• Home

  • Documents

  • Safety, Security, and Privacy Threats in IoT v2€¦ · related to security, physical safety,...
9
1 Safety, Security, and Privacy Threats Posed by Accelerating Trends in the Internet of Things Kevin Fu, Tadayoshi Kohno, Daniel Lopresti, Elizabeth Mynatt, Klara Nahrstedt, Shwetak Patel, Debra Richardson, Ben Zorn Abstract: The Internet of Things (IoT) is already transforming industries, cities, and homes. The economic value of this transformation across all industries is estimated to be trillions of dollars and the societal impact on energy efficiency, health, and productivity are enormous. Alongside potential benefits of interconnected smart devices comes increased risk and potential for abuse when embedding sensing and intelligence into every device. One of the core problems with the increasing number of IoT devices is the increased complexity that is required to operate them safely and securely. This increased complexity creates new safety, security, privacy, and usability challenges far beyond the difficult challenges individuals face just securing a single device. We highlight some of the negative trends that smart devices and collections of devices cause and we argue that issues related to security, physical safety, privacy, and usability are tightly interconnected and solutions that address all four simultaneously are needed. Tight safety and security standards for individual devices based on existing technology are needed. Likewise research that determines the best way for individuals to confidently manage collections of devices must guide the future deployments of such systems. Introduction Increasingly we live in a world of connected smart devices. This “Internet of Things” (IoT) combines devices with sensor capabilities and connectivity to the cloud and allows them to leverage artificial intelligence, machine learning, and big data analytics, sometimes dramatically increasing their capabilities. Everyday users have progressed from having a single home computer to a variety of devices that are each individually managed, which can be difficult. For example, due to consumers failing to change the default password, many baby monitors allow arbitrary strangers on the web to view unsuspecting people’s homes. But the proliferation, capabilities, and interconnectedness of smart devices present dramatic new opportunities and challenges that require new research and industry approaches to make such systems safe, secure, effective, and usable. The problem is so acute that the FBI recently issued a public service announcement suggesting consumers should “Isolate IoT devices on their own protected networks” and “...be aware of the capabilities of the devices…” which are expectations highly unlikely to be followed in practice. In this paper, we argue that collections of smart devices present new challenges that require a greater understanding of how people can effectively use such systems and a deeper investment in policies and tools that give users confidence in them. In particular, issues related to security, physical safety, privacy, and usability are tightly interconnected and solutions that address all four simultaneously are needed. There have been numerous estimates of the impact of the Internet of Things on the economy, with estimates that the number of deployed devices will be 50 billion by the year 2020 and that the total economic impact may be up to 10 trillion dollars by 2025. We already live in a world of interconnected devices, with numerous companies offering smart devices such as smart thermostats, smart doorbells, etc. In the so-called Industrial Internet of Things and Smart Cities initiatives, factories and cities will become infiltrated with interconnected smart devices, with large

Safety, Security, and Privacy Threats in IoT v2€¦ · related to security, physical safety, privacy ... Recent work has shown the safety hazards of simple WiFi-enabled appliance

  • Upload
    others

  • View
    6

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Safety, Security, and Privacy Threats in IoT v2€¦ · related to security, physical safety, privacy ... Recent work has shown the safety hazards of simple WiFi-enabled appliance

1

Safety,Security,andPrivacyThreatsPosedbyAcceleratingTrendsintheInternetofThings

KevinFu,TadayoshiKohno,DanielLopresti,ElizabethMynatt,KlaraNahrstedt,ShwetakPatel,

DebraRichardson,BenZorn

Abstract:TheInternetofThings(IoT)isalreadytransformingindustries,cities,andhomes.Theeconomicvalueofthistransformationacrossallindustriesisestimatedtobetrillionsofdollarsandthesocietalimpactonenergyefficiency,health,andproductivityareenormous.Alongsidepotentialbenefitsofinterconnectedsmartdevicescomesincreasedriskandpotentialforabusewhenembeddingsensingandintelligenceintoeverydevice.OneofthecoreproblemswiththeincreasingnumberofIoTdevicesistheincreasedcomplexitythatisrequiredtooperatethemsafelyandsecurely.Thisincreasedcomplexitycreatesnewsafety,security,privacy,andusabilitychallengesfarbeyondthedifficultchallengesindividualsfacejustsecuringasingledevice.Wehighlightsomeofthenegativetrendsthatsmartdevicesandcollectionsofdevicescauseandwearguethatissuesrelatedtosecurity,physicalsafety,privacy,andusabilityaretightlyinterconnectedandsolutionsthataddressallfoursimultaneouslyareneeded.Tightsafetyandsecuritystandardsforindividualdevicesbasedonexistingtechnologyareneeded.Likewiseresearchthatdeterminesthebestwayforindividualstoconfidentlymanagecollectionsofdevicesmustguidethefuturedeploymentsofsuchsystems.

