unexpected and complex implications of the internet of everything ( ioe )
DESCRIPTION
Unexpected and Complex Implications of the Internet of Everything ( IoE ). Jeff Stollman Secure Identity Consulting. Agenda. Defining Terms Promise and Implications Issues Prompted by IoT Legal Perspective Q&A. Defining terms. What is it?. SCADA. Netbooks. Servers. Smart Phones. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/1.jpg)
IIW | 06 May 2014
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014
Jeff StollmanSecure Identity Consulting
Unexpected and Complex Implications of the
Internet of Everything (IoE)
![Page 2: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/2.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
Agenda Defining Terms Promise and Implications Issues Prompted by IoT Legal Perspective Q&A
![Page 3: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/3.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
DEFINING TERMS
![Page 4: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/4.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
What is it?
Internet of Things
Internet of EverythingSe
nsor
Net
wor
ksSmart Appliances
ServersNetbooks
Smart P
hone
s
Industrial Controllers
SCADA
Databa
ses
![Page 5: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/5.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
Definition
The Internet of Everything is:
ANY device that is connected to a network.
![Page 6: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/6.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
Constituent Devices
1. SENSOR 2. PROCESSOR 3. ACTUATOR
4. Combinations of the above
![Page 7: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/7.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
IoE is a superset
Traditional IT SCADA devices New Smart devices
IoE
![Page 8: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/8.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
PROMISE AND IMPLICATIONSUse Cases
![Page 9: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/9.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
The Promise
![Page 10: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/10.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
Use Case: Home Appliances – Security and Privacy
Who is ordering your perishables?
![Page 11: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/11.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
Use Case: Irrigation & Flood Control - Security
Who is ensuring data integrity?
![Page 12: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/12.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
Use Case: Farming – Information Ownership
Who owns the data you collect?
![Page 13: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/13.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
Use Case: Automotive Management – Privacy and Liability
Who is controlling your vehicle?
![Page 14: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/14.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
Use Case: Electric Vehicle Recharging Systems – Security and Liability
Who is paying for power from your outlet?
![Page 15: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/15.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
Use Case: Smart Packaging – Privacy and Liability
Who can learn what drugs you are taking?
![Page 16: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/16.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
Use Case: Physical Security – Privacy
Does privacy exist anymore?
![Page 17: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/17.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
Use Case: Electrical Grid – Security and LIability
Who is managing your power?
![Page 18: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/18.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
ISSUES PROMPTED BY IOT
![Page 19: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/19.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
IoT prompts several areas of concern Security
- Security issues of IoT are not new, but new solutions will be required. Privacy
Privacy issues of IoT are not new, but new solutions will be required. Ownership
- Device ownership enters a new gray area.- Data ownership represents a brave new world of possibility.
Liability- Liability, as well, opens up a Pandora’s box of complex issues.
![Page 20: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/20.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
Security Questions1. As traditional enterprise perimeters disintegrate into a web of devices, how do we
secure devices1. From an adversary manipulating sensor input data ?
1. E.g., holding a lighter below an outdoor temperature sensor that triggers an emergency response)
2. While this could happen today, I submit that the additional layer of abstraction provided by the IoT may prompt less scrutiny of physical security and increase the vulnerability of such systems.
2. From an adversary manipulating output from a sensor or input to a processor?1. E.g., dividing the output from sensors on a harvester in half to create the
impression of a bad crop, causing commodity prices to rise2. compromising the video feed from a surveillance camera during a burglary 3. or the altimeter in an airplane to cause it to crash
3. From an adversary compromising the instruction code in the processor1. E.g., changing the rule that prompts an alarm to take no action instead
4. From an adversary compromising the instruction feed from the processor or the input feed to the actuator
1. E.g., dividing the changing ON to OFF or a LOW setting to HIGH
![Page 21: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/21.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
Security Questions cont’d.
2. Who is responsible for controlling access to the data?2. At rest -- on the device3. In transit -- between devices
3. Who is responsible for allowing a “man-in-the-middle” attack when there is no perimeter?
![Page 22: Unexpected and Complex Implications of the Internet of Everything ( IoE )](https://reader036.vdocuments.us/reader036/viewer/2022062301/5681610d550346895dd0622a/html5/thumbnails/22.jpg)
Secure Identity Consulting
© Copyright Secure Identity Consulting 2014European Identity and Cloud Conference | 15 May, 2014
Practical Questions1. Will all devices need enough intelligence to manage their own access control?
1. Will all devices need to be servers to do so?
2. If devices have enough intelligence (i.e., processing power and storage) to manage access control, will they also have enough processing power and storage to be victims of malware and/or hacking?
3. Once enough devices are deployed to be of interest to adversaries (e.g., malware and hack publishers), will the burden of managing access to devices outweigh the benefits to be gained from them?