Open Access: Data Protection, Storage and SharingOpenExeter
 
Codebits 2011
Codebits 2011Codebits 2011
Codebits 2011Martin Paljak
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingSourabh Goyal
 
Confidentiality
ConfidentialityConfidentiality
Confidentialityizzati masturah
 
Hacking
HackingHacking
HackingNarendraGadde2
 
OSINT
OSINTOSINT
OSINTApurv Singh Gautam
 
Phone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden historyPhone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden historyDavid Rogers
 
Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)n|u - The Open Security Community
 
Security and privacy for journalists
Security and privacy for journalistsSecurity and privacy for journalists
Security and privacy for journalistsJillian York
 
Internet of things
Internet of thingsInternet of things
Internet of thingsnrjoshiee
 
Data Ownership & Trust in the IoT
Data Ownership & Trust in the IoTData Ownership & Trust in the IoT
Data Ownership & Trust in the IoTAGILE IoT
 
[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...
[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...
[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...Solace
 
The Prospect of IoT in the Oil & Gas
The Prospect of IoT in the Oil & Gas The Prospect of IoT in the Oil & Gas
The Prospect of IoT in the Oil & Gas Ghazi Wadi, PMP
 

More Related Content

What's hot

[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actorsOWASP EEE
 
ethical Hacking [007]
ethical Hacking [007]ethical Hacking [007]
ethical Hacking [007]SiddheshPowar
 
The Internet of Things and You
The Internet of Things and YouThe Internet of Things and You
The Internet of Things and YouTechWell
 
The State Department and Net Freedom: A year of great challenges & opportunities
The State Department and Net Freedom: A year of great challenges & opportunitiesThe State Department and Net Freedom: A year of great challenges & opportunities
The State Department and Net Freedom: A year of great challenges & opportunitiesFreedom House
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and InvestigationNeha Raju k
 
Information security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information securityInformation security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information securityNeha Raju k
 
ISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_IntindoloISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_IntindoloJohn Intindolo
 
Open Access: Data Protection, Storage and Sharing
Open Access: Data Protection, Storage and SharingOpen Access: Data Protection, Storage and Sharing
Open Access: Data Protection, Storage and SharingOpenExeter
 
Phone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden historyPhone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden historyDavid Rogers
 
Security and privacy for journalists
Security and privacy for journalistsSecurity and privacy for journalists
Security and privacy for journalistsJillian York
 
Internet of things
Internet of thingsInternet of things
Internet of thingsnrjoshiee
 

What's hot (19)

[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors
 
ethical Hacking [007]
ethical Hacking [007]ethical Hacking [007]
ethical Hacking [007]
 
The Internet of Things and You
The Internet of Things and YouThe Internet of Things and You
The Internet of Things and You
 
Information technology Vs Information security
Information technology Vs Information securityInformation technology Vs Information security
Information technology Vs Information security
 
The State Department and Net Freedom: A year of great challenges & opportunities
The State Department and Net Freedom: A year of great challenges & opportunitiesThe State Department and Net Freedom: A year of great challenges & opportunities
The State Department and Net Freedom: A year of great challenges & opportunities
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and Investigation
 
Information security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information securityInformation security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information security
 
ISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_IntindoloISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
ISSC455_Week6_Project_PowerPoint_Presentation_Intindolo
 
Lect 6 computer forensics
Lect 6 computer forensicsLect 6 computer forensics
Lect 6 computer forensics
 
Open Access: Data Protection, Storage and Sharing
Open Access: Data Protection, Storage and SharingOpen Access: Data Protection, Storage and Sharing
Open Access: Data Protection, Storage and Sharing
 
Codebits 2011
Codebits 2011Codebits 2011
Codebits 2011
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
Hacking
HackingHacking
Hacking
 
OSINT
OSINTOSINT
OSINT
 
Phone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden historyPhone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden history
 
Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Security and privacy for journalists
Security and privacy for journalistsSecurity and privacy for journalists
Security and privacy for journalists
 
Internet of things
Internet of thingsInternet of things
Internet of things
 

Viewers also liked

Data Ownership & Trust in the IoT
Data Ownership & Trust in the IoTData Ownership & Trust in the IoT
Data Ownership & Trust in the IoTAGILE IoT
 
[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...
[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...
[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...Solace
 
The Prospect of IoT in the Oil & Gas
The Prospect of IoT in the Oil & Gas The Prospect of IoT in the Oil & Gas
The Prospect of IoT in the Oil & Gas Ghazi Wadi, PMP
 
