Hello !
Trace: Curriculum ToDo list

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
en:iot-open:security_and_privacy_in_iot_ume:iot_privacy [2019/05/24 17:44] pczekalskien:iot-open:security_and_privacy_in_iot_ume:iot_privacy [2020/07/20 12:00] (current) – external edit 127.0.0.1
Line 1: Line 1:
-===== IoT privacy =====+=====  =====  
 +<box #d04a25></box> 
 +<box #d04a25></box> 
 +===== IoT Privacy ===== 
 +<box #d04a25></box> 
 +<box #d04a25></box>
  
  
Line 6: Line 11:
 Control can be lost if someone hacks into the smartphone or computer acting as a remote for the other devices. In the case of computers and smartphones, this hacking can be done remotely and often undetected. Smartphones, just like computers, carry an enormous amount of personal information about their owners. They often link to bank accounts, email accounts, and in some cases, household appliances. Stolen data can result in serious problems. Vehicles contain many computers that control their function. Initially, these computers could not be hacked into. With the increased connectivity of the IoT, however, vehicles are now at risk due to being connected to the Internet. Control can be lost if someone hacks into the smartphone or computer acting as a remote for the other devices. In the case of computers and smartphones, this hacking can be done remotely and often undetected. Smartphones, just like computers, carry an enormous amount of personal information about their owners. They often link to bank accounts, email accounts, and in some cases, household appliances. Stolen data can result in serious problems. Vehicles contain many computers that control their function. Initially, these computers could not be hacked into. With the increased connectivity of the IoT, however, vehicles are now at risk due to being connected to the Internet.
  
-In another sense, control can be lost as more and more companies collect data about users. This data often paints a detailed picture of individual users through the collection of activities online. Everything you search, all of your activities online, are being tracked by companies that use that data((Arijit Ukil, Soma Bandyopadhyay, Arpan Pal, "Privacy for IoT: Involuntary privacy enablement for smart energy systems", Communications (ICC) 2015 IEEE International Conference on, pp. 536-541, 2015, ISSN 1550-3607.)) These companies often use the data to improve the user's experience, but they also use this data to sell users products or sell to other companies who sell users products.+In another sense, control can be lost as more and more companies collect data about users. This data often paints a detailed picture of individual users through the collection of activities online. Everything you search, all of your activities online, are being tracked by companies that use that data ((Arijit Ukil, Soma Bandyopadhyay, Arpan Pal, "Privacy for IoT: Involuntary privacy enablement for smart energy systems", Communications (ICC) 2015 IEEE International Conference on, pp. 536-541, 2015, ISSN 1550-3607.))These companies often use the data to improve the user's experience, but they also use this data to sell users products or sell to other companies who sell users products.
  
 Innovation in this realm means that companies must alter the privacy policies that are in place as well as how they interact with these devices. Companies will need to take another look at the policies that they have in place to ensure that consumers are offered opportunities to access and control their data. Consumers will become increasingly aware of the privacy implications of this level of connectivity through interaction with the IoT and exposure to the policies that companies provide to them. Innovation in this realm means that companies must alter the privacy policies that are in place as well as how they interact with these devices. Companies will need to take another look at the policies that they have in place to ensure that consumers are offered opportunities to access and control their data. Consumers will become increasingly aware of the privacy implications of this level of connectivity through interaction with the IoT and exposure to the policies that companies provide to them.
Line 14: Line 19:
 EPIC President, Marc Rotenberg, explains in the Pew Research Report that the problem with the IoT is that “users are just another category of things,” and states that this “is worth thinking about more deeply about in the future.” EPIC President, Marc Rotenberg, explains in the Pew Research Report that the problem with the IoT is that “users are just another category of things,” and states that this “is worth thinking about more deeply about in the future.”
  
-There are many real issues with IoT privacy, and all of them must be in detailed explored, but here are general ways  **//IoT developers can improve IoT privacy//**((https://www.networkworld.com/article/3221474/internet-of-things/30-ways-to-improve-iot-privacy.html)):+There are many real issues with IoT privacy, and all of them must be in detailed explored, but here are general ways  **IoT developers can improve IoT privacy**((https://www.networkworld.com/article/3221474/internet-of-things/30-ways-to-improve-iot-privacy.html)).
  
-__Minimize data acquisition:__ +**Minimize data acquisition**
-Software architects should look at the frequency and type of data collected in the context of the application and should not collect more data than the task requires. The platform should control which data an application receives.+software architects should look at the frequency and type of data collected in the context of the application and should not collect more data than the task requires. The platform should control which data an application receives.
  