IntroductionIncreasinglyweliveinaworldofconnectedsmartdevices.This“InternetofThings”(IoT)combinesdeviceswithsensorcapabilitiesandconnectivitytothecloudandallowsthemtoleverageartificialintelligence,machinelearning,andbigdataanalytics,sometimesdramaticallyincreasingtheircapabilities.Everydayusershaveprogressedfromhavingasinglehomecomputertoavarietyofdevicesthatareeachindividuallymanaged,whichcanbedifficult.Forexample,duetoconsumersfailingtochangethedefaultpassword,manybabymonitorsallowarbitrarystrangersonthewebtoviewunsuspectingpeople’shomes.Buttheproliferation,capabilities,andinterconnectednessofsmartdevicespresentdramaticnewopportunitiesandchallengesthatrequirenewresearchandindustryapproachestomakesuchsystemssafe,secure,effective,andusable.TheproblemissoacutethattheFBIrecentlyissuedapublicserviceannouncementsuggestingconsumersshould“IsolateIoTdevicesontheirownprotectednetworks”and“...beawareofthecapabilitiesofthedevices…”whichareexpectationshighlyunlikelytobefollowedinpractice.Inthispaper,wearguethatcollectionsofsmartdevicespresentnewchallengesthatrequireagreaterunderstandingofhowpeoplecaneffectivelyusesuchsystemsandadeeperinvestmentinpoliciesandtoolsthatgiveusersconfidenceinthem.Inparticular,issuesrelatedtosecurity,physicalsafety,privacy,andusabilityaretightlyinterconnectedandsolutionsthataddressallfoursimultaneouslyareneeded.TherehavebeennumerousestimatesoftheimpactoftheInternetofThingsontheeconomy,withestimatesthatthenumberofdeployeddeviceswillbe50billionbytheyear2020andthatthetotaleconomicimpactmaybeupto10trilliondollarsby2025.Wealreadyliveinaworldofinterconnecteddevices,withnumerouscompaniesofferingsmartdevicessuchassmartthermostats,smartdoorbells,etc.Intheso-calledIndustrialInternetofThingsandSmartCitiesinitiatives,factoriesandcitieswillbecomeinfiltratedwithinterconnectedsmartdevices,withlarge

Page 2: Safety, Security, and Privacy Threats in IoT v2€¦ · related to security, physical safety, privacy ... Recent work has shown the safety hazards of simple WiFi-enabled appliance

2

projectedimprovementsinefficiencyandreliability.Forexample,hospitalshavebenefittedfromaproliferationofinterconnectedsensordevices,resultinginimprovedhealthoutcomesandlowercosts.Unfortunately,asthenumberandconnectivityofsuchdevicesincreases,thechallengeofmanagingthesecollectionsofdevicesbecomesexponentiallymoredifficult.Ifmanagingasinglehomecomputerisdifficultforanon-technicalperson,imaginewhatisneededtounderstandandcorrectlymanageanetworkofmanyinteractingdevices?Forexample,considerahypotheticalscenariowhereanAppleiPhone,aRingdoorbell,anAmazonEchoandanXboxworktogether.TheiPhoneisusedtheconfigurethemandtheEchoisusedtotoimplementvoicecommandssothat,forexample,ausercouldtellEchotoshowthevideofeedfromtheRingontheTVusingtheXbox.Anotherexamplecouldfocusonenergyusageandhomemonitoring.Smartwaterandelectricitymeterscouldcoordinatetomonitorandadjustwaterandpowerwhiledeterminingwhatpatternsofhomeactivitycorrelatetohighusage.Makingasingledevicesecureandsafeisalreadyadifficultproblem.Safetyissues,inparticular,areincreasinglyimportantforIoTsystemsastheyareusedtophysicallycontrolelectricaldeviceslikelightbulbsandheatingsystemsinbothhomesandinbusinesses.ThesafetyproblemsdiscoveredwiththeSamsungGalaxyNotesmartphonescatchingfireillustratethechallengesmakingdevicessafeevenwithoutanattackertryingtocauseharm.Makingthemsafeinthepresenceofanattackerisevenmoredifficultandrequiresrethinkinghowsuchdevicesaredesignedandtestedforsafety.TheconsequencesofhavingmanyinsecureindividualdevicesattachedtotheinternetwashighlightedrecentlywhentheMaraimalwarewasusedtocreatea380,000IoT-basedbotnetusedinamassivedistributeddenialofservice(DDOS)attack.Onlyamonthlater,amajorcyberattackharnessedtensofmillionsofmachines,includingalargenumberofIoTdevices,aimedattheInternet’sdomainnameserver(DNS)infrastructure,disruptinganumberofmajorserviceprovidersincludingTwitter,Netflix,Spotify,Airbnb,Reddit,Etsy,SoundCloudandTheNewYorkTimes.Asmoreinsecurenodesareattached,theleverageanattackergetsinusingthemincreases.Beyondtheexistingchallengesofsecuringindividualdevices,weneedtosimplifyhowpeopleinteractwithacollectionofdevicessothattheydon’thavetothinkabouteachdeviceandhowtheymightinteract.Forexample,withaniPhone,Echo,Ring,andXbox,whatinformationisbeingsharedbetweenthedevicesandwhataretheprivacypoliciesinplaceregardingwhatinformationfromaprivatehomecanbesenttothedifferentcompaniesandhowcanthisinformationbeused?Beyondprivacy,whatsecurityvulnerabilitiesdoesthisparticularcollectionofdevicescreateandwhatentityisresponsibleforinformingownersthatsuchvulnerabilitiesexist?Inmuchthesamewaythatoperatingsystemshaveevolvedtoallowindividualuserstoconfigureandmanagethem,newtechnologyisneededforuserstomoreeasilyunderstand,configure,andmanagetheircollectionsofdevices.Inthispaper,weconsidertwoscenarioswherecollectionsofdevicescreateopportunitiesandchallenges:interconnecteddevicesinasmarthomeanddevicecollectionsinhospitals.Bylookingatbothaconsumer-orientedscenarioandsafety-criticalcommercialapplications,wecanobservesimilaritiesanddifferencesintherequirementsforsuchsystems.