HP Iot platform and solution plans
HP Iot platform and solution plansHP Iot platform and solution plans
HP Iot platform and solution plansJeff Edlund
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoTJinia Bhowmik
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 
IoT Standardization and Implementation Challenges
IoT Standardization and Implementation ChallengesIoT Standardization and Implementation Challenges
IoT Standardization and Implementation ChallengesAhmed Banafa
 
IoT and the Oil & Gas industry at M2M Oil & Gas 2014 in London
IoT and the Oil & Gas industry at M2M Oil & Gas 2014 in LondonIoT and the Oil & Gas industry at M2M Oil & Gas 2014 in London
IoT and the Oil & Gas industry at M2M Oil & Gas 2014 in LondonEurotech
 
IoT implementation and Challenges
IoT implementation and ChallengesIoT implementation and Challenges
IoT implementation and ChallengesAhmed Banafa
 
Privacy, Drones, and IoT
Privacy, Drones, and IoTPrivacy, Drones, and IoT
Privacy, Drones, and IoTLAURA VIVET
 
Key Data Management Requirements for the IoT
Key Data Management Requirements for the IoTKey Data Management Requirements for the IoT
Key Data Management Requirements for the IoTMongoDB
 
IOT Factory - Open IOT Platform & Startup Studio
IOT Factory - Open IOT Platform & Startup StudioIOT Factory - Open IOT Platform & Startup Studio
IOT Factory - Open IOT Platform & Startup StudioLionel Anciaux
 
Big data and value creation
Big data and value creationBig data and value creation
Big data and value creationRichard Vidgen
 
Importance of IoT in Retail
Importance of IoT in RetailImportance of IoT in Retail
Importance of IoT in RetailSwaransoft OÜ
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security ElementsEurotech
 
Big Data Analytics for the Industrial Internet of Things
Big Data Analytics for the Industrial Internet of ThingsBig Data Analytics for the Industrial Internet of Things
Big Data Analytics for the Industrial Internet of ThingsAnthony Chen
 
Internet of Things and Big Data: Vision and Concrete Use Cases
Internet of Things and Big Data: Vision and Concrete Use CasesInternet of Things and Big Data: Vision and Concrete Use Cases
Internet of Things and Big Data: Vision and Concrete Use CasesMongoDB
 
Iot ecosystem-challenges-daeyoungkim-auto-id-labs-kaist
Iot ecosystem-challenges-daeyoungkim-auto-id-labs-kaistIot ecosystem-challenges-daeyoungkim-auto-id-labs-kaist
Iot ecosystem-challenges-daeyoungkim-auto-id-labs-kaistDaeyoung Kim
 

Viewers also liked (20)

Data Ownership & Trust in the IoT
Data Ownership & Trust in the IoTData Ownership & Trust in the IoT
Data Ownership & Trust in the IoT
 
[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...
[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...
[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...
 
The Prospect of IoT in the Oil & Gas
The Prospect of IoT in the Oil & Gas The Prospect of IoT in the Oil & Gas
The Prospect of IoT in the Oil & Gas
 
HP Iot platform and solution plans
HP Iot platform and solution plansHP Iot platform and solution plans
HP Iot platform and solution plans
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoT
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
IoT Standardization and Implementation Challenges
IoT Standardization and Implementation ChallengesIoT Standardization and Implementation Challenges
IoT Standardization and Implementation Challenges
 
IoT and the Oil & Gas industry at M2M Oil & Gas 2014 in London
IoT and the Oil & Gas industry at M2M Oil & Gas 2014 in LondonIoT and the Oil & Gas industry at M2M Oil & Gas 2014 in London
IoT and the Oil & Gas industry at M2M Oil & Gas 2014 in London
 
IoT implementation and Challenges
IoT implementation and ChallengesIoT implementation and Challenges
IoT implementation and Challenges
 
Privacy, Drones, and IoT
Privacy, Drones, and IoTPrivacy, Drones, and IoT
Privacy, Drones, and IoT
 
Key Data Management Requirements for the IoT
Key Data Management Requirements for the IoTKey Data Management Requirements for the IoT
Key Data Management Requirements for the IoT
 
IOT Factory - Open IOT Platform & Startup Studio
IOT Factory - Open IOT Platform & Startup StudioIOT Factory - Open IOT Platform & Startup Studio
IOT Factory - Open IOT Platform & Startup Studio
 
