Privacy and Security for the Emerging Internet of Things

©2016CarnegieMellonUniversity:1
Privacy and Security for the
Emerging Internet of Things
Intel iSecCon 2016
Jason Hong
@jas0nh0ng
jasonh@cs.cmu.edu
Computer
Human
Interaction:
Mobility
Privacy
Security

We Are Just Starting to Enter
the Third Wave of Computing
• First Wave: Computation
– Making the basics of computers work
• Second Wave: Networking
– Connecting computers around the world
• Third Wave: Internet of Things (IoT)
– Computation, communication, sensing, and
actuation woven into our physical world
• IoT offers tremendous potential societal benefits
– Healthcare, transportation, sustainability, energy, …

New Privacy and Security Challenges

My Talk Today
• What are frameworks for thinking about the
privacy and security problems?
• What are some opportunities for improving
privacy and security for IoT?
– No silver bullet, but lots of room for improvement
• What are some of the IoT-related projects we’re
doing at Carnegie Mellon University?

IoT Pyramid Top Tier
• A few devices per person
• High computational power
• Tablets
• Glasses
• Laptops
• Smartphones

• Tablets
• Glasses
Middle Tier
• Tens of devices per person
• Moderate computational power
• TVs
• Smart Toys
• Laptops
• Smartphones
• Thermostats
• Refrigerators

• Tablets
• Glasses
Middle Tier
• Tens of devices per person
• Moderate computational power
• TVs
• Smart Toys
Bottom Tier
• Hundreds of devices per person
• Low computational power
• HVAC
• RFIDs
• Lightbulbs
• Laptops
• Smartphones
• Thermostats
• Refrigerators
• Smart toilets
• Implanted
medical devices

IoT Security Issues Top Tier Security
• Cybersecurity good today
• Can run endpoint protection
• Large corporations developing

Middle Tier Security
• Cybersecurity weak today
• Basic or no endpoint capabilities
• Spotty security protections

Middle Tier Security
• Cybersecurity weak today
• Basic or no endpoint protection
• Spotty security protections
Bottom Tier Security
• Cybersecurity very poor today
• Weak or no endpoint protection
• Low manufacturer experience
• High diversity in hw, sw, OS
• Many devices never updated
• Major scalability challenges

How is IoT Security Different?
1. Physical Safety and Security
• Deliberate attacks
– Ex. Crashing drones or autonomous vehicles
– Note that most attackers won’t do this

• Different classes of attackers, different motives
• State-sponsored
– State secrets, intellectual property, sow discord
• Non-state actors
– Terrorism, advocacy for a cause
• Organized crime
– Repeatable business model, stay under radar
• Disgruntled employee / Insider attack
• Script kiddies

• More likely attack: Ransomware
– Lock out of your house unless pay ransom
– Make videos of you at home public unless you pay
• Just as likely: attacks for the “lulz”
– Tripping circuit breakers at office
– Remotely adjusting thermostat to make harder sleep
(or waste money, or let pipes freeze over)
• What kinds of safeguards for physical safety?
• Can we build models of normal vs abnormal
behaviors for devices and apps, and enforce?

2. Scalability
• Billions of devices will need to be secured
– Gartner estimates 20B devices by 2020
• Scale transforms easy into hard
– Ex. Unique passwords for dozens of devices?
– Ex. Security policies, each device having different user
interface (most not having a display and keyboard)?
– Ex. Physically locking down dozens of devices?
– Ex. Installing software updates
• What kinds of network protocols, APIs, and
middleware to help manage IoT devices at scale?

2. Scalability
• Scalability also enables new classes of attacks
http://shodan.io

2. Scalability
• Possible for attackers to search for and execute
vulnerabilities at scale
– Ex. Mirai botnet DDoS attack Oct 2016
• Nightmare scenarios
– Find vulnerabilities in smartphone-connected
blood glucose monitors, inject fake data
– Find vulnerable medical implants, hold people hostage
• Again, some kind of model or policy
– Maybe formal model, maybe big data
• Better ways of using proximity for access?