-__Minimize the number of data sources:__ +**Minimize the number of data sources**
-Aggregation of data from multiple sources allows malicious parties to identify sensitive personal information of an individual that could lead to privacy violations.+aggregation of data from multiple sources allows malicious parties to identify sensitive personal information of an individual that could lead to privacy violations.
  
-__Minimize raw data intake:__ +**Minimize raw data intake**
-Raw data could lead to secondary usage and privacy violation. Therefore, IoT platforms should consider converting or transforming raw data into secondary context data.+raw data could lead to secondary usage and privacy violation. Therefore, IoT platforms should consider converting or transforming raw data into secondary context data.
  
-__Minimize knowledge discovery:__+**Minimize knowledge discovery**:
 IoT applications should discover only the knowledge necessary to achieve their primary objectives. For example, if the objective is to recommend food plans, the app should not attempt to infer users’ health status without their explicit permission. IoT applications should discover only the knowledge necessary to achieve their primary objectives. For example, if the objective is to recommend food plans, the app should not attempt to infer users’ health status without their explicit permission.
  
-__Minimize data storage:__ +**Minimize data storage**
-Raw data should be deleted once a secondary context is derived.+raw data should be deleted once a secondary context is derived.
  
-__Minimize the data retention period:__ +**Minimize the data retention period**
-More extended retention periods give malicious parties more time to breach and exfiltrate data. +more extended retention periods give malicious parties more time to breach and exfiltrate data. 
  
-__Support hidden data routing:__ +**Support hidden data routing**
-To make it more difficult for internet activities to be traced back to the users, this guideline suggests that IoT applications should support and employ an unknown routing mechanism.+to make it more difficult for internet activities to be traced back to the users, this guideline suggests that IoT applications should support and employ an unknown routing mechanism.
  
-__Anonymize data:__ +**Anonymize data**
-Remove personally identifiable information (PII) before the data gets used by IoT applications so that the people described by the data remain anonymous.+remove personally identifiable information (PII) before the data gets used by IoT applications so that the people described by the data remain anonymous.
  
-__Encrypt data communications:__ +**Encrypt data communications**
-Typically, device-to-device communications are encrypted at the link layer using specialized electronic hardware included in the radio modules. Gateway-to-cloud communication is generally secured through HTTPS using Secure Sockets Layer (SSL) or Transport Layer Security (TLS).+typically, device-to-device communications are encrypted at the link layer using specialised electronic hardware included in the radio modules. Gateway-to-cloud communication is generally secured through HTTPS using Secure Sockets Layer (SSL) or Transport Layer Security (TLS).
  
-__Encrypt data during processing:__ +**Encrypt data during processing**
-Sometimes the party processing the data should not be able to read the data or the computational results. Process data while they are in encrypted form. For example, homomorphic encryption is a form of encryption that allows computations to be carried out on cypher-text, thus generating an encrypted result that, when decrypted, matches the result of operations performed on the plain-text.+sometimes the party processing the data should not be able to read the data or the computational results. Process data while they are in encrypted form. For example, homomorphic encryption is a form of encryption that allows computations to be carried out on cypher-text, thus generating an encrypted result that, when decrypted, matches the result of operations performed on the plain-text.
  
-__Encrypt data in storage:__ +**Encrypt data in storage**
-Encrypted data storage reduces any privacy violations due to malicious attacks and unauthorised access.+encrypted data storage reduces any privacy violations due to malicious attacks and unauthorised access.
  
-__Reduce data granularity:__+**Reduce data granularity**:
 IoT applications should request the minimum level of granularity that is required to perform their primary tasks. A higher level of granularity could lead to secondary data usage and eventually, privacy violations. For example, location can be coarse, based on cell tower location or fine, based on the address. IoT applications should request the minimum level of granularity that is required to perform their primary tasks. A higher level of granularity could lead to secondary data usage and eventually, privacy violations. For example, location can be coarse, based on cell tower location or fine, based on the address.
  
-__Query answering:__ +**Query answering**
-Raw data can lead to identification and privacy violations due to secondary usage. Instead of providing a numeric response to a query a relative scale, e.q. 1 5 should be used. +raw data can lead to identification and privacy violations due to secondary usage. Instead of providing a numeric response to a query a relative scale, e.q. 15 should be used. 
  
-__Block repeated queries:__ +**Block repeated queries:** 
-Query responses should block multiple queries that maliciously could discover knowledge that violates user privacy, such as analysing intersections of multiple results.+query responses should block multiple queries that maliciously could discover knowledge that violates user privacy, such as analysing intersections of multiple results.
  
-__Distribute data processing:__ +**Distribute data processing**
-Distributed data processing avoids centralized large-scale data gathering and exfiltration.+distributed data processing avoids centralized large-scale data gathering and exfiltration.
  
