Published on July 13, 2016
1. © 2016 Aﬁlias plc Developing Internet of Things Building Blocks Deﬁning standards, privacy, and security components and iden@fying their respec@ve pain points Ram Mohan, CTO Aﬁlias plc
2. 2 © 2016 Aﬁlias plc Deﬁning the Internet of Things
3. 3 © 2016 Aﬁlias plc A new connec@on paradigm: Internet of Things (IoT) 1970’s 1980’s 1990’s 2010’s Developing IoT protocols and policies to maximize security and privacy, while s@ll maximizing beneﬁts of an open and easily scalable Internet architecture. goal
4. 4 © 2016 Aﬁlias plc IoT covers a wide array of technologies and services What is the Internet of Things? • Currently, no accepted deﬁni@on • Recommenda@on: Adopt the ISOC deﬁni@on These "smart objects" require minimal human interven@on to generate, exchange, and consume data; they oVen feature connec@vity to remote data collec@on, analysis, and management capabili@es. The extension of network connec@vity and compu@ng capability to objects, devices, sensors, and items not ordinarily considered being computers. IoT: ISOC DEFINITION
5. 5 © 2016 Aﬁlias plc Exponen@al growth in devices and data • More connected devices per person • Individuals’ device proﬁles oVen vary — what to share, when, where, and how is device-‐speciﬁc • Connec@ng things we’ve never imagined connec@ng 1Connected device es@mates by Gartner: h^p://www.gartner.com/newsroom/id/3165317
6. 6 © 2016 Aﬁlias plc Deﬁning the IoT Ecosystem -‐ Hardware: processors, chips -‐ Cloud -‐ Fiber and cable -‐ Wireless -‐ DNS -‐ Security -‐ WiFi -‐ DNS -‐ PlaGorms: sensors, analy@cs -‐ SoIware -‐ Interfaces: virtual reality, 3D, AI devices -‐ Personal: wearables, health, entertainment, sports -‐ Vehicles: cars, bikes, drones -‐ Home: security, automa@on, appliances, pets -‐ Enterprise: retail, healthcare, Oﬃce, agriculture -‐ Industry: energy, supply chain, robo@cs Applica@on Layer Infrastructure Protocol Communica@ons Layer
7. 7 © 2016 Aﬁlias plc IoT Architectural Models
8. 8 © 2016 Aﬁlias plc Device to device Device to cloud Device to gateway Back-‐end data sharing oVen has a direct relaQonship with built-‐in security and trust using device speciﬁc data models oVen connects to an applica@on service provider using exisQng communicaQon (e.g., WiFi) to extend the capabili@es of the device connects via applica@on soVware opera@ng on a local gateway device providing security and other funcQonality such as data or protocol transla@on a communica@on architecture that enables users to export and analyze smart object data from a cloud service in combinaQon with data from other sources Home automa@on systems, e.g., light bulbs, light switches, thermostats, and door locks Enabling home energy consump9on analysis and interac9ve voice recogni9on features Popular with consumer items using an app on a smartphone to relay data, e.g., ﬁtness trackers Useful for integra@on of legacy devices Extension of device-‐to-‐cloud model – facilitates back-‐end data sharing, data portability, and generally helps break down tradi@onal data silo barriers (s9ll need common informa9on models across vendors) IoT Architectural Models
9. 9 © 2016 Aﬁlias plc Device to device Device to cloud Device to gateway Back-‐end data sharing • Vendors duplicate eﬀort designing data formats • Users must compare device opera@onal requirements to conﬁrm interoperability (devices may not work together) • Vendors duplicate eﬀort designing data protocols • Users must select a single vendor for all components • Devices may work together, at least in part, but not with the cloud and thus enhanced func@onality is lost • May bridge much of the interoperability gap of device-‐to-‐device/cloud issues, including suppor@ng legacy devices • Adds increased complexity and cost of infrastructure (users may need a “hub” in the home) • Data aggrega@on among applica@on service providers • Oﬀers advanced analysis opportuni@es, especially for large enterprise • Without interoperability throughout the stack the result is closed systems with incompa@ble informa@on models Pain Points, by Model
10. 10 © 2016 Aﬁlias plc Standards and Interoperability • Should everything be able to interact with everything else? • IPv6 is essen@al — should it be mandatory? • Where is the line between proprietary and commodity? • How are devices updated? • What are the aﬀects of orphaned technologies and planned obsolescence?
