SlideShare a Scribd company logo

Security and Privacy Challenges for IoT

Download as PPTX, PDF
Jason Hong, profile picture
Jason Hong

The document discusses four new privacy and security challenges posed by the Internet of Things (IoT): 1) intimacy of devices and data, 2) physical safety issues, 3) lack of awareness about devices, and 4) complexity and scale. It proposes approaches to address these issues, including better technical solutions, user experience design, developer support, and laws/policies. The speaker is developing an open-source IoT hub operating system and exploring ways to increase awareness of devices using low-cost LED or audio indicators. Overall, the document argues that existing approaches are insufficient for IoT and innovation is needed to ensure privacy and security as IoT adoption increases.

Technology
1 of 19
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
#RSAC SESSION ID: Jason Hong Security and Privacy Challenges for IoT SEM-M01E Professor Carnegie Mellon University @jas0nh0ng
#RSAC 2
#RSAC 3
#RSAC Four New IoT Challenges for Privacy and Security 1. Intimacy of Devices and Data 4 Fun Facts about Millennials – 83% sleep with their phones – 90% check first thing in morning – 1 in 3 use in bathroom
#RSAC Four New IoT Challenges for Privacy and Security 1. Intimacy of Devices and Data 5 Fun Facts about Millennials – 83% sleep with their phones – 90% check first thing in morning – 1 in 3 use in bathroom Our smartphones already know: – Who we know, where we go, what we like
#RSAC Four New IoT Challenges for Privacy and Security 1. Intimacy of Devices and Data 6 Fun Facts about Millennials – 83% sleep with their phones – 90% check first thing in morning – 1 in 3 use in bathroom Our smartphones already know: – Who we know, where we go, what we like Will only become more intimate with IoT – This also means new kinds of intrusive ads, data breaches, accidental data sharing
#RSAC Four New IoT Challenges for Privacy and Security 2. Physical Safety 7 Today, main problem is data breaches Tomorrow, huge potential for many nasty scenarios – Many new kinds of ransomware we haven’t imagined yet o Malware that locks people out of their houses o Malware that turns off thermostats in winter --> burst pipes – Holding people and society virtually hostage o Autonomous drones or vehicles deliberately crashing into things o Implanted medical devices giving or receiving fake data
#RSAC Four New IoT Challenges for Privacy and Security 3. Awareness of Devices 8 In my first year teaching at Carnegie Mellon, met with students in their lab Didn’t know until end of semester we were being broadcast on Internet the entire time! – Do you see the camera?
#RSAC Four New IoT Challenges for Privacy and Security 3. Awareness of Devices 9
#RSAC Four New IoT Challenges for Privacy and Security 3. Awareness of Devices 10 More and more devices will be hard to notice Ex. Mites “supersensor” under development at Carnegie Mellon See http://mites.io
#RSAC Four New IoT Challenges for Privacy and Security 4. Complexity and Scale 11 Lots of unexpected and emergent behaviors
#RSAC How to Address These Privacy and Security Issues? 12 Better technical approaches – Operating systems, networking, programming languages Better UX design – Better disclosures, awareness of devices, controls, decision making Better developer support – Most developers are C students – Tools, education, best practices for privacy and security Better laws, policies, and standards – Mandatory cybersecurity insurance for manufacturers – Tools to help policy makers, journalists, product reviewers
#RSAC How to Address These Privacy and Security Issues? 13 Better technical approaches – Operating systems, networking, programming languages Better UX design – Better disclosures, awareness of devices, controls, decision making Better developer support – Most developers are C students – Tools, education, best practices for privacy and security Better laws, policies, and standards – Mandatory cybersecurity insurance for manufacturers – Tools to help policy makers, journalists, product reviewers
#RSAC How to Address These Privacy and Security Issues? Operating Systems 14 Our team is developing an open source IoT Hub – Think of it as a smarter WiFi router that protects IoT devices How far can we go if devices have simple metadata? – Ex. Here is my URL for software updates – Ex. Here is my Manufacturer Usage Description (MUDs) o Whitelist: this lightbulb communicates only with lights.intel.com What basic services can IoT Hub offer for all devices? – Ex. Disallow remote login for devices if well-known default password – Ex. Centralize telemetry and learn patterns
#RSAC How to Address These Privacy and Security Issues? Awareness of Devices 15 Our team looking at physical dimension of IoT privacy – Ex. Make it easy to see where camera is and where it’s pointed – Want something cheap (so manufacturers will adopt) and effective – Testing out LEDs, audio, virtual maps LEDs off If device has camera -> LED on
#RSAC How to Address These Privacy and Security Issues? Awareness of Devices 16 LEDs off If device has camera -> LED on
#RSAC Summary 17 IoT poses many new challenges to privacy and security – Ex. Intimacy, physical security, awareness, complexity Existing approaches for privacy and security insufficient – Will require innovations in tech, UX, education, legal, standards We’re not going to have many second chances for IoT, and business as usual will be disastrous Let’s make sure we create a world we would want to live in Contact me at jasonh@cs.cmu.edu
#RSAC 18
#RSAC 19