3. Diversity of IoT Devices
• Hundreds of different manufacturers for middle
and bottom tier
– Different operating systems, wireless networking,
configuration software, log formats, cloud services
– Poor or no I/O capabilities, each UI different too
• Result: fragmentation of cybersecurity
– More network-based (vs endpoint) approaches
• Again, network protocols, APIs, and middleware
to help configure and manage
• Can we also help people make good decisions?
– Ex. Crowdsourcing or AI / Machine Learning

4. Low Manufacturer Experience
• Most traditional software companies understand
basics of good cybersecurity
• But most IoT will be developed by non-traditional
hardware companies
– Mostly middle and bottom tier
– Ex. Lighting, toys, medical equipment, audio,
household appliances
• And lots of small-scale manufacturers too
– Ex. Kickstarter

106 Projects at Kickstarter for “iot”

327 Projects at Kickstarter for “sensor”

605 Projects at Kickstarter for “wireless”

4. Low Manufacturer Experience
• Low experience + Lots of small manufacturers
• Result: Lots of really basic vulnerabilities
– Poor software engineering practices for security
– Lack of awareness, knowledge, motivation to be secure
• Result: Lots of unsupported devices
– Small manufacturers will go out of business
– Or end of life from bigger manufacturers
• How can we help devs with low experience?
• How to offer security for lifespan of decades?

5. Lots of Unexpected Emergent Behaviors

5. Lots of Unexpected Emergent Behaviors
• Are there better ways of testing / simulating?
• Can we define overall properties for connected
systems?

Why Does IoT Privacy Matter?

• Pew Internet study about smartphones (2012)
– 54% did not install app b/c of how much personal
information app requested
– 30% uninstalled an app after learning about app
behaviors
• Countless news articles, blog posts, op-ed
pieces, books about privacy concerns
Privacy may be the greatest barrier to creating
a ubiquitously connected world

Taxonomy of IoT Privacy
Device Perspective
• Awareness of devices/apps and sensors/logs
• Depth of sensing
– How rich the sensing and user models are
• Temporal scale
• Input/Output capabilities
• Privacy software
• Third-party software
– Whether other apps can be run on device

IoT Privacy Issues Top Tier Privacy
• High awareness of devices
• Rich depth in sensing
• High temporal scale
• Rich I/O
• Lots of third-party apps
(the major privacy problem)

IoT Privacy Issues Top Tier Privacy
• High awareness of devices
• Rich depth in sensing
• High temporal scale
• Rich I/O
• Lots of third-party apps
(the major privacy problem)
Middle Tier Privacy
• Hybrid of other tiers
Bottom Tier Privacy
• Low awareness of devices + apps
• Shallow to rich sensing
• Low to high temporal scale
• Poor I/O
• Few if any third-party apps
• Scale (major privacy problem)

IoT Privacy
Awareness

How Can We Make Invisible Information
Flows Visible?
• For top tier, people will be pretty aware of
devices
– Stylish form factors meant to get attention
• The main privacy challenge for top-tier is
understanding what your apps are doing
– This is a hard problem but one we are starting
to figure it out for smartphones

Shares your location,
gender, unique phone ID,
phone# with advertisers
Uploads your entire
contact list to their server
(including phone #s)
What Are Your Apps Really Doing?

Many Smartphone Apps Have “Unusual”
Permissions
Location Data
Unique device ID
Location Data
Network Access
Unique device ID
Location Data
Microphone
Unique device ID

PrivacyGrade.org
• Improve transparency
• Assign privacy grades to
all 1M+ Android apps

Privacy as Expectations
Use crowdsourcing to compare what people
expect an app to do vs what an app actually does
• We crowdsourced expectations of 837 apps
– Ex. “How comfortable are you with
Drag Racing using your location for ads?”
• Created a model to predict people’s likely
privacy concerns and applied to 1M Android apps
App Behavior
(What an app
actually does)
User Expectations
(What people think
the app does)

How PrivacyGrade Works

Impact of this Research
• Lots of popular press (NYTimes, CNN, BBC, CBS)
• Earlier work helped lead to FTC fines
• Google replicated PrivacyGrade internally
• Seen improvements in grades over time
• Some developers put out press releases about
improving their privacy behaviors
• Static analysis, dynamic analysis, crowd analysis
– To address subjective aspects of privacy
• Privacy today places burden on end-users
– How can we help other parts of ecosystem do better?

