trust by design: the internet of things · security and privacy of smart -home devices and services...
TRANSCRIPT
![Page 1: Trust by Design: The Internet of Things · Security and privacy of smart -home devices and services Trust by Design: The Internet of Things Kevin G. Chege ISOC African Chapters Workshop](https://reader034.vdocument.in/reader034/viewer/2022052006/601a1ad98294590519448f3c/html5/thumbnails/1.jpg)
Security and privacy of smart-homedevices and services
Trust by Design: The Internet of Things
Kevin G. Chege
ISOC
African Chapters WorkshopAddis Ababa, 2018
![Page 2: Trust by Design: The Internet of Things · Security and privacy of smart -home devices and services Trust by Design: The Internet of Things Kevin G. Chege ISOC African Chapters Workshop](https://reader034.vdocument.in/reader034/viewer/2022052006/601a1ad98294590519448f3c/html5/thumbnails/2.jpg)
The number of IoT devices and systemsconnected to the Internet will be more than2.5x the global populationby 2020 (Gartner).
![Page 3: Trust by Design: The Internet of Things · Security and privacy of smart -home devices and services Trust by Design: The Internet of Things Kevin G. Chege ISOC African Chapters Workshop](https://reader034.vdocument.in/reader034/viewer/2022052006/601a1ad98294590519448f3c/html5/thumbnails/3.jpg)
As more and more devices are connected, privacy and security risks increase.
And most consumers don’t even know it.
![Page 4: Trust by Design: The Internet of Things · Security and privacy of smart -home devices and services Trust by Design: The Internet of Things Kevin G. Chege ISOC African Chapters Workshop](https://reader034.vdocument.in/reader034/viewer/2022052006/601a1ad98294590519448f3c/html5/thumbnails/4.jpg)
New devices, new vulnerabilities
4
• Device Cost/Size/Functionality
• Volume of identical devices (homogeneity)
• Long service life (often extending far beyond supported lifetime)
• No or limited upgradability or patching• Physical security vulnerabilities
• Access
• Limited user interfaces (UI)
• Limited visibility into, or control over, internal workings
• Embedded devices
• Unintended uses• BYOIoT
The attributes of many IoT devices present new and unique security challenges compared to traditional computing systems.
![Page 5: Trust by Design: The Internet of Things · Security and privacy of smart -home devices and services Trust by Design: The Internet of Things Kevin G. Chege ISOC African Chapters Workshop](https://reader034.vdocument.in/reader034/viewer/2022052006/601a1ad98294590519448f3c/html5/thumbnails/5.jpg)
What type of risks?
Unlocking doors, turning on cameras, shutting down critical systems and theft of personal property.
People’s safety or the safety of their family might even be at risk.
Large IoT-based attacks, such as the Mirai botnet in 2016, have crippled global access to high-profile Internet services for several hours.
2
![Page 6: Trust by Design: The Internet of Things · Security and privacy of smart -home devices and services Trust by Design: The Internet of Things Kevin G. Chege ISOC African Chapters Workshop](https://reader034.vdocument.in/reader034/viewer/2022052006/601a1ad98294590519448f3c/html5/thumbnails/6.jpg)
A connected world offers the promise of convenience, efficiency and insight, but creates a
platform for shared risk.
Many of today’s IoT devices are rushed to market with little consideration for basic security and
privacy protections.
The challenges we face
![Page 7: Trust by Design: The Internet of Things · Security and privacy of smart -home devices and services Trust by Design: The Internet of Things Kevin G. Chege ISOC African Chapters Workshop](https://reader034.vdocument.in/reader034/viewer/2022052006/601a1ad98294590519448f3c/html5/thumbnails/7.jpg)
Who is responsible?
Developers and users of IoT devices and systems have a collective obligation to ensure they do not expose others and the Internet itself to potential harm.
We need a collective approach, addressing security challenges on all fronts.
7
![Page 8: Trust by Design: The Internet of Things · Security and privacy of smart -home devices and services Trust by Design: The Internet of Things Kevin G. Chege ISOC African Chapters Workshop](https://reader034.vdocument.in/reader034/viewer/2022052006/601a1ad98294590519448f3c/html5/thumbnails/8.jpg)
• We want manufacturers and suppliers of consumer IoT devices and services to adopt security and privacy guidelinesto protect the Internet and consumers from cyber threats.
• We want to educate users on the importance of secure IoTdevices and work with stakeholders involved in technology and security to better inform their communities on IoT.
The Internet Society is working for a better Internet.