Page 3: Safety, Security, and Privacy Threats in IoT v2€¦ · related to security, physical safety, privacy ... Recent work has shown the safety hazards of simple WiFi-enabled appliance

3

TheInternetcartoonJoyofTech'sinterpretationofthefutureofIoT

SmartDevicesinHomesDespitetheavailabilityofmanyconnectedsolutionsforthehome,therapidgrowthofthisspacehasoutpacedsecurityandprivacyresearch,regulatoryguidelines,discussionsonlongevityandsafety,andageneralunderstandingofhowsuchsystemsreflecthumanunderstandingandmentalmodels.However,theemergenceofscalablesmarthomesystemshasthepotentialtodirectlyimpactourdailylives.Thus,wepresentasetofopportunitiesandchallengesforcomputingresearchforsmarthometechnology.Withmoreandmoreconnectedappliancesappearingonthemarket—suchasJarden’sMr.Coffee™andCrock-Pot™—newphysicalsafetyhazardsemergeduetotheabilityforsoftwaretocontrolthesehigh-poweredloads.RecentworkhasshownthesafetyhazardsofsimpleWiFi-enabledappliancemodulesandlightbulbs.Analogoustomandatedsafetymeasuressuchaselectricalcircuitbreakers,GFCIswitches,andfire-ratedwallsthatprotectconsumersfromfaultsinhomeinfrastructure,smarthometechnologiesneedasimilarlayerofprotection.JustasNationalElectric

Page 4: Safety, Security, and Privacy Threats in IoT v2€¦ · related to security, physical safety, privacy ... Recent work has shown the safety hazards of simple WiFi-enabled appliance

4

Codes(NEC)andNationalElectricalManufacturersAssociation(NEMA)existtoprovidesafetyguidelines,similarsafetyenforcementprocessesneedtoevolveforIoTappliancesinthehome.Buildingcodeswillalsoneedtoevolvetosupportemergingsmarthometechnologies.AddressingsafetyhazardsforhomeIoTdeviceswillrequireacoordinatedeffortbetweenthecomputingcommunityandtheDepartmentofHousing,FederalCommunicationsCommision(FCC),UnderwritersLaboratories(UL),andNationalInstitutesofStandardsandTechnology(NIST).Smarthometechnologies,andtheIoTingeneral,poseanewchallengeinabandonmentbymanufacturers,especiallyIoTstartupsthatmayintroduceaproductinthemarketandquicklygooutofbusinessorcompletelyabandonsupport.Thesesocalled“zombie”devicesremainonahomenetworkwithoutfuturesupportforsecurityandsafetypatches.Theserisksareproblematicfortechnologiesthatareintegratedintothehome’sinfrastructureorappliancesthatmayresideinthehomeformanyyears,creatingbothapolicyandatechnologychallenge.Thereisaneedforapproachestoeffectivelydetecttheseabandonedsystemsandmonitortheinteractionofthesedeviceswithotherplatforms.Theotherextremewouldbetorequiremanufacturerstoremotelydisablelegacydeviceswhensupportceases.SmartDevicesinHospitalsHospitals–andhealthcareingeneral–benefitgreatlyfromcomputation.Computationcanenablemoreaccurate,moreinformedpatientcareintheformofelectronicmedicalrecords.Computationenablesincreasedefficiencywithinhospitals,allowingasinglenursingstationtowirelesslymonitormanypatientsatonce.Forexample,anursingstationcouldremotely–andwirelessly–monitorthedrugpumpsdispensingdrugstoallthepatientswithintheircare.Computationevenoccursinsidepatients’bodiesintheformofwirelessimplantablemedicaldevices,likepacemakersandimplantablecardiacdefibrillators.Unfortunately,ithaslongbeenknownthatwiththeincreasedbenefitsofcomputationinhospitalsalsocomesthepotentialforpatientharmiftherearedefectsinthesystems’software.AcanonicalexampleisthatoftheTherac-25,aradiationtherapydevicefromthe1980sthatwasfoundtohaveasoftwaredefectthatcouldcausepatientstoreceiveapproximately100timestheradiationtherapythattheyweresupposedtoreceive.Thissoftwaredefect,humanfactors,andprojectmismanagementresultedinharmtopatients,andatleastseveraldeaths.Theseharmswerecausedbyaccident.Inthecybersecurityarena,wemustask:whatmightanintelligent,creativeadversarybeabletoaccomplish,andhowcanweprovideresiliencyagainstsuchanadversary.Thatadversarycanclearlycauseatleastasmuchharmasmightoccurbyaccident,andlikelymore,becausethatadversarycanforcethesystemsintotheirworst-possibleconfigurations.Moreover,duetotheincreasedpervasivenessofcomputationwithinthehealthcareenvironment,thepotentialattacksurfacetocyberadversariesisevengreatertodaythanitwasthe1980s.Acomprehensiveapproachtocybersecurityinhospitalsmustconsidereachofthecomputationaldeviceswithinthehospitals,aswellaswhatthosedevicesdependon.Forexample,cyberattacksagainstthehospital’spowerinfrastructurecouldsignificantlyimpactpatientcare.Cyberattacksagainstthehospital’swatersupplycouldalsosignificantlyimpactpatientcare.Therehavebeencaseswherehospitalservershavebeenshutdownbyransomware,therebyrequiringhealthcareproviderstoreverttopaper-basedrecords–somethingthatmanyyoungerhospitalstaffmightnotbetrainedtoworkwith.Buildingontheransomwarescenario,imaginetheimpactofevenmoremaliciousmalware,suchasmalwarethatintentionallymodifiespatientelectronicprescriptionsordosagesrecords,topossiblydangerousdrugsordruglevels.Onecansimilarlyimaginethepotentialimpactofcompromisinghospitaldevicesthatdirectlyimpactpatientcare,rangingfromcomputerizedradiationtherapydevicestothedevicesthatdoctorsusetowirelesslychangethe