How Can We Make Invisible Information
Flows Visible?
• For bottom-tier devices, devices non-obvious
• CMU Giotto IoT Expedition Supersensors
– Air temp, humidity, pressure, 6-axis IMU, grid eye, …
• How to increase awareness of devices like this?

Signifiers.io
• Project by some of our Master’s of HCI students

Signifiers.io
Amazon Alexa and Google Home (Voice)

Signifiers.io
Smart TVs Sensing Video and Audio

Signifiers.io
Webcams Sensing Video and Audio

Long-Term Privacy and Security Issues
1. Designing For Awareness
• What are tradeoffs in notification styles?
– Audio, visual, motion, haptic, smartphone
• Can we create new conventions?
– Ex. Like light switches near doorways
• Cost-benefit models of notifications?
– Getting lots of notifications is distracting
– Getting uninteresting notifications is annoying
– Ex. First time, sensitivity of data, identifiability
• Can we make it so a person can understand what
data is being sensed in a room within 30 seconds?

2. Facilitating Privacy and Security on Low-End Devices
• What kinds of middleware infrastructure can we
build to help with basic privacy and security?
– Offer common middleware services to simplify
design and deployment of middle and bottom tiers
– Ex. Access control, filtering, and software updates
– Ex. What sensors a device has, what data collects,
what servers it connects to, how concerning

3. Useful Defaults for Sharing
• Let’s say we have a person locator for a campus
– If default is “share nothing”, underutilized and no value
– If default is “share everything”, too creepy
• Can we figure out useful defaults that balance
utility with privacy?
– Ex. “On campus” or “not”
– Ex. “In office” or “not”
– Ex. {“office”, “on campus”, $city}

4. Using Big Data for Privacy
• Paradox: use more data to improve privacy?
• Use data to infer relationships and set defaults
– Ex. People are more likely to share data with close
friends and family
• Use contact list, call log, SMS log, co-location, etc
– Ex. Employees are more likely to share data with
close teammates
• Use floorplan, WiFi co-location, co-authorship, etc
Wiese, J. et al. Are you close with me? Are you nearby? Investigating social groups,
closeness, and willingness to share. Ubicomp 2011.
Cranshaw, J. et al. Bridging the Gap Between Physical Location and Online Social Networks.
Ubicomp 2010.

• Insert graph here
• Describe entropy

Higher Place Entropy -> More Comfort
Toch et al, Empirical Models of Privacy in Location Sharing, Ubicomp 2010

Two Research Projects at Carnegie
Mellon University
• Giotto IoT Expedition
• IoT Hub for Homes

• Define open hardware and
software stack for IoT ecology
• Extensible and integrated
• Pluggable modules
• Security & privacy sensitive
• Integrated machine learning
• End-user programmable
• Widely deployable
• Enhance human – human and
human-system and human-
environment interaction
Giotto IoT Stack

Giotto Privacy
Privacy at Physical, Logical, App layers
• Better programming abstractions
– Ex. “home” vs raw GPS, “loud” vs raw microphone
– Make it easier for devs with privacy as side effect
• Devs specify purposes in apps and we verify
– Ex. “Uses contacts for advertising”
– Ex. “Uses location for maps”
– Use static, dynamic, and crowd analysis
• How do people’s privacy concerns vary?
– By kind of data, granularity, who is seeing it, purpose
• Useful defaults to balance privacy and utility

IoT Hub
• Open source hub device for connecting devices
– Ex. Battery life of devices, connect devices together
– Ex. Check for patches, filtering (default passwords),
Manufacturer Usage Descriptions, proximity
– Ex. Centralize telemetry and learn patterns
• How should devices be structured?
– Metadata: URL for software updates
– APIs: authentication
IoT appliancesIoT HubInternet