More Related Content

PPTX
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
Jason Hong
 
PPTX
Helping Developers with Privacy
Jason Hong
 
PPTX
Privacy for Mobile Sensing Systems
Jason Hong
 
PPTX
Are my Devices Spying on Me? Living in a World of Ubiquitous Computing
Jason Hong
 
PPTX
Privacy and Security for the Emerging Internet of Things
Jason Hong
 
PDF
IOT Security - ICCT College of Engineering
Potato
 
PPTX
Cybersecurity-Real World Approach FINAL 2-24-16
James Rutt
 
PDF
ZION: Security and Internet of Things
Ankam Karthik
 
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
Jason Hong
 
Helping Developers with Privacy
Jason Hong
 
Privacy for Mobile Sensing Systems
Jason Hong
 
Are my Devices Spying on Me? Living in a World of Ubiquitous Computing
Jason Hong
 
Privacy and Security for the Emerging Internet of Things
Jason Hong
 
IOT Security - ICCT College of Engineering
Potato
 
Cybersecurity-Real World Approach FINAL 2-24-16
James Rutt
 
ZION: Security and Internet of Things
Ankam Karthik
 

What's hot (20)

PDF
Iot ppt
dhritykachhwaha
 
PPTX
Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...
Adam Thierer
 
PDF
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
EC-Council
 
PDF
The criticality-of-security-in-the-internet-of-things joa-eng_1115
Devaraj Sl
 
PPTX
How Can Policymakers and Regulators Better Engage the Internet of Things?
Mercatus Center
 
PPTX
Advanced threat protection and big data
Peter Wood
 
PPTX
Ethical issues in internet of things
Mohammad Emrul Hassan Emon
 
PPTX
IoT advatage and disadvantage
Rubel Biswas
 
PPTX
The challenge of security awareness
Jisc
 
PPTX
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
North Texas Chapter of the ISSA
 
PDF
"Technology, Ethics, and Social Work"
Tawny Brown
 
PPTX
All The Things: Security, Privacy & Safety in a World of Connected Devices
John D. Johnson
 
PDF
Telefónica security io_t_final
Christopher Wang
 
PDF
Security and Privacy Big Challenges in Internet of things
IRJET Journal
 
PPTX
The importance of authenticity in cyber security training and education
Jisc
 
PDF
Security and Privacy in IoT and Cyber-physical Systems
Bob Marcus
 
PDF
From Identity to Ownership Theft
University of Hertfordshire
 
PDF
Exploring the Educational Potential of the Internet of Things (Internet of Th...
Ian Glover
 
PPTX
What’s the big deal with the internet of
Stacey Meyers
 
PDF
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
North Texas Chapter of the ISSA
 
Iot ppt
dhritykachhwaha
 
Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...
Adam Thierer
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
EC-Council
 
The criticality-of-security-in-the-internet-of-things joa-eng_1115
Devaraj Sl
 
How Can Policymakers and Regulators Better Engage the Internet of Things?
Mercatus Center
 
Advanced threat protection and big data
Peter Wood
 
Ethical issues in internet of things
Mohammad Emrul Hassan Emon
 
IoT advatage and disadvantage
Rubel Biswas
 
The challenge of security awareness
Jisc
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
North Texas Chapter of the ISSA
 
"Technology, Ethics, and Social Work"
Tawny Brown
 
All The Things: Security, Privacy & Safety in a World of Connected Devices
John D. Johnson
 
Telefónica security io_t_final
Christopher Wang
 
Security and Privacy Big Challenges in Internet of things
IRJET Journal
 
The importance of authenticity in cyber security training and education
Jisc
 
Security and Privacy in IoT and Cyber-physical Systems
Bob Marcus
 
From Identity to Ownership Theft
University of Hertfordshire
 
Exploring the Educational Potential of the Internet of Things (Internet of Th...
Ian Glover
 
What’s the big deal with the internet of
Stacey Meyers
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
North Texas Chapter of the ISSA
 
Ad

Similar to Security and Privacy Challenges for IoT (20)

DOCX
Security and Privacy considerations in Internet of Things
Somasundaram Jambunathan
 