Page 5: Safety, Security, and Privacy Threats in IoT v2€¦ · related to security, physical safety, privacy ... Recent work has shown the safety hazards of simple WiFi-enabled appliance

5

settingsonimplantablemedicaldevices,likepacemakersandimplantabledrugpumps.Westressthatcybersecurityisaboutriskmanagement,andthatthesetofharmsthatmightbepossibleisoftengreaterthanthesetofharmsthatarelikelytooccurinpractice.Hospitals–andhealthcareingeneral–needtobevigilantinassessingthespectrumofpotentialharmssothattheyarenotsurprisedbyunexpectedimpacts,andthenrealisticaboutassessingtheactualriskoftheseharms.Securitybestpracticesshouldbeusedwheneverpossible.Forexample,devicesshouldnotusedefaultpasswords.And,whenpossible,ifadeviceisknowntohaveacybervulnerability,thenthatdeviceshouldreceiveasoftwareupdate.

SmartHealthintheHomeTheprevioustwoscenarioscombineininterestingwayswhenoneconsiderstheincreasinguseofhealthcaretechnologiesinthehome.Whethermotivatedbysustainingolderadultswishingto“ageinplace,”theincreasinguseofwearablesensors(nowoftenwornbeforeandaftersurgicaltreatment),ortheincreasinginterestinaccountablecareandtheneedtomonitorpatients“inthewild”tohelpensuretreatmentsuccess,digitaltechnologiesareseepingoutoftraditionalhealthcareenvironmentsandfindingtheirwaytotypicalhomes.Inthisperfectstorm,wenowhavethesafetyandsecurityvulnerabilitiescombinedastwosystems(homeandhealthcare)attempttoresideinthesamephysicalsettingandlikelyonthesamewirelessnetwork.Thehomebecomesabackdoorvulnerabilitytothehospitalandvisaversa.Whatisatstake,beyondsecurity,isthedesiredrelianceondatageneratedinthehometoinformhealthcaredecisionmaking.Thisdatacouldbeparamountinhelpingolderadultsavoidthecostsofinstitutionalcare,inhelpingpatientsundergoingtreatmenttostayoutofemergencyroomswhennotneeded,andgettingtothemwhencritical,andhelpingpatientswhoseillnessincludesenvironmentaltriggers(e.g.asthma)managetheirtreatmentandbehavioronadaytodaybasis.

ImplicationsoftheScenarios

SecurityandPhysicalSafetyThemostimportantrequirementforcollectionsofdevicesisthattheyguaranteephysicalsafetyandpersonalsecurity.Whiletherehasbeenagreatdealofresearchandcommercialinvestmentinpreventingcyberattacks,protectingcollectionsofdevicespresentsnewchallengesthathavenotbeenaddressed.Inparticular,theabilityofsmartdevicestocontrolphysicalaspectsoftheenvironment(suchasthehousetemperatureorwhetheradoorislocked)createspotentialattacksonanindividual’sphysicalsafetythatrequiresevenhigherlevelsofassurancethanexistingcyberattackcountermeasures.Thedistributedandinterconnectednatureofmultiplesystemspresentindevicecollectionsalsorequiresrethinkingofthebasicconceptofsecurityandsystemmanagement.Withouttakingamulti-systemview,securitytechniqueswillbeunabletoanticipateandcountervulnerabilitiesthatarisefromincorrectconfigurationsorattacksthatexploitvulnerabilitiesinthewaythatdevicesinteractwitheachotherandwithcomputinginthecloud.Becauseinteractingdeviceshavebeenpresentinhospitalsforsometime,andbecausehospitalsaresubjecttoregulatoryframeworksthatrequirehigherlevelsofcompliance,thehospitalscenarioformanagingcollectionsofsmartdevicesisbetterunderstood.Insightsbasedonthisexperienceinclude:(a)thelife-cycleofthedevice,includinghowsoftwareisupgraded,mustbetakenintoconsideration,(b)physicalaccessibilityofdevices,includingtheabilityforanintrudertoaccessinterfacessuchasUSBportsorWifinetworks,mustbecarefullycontrolled,and(c)theregulatory

