Contenu connexe Similaire à Privacy and Security for the Emerging Internet of Things (20) Privacy and Security for the Emerging Internet of Things5. ©2016CarnegieMellonUniversity:5
We Are Just Starting to Enter
the Third Wave of Computing
• First Wave: Computation
– Making the basics of computers work
• Second Wave: Networking
– Connecting computers around the world
• Third Wave: Internet of Things (IoT)
– Computation, communication, sensing, and
actuation woven into our physical world
• IoT offers tremendous potential societal benefits
– Healthcare, transportation, sustainability, energy, …
7. ©2016CarnegieMellonUniversity:7
My Talk Today
• What are frameworks for thinking about the
privacy and security problems?
• What are some opportunities for improving
privacy and security for IoT?
– No silver bullet, but lots of room for improvement
• What are some of the IoT-related projects we’re
doing at Carnegie Mellon University?
9. ©2016CarnegieMellonUniversity:9
IoT Pyramid Top Tier
• A few devices per person
• High computational power
• Tablets
• Glasses
Middle Tier
• Tens of devices per person
• Moderate computational power
• TVs
• Smart Toys
• Laptops
• Smartphones
• Thermostats
• Refrigerators
10. ©2016CarnegieMellonUniversity:10
IoT Pyramid Top Tier
• A few devices per person
• High computational power
• Tablets
• Glasses
Middle Tier
• Tens of devices per person
• Moderate computational power
• TVs
• Smart Toys
Bottom Tier
• Hundreds of devices per person
• Low computational power
• HVAC
• RFIDs
• Lightbulbs
• Laptops
• Smartphones
• Thermostats
• Refrigerators
• Smart toilets
• Implanted
medical devices
12. ©2016CarnegieMellonUniversity:12
IoT Security Issues Top Tier Security
• Cybersecurity good today
• Can run endpoint protection
• Large corporations developing
Middle Tier Security
• Cybersecurity weak today
• Basic or no endpoint capabilities
• Spotty security protections
13. ©2016CarnegieMellonUniversity:13
IoT Security Issues Top Tier Security
• Cybersecurity good today
• Can run endpoint protection
• Large corporations developing
Middle Tier Security
• Cybersecurity weak today
• Basic or no endpoint protection
• Spotty security protections
Bottom Tier Security
• Cybersecurity very poor today
• Weak or no endpoint protection
• Low manufacturer experience
• High diversity in hw, sw, OS
• Many devices never updated
• Major scalability challenges
15. ©2016CarnegieMellonUniversity:15
How is IoT Security Different?
1. Physical Safety and Security
• Different classes of attackers, different motives
• State-sponsored
– State secrets, intellectual property, sow discord
• Non-state actors
– Terrorism, advocacy for a cause
• Organized crime
– Repeatable business model, stay under radar
• Disgruntled employee / Insider attack
• Script kiddies
16. ©2016CarnegieMellonUniversity:16
How is IoT Security Different?
1. Physical Safety and Security
• More likely attack: Ransomware
– Lock out of your house unless pay ransom
– Make videos of you at home public unless you pay
• Just as likely: attacks for the “lulz”
– Tripping circuit breakers at office
– Remotely adjusting thermostat to make harder sleep
(or waste money, or let pipes freeze over)
• What kinds of safeguards for physical safety?
• Can we build models of normal vs abnormal
behaviors for devices and apps, and enforce?
17. ©2016CarnegieMellonUniversity:17
How is IoT Security Different?
2. Scalability
• Billions of devices will need to be secured
– Gartner estimates 20B devices by 2020
• Scale transforms easy into hard
– Ex. Unique passwords for dozens of devices?
– Ex. Security policies, each device having different user
interface (most not having a display and keyboard)?
– Ex. Physically locking down dozens of devices?
– Ex. Installing software updates
• What kinds of network protocols, APIs, and
middleware to help manage IoT devices at scale?
19. ©2016CarnegieMellonUniversity:19
How is IoT Security Different?
