Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jaap-Henk Hoepman TNO ICT, Groningen, the Netherlands  Digital Security (DS) Radboud University Nijmegen, the Netherlands 

Similar presentations


Presentation on theme: "Jaap-Henk Hoepman TNO ICT, Groningen, the Netherlands  Digital Security (DS) Radboud University Nijmegen, the Netherlands "— Presentation transcript:

1 Jaap-Henk Hoepman TNO ICT, Groningen, the Netherlands  Digital Security (DS) Radboud University Nijmegen, the Netherlands  /  Privacy & The Internet of Things How to keep the good and make the bad less ugly

2 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // Privacy and the Internet of Things

3 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // Paradigm shift Privacy and the Internet of Things

4 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // RFID = a lot of things Privacy and the Internet of Things NFC

5 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // The Internet Of Things Privacy and the Internet of Things The virtual world and the real world are no longer seperated

6 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // Where do I come from Privacy and the Internet of Things

7 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // The good Privacy and the Internet of Things Timo Arnall :

8 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen //... and where may this all go to? Privacy and the Internet of Things

9 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // The bad Privacy and the Internet of Things

10 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // Privacy concerns xx-xx-xxxxPrivacy orwell / big brother chandler / little sister kafka / the trial

11 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // Security concerns as well Confidentiality ● Corporate espionage Integrity ● Data out of sync Authenticity ● Cloning ● Detach/swap Availability ● Jamming ● Privacy and the Internet of Things

12 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // EC Recommendation Privacy and the Internet of Things Don’t kill the Internet of Things !

13 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // How to avoid the kill and make the bad less ugly Give people agency ● RFID Guardian ● Privacy Coach Use privacy enhancing technologies ● Mutual authentication ● Conditional access ● Privacy and the Internet of Things

14 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // Agency Privacy and the Internet of Things “Tags should not be used on people but used by people” former Commisioner Viviane Reding

15 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // The RFID Privacy Coach The RFID Privacy Coach privacy preference privacy policy NFC enabled phone Goal – give consumers control over RFID

16 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // Policies? Preferences? Example of a policy ● ACME Ltd registeres the type of pasta you buy when buy a can of peeled tomatoes ● ACME Ltd will offer discounts to people that wear a FOOBAR watch Example of a preference ● I do not want offers based on the tags I carry  (note that FOOBAR watches should give permission to ACME Ltd for reading their tags) ● I allow anonymous profiling The RFID Privacy Coach

17 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // How does it work? The RFID Privacy Coach network independent privacy policy provider tag number tag policy RFID tag database tag policies consumer preference

18 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // Privacy enhancing technologies Limitations ● limited resources ● no central authority ● practicality  no key search Requirement ● acknowledge lifecycle! Privacy and the Internet of Things

19 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // Object-oriented model Object owner ● grants permission to object tag owner ● grants access to tag Privacy and the Internet of Things caller

20 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // Practical authentication protocol Symmetric key authentication ● using diversified access key Re-encryption of tag identifier t ● ● new id becomes ● tag only accepts when properly authenticated Protection against stolen readers ● Domain gets new re-encryption key for each epoch ● Tag stores last seen epoch ● Keep old keys for old Privacy and the Internet of Things

21 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // Privacy and the Internet of Things Reader Tag

22 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // Properties No trusted hardware for tags ● Each tag has different symmetric key Reader does not have to search all keys ● Diversification Tags untraceable before/after succesful authentication ● Re-encryption Any reader can update all identifiers ● Universal re-encryption ● But reader needs to know at least one access key Privacy and the Internet of Things

23 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // References IFIP WG 11.2 “Pervasive systems security” ● Council – a thinktank on the IoT ● Privacy and the Internet of Things

24 Jaap-Henk Hoepman // TNO ICT / Radboud University Nijmegen // Discussion The RFID Privacy Coach [Monty Python’s Argument Clinic sketch]


Download ppt "Jaap-Henk Hoepman TNO ICT, Groningen, the Netherlands  Digital Security (DS) Radboud University Nijmegen, the Netherlands "

Similar presentations


Ads by Google