11. 11 © 2016 Aﬁlias plc IoT Privacy and Security Considera@ons
12. 12 © 2016 Aﬁlias plc 38% 36% 28% 22% 19% Consumers are concerned about privacy and security Source: TRUSTe Privacy Index, 2015 Consumer Conﬁdence Edi@on 42% are more worried about their online privacy than one year ago. Why: collec@ng and sharing personal informa@on with other companies security threats to data online government surveillance companies tracking web-‐surﬁng behavior social media sites sharing details with adver@sers
13. 13 © 2016 Aﬁlias plc Privacy considera@ons for IoT Generally focused on Personally Iden@ﬁable Informa@on (PII) Issues with orphaned technologies and organiza@onal consolida@on Data aggrega@on is greatest threat to privacy, especially unintended aggrega@on
14. 14 © 2016 Aﬁlias plc Security considera@ons for IoT • Updates are essen@al — but what about planned obsolescence? • Collabora@on is essen@al to mi@gate silos with zero-‐day vulnerabili@es • Collec@ve responsibility towards the system as a whole • Preserve the fundamental proper@es of the Internet • Eﬀec@ve agile evolu@onary steps • DNSSEC is a cri@cal technology • Need names because IPv6 is not human compa@ble • Need accountability as to the source of data • Need assurance regarding the quality of the data to build trust…
15. 15 © 2016 Aﬁlias plc Why DNSSEC is cri@cal for IoT. • DNSSEC protects a user by ensuring the user knows exactly where to ﬁnd whatever it is the user is looking for. • DNS is a cri@cal infrastructure system. Virtually everything depends on it. • DNSSEC is the next step in the evolu@on of the Internet, similar to the web back in 1993. • Deploying a safe and secure DNS is not just the right thing to do, it is the cornerstone of building the next genera@on Internet, a safe and secure Internet.
16. 16 © 2016 Aﬁlias plc abc123 data Conﬁden@ality decryp@on Integrity Authen@ca@on ! ^ ^ x < > encryp@on TLS/SSL and DNSSEC beneﬁts DNSSEC protects Users from DNS data tampered by or origina@ng from malicious actors abc123 data TLS DNSSEC Signed TLS/SSL Channel over internet DNSSEC DNS data Guaranteed not tampered
17. 17 © 2016 Aﬁlias plc Next Steps
18. 18 © 2016 Aﬁlias plc Technology Priori@es ü Consider best prac@ces ar@cula@ng use of essen@al infrastructure protocols ü Iden@fy pain points within each service layer and create solu@ons • Promote collabora@on and a shared commitment to security and privacy that beneﬁts the user ﬁrst ü Standardize data models and communica@on protocols to enhance innova@on DNSSEC + IPv6
19. 19 © 2016 Aﬁlias plc ü Reality: Internet advances at a rate that far exceeds government ability to keep pace ü Technologists and policy makers must work in tandem ü Need best prac@ces and policies based on a few core principles: • Provide the greatest beneﬁt to the user. • Focus on smart innova@on not crea@ng boundaries or limits. • Make security a responsibility throughout the ecosystem. Legal and Regulatory explora@on technologists policy makers net
20. 20 © 2016 Aﬁlias plc ü Engage the end user: • Educate them on their risks. • Show them how to take control of their data. ü Protocol development from product use cases — business and tech working together, e.g., Internet Society and the IPSOAlliance Outreach Priori@es business tech
21. 21 © 2016 Aﬁlias plc Thank you.