Page 6: Safety, Security, and Privacy Threats in IoT v2€¦ · related to security, physical safety, privacy ... Recent work has shown the safety hazards of simple WiFi-enabled appliance

6

frameworkaroundprivacymakesreasoningaboutwheredataiscollected,howitisshared,andwhereitisstoredverychallenging.Contrastingthetwoscenariosofdevicesinthehomeversusdevicesinahospital,wedrawseveralconclusions.First,differentdegreesofsecurityvettingandanalysisarerequiredforeachscenario.Therearealreadyregulatoryconstraintsonmedicaldevicesbuttheexplodingcomplexityandincreasingpotentialvulnerabilitiesrequirethoughtfulrevisitingofwhatlevelofcertificationisrequiredtoprovideappropriatelevelsofsecurityandsafetyassuranceforsuchapplications.TherecentnewsofsecurityvulnerabilitiesinSt.Judepacemakerdeviceshighlightsthechallengesindeterminingtherightlevelofcybersecurityassuranceneededforindividualdevicesandalsotheoverallcollectionofdevices.Likewise,hospitalswouldbemoreattractivetargetsforcoordinatedattacksakintocurrent“ransomware”attackscurrentlybeingconductedonhospitalelectronichealthrecord(EHR)systems.Second,whilehospitalsemployITprofessionalstomanagetheircollectionsofdevices,consumershavenosuchsupportbutaresubjectedtosimilarchallengingsystemcomplexity.TherecentreportfromtheCommissiononEnhancingNationalCybersecurityhighlightssimilarriskstosmallbusinessesthatcannotaffordanITstaff.Anyimprovementsinallowingindividualstounderstandandmanagesuchacollectionofdeviceswillbenefitbothscenariosbuttheconsumerscenariorequiresrethinkinghowsuchsystemscanbeexplainedintermsaccessibletoeverydayusers.

PrivacyPrivacyischallengingtounderstandandguaranteeinaworldwheremoreandmoresmartdevicescollectdata,shareit,andmonetizeit.Themodelthatsoftwareismonetizedbyadvertisingisbeingappliedatthedevicelevel.Manyfreesmartphoneappsalreadycollectdataattheuser’sexpenseandsellitinwaysthatarenotobviousorexplicittotheconsumer.Algorithmictechniquessuchasdifferentialprivacyprovidetheoreticalassurancestolimitingthepotentialimpactofdatasharing,butsuchtechniquesarerarelyusedinpracticeandasaresulttheprivacyimplicationsofincreasinglyintrusivesmartdevicesandsensorsareunknown.Thecomplexityofunderstandingtheprivacypolicyofasingleapplication,likeFacebook,canoverwhelmindividualusersandtheburdenofunderstandingsuchpoliciesforeverydeviceandapplicationbeingusedrequiresattentionandcomplexitybeyondmostpeople.Consider,then,thechallengeofunderstandingnotjustonedevicebutmanythatinteractincomplexways.Withoutnewmechanismsforexplainingwhatinformationisbeingcollectedandshared,notbyeachindividualdevice,butinaggregate,userswillbeunabletounderstandwhattheprivacyimplicationsoftheirchoicesare.Consider,forexample,buyingasmartfork(arealdevice).Howdoesaconsumerknowwhatinformationtheforkiscollecting(beyondcountingtheindividualforklifts,forexample)?Whatiftheconsumerthenbuysasmartplate?Cantheforkandplateexchangeinformation?Andifso,whatcanbeinferredfromthecombinationoftheinformationthatcan’tbedeterminedfromeitherdatasource?ConsiderforexampleanInternetTVserviceandasmartthermostat.Theuseofsmartphonestocontrolthesedevicescreatesdatatoidentifyindividualsinthehome.Thethermostatcanthenpinpointwhoiswhereinthehomeandwhen.AfewIoTdevicesinthehomecanlayoutaprettydetailedmapandtimelineofhomeactivities.InthehospitalsettingregulatorycompliancewithHIPPAandotherregulationsdetermineswhatislegalregardingdatacollectionandsharing.ThecomplexitiesofunderstandingwhetheraparticulardeviceconfigurationiscompliantreliesonthewisdomandunderstandingofITprofessionals.Asthecomplexityofdatabeingcollectedincreasesandthewaysitisusedbecomemorediverse,really

Page 7: Safety, Security, and Privacy Threats in IoT v2€¦ · related to security, physical safety, privacy ... Recent work has shown the safety hazards of simple WiFi-enabled appliance

7

understandingtheprivacyimplicationsofaparticularconfigurationislikelytochallengeeventhebest-informedITprofessionals.Beyondunderstandingprivacyimplicationsofconnecteddevicesactingastheyareintended,theimplicationsofdatabreachesonprivacyduetosecurityvulnerabilitiesincreasesthecomplexityandriskinprovidingadequateprivacyguarantees.Fortunately,advancesinstoringandoperatingonencrypteddatawilllikelyprovidetechnicalsolutionstosomeofthechallengesofpreventingdatabreaches.Nevertheless,thepresenceofmaliciousstate-sponsoredactorsattackingtheprivacyofhigh-profileindividualsgreatlyincreasesthelevelofprotectionneededtoprovideoverallconfidenceinsuchsystems.Ultimately,socialengineeringattacksandattacksbasedoninadequatehumanunderstandingofthesesystemsremainsperhapsthegreatestchallengetoovercome.