2. Scalability
• Possible for attackers to search for and execute
vulnerabilities at scale
– Ex. Mirai botnet DDoS attack Oct 2016
• Nightmare scenarios
– Find vulnerabilities in smartphone-connected
blood glucose monitors, inject fake data
– Find vulnerable medical implants, hold people hostage
• Again, some kind of model or policy
– Maybe formal model, maybe big data
• Better ways of using proximity for access?
20. ©2016CarnegieMellonUniversity:20
How is IoT Security Different?
3. Diversity of IoT Devices
• Hundreds of different manufacturers for middle
and bottom tier
– Different operating systems, wireless networking,
configuration software, log formats, cloud services
– Poor or no I/O capabilities, each UI different too
• Result: fragmentation of cybersecurity
– More network-based (vs endpoint) approaches
• Again, network protocols, APIs, and middleware
to help configure and manage
• Can we also help people make good decisions?
– Ex. Crowdsourcing or AI / Machine Learning
21. ©2016CarnegieMellonUniversity:21
How is IoT Security Different?
4. Low Manufacturer Experience
• Most traditional software companies understand
basics of good cybersecurity
• But most IoT will be developed by non-traditional
hardware companies
– Mostly middle and bottom tier
– Ex. Lighting, toys, medical equipment, audio,
household appliances
• And lots of small-scale manufacturers too
– Ex. Kickstarter
25. ©2016CarnegieMellonUniversity:25
How is IoT Security Different?
4. Low Manufacturer Experience
• Low experience + Lots of small manufacturers
• Result: Lots of really basic vulnerabilities
– Poor software engineering practices for security
– Lack of awareness, knowledge, motivation to be secure
• Result: Lots of unsupported devices
– Small manufacturers will go out of business
– Or end of life from bigger manufacturers
• How can we help devs with low experience?
• How to offer security for lifespan of decades?
27. ©2016CarnegieMellonUniversity:27
How is IoT Security Different?
5. Lots of Unexpected Emergent Behaviors
• Are there better ways of testing / simulating?
• Can we define overall properties for connected
systems?
30. ©2016CarnegieMellonUniversity:30
Why Does IoT Privacy Matter?
• Pew Internet study about smartphones (2012)
– 54% did not install app b/c of how much personal
information app requested
– 30% uninstalled an app after learning about app
behaviors
• Countless news articles, blog posts, op-ed
pieces, books about privacy concerns
Privacy may be the greatest barrier to creating
a ubiquitously connected world
31. ©2016CarnegieMellonUniversity:31
Taxonomy of IoT Privacy
Device Perspective
• Awareness of devices/apps and sensors/logs
• Depth of sensing
– How rich the sensing and user models are
• Temporal scale
• Input/Output capabilities
• Privacy software
• Third-party software
– Whether other apps can be run on device
33. ©2016CarnegieMellonUniversity:33
IoT Privacy Issues Top Tier Privacy
• High awareness of devices
• Rich depth in sensing
• High temporal scale
• Rich I/O
• Lots of third-party apps
(the major privacy problem)
Middle Tier Privacy
• Hybrid of other tiers
Bottom Tier Privacy
• Low awareness of devices + apps
• Shallow to rich sensing
• Low to high temporal scale
• Poor I/O
• Few if any third-party apps
• Scale (major privacy problem)
35. ©2016CarnegieMellonUniversity:35
How Can We Make Invisible Information
Flows Visible?
• For top tier, people will be pretty aware of
devices
– Stylish form factors meant to get attention
• The main privacy challenge for top-tier is
understanding what your apps are doing
– This is a hard problem but one we are starting
to figure it out for smartphones
39. ©2016CarnegieMellonUniversity:39
Privacy as Expectations
Use crowdsourcing to compare what people
expect an app to do vs what an app actually does
• We crowdsourced expectations of 837 apps
– Ex. “How comfortable are you with
Drag Racing using your location for ads?”
• Created a model to predict people’s likely
privacy concerns and applied to 1M Android apps
App Behavior
(What an app
actually does)
User Expectations
(What people think
the app does)
41. ©2016CarnegieMellonUniversity:41
Impact of this Research
• Lots of popular press (NYTimes, CNN, BBC, CBS)
• Earlier work helped lead to FTC fines
• Google replicated PrivacyGrade internally
• Seen improvements in grades over time
• Some developers put out press releases about
improving their privacy behaviors
• Static analysis, dynamic analysis, crowd analysis
– To address subjective aspects of privacy
• Privacy today places burden on end-users
– How can we help other parts of ecosystem do better?
