Presentation is loading. Please wait.

Presentation is loading. Please wait.

IoT: Privacy and Security

Published byYulia Sri Gunawan Modified over 5 years ago

Similar presentations

Presentation on theme: "IoT: Privacy and Security"— Presentation transcript:

1 IoT: Privacy and Security
Chapters Workshop Addis Ababa, 2019 IoT: Privacy and Security Kevin G. Chege ISOC

2 Privacy, Security and IoT
Privacy is about retaining the ability to disclose data consensually, and with expectations about the context and scope of sharing. With online privacy, we wish to ensure that our personal data is not disclosed to third parties without our knowledge or consent As with any online service, IoT Privacy and IoT Security are linked and complement each other: Entering your password via a un-secured IoT device risks eaves-droppers from stealing your identity If your mobile phone lacks a password and is stolen, your personal data like call logs, messages, photos etc can be accessed

3 There are two ways to view IoT Security
Inward Security Focus on potential harms to the health, safety, and privacy of device users and their property stemming from compromised IoT devices and systems Outward Security Focus on potential harms that compromised devices and systems can inflict on the Internet and other users Example of outward risk: A home appliance may continue to function well as far as the direct user is concerned, and s/he may be unaware that it is part of a botnet participating in a DDoS attack Toaster example: - Someone may use it against you, and remotely decide to burn your hands our even your house (inward security related issue) Your toaster works ok but is being used for a major DDOS attack (outward) At ISOC,  our focus is on the impact that IoT security and privacy has on the Internet and other users.

4 Outward Security: Impact of Cyber Security issues

5 Inward Security: What risks do insecure IoT devices bring to Privacy and Security?
Using insecure IoT Devices increases the risks of personal data being exposed/stolen and privacy compromised: A smart camera using default username and password combination can be used to spy on you or be compromised to send junk information to the Internet A wearable smart device that sends health information over un- encrypted channels can expose personal data A smart home device like a television that lacks sufficient updates can be vulnerable to new attacks and be used to share private data Smart vehicles running insecure software can be accessed remotely and compromised to disable certain functions of the car

6 Economics favor weak IoT security
Strong security can be expensive to design and implement, and it lengthens the time it takes to get a product to market. The commercial value of user data also means that there is an incentive to hoard as much data for as long as possible There is currently a shortage of credible ways for suppliers to signal their level of security to consumers (e.g., certifications and trustmarks). The cost and impact of poor security tend to fall on the consumer and other Internet users, rather than on the producers of IoT systems

7 How can IoT Security be improved?
Collaborative approach: sharing of information by users, vendors, manufacturers on security breaches and best practices Strong policy controls for example: Requiring encryption in devices: IoT devices should use encryption in order to make it very difficult for a 3rd party to eavesdrop on communications Frameworks on device features and capabilities User Education for example: Train users on preferring stronger passwords on IoT Devices Consumer Demand for devices to have certain eg using two factor authentication: a password (something you know) and a token (something you have). Train users to identify insecure devices and avoid them

8 How do we improve things?
The Internet Society 6/30/2019 How do we improve things? Research and Innovation Open Standards Certifications and Trustmarks Policy and Regulation Frameworks and Best Practices (new technologies, better user interfaces, better development tools)

9

Download ppt "IoT: Privacy and Security"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Cloud Computing - clearing the fog Rob Gear 8 th December 2009.

Cloud Computing - clearing the fog Rob Gear 8 th December 2009.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Top of Content Box Line Subtitle Line Title Line Right Margin Line Wearables: Panacea or Pandora’s Box – A Security Perspective Gary Davis | Chief Consumer.

Top of Content Box Line Subtitle Line Title Line Right Margin Line Wearables: Panacea or Pandora’s Box – A Security Perspective Gary Davis | Chief Consumer.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 Security Characteristics of Cryptographic.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:

Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Your Service The Security mechanisms designed into TETRA – a refresher

Your Service The Security mechanisms designed into TETRA – a refresher
PART THREE E-commerce in Action Norton University E-commerce in Action.

PART THREE E-commerce in Action Norton University E-commerce in Action.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Internet of Things Top Ten. Agenda -Introduction -Misconception -Considerations -The OWASP Internet of Things Top 10 Project -The Top 10 Walkthrough.

Internet of Things Top Ten. Agenda -Introduction -Misconception -Considerations -The OWASP Internet of Things Top 10 Project -The Top 10 Walkthrough.
Smart Machines, Smart Privacy: Rules of the Road and Challenges Ahead The views expressed are those of the speaker and not necessarily those of the FTC.

Smart Machines, Smart Privacy: Rules of the Road and Challenges Ahead The views expressed are those of the speaker and not necessarily those of the FTC.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
ETHICAL ISSUES SURROUND ELECTRONIC COMMUNICATIONS Unit 3.

ETHICAL ISSUES SURROUND ELECTRONIC COMMUNICATIONS Unit 3.

Similar presentations

Ads by Google