UsabilityandtheUserExperienceWehavealreadymadethecasethattheabilityforprofessionalsorconsumerstounderstandandmanagecomplexsystemscreatessignificantvulnerabilitiestosecurity,safety,andprivacy.Toattackthisproblemtherearetwoapproaches:eithersimplifythesystemssufficientlythattheycanthenbeunderstood,orbuildbetterconceptualmodelsforusersandtoolstoreducetheburden.Duetothewidespreaduseofopen-sourcesoftwareincludingLinuxincreatingmanysmartdevices,theconfigurationofmanysmartdevicesisarcaneandassumessignificantexpertisetounderstandandmanage.Simplificationscanbemadebyreducingthenumberofchoicesandexposingtheconfigurationasa“wizard”buttherearelimitstowhatcanbeeliminated.Anothersimplificationistoexplicitlydisallowdevicesfrominteractingwitheachother.Whilethisschemereducesthemanagementburdenoftheuser,italsosignificantlyreducesthepotentialvalueofthesystem.Forexample,adevicethatdeterminesthatthereisnoonepresentinahousemightwanttocommunicatewiththedevicecontrollingagaragedoortocloseit,buttheirinteractionwouldbeprevented.Asanalternative,newapproachestohelpingindividualsseethebiggerpictureoftheirentiredevicecollectionispossible.Inparticular,a“devicedashboard”mightpresentaviewofallthedevices,howeachisconfigured,andhowtheyrelate.Suchaviewcanextendfamiliarconceptsthatusershaveinmanagingindividualcomputers,suchassecurityandprivacysettings,tounderstandingtheirentirenetwork.Withsuchanaggregateview,toolsthathelpuserstracktheconfiguration,suchasindividualsoftwareupdates,andguaranteethecurrentconfigurationissecurecanbedevelopedandmarketed.Understandinghowpeoplethinkabouttechnology,theirwillingnesstoadoptit,andtheirchallengesinmaintainingitneedstobeacriticalpartofsmartdeviceresearchandpolicygoingforward.Nolevelofsoftwaresecurityissufficientifthepersonconfiguringthesystemfailstoprovideadequatepasswordsorunderstandthatthesystemismisconfigured.HistoricallythehumandimensionofdesigncouldbeoffloadedtoexpertITprofessionalsbutincreasinglythesehardusabilityproblemsneedtobehandleddirectlybyconsumers.

RecommendationsBasedonthisdiscussion,werecommendthefollowingapproachtoexpandingtheresearchagendaandpolicyagendabasedonadvancesintheInternetofThingsandadhoccollectionsofsmartdevices.Broadconclusions

Page 8: Safety, Security, and Privacy Threats in IoT v2€¦ · related to security, physical safety, privacy ... Recent work has shown the safety hazards of simple WiFi-enabled appliance

8

• Problemsofsecurity,privacyandusabilitycannotbeconsideredseparately-theyneedtobeconsideredtogetherandfederalinvestmentsshouldprioritizesolutionsthatfocusonaugmentingaperson’sabilitytounderstandandmanagecomplexsystems.

• Thepotentialforriskstophysicalsafetyrequiresthatminimumlevelsofcybersecurityassurancebedefinedandrequiredforwidespreaddevicedeployment.

• Milestonesmustbeestablishedfordeterminingthelevelofanalysisandtestingrequiredforsmartdeviceproducts(akintotargetedEPAemissionrequirements).Specificallyimprove:

• Thetransparencyofthesoftwarethedevicesarerunningforinspectionandanalysis

• Theleveloftestingandanalysisrequiredforcertification• Thelevelofhardeningofthecriticalcomponents(crypto,securecommunication,

secureupdatechannels)SecureandmanageindividualdevicesExistingeffortssuchastheCybersecurityAssuranceProgramandtheReportoftheCommissiononEnhancingNationalCybersecurityprovideguidelinesandrequirementstohelpensurethatindividualdevicesaresufficientlysecured.Beyondthecurrentinvestmentswerecommend:

• Revisingsafetyrequirementsforinternet-connectedelectricaldeviceswithanemphasisonadversarialthinking,inordertolimitthedamagethataremoteattackerwithharmfulintentisabletodo.

• Increasingtheemphasisonbuildingsoftwareandhardwarebasedonverifiedcomponents.Programverificationtechnologyisadvancingrapidlyandincreasinglycomplexsubsystems,suchascryptographicimplementationsshouldbedevelopedusingstateoftheartverificationtools.

• Increasingrequirementsforprogramanalysisandtestingtoolstocertifysoftwaredeploymentsinsmartdevices,withdifferentlevelsofanalysisrequireddependingonthedegreetowhichphysicalsafetymightbethreatenedbythedevice.

• Improvingsoftwareupdaterequirementsfordevicesthataredeployedtoallowsoftwaretobepatchedasnewvulnerabilitiesarediscovered.