Big data and value creation
Big data and value creationBig data and value creation
Big data and value creation
 
Importance of IoT in Retail
Importance of IoT in RetailImportance of IoT in Retail
Importance of IoT in Retail
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security Elements
 
Big Data Analytics for the Industrial Internet of Things
Big Data Analytics for the Industrial Internet of ThingsBig Data Analytics for the Industrial Internet of Things
Big Data Analytics for the Industrial Internet of Things
 
Webinar: IoT in Healthcare - An Overview
Webinar: IoT in Healthcare - An OverviewWebinar: IoT in Healthcare - An Overview
Webinar: IoT in Healthcare - An Overview
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
 
Internet of Things and Big Data: Vision and Concrete Use Cases
Internet of Things and Big Data: Vision and Concrete Use CasesInternet of Things and Big Data: Vision and Concrete Use Cases
Internet of Things and Big Data: Vision and Concrete Use Cases
 
Iot ecosystem-challenges-daeyoungkim-auto-id-labs-kaist
Iot ecosystem-challenges-daeyoungkim-auto-id-labs-kaistIot ecosystem-challenges-daeyoungkim-auto-id-labs-kaist
Iot ecosystem-challenges-daeyoungkim-auto-id-labs-kaist
 

Similar to IoT: Privacy and security considerations in the Internet of Things

Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Hannah Jane del Castillo
 
Open Source IoT- Timm McShane
Open Source IoT- Timm McShaneOpen Source IoT- Timm McShane
Open Source IoT- Timm McShaneInman News
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Hack one iot device, break them all!
Hack one iot device, break them all!Hack one iot device, break them all!
Hack one iot device, break them all!Justin Black
 
Privacy and Security in the Internet of Things
Privacy and Security in the Internet of ThingsPrivacy and Security in the Internet of Things
Privacy and Security in the Internet of ThingsJeff Katz
 
Helping Developers with Privacy
Helping Developers with PrivacyHelping Developers with Privacy
Helping Developers with PrivacyJason Hong
 
Information Security
Information SecurityInformation Security
Information Securityvadapav123
 
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19TechSoup
 
A balanced perspective on RFID
A balanced perspective on RFIDA balanced perspective on RFID
A balanced perspective on RFIDConsiderati
 
Attacking Decentralized Identity.pdf
Attacking Decentralized Identity.pdfAttacking Decentralized Identity.pdf
Attacking Decentralized Identity.pdfssuser264cc11
 
Big Data LDN 2018: AI VS. GDPR
Big Data LDN 2018: AI VS. GDPRBig Data LDN 2018: AI VS. GDPR
Big Data LDN 2018: AI VS. GDPRMatt Stubbs
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider ThreatsLancope, Inc.
 
Securing IoT medical devices
Securing IoT medical devicesSecuring IoT medical devices
Securing IoT medical devicesBenjamin Biwer
 
The EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organizationThe EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organizationSophos Benelux
 

Similar to IoT: Privacy and security considerations in the Internet of Things (20)

Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
 
Open Source IoT- Timm McShane
Open Source IoT- Timm McShaneOpen Source IoT- Timm McShane
Open Source IoT- Timm McShane
 
Network Security
Network SecurityNetwork Security
Network Security
 
Hack one iot device, break them all!
Hack one iot device, break them all!Hack one iot device, break them all!
Hack one iot device, break them all!
 
Privacy and Security in the Internet of Things
Privacy and Security in the Internet of ThingsPrivacy and Security in the Internet of Things
Privacy and Security in the Internet of Things
 
Helping Developers with Privacy
Helping Developers with PrivacyHelping Developers with Privacy
Helping Developers with Privacy
 
Information Security
Information SecurityInformation Security
Information Security
 
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
 
Chapter 3
Chapter 3Chapter 3
Chapter 3
 
A balanced perspective on RFID
A balanced perspective on RFIDA balanced perspective on RFID
A balanced perspective on RFID
 
it-security.ppt
it-security.pptit-security.ppt
it-security.ppt
 
IoT PPT Deck
IoT PPT DeckIoT PPT Deck
IoT PPT Deck
 
Attacking Decentralized Identity.pdf
Attacking Decentralized Identity.pdfAttacking Decentralized Identity.pdf
Attacking Decentralized Identity.pdf
 
Big Data LDN 2018: AI VS. GDPR
Big Data LDN 2018: AI VS. GDPRBig Data LDN 2018: AI VS. GDPR
Big Data LDN 2018: AI VS. GDPR
 
