1. ITU K ALEIDOSCOPE 2013 October 18, 2012 G RIFFIN – A PRIL 2013 IEEE Global Communications 2015 Conference IoTAAL Workshop - Sunday, December 6, 2015 Security for Ambient Assisted Living Phillip H. Griffin Griffin Information Security

2. State of Things IoTAAL Workshop IoT Ambient Assisted Living Landscape G RIFFIN – December 2015 2 — Assisted home care needs: growing populations of elderly, disabled — Few AAL research projects consider security and privacy aspects — Universal Access through user choice of authentication method — Biometric options can enable access for elderly and disabled users — Mutual and multifactor authentication using biometrics IEEE GLOBECOM 2015

3. Something More IoTAAL Workshop Biometric authentication: Something-You-Are G RIFFIN – December 2015 3 — Sensor collects sample to enroll user in biometric system — Data extracted from sample to create biometric reference template — Uniquely Identifiable template stored for later user matching — Sensor can collect knowledge and biometric data — Extracted biometric knowledge: a shared “weak secret” — Secret drives Authenticated Key Exchange (AKE) protocol Biometric sensor data can also contain Something-You-Know IEEE GLOBECOM 2015 Tagged IoT objects can be Something-You-Have — People can be associated with physical objects — RFID tags can be bound to biometric reference templates

4. Something You Know IoTAAL Workshop Biometric-AKE | Password Authenticated Key Exchange AKE - Strong cryptographic protection of communications G RIFFIN – December 2015 4 — Mutual authentication using shared knowledge (No PKI overhead) — Key Establishment, not Key Exchange (Diffie-Hellman key agreement) — Defeats Man-In-The-Middle, Phishing (Weak secret not revealed) — Perfect Forward Secrecy (Key compromise contained) IEEE GLOBECOM 2015

5. Something You Have IoTAAL Workshop A physical object: Something-You-Have authentication factor G RIFFIN – December 2015 5 — Traditionally, these objects have been issued by an authority: drivers license, payment card, passport, ID badge,... — In the Internet of Things (IoT) objects might be a door, car, appliance, … — An object with an embedded RFID can be uniquely identified — IoT objects can be ‘possessed’ by more than one person (shared objects) — Individuals can be associated with physical objects by cryptographically binding object’s tag ID to their biometric template using a digital signature IEEE GLOBECOM 2015

6. Deeper Dive IoTAAL Workshop Griffin, P. (2015). Security for Ambient Assisted Living. IEEE Global Communications (GLOBECOM) 2015 - IoT Ambient Assisted Living (IoTAAL) Workshop. Retrieved November 11, 2015, from http://phillipgriffin.com/whitepapers/IoTAAL2015.pdfhttp://phillipgriffin.com/whitepapers/IoTAAL2015.pdf Griffin, P. (2014). Telebiometric authentication objects. Complex Adaptive Systems 2014 Proceedings. Procedia Computer Science, 36, 393-400. Retrieved November 11, 2015, from http://www.sciencedirect.com/science/article/pii/S1877050914012605http://www.sciencedirect.com/science/article/pii/S1877050914012605 6 G RIFFIN – December 2015 IEEE GLOBECOM 2015 Griffin, P. (2015). Biometric Knowledge Extraction for Multi-Factor Authentication and Key Exchange. Complex Adaptive Systems 2015 Proceedings. Procedia Computer Science, 61, 66-71. Retrieved November 11, 2015, from http://www.sciencedirect.com/science/article/pii/S1877050915029804 http://www.sciencedirect.com/science/article/pii/S1877050915029804 ITU-T X.1035: Password-authenticated key exchange (PAK) protocol (2007). Retrieved November 11, 2015, from http://www.itu.int/rec/T-REC-X.1035/enhttp://www.itu.int/rec/T-REC-X.1035/en X9.73 Cryptographic Message Syntax – ASN.1 and XML. American National Standards Institute. X9.84 Biometric Information Management and Security. American National Standards Institute. ISO/IEC 24824-4 | ITU-T X.cms (Draft)

7. G RIFFIN – A PRIL 2013 Questions? IoTAAL Workshop phil@phillipgriffin.com+1 919 622 7049Skype: phil.griffin