iot: security and privacyiot.stanford.edu/retreat15/sitp15-crypto.pdf · today: stores lots of...
TRANSCRIPT
![Page 1: IoT: Security and Privacyiot.stanford.edu/retreat15/sitp15-crypto.pdf · Today: stores lots of (IoT) data in the clear • A good target for attacks/subpoenas • Some users will](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa9215516e17328fa621c0c/html5/thumbnails/1.jpg)
IoT: Security and Privacy
Dan Boneh
Stanford University
![Page 2: IoT: Security and Privacyiot.stanford.edu/retreat15/sitp15-crypto.pdf · Today: stores lots of (IoT) data in the clear • A good target for attacks/subpoenas • Some users will](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa9215516e17328fa621c0c/html5/thumbnails/2.jpg)
Private discovery via secret handshakes
CA attributes XAttributes Y
Cert on attr. XCert on attr. Y
only want to talk to devices s.t. P(Y) = 1
only want to talk to devices s.t. Q(X) = 1
problem: neither side wants to reveal its attributes
key k only if P(Y)=1 key k only if Q(X) = 1key confirmation
secret handshake protocol
![Page 3: IoT: Security and Privacyiot.stanford.edu/retreat15/sitp15-crypto.pdf · Today: stores lots of (IoT) data in the clear • A good target for attacks/subpoenas • Some users will](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa9215516e17328fa621c0c/html5/thumbnails/3.jpg)
IoT Data Collection
Wearables
Home
Mobile devices
Data analysis for:• Visualization• Personalization• Recommendation
Analysis of single user data:• on premise
![Page 4: IoT: Security and Privacyiot.stanford.edu/retreat15/sitp15-crypto.pdf · Today: stores lots of (IoT) data in the clear • A good target for attacks/subpoenas • Some users will](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa9215516e17328fa621c0c/html5/thumbnails/4.jpg)
Analyzing data from multiple users?
Cloud
Why?• Build model of user behavior• Use for recommendations,
warnings, reputation
Social games• Who walked the most today• Who used the least energy
Cleartext data
analysis results
![Page 5: IoT: Security and Privacyiot.stanford.edu/retreat15/sitp15-crypto.pdf · Today: stores lots of (IoT) data in the clear • A good target for attacks/subpoenas • Some users will](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa9215516e17328fa621c0c/html5/thumbnails/5.jpg)
The Cloud
Today: stores lots of (IoT) data in the clear• A good target for attacks/subpoenas• Some users will not use (context specific data)
Ideal solution:
• Provide same services (recommendations, personalization)… but without ever seeing user data in the clear
Can an IoT cloud provide services without seeing data in the clear?
![Page 6: IoT: Security and Privacyiot.stanford.edu/retreat15/sitp15-crypto.pdf · Today: stores lots of (IoT) data in the clear • A good target for attacks/subpoenas • Some users will](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa9215516e17328fa621c0c/html5/thumbnails/6.jpg)
An example: counting rare events [MNB’15]
How many are infected with a specific malware?Typical answer: <100 out of 109 phones
0 0 0 0 1 0 0
![Page 7: IoT: Security and Privacyiot.stanford.edu/retreat15/sitp15-crypto.pdf · Today: stores lots of (IoT) data in the clear • A good target for attacks/subpoenas • Some users will](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa9215516e17328fa621c0c/html5/thumbnails/7.jpg)
An example: counting rare events [MNB’15]
How many are infected with a specific malware?Typical answer: <100 out of 109 phones
0 0 0 0 1 0 0
![Page 8: IoT: Security and Privacyiot.stanford.edu/retreat15/sitp15-crypto.pdf · Today: stores lots of (IoT) data in the clear • A good target for attacks/subpoenas • Some users will](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa9215516e17328fa621c0c/html5/thumbnails/8.jpg)
An example: counting rare events [MNB’15]
How many are infected with a specific malware?Typical answer: <100 out of 109 phones
0 0 0 0 1 0 0
∑bi
(and nothing else)
![Page 9: IoT: Security and Privacyiot.stanford.edu/retreat15/sitp15-crypto.pdf · Today: stores lots of (IoT) data in the clear • A good target for attacks/subpoenas • Some users will](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa9215516e17328fa621c0c/html5/thumbnails/9.jpg)
More generally: keep data on IoT device
Result (but nothing else)
Current work: implemen4ng secure computa4on with millions of devices
x1
x2
x3 x4
x5
![Page 10: IoT: Security and Privacyiot.stanford.edu/retreat15/sitp15-crypto.pdf · Today: stores lots of (IoT) data in the clear • A good target for attacks/subpoenas • Some users will](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa9215516e17328fa621c0c/html5/thumbnails/10.jpg)
Improved efficiency with non-colluding clouds
Result (but nothing else)
Example: simple protocols for counting rare events
Is this a reasonable assumption?
![Page 11: IoT: Security and Privacyiot.stanford.edu/retreat15/sitp15-crypto.pdf · Today: stores lots of (IoT) data in the clear • A good target for attacks/subpoenas • Some users will](https://reader033.vdocument.in/reader033/viewer/2022043012/5fa9215516e17328fa621c0c/html5/thumbnails/11.jpg)
THE END