Privacy, Encryption, and Anonymity in the Civil Legal Aid Context
Privacy, Encryption, and Anonymity in the Civil Legal Aid ContextPrivacy, Encryption, and Anonymity in the Civil Legal Aid Context
Privacy, Encryption, and Anonymity in the Civil Legal Aid Context
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider Threats
 
Securing IoT medical devices
Securing IoT medical devicesSecuring IoT medical devices
Securing IoT medical devices
 
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of ThingsChristopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
 
The EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organizationThe EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organization
 

More from Yves Goeleven

Back to the 90s' - Revenge of the static website
Back to the 90s' - Revenge of the static websiteBack to the 90s' - Revenge of the static website
Back to the 90s' - Revenge of the static websiteYves Goeleven
 
Azure storage deep dive
Azure storage deep diveAzure storage deep dive
Azure storage deep diveYves Goeleven
 
Connecting your app to the real world
Connecting your app to the real worldConnecting your app to the real world
Connecting your app to the real worldYves Goeleven
 
Madn - connecting things with people
Madn - connecting things with peopleMadn - connecting things with people
Madn - connecting things with peopleYves Goeleven
 
Message handler customer deck
Message handler customer deckMessage handler customer deck
Message handler customer deckYves Goeleven
 
Cloudbrew - Internet Of Things
Cloudbrew - Internet Of ThingsCloudbrew - Internet Of Things
Cloudbrew - Internet Of ThingsYves Goeleven
 
Windows azure storage services
Windows azure storage servicesWindows azure storage services
Windows azure storage servicesYves Goeleven
 
Azug - successfully breeding rabits
Azug - successfully breeding rabitsAzug - successfully breeding rabits
Azug - successfully breeding rabitsYves Goeleven
 
Eda on the azure services platform
Eda on the azure services platformEda on the azure services platform
Eda on the azure services platformYves Goeleven
 

More from Yves Goeleven (10)

Back to the 90s' - Revenge of the static website
Back to the 90s' - Revenge of the static websiteBack to the 90s' - Revenge of the static website
Back to the 90s' - Revenge of the static website
 
Azure storage deep dive
Azure storage deep diveAzure storage deep dive
Azure storage deep dive
 
Connecting your app to the real world
Connecting your app to the real worldConnecting your app to the real world
Connecting your app to the real world
 
Madn - connecting things with people
Madn - connecting things with peopleMadn - connecting things with people
Madn - connecting things with people
 
Message handler customer deck
Message handler customer deckMessage handler customer deck
Message handler customer deck
 
Cloudbrew - Internet Of Things
Cloudbrew - Internet Of ThingsCloudbrew - Internet Of Things
Cloudbrew - Internet Of Things
 
Windows azure storage services
Windows azure storage servicesWindows azure storage services
Windows azure storage services
 
Azug - successfully breeding rabits
Azug - successfully breeding rabitsAzug - successfully breeding rabits
Azug - successfully breeding rabits
 
Eda on the azure services platform
Eda on the azure services platformEda on the azure services platform
Eda on the azure services platform
 
Sql Azure
Sql AzureSql Azure
Sql Azure
 

Recently uploaded

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Recently uploaded (20)

