Security and Privacy in IoT Challenges to be won

Transcription

1 Security and Privacy in IoT Challenges to be won Enrico Del Re University of Florence and CNIT Italy June 16-18, 2015 CHIST-ERA Conference

2 FROM WHERE WE START.. June 16-18, 2015 CHIST-ERA Conference

3 ICT-related activities in Horizon an Overview June 16-18, 2015 CHIST-ERA Conference

4 ICT-related activities in Horizon2020 June 16-18, 2015 CHIST-ERA Conference

5 IEEE ComSoc Vision of the future top technologies 5G Fiber everywhere Virtualization, SDN & NFV Everywhere connectivity for IoT and IoE Cognitive networks, Big data Cybersecurity Green communications Smarter smartphones and connected devices Network neutrality, Internet governance Molecular communications June 16-18, 2015 CHIST-ERA Conference

6 IEEE CompSoc Vision of the future top technologies June 16-18, 2015 CHIST-ERA Conference

7 Cloud Computing and Internet of Things Assumption that the recent steady advances in microelectronics, communications and information technology will continue into the foreseeable future CC and IoT potentially can provide breakthroughs and enormous benefits to the society and persons (e.g. e-health applications and services to disabled and elderly people, environment control and security, ) However, technical flaws and threats of intrusions might significantly lower the benefits of the new developments. Traditional protection techniques are insufficient to guarantee users security and privacy within the future framework Users not trusting in the new technologies could refuse partially or totally the new services Or, worse, they could become the new future slaves of a few big players June 16-18, 2015 CHIST-ERA Conference

8 Some Security threats in IoT cloning of smart things by untrusted manufacturers malicious substitution of smart things during installation firmware replacement attack extraction of security parameters since smart things may be physically unprotected eavesdropping attack if the communication channel is not adequately protected man-in-the-middle attack during key exchange routing attacks denial-of-service attacks privacy threats June 16-18, 2015 CHIST-ERA Conference

9 Some EU Statements on IoT Security and Privacy Design from the start to meet: The right of deletion The right to be forgotten Data portability Privacy and data protection principles with two general principles The IoT shall not violate human identity, human integrity, human rights, privacy or individual or public liberties. Individuals shall remain in control of their personal data generated or processed within the IoT, except where this would conflict with the previous principle. June 16-18, 2015 CHIST-ERA Conference

10 Trustworthy user-centric IoT Widely acknowledged need to guarantee both technically and regulatory the neutrality of the future internet All aspects of security and privacy of the user data must be under the control of their original owner by means of as simple and efficient technical solutions as possible (user-controlled security) This challenging technical approach is not the only problem Different security and privacy applicable laws in different countries Different (i.e. opposite) business views from big players A fundamental and unbiased (i.e. public) research action on this topic is necessary built on a holistic view for all IoT elements at all stages Last but not least, user and social involvement since the beginning for two main reasons: Final users education and awareness of their IoT rights Technical solutions to satisfy shared and agreed objectives June 16-18, 2015 CHIST-ERA Conference

11 Information-centric security Shift from protecting data from the outside (system and applications which use the data) to protecting data from within Put intelligence in the data itself Data needs to be self-describing and defending, regardless of the environment Data needs to be encrypted and packaged with a usage policy When accessed, data should consult its policy and attempt to re-create a secure environment using virtualization and reveal itself only if the environment is verified as trustworthy Information-centric security is a natural extension of the trend toward finer, stronger, and more usable data protection R. Chow, et al., Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control, ACM CCSW 09, 2009 June 16-18, 2015 CHIST-ERA Conference

12 .LOOKING FORWARD. June 16-18, 2015 CHIST-ERA Conference

13 Security challenges Secure Communication: Message Security How to protect messages confidentiality and integrity? Lightweight IPsec, Lightweight DTLS, IEEE Security Secure Network: Intrusion Detection How to protect nets from attacks? new Intrusion Detection Systems (IDSs) Secure Device: Data Security How to securely store data? combining secure storage and communication for IP6LoWPAN networks June 16-18, 2015 CHIST-ERA Conference

14 Encryption Lightweight crypthography efficiency of E2E communication applicability to low resource devices Homomorphic encryption processing carried out on cyphertext, generating an encrypted result that, when decrypted, gives the result of operations performed on the plaintext. Quantum cryptography Optical networks Physical layer cryptography Signature of the wireless channel (including noise) June 16-18, 2015 CHIST-ERA Conference

15 Information and media authentication IoT will be more and more populated with contents directly generated by the users, according to a typical peer-to-peer communication paradigm. The ease with which false information can be diffused on the web increases doubt on the validity of the information gathered on-line as an accurate and trustworthy representation of reality visual signals are the preferred means to get access to information immediacy supposed objectivity But can we trust visual data? manipulation of visual data is becoming common Examples in several fields: propaganda, gossip, fashion June 16-18, 2015 CHIST-ERA Conference

16 Multimedia Forensics It aims at extracting important information on the history of audio-visual contents Idea: inherent traces (like digital fingerprints or footprints) are left behind in a digital media during creation phase and any further successive processing These digital traces are extracted for understanding the history of digital content 2D-3D data protection and anticounterfeiting (watermarking) June 16-18, 2015 CHIST-ERA Conference

17 Necessary Breakthroughs Information retrieval and data mining in a big data scenario contextual and semantic information to help media authentication in the extreme heterogeneity of the data available on the web Social studies what impact on society of counterfeited information in the web and mechanisms to minimize such an impact Social computing social authentication model: technological tools with social computing mechanisms together for information verification Legal aspects Ideally same regulations along the whole web June 16-18, 2015 CHIST-ERA Conference

18 Thank you for your attention June 16-18, 2015 CHIST-ERA Conference