42. ©2016CarnegieMellonUniversity:42
How Can We Make Invisible Information
Flows Visible?
• For bottom-tier devices, devices non-obvious
• CMU Giotto IoT Expedition Supersensors
– Air temp, humidity, pressure, 6-axis IMU, grid eye, …
• How to increase awareness of devices like this?
47. ©2016CarnegieMellonUniversity:47
Long-Term Privacy and Security Issues
1. Designing For Awareness
• What are tradeoffs in notification styles?
– Audio, visual, motion, haptic, smartphone
• Can we create new conventions?
– Ex. Like light switches near doorways
• Cost-benefit models of notifications?
– Getting lots of notifications is distracting
– Getting uninteresting notifications is annoying
– Ex. First time, sensitivity of data, identifiability
• Can we make it so a person can understand what
data is being sensed in a room within 30 seconds?
48. ©2016CarnegieMellonUniversity:48
Long-Term Privacy and Security Issues
2. Facilitating Privacy and Security on Low-End Devices
• What kinds of middleware infrastructure can we
build to help with basic privacy and security?
– Offer common middleware services to simplify
design and deployment of middle and bottom tiers
– Ex. Access control, filtering, and software updates
– Ex. What sensors a device has, what data collects,
what servers it connects to, how concerning
49. ©2016CarnegieMellonUniversity:49
Long-Term Privacy and Security Issues
3. Useful Defaults for Sharing
• Let’s say we have a person locator for a campus
– If default is “share nothing”, underutilized and no value
– If default is “share everything”, too creepy
• Can we figure out useful defaults that balance
utility with privacy?
– Ex. “On campus” or “not”
– Ex. “In office” or “not”
– Ex. {“office”, “on campus”, $city}
50. ©2016CarnegieMellonUniversity:50
Long-Term Privacy and Security Issues
4. Using Big Data for Privacy
• Paradox: use more data to improve privacy?
• Use data to infer relationships and set defaults
– Ex. People are more likely to share data with close
friends and family
• Use contact list, call log, SMS log, co-location, etc
– Ex. Employees are more likely to share data with
close teammates
• Use floorplan, WiFi co-location, co-authorship, etc
Wiese, J. et al. Are you close with me? Are you nearby? Investigating social groups,
closeness, and willingness to share. Ubicomp 2011.
Cranshaw, J. et al. Bridging the Gap Between Physical Location and Online Social Networks.
Ubicomp 2010.
54. ©2016CarnegieMellonUniversity:54
• Define open hardware and
software stack for IoT ecology
• Extensible and integrated
• Pluggable modules
• Security & privacy sensitive
• Integrated machine learning
• End-user programmable
• Widely deployable
• Enhance human – human and
human-system and human-
environment interaction
Giotto IoT Stack
55. ©2016CarnegieMellonUniversity:55
Giotto Privacy
Privacy at Physical, Logical, App layers
• Better programming abstractions
– Ex. “home” vs raw GPS, “loud” vs raw microphone
– Make it easier for devs with privacy as side effect
• Devs specify purposes in apps and we verify
– Ex. “Uses contacts for advertising”
– Ex. “Uses location for maps”
– Use static, dynamic, and crowd analysis
• How do people’s privacy concerns vary?
– By kind of data, granularity, who is seeing it, purpose
• Useful defaults to balance privacy and utility
56. ©2016CarnegieMellonUniversity:56
IoT Hub
• Open source hub device for connecting devices
– Ex. Battery life of devices, connect devices together
– Ex. Check for patches, filtering (default passwords),
Manufacturer Usage Descriptions, proximity
– Ex. Centralize telemetry and learn patterns
• How should devices be structured?
– Metadata: URL for software updates
– APIs: authentication
IoT appliancesIoT HubInternet
58. ©2016CarnegieMellonUniversity:58
What is the Value of IoT?