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

IoT: Privacy and security considerations in the Internet of Things

  • 1. Yves Goeleven #IoT: Privacy and security considerations Thanks to
  • 2. Yves Goeleven • Founder of MessageHandler.net – Shipping software since 2001 – Windows Azure MVP – Developer on NServiceBus 2
  • 4. Agenda • Why this talk? • What are the dangers? • Security options • Privacy options 4
  • 6. 6
  • 7. 7
  • 8.
  • 9.
  • 10. You might just leave this session with more questions than answers
  • 11. Talk! Let’s start a conversation! 11
  • 12. Challenge! I challenge anyone to do a follow up session with your own questions and ideas. 12
  • 13. Agenda What are the dangers? 13
  • 15. 15
  • 16.
  • 17. What are the dangers? Personal 17
  • 19.
  • 20. White lies are the common decency holding us together 20
  • 21.
  • 23.
  • 24. Security options • Prevent physical access – Behind locked doors – Secure casing – Do not expose physical ports (usb, ethernet, ...) 24
  • 25. Security options • Prevent virtual access – Do not open inbound ports – Design without ’listeners’ or ‘servers’ on the devices – Instead use ‘workers’ or ‘agents’ and remote queues with outbound connections only 25
  • 26. 26
  • 27. Security options • Prevent physical tampering – Seals, markers – Alarms – Camera’s 27
  • 28. Security options • Prevent virtual tampering – Bootloader in chip or ROM, checks firmware origin before loading into RAM – Note: Updating (incl. security fixes) now just got a lot harder though 28
  • 29.
  • 30. Security options • Keep track of device identity – Let devices register themselves/call home – Do this on boot & periodically 30
  • 31. Security options • Analyze device behavior – Include device specific & variable information – Analyze it server side to detect hacked or spoofed devices 31
  • 32. Security options • Block compromised devices – Access control lists – Protocol/package filtering – Signal Jamming – Unplug the power – On the device, or a specialized device 32
  • 33.
  • 34. Security options • Many low-power devices cannot encrypt data using standard encryption techniques – Not enough memory – Drains battery too fast 34
  • 35. Security options • Do not store unencrypted data – On publicly accessible devices – Better send it elsewhere, unencrypted if needed, to store it safely 35
  • 36. Security options • Do not send unencrypted data over long distances – Use a local ‘gateway’, a powerfull local device to encrypt it on behalf of dumb devices 36
  • 37. Security options • Use alternative encryption & data mangling strategies – Signed at the foundry, if you can live with lock-in – Ciphers, hashes & arithmetic algorithms 37
  • 38.
  • 39. Security options • Audit your physical environment – Know which devices are ‘smart’ – And how they communicate – Include all technologies (IR, RF, Bluetooth) 39
  • 40. Security options • Spy on your things – Intercept communication between your ‘things’ – Analyze the communication & detect anomalies 40
  • 41. Security options • Physical canary – Apply ‘social control’ amongst devices – Let devices report that other devices are talking to them inappropriately 41
  • 42. Internet of things, reference architecture 42
  • 43.
  • 44. Privacy options • There are privacy laws – Make sure not to break these! – Do not store, send or process information that you’re not allowed to – http://en.wikipedia.org/wiki/Data_Protection_Directiv e 44
  • 45. Privacy options • Is it clear what laws apply when? – Multinationals spread across different countries – Difference in laws where data is collected vs data is processed or stored – US vs EU: direct conflict 45
  • 46.
  • 47.
  • 48. Privacy options • Trust is paramount for adoption of IoT – Make it your policy not to break it – People may choose not to buy products from violators 48
  • 49. Privacy options • Question is: is this really true? – Facebook is huge, yet no one trusts them (I hope) – Will convenience win over privacy concerns for majority of people? 49
  • 50. Privacy options • Build trust by asking for user consent – On data collection devices – Oauth great for this!? – But how about devices without a screen? 50
  • 51.
  • 52. Privacy options • And how about exchanging and correlating information with 3rd parties in backend? – Need for federated authorization? – With context? – F.e. I allow you to analyse my energy consumption, send the results to government, but not to utility? 52
  • 53.
  • 54.
  • 55. 55 Loyalty plan Give me your address and you'll get 10% off on your next pair of jeans…
  • 56. Other things we can do? There’s a lot we can do 56
  • 57. Other things we can do? Also a lot of open questions 57
  • 58. Other things we can do? But maybe consumers just don’t care (aren’t prepared to pay for it?) 58
  • 59. Other things we can do? What do you think? 59
  • 60. 60 A big thank you to our sponsors Gold Partners Silver & Track Partners Platinum Partners

Editor's Notes

  1. Real time message processing as a service Think of it as IFTTT for internet of things Solves today’s integration issues Scalability, data volume, multitude protocols & platforms, multitude of integration points, saas & social integration, mobile platforms, business ecosystems, ownership & centralized management, …
  2. Real and present dangers Are a threat to IOT Are caused by IOT
  3. Investigation and understanding is required
  4. Can third parties (ab)use this information? ‘Personally wellbeing’: Doctors, physicians, … ‘Social purposes’: Government, police, judges, … ‘Commercial purposes’: Insurance, lawyers, markting… ‘Pure evil’: Identity theft, extortion, …
  5. What about the small things in life? Occasional white lie <> activity/location tracking Socially unacceptable (yet totally normal) behaviour <> Sensors
  6. Prevent physical tampering Seals, marks Alarms, camera’s Prevent virtual tampering Bootloader in chip or ROM Checks firmware origin before loading into RAM Updating (incl. security fixes) now just got a lot harder though
  7. All this comes at a cost, both in time and money. And not just on the producer side Is it worth it, do people care enough? Or will convenience be more important than privacy?