meetup 4/10/2016 - het iot platform van de stad en security
TRANSCRIPT
CONFIDENTIAL – INTERNAL USE
SERVICES & RECOMMENDATIONS ABOUT SECURITY, PRIVACY & ETHICS THOMAS KALLSTENIUS, PROGRAM DIRECTOR DISTRIBUTED TRUST
ACKNOWLEDGEMENTS: GUNES ACAR (IMEC– COSIC, KULEUVEN) & ROB HEYMAN (IMEC-SMIT, VUB)
04.10.2016
CONFIDENTIAL – INTERNAL USE
CONFIDENTIAL – INTERNAL USE
Antwerp without traffic police?
CONFIDENTIAL – INTERNAL USE
CONFIDENTIAL – INTERNAL USE
Everything Connected1
Distributed Trust2
Distributed Intelligence3
CONFIDENTIAL – INTERNAL USE
Distributed Trust2
Advanced Encryption Standard
(AES)
CONFIDENTIAL – INTERNAL USE
Homomorphic Encryption for Trusted Cloud Solutions
CONFIDENTIAL – INTERNAL USE
Cryptography for IoT
• Elliptic curve cryptography
• one point multiplication <5µJ
• Based on optimized HW and SW co-design
CONFIDENTIAL – INTERNAL USE
Physical UnclonableFunctions
RF DISTANCE BOUNDING
RF DISTANCE BOUNDING
imec’s group COSIC has developed improved RF distance bounding protocolsWith Secure localization and Key management schemes (pairing protocols)
CONFIDENTIAL – INTERNAL USE
Dynamic Policies for Shared Cyber-Physical Infrastructures under Attack
CONFIDENTIAL – INTERNAL USE
Flagship projectCity of Things
• IoT reference living lab and technology lab in Europe
• for international and local stakeholders
• to create, test and validate IoT services, applications and technologies
• in a large scale, real life and real time smart city environment
CONFIDENTIAL – INTERNAL USE
integrating smart city sensors
100 multi-technologygateways
CONFIDENTIAL – INTERNAL USE
CITY OF THINGS: THREE LAYERS
Network-layerDeploying a city-wide network
connecting multiple wireless technologies
Data layerProviding an open data platform with a
real-time view on the city
Business layerLiving lab and analytics infrastructure
for evidence-based innovation
CONFIDENTIAL – INTERNAL USE
• City of Things
City of Privacy
CONFIDENTIAL – INTERNAL USE
“”
18
PRIVACY IS SECRECY FOR THE BENEFIT OF THE INDIVIDUAL WHILE CONFIDENTIALITY IS SECRECY FOR THE BENEFIT OF THE ORGANIZATION
- Ross Anderson, 2008
CONFIDENTIAL – INTERNAL USE
PRIVACY MODEL FOR COT USERSMARTÍNEZ-BALLESTÉ ET AL.’S 5-DIMENSIONAL PRIVACY MODEL
CONFIDENTIAL – INTERNAL USE
RE-IDENTIFICATION ATTACKS
“… 87% (216 million of 248 million) of the population in the United States had reported characteristics that likely made them unique based only on {5-digit ZIP, gender, date of birth}”
- L. Sweeney, 2000.Based the 1990 US Census summary Data
CONFIDENTIAL – INTERNAL USE
Every combination of quasi-identifiers should be shared by at least k respondentsExample. 3-anonymous table
1. PRIVACY-PRESERVING DATA PUBLISHING (PPDP) K-ANONYMITY
CONFIDENTIAL – INTERNAL USE
HOMOGENEITY ATTACKAGAINST K-ANONYMITY
Alice was born in September 1953 and her ZIP code is 2010 → She has lung cancer
CONFIDENTIAL – INTERNAL USE
BACKGROUND KNOWLEDGE ATTACKAGAINST K-ANONYMITY
Bob was born in July 1960, his ZIP code is 2001 & runs every day → He has Hepatitis A
CONFIDENTIAL – INTERNAL USE
1. PRIVACY-PRESERVING DATA PUBLISHING (PPDP) L-DIVERSITY
Each equivalence class (same quasi-identifiers) must be associated with at least L distinct values for a sensitive attribute. Example 4-anonymous, 3-diverse table
CONFIDENTIAL – INTERNAL USE
4. SKEWNESS ATTACK AGAINST L-DIVERSITY
Alice was born in September 1953 and her ZIP code is 2010 → She has HIV with 50% probability
CONFIDENTIAL – INTERNAL USE
Requires the distribution of a sensitive attribute in any equivalence class to be close to the distribution of the attribute in the overall table
1. PRIVACY-PRESERVING DATA PUBLISHING (PPDP) T-CLOSENESS
CONFIDENTIAL – INTERNAL USE
LOCATION PRIVACY ATTACKS
3 months of credit card records 1.1 million people 4 spatiotemporal points are enough to uniquely reidentify90% of individuals.- de Montjoye et al, 2015.
CONFIDENTIAL – INTERNAL USE
5. LOCATION PRIVACY ATTACKSTHE WEALTHY & WOMEN ARE MOST AT RISK
Reference: de Montjoye et al, 2015
CONFIDENTIAL – INTERNAL USE
“”
29
IT TAKES 20 YEARS TO BUILD A REPUTATION AND FIVE MINUTES TO RUIN IT. IF YOU THINK ABOUT THAT, YOU'LL DO THINGS DIFFERENTLY ..
WARREN BUFFET, American business magnate, investor and philanthropist