• Can we make it so that value is linear or even
superlinear with devices and services?
Number of Devices
Value
Today’s IoT trajectory
Desired IoT trajectory
59. ©2016CarnegieMellonUniversity:59
What Can Intel Do?
• Consider more human factors and social factors
– Chips, sensors, software dev, data mgt
– Policies, UI + understandability, social influences
• Better ways of supporting devs
– Most devs have no knowledge of privacy + security
60. ©2016CarnegieMellonUniversity:60
What Can Intel Do?
• Consider more human factors and social factors
– Chips, sensors, software dev, data mgt
– Policies, UI + understandability, social influences
• Better ways of supporting devs
– Most devs have no knowledge of privacy + security
• Support better privacy and security education
– Need strong push from industry to make it happen
– Go beyond just CompSci too (psych, design, biz)
• Join our Giotto Expedition (open source)
• Consider ISTC on Privacy or on IoT
– Make a big push in cooperation with academia
63. ©2016CarnegieMellonUniversity:63
Thanks!
More info at cmuchimps.org
or email jasonh@cs.cmu.edu
Read more:
• Towards a Safe and Secure Internet of Things
https://www.newamerica.org/cybersecurity-initiative/policy-
papers/toward-a-safe-and-secure-internet-of-things/
Special thanks to:
• NSF
• Alfred P. Sloan
• NQ Mobile
• DARPA
• Google
• CMU Cylab
• New America
66. ©2016CarnegieMellonUniversity:66
What Can We Do About IoT Security?
• Better cybersecurity
education
• Better collections of
best practices
• More data sharing
• Cybersecurity insurance
• Better legal protections
• Larger centers for IoT
privacy and security
https://www.newamerica.org/cybersecurity-initiative/policy-
papers/toward-a-safe-and-secure-internet-of-things/
67. ©2016CarnegieMellonUniversity:67
What Can We Do About IoT Security?
Policy Perspective: Better Cybersecurity Education
• About half of developers don’t have CS degrees
• Can we make security education required in CS?
• Can we also expand cybersecurity education?
– Ex. Psychology learn about social engineering
– Ex. Visual design learn about warnings + compliance
69. ©2016CarnegieMellonUniversity:69
What Can We Do About IoT Security?
Policy Perspective: Better Collections of Best Practices
• We need to go beyond high-level guidelines
• What we still need
– Better code examples (lots of copy-and-paste)
– Better toolchains and stacks
– Better automated analysis tools
– Simpler ways of distributing patches
– Collections of design patterns
• Lots of opportunities for big companies
– Most breaches are relatively simple
– Addressing basic issues means lots of positive impact
70. ©2016CarnegieMellonUniversity:70
What Can We Do About IoT Security?
Policy Perspective: More Data Sharing
• Many major data breaches in past few years
– Sony, RSA, LinkedIn, Yahoo, Target, OPM, and more
• But we have learned very little, no real data
– These are our version of Tacoma Narrows bridge
71. ©2016CarnegieMellonUniversity:71
What Can We Do About IoT Security?
Policy Perspective: More Data Sharing
• We need organizations that can:
– Help investigate the coming IoT failures
– Disseminate knowledge to help prevent future
failures in design and implementation
– While also minimizing blame
• Lots of challenges
– Lots of proprietary information involved in failures
– Who will fund this?
72. ©2016CarnegieMellonUniversity:72
What Can We Do About IoT Security?
Policy Perspective: Better Legal Protections
• DMCA limits what researchers can do due to
anti-circumvention provisions
– Need to get permission from manufacturers
– Exceptions:
• Consumer devices, motorized land vehicles,
medical devices
• But slow, triennial reviews from Library of
Congress
– And consumer devices only one part of IoT
73. ©2016CarnegieMellonUniversity:73
IoT Privacy Issues
Input/Output
• Same challenge as for security
– Top-tier devices will have really good I/O capabilities
– Bottom-tier will not have mouse, keyboard, display
– Scalability makes everything harder
• Can we develop network protocols and APIs to
help configure and manage devices and apps?
• Can we also help people make good decisions?
– Ex. Crowdsourcing or AI / Machine Learning