jaap-henk hoepman tno ict, groningen, the netherlands [email protected] digital security...

Jaap-Henk Hoepman

TNO ICT, Groningen, the Netherlands [email protected]

Digital Security (DS)Radboud University Nijmegen, the Netherlands

[email protected] / www.cs.ru.nl/~jhh

Privacy & The Internet of ThingsHow to keep the good

and make the bad less ugly

Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen //

Privacy and the Internet of Things5-2-2010


Privacy and the Internet of Things

Paradigm shift

5-2-2010



RFID = a lot of things.....

5-2-2010

NFC



The Internet Of Things

5-2-2010

The virtual world and the real world are no

longer seperated



Where do I come from....

5-2-2010



The good

5-2-2010

Timo Arnall : http://www.elasticspace.com/

http://www.nabaztag.com//



... and where may this all go to?

5-2-2010



The bad

5-2-2010


Privacy

Privacy concerns

xx-xx-xxxx

orwell / big brother chandler / little sister kafka / the trial



Security concerns as well

Confidentiality● Corporate espionage

Integrity● Data out of sync

Authenticity● Cloning

● Detach/swap

Availability● Jamming

● ...

5-2-2010



EC Recommendation 12-5-2009

5-2-2010

Don’t kill the Internet of Things !



How to avoid the kill and make the bad less ugly

Give people agency● RFID Guardian

● Privacy Coach

Use privacy enhancing technologies● Mutual authentication

● Conditional access

● ...

5-2-2010



Agency

5-2-2010

“Tags should not be used on people but

used by people”

former Commisioner Viviane Reding


The RFID Privacy Coach

04-12-2009


privacy preference

privacy policy

NFCenabledphone

Goal – give consumers control over RFID

http://www.privacy-coach.org


Policies? Preferences?

Example of a policy● ACME Ltd registeres the type of pasta you buy

when buy a can of peeled tomatoes

● ACME Ltd will offer discounts to people that wear a FOOBAR watch

Example of a preference● I do not want offers based on the tags I carry

(note that FOOBAR watches should give permission to ACME Ltd for reading their tags)

● I allow anonymous profiling

04-12-2009



How does it work?

04-12-2009


network independentprivacy policyprovider

tag number

tag policy

RFID tag

databasetag policies

consumerpreference



Privacy enhancing technologies

Limitations● limited resources

● no central authority

● practicalityno key search

Requirement● acknowledge lifecycle!

5-2-2010



Object-oriented model

Object owner● grants permission to

object

tag owner● grants access to tag

5-2-2010

caller



Practical authentication protocol

Symmetric key authentication● using diversified access key

Re-encryption of tag identifier t● ● ● new id becomes● tag only accepts when properly authenticated

Protection against stolen readers● Domain gets new re-encryption key for each epoch● Tag stores last seen epoch● Keep old keys for old

5-2-2010


Privacy and the Internet of Things5-2-2010

Reader Tag



Properties

No trusted hardware for tags● Each tag has different symmetric key

Reader does not have to search all keys● Diversification

Tags untraceable before/after succesful authentication● Re-encryption

Any reader can update all identifiers● Universal re-encryption ● But reader needs to know at least one access key

5-2-2010



References

IFIP WG 11.2 “Pervasive systems security”● http://www.cs.ru.nl/ifip-wg11.2/

Council – a thinktank on the IoT● http://www.theinternetofthings.eu

5-2-2010


Discussion

04-12-2009


[Monty Python’s Argument Clinic sketch]

jaap-henk hoepman tno ict, groningen, the netherlands [email protected] digital security...

Documents

internet of things nfc

rfid privacy coach slide

internet of things tags

internet of things dont

ugly slide

trial slide

seperated slide

lot of things