![Page 9: Trust by Design: The Internet of Things · Security and privacy of smart -home devices and services Trust by Design: The Internet of Things Kevin G. Chege ISOC African Chapters Workshop](https://reader034.vdocument.in/reader034/viewer/2022052006/601a1ad98294590519448f3c/html5/thumbnails/9.jpg)
IoT Trust by Design
Work with manufacturers and suppliers to adopt and implement
the OTA IoT Trust Framework
Mobilize consumers to drive demand for security and privacy
capabilities as a market differentiator
Encourage policy and regulations to push for better security and
privacy features in IoT
9
![Page 10: Trust by Design: The Internet of Things · Security and privacy of smart -home devices and services Trust by Design: The Internet of Things Kevin G. Chege ISOC African Chapters Workshop](https://reader034.vdocument.in/reader034/viewer/2022052006/601a1ad98294590519448f3c/html5/thumbnails/10.jpg)
Online Trust Alliance (OTA) IoT Trust Framework
• Provides a set of actions and principles to raise the level of security for IoT devices and related services to protect consumers and the privacy of their data
• More than 100+ stakeholders from industry, government and consumer advocates contributed to the Framework
• Stands apart from other IoT-related Frameworks with its comprehensive focus on security, privacy and lifecycle issues, as well as a holistic view of the entire system
10
https://otalliance.org/iot/
![Page 11: Trust by Design: The Internet of Things · Security and privacy of smart -home devices and services Trust by Design: The Internet of Things Kevin G. Chege ISOC African Chapters Workshop](https://reader034.vdocument.in/reader034/viewer/2022052006/601a1ad98294590519448f3c/html5/thumbnails/11.jpg)
Actionable principles in the Guidelines in eight categories for manufacturers, developers and
service providers
Authentication
11
CommunicationsControlDisclosuresPrivacy
UpdatesSecurityEncryption
![Page 12: Trust by Design: The Internet of Things · Security and privacy of smart -home devices and services Trust by Design: The Internet of Things Kevin G. Chege ISOC African Chapters Workshop](https://reader034.vdocument.in/reader034/viewer/2022052006/601a1ad98294590519448f3c/html5/thumbnails/12.jpg)
IoT Framework Principles: It is a collective responsibility
IoT vendors and their supply chain
12
Distribution channels
Policymakers and governments
Consumer testing and product
review organizations
Consumers and enterprises
![Page 13: Trust by Design: The Internet of Things · Security and privacy of smart -home devices and services Trust by Design: The Internet of Things Kevin G. Chege ISOC African Chapters Workshop](https://reader034.vdocument.in/reader034/viewer/2022052006/601a1ad98294590519448f3c/html5/thumbnails/13.jpg)
IoT Security and Policy Makers
13
![Page 14: Trust by Design: The Internet of Things · Security and privacy of smart -home devices and services Trust by Design: The Internet of Things Kevin G. Chege ISOC African Chapters Workshop](https://reader034.vdocument.in/reader034/viewer/2022052006/601a1ad98294590519448f3c/html5/thumbnails/14.jpg)
Work with Policymakers
We want policymakers to create a policy environment that favors strong security and privacy features in IoTproducts and services.We need smart regulation that strengthens trust and enables innovation.
ISOC can help in this process
2
![Page 15: Trust by Design: The Internet of Things · Security and privacy of smart -home devices and services Trust by Design: The Internet of Things Kevin G. Chege ISOC African Chapters Workshop](https://reader034.vdocument.in/reader034/viewer/2022052006/601a1ad98294590519448f3c/html5/thumbnails/15.jpg)
Actions for Policymakers
Governments have the opportunity to guide the IoT marketplace:• Stimulate security and privacy best practice adoption• Strengthen accountability through well-defined responsibilities and clear
consequences• Support industry adoption of the best practice principles from the IoT Trust
framework
15
![Page 16: Trust by Design: The Internet of Things · Security and privacy of smart -home devices and services Trust by Design: The Internet of Things Kevin G. Chege ISOC African Chapters Workshop](https://reader034.vdocument.in/reader034/viewer/2022052006/601a1ad98294590519448f3c/html5/thumbnails/16.jpg)
Data Gathering: IoT in the African Region
- We are working via ISOC Chapters and other partners in the region to gather information on IoT development, IoT related policies and use in the region
- This info will help us coordinate efforts in IoT and know what types of IoT devices are being developed in the region and Policies that are working in our environment.
- This will allow us to better advise policy makers, users and ISPs on IoTsecurity
- If you are aware of any IoT research/development IoT Policy development in the region, please let us know through our chapters or ISOC staff 16
![Page 17: Trust by Design: The Internet of Things · Security and privacy of smart -home devices and services Trust by Design: The Internet of Things Kevin G. Chege ISOC African Chapters Workshop](https://reader034.vdocument.in/reader034/viewer/2022052006/601a1ad98294590519448f3c/html5/thumbnails/17.jpg)
V is it u s a twww .in te rnetsoc ie ty .o rgF o llo w u s@ in te rn e tso c ie ty
G a le rie Je a n -M a lb u isso n 15 , C H -120 4 G e n e v a , S w itze rla n d .+ 4 1 22 8 0 7 14 4 4
1775 W ie h le A v e n u e , S u ite 20 1 , R e sto n , V A 20 19 0 -5 10 8 U S A . + 1 70 3 4 39 2 120
Thank you.