What is the Value of IoT?
• Security, privacy, and management costs quickly
outweigh value of IoT devices
Number of Devices
Value
Today’s IoT trajectory

What is the Value of IoT?
• Can we make it so that value is linear or even
superlinear with devices and services?
Number of Devices
Value
Today’s IoT trajectory
Desired IoT trajectory

What Can Intel Do?
• Consider more human factors and social factors
– Chips, sensors, software dev, data mgt
– Policies, UI + understandability, social influences
• Better ways of supporting devs
– Most devs have no knowledge of privacy + security

What Can Intel Do?
• Consider more human factors and social factors
– Chips, sensors, software dev, data mgt
– Policies, UI + understandability, social influences
• Better ways of supporting devs
– Most devs have no knowledge of privacy + security
• Support better privacy and security education
– Need strong push from industry to make it happen
– Go beyond just CompSci too (psych, design, biz)
• Join our Giotto Expedition (open source)
• Consider ISTC on Privacy or on IoT
– Make a big push in cooperation with academia

How can we create
a connected world we
would all want to live in?

Thanks!
More info at cmuchimps.org
or email jasonh@cs.cmu.edu
Read more:
• Towards a Safe and Secure Internet of Things
https://www.newamerica.org/cybersecurity-initiative/policy-
papers/toward-a-safe-and-secure-internet-of-things/
Special thanks to:
• NSF
• Alfred P. Sloan
• NQ Mobile
• DARPA
• Google
• CMU Cylab
• New America

IoT offers Tremendous Societal Benefits
• Healthcare
• Transportation
• Sustainability
• Education
• Energy
• More…

What Can We Do About IoT Security?
• Better cybersecurity
education
• Better collections of
best practices
• More data sharing
• Cybersecurity insurance
• Better legal protections
• Larger centers for IoT
privacy and security
https://www.newamerica.org/cybersecurity-initiative/policy-
papers/toward-a-safe-and-secure-internet-of-things/

Policy Perspective: Better Cybersecurity Education
• About half of developers don’t have CS degrees
• Can we make security education required in CS?
• Can we also expand cybersecurity education?
– Ex. Psychology learn about social engineering
– Ex. Visual design learn about warnings + compliance

Policy Perspective: Better Collections of Best Practices

Policy Perspective: Better Collections of Best Practices
• We need to go beyond high-level guidelines
• What we still need
– Better code examples (lots of copy-and-paste)
– Better toolchains and stacks
– Better automated analysis tools
– Simpler ways of distributing patches
– Collections of design patterns
• Lots of opportunities for big companies
– Most breaches are relatively simple
– Addressing basic issues means lots of positive impact

Policy Perspective: More Data Sharing
• Many major data breaches in past few years
– Sony, RSA, LinkedIn, Yahoo, Target, OPM, and more
• But we have learned very little, no real data
– These are our version of Tacoma Narrows bridge

Policy Perspective: More Data Sharing
• We need organizations that can:
– Help investigate the coming IoT failures
– Disseminate knowledge to help prevent future
failures in design and implementation
– While also minimizing blame
• Lots of challenges
– Lots of proprietary information involved in failures
– Who will fund this?

Policy Perspective: Better Legal Protections
• DMCA limits what researchers can do due to
anti-circumvention provisions
– Need to get permission from manufacturers
– Exceptions:
• Consumer devices, motorized land vehicles,
medical devices
• But slow, triennial reviews from Library of
Congress
– And consumer devices only one part of IoT

IoT Privacy Issues
Input/Output
• Same challenge as for security
– Top-tier devices will have really good I/O capabilities
– Bottom-tier will not have mouse, keyboard, display
– Scalability makes everything harder
• Can we develop network protocols and APIs to
help configure and manage devices and apps?
• Can we also help people make good decisions?
– Ex. Crowdsourcing or AI / Machine Learning

Prognosis for IoT Privacy and Security?

Privacy and Security for the Emerging Internet of Things

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Privacy and Security for the Emerging Internet of Things

Semelhante a Privacy and Security for the Emerging Internet of Things (20)

Último

Último (20)

Privacy and Security for the Emerging Internet of Things