PDF
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
CableLabs
 
PDF
A New Security Paradigm for IoT (Internet of Threats)
Priyanka Aash
 
PDF
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
PDF
From IT to IoT: Bridging the Growing Cybersecurity Divide
Priyanka Aash
 
PPTX
Mayur Seminar.pptxbgvyezuvdt as bijvyivutctr
vaishnavishitole195
 
PPTX
Privacy and security in IoT
Vasco Veloso
 
PDF
RSA2015: Securing the Internet of Things
Daniel Miessler
 
PDF
This Time, It’s Personal: Why Security and the IoT Is Different
Justin Grammens
 
PDF
Technology & Policy Interaction Panel at Inform[ED] IoT Security
CableLabs
 
DOCX
Addressing security and privacy in io t ecosystem v0.4
Somasundaram Jambunathan
 
PPTX
Security issues and solutions : IoT
Jinia Bhowmik
 
PDF
Security in Cyber-Physical Systems
Bob Marcus
 
PDF
internet of thingsssssssssssssssssssssss
mishrasaket1028
 
PDF
Exfiltrating Data through IoT
Priyanka Aash
 
PDF
[TestWarez 2017] Securing the Internet of Things
Stowarzyszenie Jakości Systemów Informatycznych (SJSI)
 
PPTX
Iot cyber security
sajid mehmood
 
PPTX
Chapter 6 - IT Culture and the Society - Lesson 1.pptx
DondonGoles
 
PDF
assignment help experts
#essaywriting
 
PPTX
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
Rapid7
 
Security and Privacy considerations in Internet of Things
Somasundaram Jambunathan
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
CableLabs
 
A New Security Paradigm for IoT (Internet of Threats)
Priyanka Aash
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
Priyanka Aash
 
Mayur Seminar.pptxbgvyezuvdt as bijvyivutctr
vaishnavishitole195
 
Privacy and security in IoT
Vasco Veloso
 
RSA2015: Securing the Internet of Things
Daniel Miessler
 
This Time, It’s Personal: Why Security and the IoT Is Different
Justin Grammens
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
CableLabs
 
Addressing security and privacy in io t ecosystem v0.4
Somasundaram Jambunathan
 
Security issues and solutions : IoT
Jinia Bhowmik
 
Security in Cyber-Physical Systems
Bob Marcus
 
internet of thingsssssssssssssssssssssss
mishrasaket1028
 
Exfiltrating Data through IoT
Priyanka Aash
 
[TestWarez 2017] Securing the Internet of Things
Stowarzyszenie Jakości Systemów Informatycznych (SJSI)
 
Iot cyber security
sajid mehmood
 
Chapter 6 - IT Culture and the Society - Lesson 1.pptx
DondonGoles
 
assignment help experts
#essaywriting
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
Rapid7
 
Ad

Recently uploaded (20)

PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
project resource management chapter-09.pdf
ssuser00e6e21
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Encapsulation theory and applications.pdf
gurumoop
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
project resource management chapter-09.pdf
ssuser00e6e21
 
Approach and Philosophy of On baking technology
30anthuong17
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 