• Updatingmechanismsthatareresistanttoexploitationusingstate-of-the-artencryption.• Creatingcradle-to-graverequirementsthatspecifywhathappenswhendevicesareno

longerbeingupdated,forexample,becausetothecompanyproducingthemwentoutofbusiness.

• Supportingresearchtohelpuserscorrectlymaintaintheirdevicesandsoftware.ManagingcollectionsofdevicesVerylittlehasbeenspecifiedregardingmanagingcollectionsofdevicesdespitethefactthattheyareincreasinglypresent.Asastartingpoint,werecommendthecreationof:

• Explicitsoftwarethatconsidersallthedevicesinacollectionandpresentsanoverviewofthemtoauser(devicedashboard).

• Managementtoolsthatallowtheusertounderstandandchangetheconfigurationsothatitremainssecureovertime.

• Simplificationsinthecomplexityofconfigurationmanagementthatpreventusersfromcommonerrorsthatcreatesecurityorprivacyerrors.

• Auserexperiencethatleveragesconceptsthatusersarealreadyfamiliarwithinmanagingindividualdevices.

Summary

Page 9: Safety, Security, and Privacy Threats in IoT v2€¦ · related to security, physical safety, privacy ... Recent work has shown the safety hazards of simple WiFi-enabled appliance

9

Technologyisrapidlyevolvingandhavingagreaterimpactonsocietythanithaseverhadwithsensingandintelligencestartingtobeembeddedineverydevice.Theadvancesbringsignificantbenefitstopeople,companies,andorganizations,butuntilthetechnologyisbetterunderstood,therearealsoassociatedrisks.Wehaveoutlinedsomeoftheimplicationsofthesechangesthroughadiscussionofuse-casescenariosandthedimensionsofsafety,security,andprivacy.Webelievethatchangesarehappeningwithsuchspeedandthelevelofriskanduncertaintyissufficientlyhighthatinvestmentinresearchthathelpsmitigatepotentialproblemsshouldbeprioritized.Thepotentialbenefittohumanlives,ournationalinterests,andtheeconomyissufficienttowarrantsubstantialresearchinvestmentsinmakingthetechnologyasbeneficialaspossible.Forcitationuse:FuK.,KohnoT.,LoprestiD.,MynattE.,NahrstedtK.,PatelS.,RichardsonD.,&ZornB.,(2017).Safety,Security,andPrivacyThreatsPosedbyAcceleratingTrendsintheInternetofThings.http://cra.org/ccc/resources/ccc-led-whitepapers/ThismaterialisbaseduponworksupportedbytheNationalScienceFoundationunderGrantNo.1136993.Anyopinions,findings,andconclusionsorrecommendationsexpressedinthismaterialarethoseoftheauthorsanddonotnecessarilyreflecttheviewsoftheNationalScienceFoundation.


Security, Privacy, and Safety Aspects of Civilian Drones: A Surveyusers.encs.concordia.ca/~youssef/Publications/Papers/... · 2017. 3. 29. · Security, privacy, and safety aspects

Security, Privacy, and Safety Aspects of Civilian Drones: A Surveyusers.encs.concordia.ca/~youssef/Publications/Papers/... · 2017. 3. 29. · Security, privacy, and safety aspects

Documents
Computer Security and Safety, Ethics, and Privacy

Computer Security and Safety, Ethics, and Privacy

Documents
MC-Quiz: Chapter 11 – Computer Security and Safety, Ethics, and Privacy Discovering Computers 2010

MC-Quiz: Chapter 11 – Computer Security and Safety, Ethics, and Privacy Discovering Computers 2010

Documents
Privacy & Security Training - Texas CASAtexascasa.org/.../Privacy-and-Security-Course-Companion.pdfguidelines for confidentiality, privacy, physical and information security, breach

Privacy & Security Training - Texas CASAtexascasa.org/.../Privacy-and-Security-Course-Companion.pdfguidelines for confidentiality, privacy, physical and information security, breach

Documents
TRUST, IDENTITY, PRIVACY, PROTECTION, SAFETY & SECURITY ... · TRUST, IDENTITY, PRIVACY, PROTECTION, SAFETY & SECURITY (TIPPSS) ... •A Layered View of IoT ... –Campus IT –Purchasing

TRUST, IDENTITY, PRIVACY, PROTECTION, SAFETY & SECURITY ... · TRUST, IDENTITY, PRIVACY, PROTECTION, SAFETY & SECURITY (TIPPSS) ... •A Layered View of IoT ... –Campus IT –Purchasing

Documents
Chapter 11 computer security and safety, ethics, and privacy

Chapter 11 computer security and safety, ethics, and privacy

Technology
Privacy - Introductie Beware of privacy – security fallacies ! Privacy

Privacy - Introductie Beware of privacy – security fallacies ! Privacy

Documents
HIE Security and Privacy through IHE - IHE.net€¦ · 2.3 Technical Security and Privacy controls ... HIE Security and Privacy through IHE

HIE Security and Privacy through IHE - IHE.net€¦ · 2.3 Technical Security and Privacy controls ... HIE Security and Privacy through IHE

Documents
Protecting Your Privacy: Cyberspace Security, Real World Safety

Protecting Your Privacy: Cyberspace Security, Real World Safety

Technology
1 Chapter 10 Security, Safety, Ethics, & Privacy

1 Chapter 10 Security, Safety, Ethics, & Privacy

Documents
Campus Safety, Security & Privacy - Association of College

Campus Safety, Security & Privacy - Association of College

Documents
Information Assurance Outreach. Overview Survey Results Password Security E-mail Safety Internet Privacy Social Media Privacy and Safety Technology Demonstration

Information Assurance Outreach. Overview Survey Results Password Security E-mail Safety Internet Privacy Social Media Privacy and Safety Technology Demonstration

Documents
The Microsoft Computing Safety Index 1. Background Microsoft’s objective: Quantify consumer perceptions of Internet safety, security and privacy Construct

The Microsoft Computing Safety Index 1. Background Microsoft’s objective: Quantify consumer perceptions of Internet safety, security and privacy Construct

Documents
Li Xiong CS573 Data Privacy and Security Healthcare privacy and security: Genomic data privacy

Li Xiong CS573 Data Privacy and Security Healthcare privacy and security: Genomic data privacy

Documents
CH. 5 Computer Security and Safety, Ethics and Privacy

CH. 5 Computer Security and Safety, Ethics and Privacy

Technology
IoT Security & Privacy - SentryBay - Security that works security and privacy_040715.pdfPage 3: © 2015 SentryBay Corporation / IoT Security & Privacy!!! IoT Security & Privacy The

IoT Security & Privacy - SentryBay - Security that works security and privacy_040715.pdfPage 3: © 2015 SentryBay Corporation / IoT Security & Privacy!!! IoT Security & Privacy The

Documents
Chapter 11 Computer Security and Safety, Ethics, and Privacy 1

Chapter 11 Computer Security and Safety, Ethics, and Privacy 1

Documents
Privacy and Security Work Group Draft Privacy & Security Policies & Recommendations

Privacy and Security Work Group Draft Privacy & Security Policies & Recommendations

Documents
Internet Safety - schoolwires.henry.k12.ga.us · Internet Safety. Safety and Security Issues •Inappropriate content. •Online privacy. •Cyberbullying. ... Netiquette Looking

Internet Safety - schoolwires.henry.k12.ga.us · Internet Safety. Safety and Security Issues •Inappropriate content. •Online privacy. •Cyberbullying. ... Netiquette Looking

Documents
Privacy, security and safety online - Ericsson · EriCSSON CONSUmErlaB PriVaCY, SECUriTY aND SaFETY ONliNE 3 . CONCERNS AFFECT BEHAVIOR BUT NOT USAGE ... This goes across all markets

Privacy, security and safety online - Ericsson · EriCSSON CONSUmErlaB PriVaCY, SECUriTY aND SaFETY ONliNE 3 . CONCERNS AFFECT BEHAVIOR BUT NOT USAGE ... This goes across all markets

Documents
On the Privacy, Security and Safety of Blood Pressure and ... · whether mHealth apps succeed in ensuring the privacy, security, and safety of the health data entrusted to them. We

On the Privacy, Security and Safety of Blood Pressure and ... · whether mHealth apps succeed in ensuring the privacy, security, and safety of the health data entrusted to them. We

Documents
1999 Cabletron Systems. Wireless Networking RoamAbout Security, FCC Regulations, and Safety 802.11 inherent security Wired Equivalent Privacy (WEP) FCC

1999 Cabletron Systems. Wireless Networking RoamAbout Security, FCC Regulations, and Safety 802.11 inherent security Wired Equivalent Privacy (WEP) FCC

Documents
Computer Security and Safety, Ethics & Privacy

Computer Security and Safety, Ethics & Privacy

Education
the usable security & privacy group · the usable security & privacy group. overview • framing privacy and security decisions • privacy and IoT • privacy on mobile devices

the usable security & privacy group · the usable security & privacy group. overview • framing privacy and security decisions • privacy and IoT • privacy on mobile devices

Documents
1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety

1 Scott CADZOW, C3L for i-Tour ITS – Challenges for privacy-security-safety

Documents
A holistic approach to industrial data security privacy and safety - … · 2019-10-24 · A holistic approach to industrial data security privacy and safety - The CHARIOT Project

A holistic approach to industrial data security privacy and safety - … · 2019-10-24 · A holistic approach to industrial data security privacy and safety - The CHARIOT Project

Documents
HMIS Security & Privacy Plan - sacramentostepsforward.org · HMIS PRIVACY & SECURITY PLAN Sacramento County CoC PRIVACY & SECURITY Privacy refers to the protection of the client's

HMIS Security & Privacy Plan - sacramentostepsforward.org · HMIS PRIVACY & SECURITY PLAN Sacramento County CoC PRIVACY & SECURITY Privacy refers to the protection of the client's

Documents
COMPUTER SAFETY SECURITY & PRIVACY DIGITAL LITERACY B. SIMS

COMPUTER SAFETY SECURITY & PRIVACY DIGITAL LITERACY B. SIMS

Documents
PGP & IP Security Pretty Good Privacy – PGP Pretty Good Privacy IP Security. IP Security

PGP & IP Security Pretty Good Privacy – PGP Pretty Good Privacy IP Security. IP Security

Documents
Li Xiong CS573 Data Privacy and Security Healthcare privacy and security

Li Xiong CS573 Data Privacy and Security Healthcare privacy and security

Documents