Security and Privacy Challenges for IoT

  • 1. #RSAC SESSION ID: Jason Hong Security and Privacy Challenges for IoT SEM-M01E Professor Carnegie Mellon University @jas0nh0ng
  • 4. #RSAC Four New IoT Challenges for Privacy and Security 1. Intimacy of Devices and Data 4 Fun Facts about Millennials – 83% sleep with their phones – 90% check first thing in morning – 1 in 3 use in bathroom
  • 5. #RSAC Four New IoT Challenges for Privacy and Security 1. Intimacy of Devices and Data 5 Fun Facts about Millennials – 83% sleep with their phones – 90% check first thing in morning – 1 in 3 use in bathroom Our smartphones already know: – Who we know, where we go, what we like
  • 6. #RSAC Four New IoT Challenges for Privacy and Security 1. Intimacy of Devices and Data 6 Fun Facts about Millennials – 83% sleep with their phones – 90% check first thing in morning – 1 in 3 use in bathroom Our smartphones already know: – Who we know, where we go, what we like Will only become more intimate with IoT – This also means new kinds of intrusive ads, data breaches, accidental data sharing
  • 7. #RSAC Four New IoT Challenges for Privacy and Security 2. Physical Safety 7 Today, main problem is data breaches Tomorrow, huge potential for many nasty scenarios – Many new kinds of ransomware we haven’t imagined yet o Malware that locks people out of their houses o Malware that turns off thermostats in winter --> burst pipes – Holding people and society virtually hostage o Autonomous drones or vehicles deliberately crashing into things o Implanted medical devices giving or receiving fake data
  • 8. #RSAC Four New IoT Challenges for Privacy and Security 3. Awareness of Devices 8 In my first year teaching at Carnegie Mellon, met with students in their lab Didn’t know until end of semester we were being broadcast on Internet the entire time! – Do you see the camera?
  • 9. #RSAC Four New IoT Challenges for Privacy and Security 3. Awareness of Devices 9
  • 10. #RSAC Four New IoT Challenges for Privacy and Security 3. Awareness of Devices 10 More and more devices will be hard to notice Ex. Mites “supersensor” under development at Carnegie Mellon See http://mites.io
  • 11. #RSAC Four New IoT Challenges for Privacy and Security 4. Complexity and Scale 11 Lots of unexpected and emergent behaviors
  • 12. #RSAC How to Address These Privacy and Security Issues? 12 Better technical approaches – Operating systems, networking, programming languages Better UX design – Better disclosures, awareness of devices, controls, decision making Better developer support – Most developers are C students – Tools, education, best practices for privacy and security Better laws, policies, and standards – Mandatory cybersecurity insurance for manufacturers – Tools to help policy makers, journalists, product reviewers
  • 13. #RSAC How to Address These Privacy and Security Issues? 13 Better technical approaches – Operating systems, networking, programming languages Better UX design – Better disclosures, awareness of devices, controls, decision making Better developer support – Most developers are C students – Tools, education, best practices for privacy and security Better laws, policies, and standards – Mandatory cybersecurity insurance for manufacturers – Tools to help policy makers, journalists, product reviewers
  • 14. #RSAC How to Address These Privacy and Security Issues? Operating Systems 14 Our team is developing an open source IoT Hub – Think of it as a smarter WiFi router that protects IoT devices How far can we go if devices have simple metadata? – Ex. Here is my URL for software updates – Ex. Here is my Manufacturer Usage Description (MUDs) o Whitelist: this lightbulb communicates only with lights.intel.com What basic services can IoT Hub offer for all devices? – Ex. Disallow remote login for devices if well-known default password – Ex. Centralize telemetry and learn patterns
  • 15. #RSAC How to Address These Privacy and Security Issues? Awareness of Devices 15 Our team looking at physical dimension of IoT privacy – Ex. Make it easy to see where camera is and where it’s pointed – Want something cheap (so manufacturers will adopt) and effective – Testing out LEDs, audio, virtual maps LEDs off If device has camera -> LED on
  • 16. #RSAC How to Address These Privacy and Security Issues? Awareness of Devices 16 LEDs off If device has camera -> LED on
  • 17. #RSAC Summary 17 IoT poses many new challenges to privacy and security – Ex. Intimacy, physical security, awareness, complexity Existing approaches for privacy and security insufficient – Will require innovations in tech, UX, education, legal, standards We’re not going to have many second chances for IoT, and business as usual will be disastrous Let’s make sure we create a world we would want to live in Contact me at jasonh@cs.cmu.edu

Editor's Notes

  • #3: https://commons.wikimedia.org/wiki/File:Dell_Desktop_Computer_in_school_classroom.jpg Two decades ago, computers were primarily large unattractive boxes that came with a monitor, keyboard, and mouse
  • #4: Explosion of form factors Offer a lot of potential benefit to society, in terms of healthcare, urban planning, safety, and more But also pose new kinds of challenges to privacy and security
  • #5: Some researchers have said that there is nothing new about privacy and security for IoT That it’s just the same as what we’re already facing I would strongly disagree Let me tell you about four new challenges for privacy and security for IoT
  • #10: This is not a hypothetical problem, and it’s not just cameras too https://www.washingtonpost.com/technology/2019/01/17/airbnb-refunds-guest-who-found-indoor-cameras-during-his-familys-stay/?noredirect=on&utm_term=.b9131e272fd1 http://jeffreybigham.com/blog/2019/who-is-watching-you-in-your-airbnb.html#h.jbbecf75fxlp
  • #11: This is not a hypothetical problem, and it’s not just cameras too https://www.washingtonpost.com/technology/2019/01/17/airbnb-refunds-guest-who-found-indoor-cameras-during-his-familys-stay/?noredirect=on&utm_term=.b9131e272fd1 http://jeffreybigham.com/blog/2019/who-is-watching-you-in-your-airbnb.html#h.jbbecf75fxlp
  • #12: Ok Glass, take a picture -> everyone’s Glass took a picture We’ll have more and more examples of these kinds of unexpected behaviors as the number of devices increases