-__Distribute data storage:__ +**Distribute data storage**
-Distributed data storage reduces any privacy violation due to malicious attacks and unauthorised access. It also lowers privacy risks due to unconsented secondary knowledge discovery.+distributed data storage reduces any privacy violation due to malicious attacks and unauthorised access. It also lowers privacy risks due to unconsented secondary knowledge discovery.
  
-__Knowledge discovery based on aggregated data:__  +**Knowledge discovery based on aggregated data**:  
-New knowledge, such as the visitors to the park were young students during a time period, is sufficient for a gift shop to perform time series sales analysis. But the exact timing of their movement is not necessary.+new knowledge, such as the visitors to the park were young students during a time period, is sufficient for a gift shop to perform time series sales analysis. But the exact timing of their movement is not necessary.
  
-__Aggregate geography-based data:__ +**Aggregate geography-based data**
-Geographic data should be aggregated within boundaries. For example, how many electric vehicles are in use in each city should not store details about individual vehicles.+geographic data should be aggregated within boundaries. For example, how many electric vehicles are in use in each city should not store details about individual vehicles.
  
-__Aggregate data based on the time period:__ +**Aggregate data based on the time period**
-Energy consumption of a given house can be acquired and represented in aggregated form as 160 kWh per month instead of gathering energy consumption daily or hourly.+energy consumption of a given house can be acquired and represented in aggregated form as 160 kWh per month instead of gathering energy consumption daily or hourly.
  
-__Aggregate data based on category:__ +**Aggregate data based on category**
-Aggregating based on a category that meets the needs of the analysis rather than exact data prevents secondary use. For example, categorising a household’s energy use in the range of 150 200 kWh instead of specific usage.+aggregating based on a category that meets the needs of the analysis rather than exact data prevents secondary use. For example, categorising a household’s energy use in the range of 150200 kWh instead of specific usage.
  
-__Disclose information to users:__ +**Disclose information to users**
-Data subjects should be adequately informed whenever data they own is acquired, processed or disseminated.+data subjects should be adequately informed whenever data they own is acquired, processed or disseminated.
  
-__Apply controls:__ +**Apply controls**
-It is the software architects’ responsibility to consider what kind of controls are useful to data owners, especially when data owners are not knowledgeable. Some of the considerations: +it is the software architects’ responsibility to consider what kind of controls are useful to data owners, especially when data owners are not knowledgeable. Some of the considerations: 
 1) data granularity; 2) anonymisation technique; 3) data retention period; 4) data dissemination. 1) data granularity; 2) anonymisation technique; 3) data retention period; 4) data dissemination.
  
-__Log events:__ +**Log events**
-Logging of activities during all phases will allow both internal and external parties to examine what happened in the past to make sure a given system performed as promised.+logging of activities during all phases will allow both internal and external parties to examine what happened in the past to make sure a given system performed as promised.
  
-__Perform regularly audits:__ +**Perform regularly audits**
-Regular, independent audits and examination of the logs, procedures, processes, hardware and software specifications should periodically be performed. Non-disclosure agreements should bind outside parties.+regular, independent audits and examination of the logs, procedures, processes, hardware and software specifications should periodically be performed. Non-disclosure agreements should bind outside parties.
  
-__Make apps open source:__ +**Make apps open source**
-Wherever possible IoT applications should be made available under an open-source license so that outside parties can review the code and compliance demonstrated.+wherever possible IoT applications should be made available under an open-source license so that outside parties can review the code and compliance demonstrated.
  
-__Use data flow diagrams:__ +**Use data flow diagrams**
-Data flow diagrams used by unified modelling language will allow interested parties to understand the data streams of a given IoT application and how data is treated for a demonstration of compliance.+data flow diagrams used by unified modelling language will allow interested parties to understand the data streams of a given IoT application and how data is treated for a demonstration of compliance.
  
-__Get IoT apps certified:__ +**Get IoT apps certified**
-Certifications given by a neutral authority will add trustworthiness to IoT applications.+certifications given by a neutral authority will add trustworthiness to IoT applications.
  
-__Use industry standards:__ +**Use industry standards**
-Industry-wide standards such as AllJoyn and the All Seen Alliance typically inherit security measures that would reduce some privacy risks. +industry-wide standards such as AllJoyn and the All Seen Alliance typically inherit security measures that would reduce some privacy risks.
- +
-__Comply with policies and regulations:__ +
-Adherence to policies, laws, and regulations such as ISO 29100, OECD privacy principles and the European Commission’s rules on the protection of personal data will reduce privacy risks.+
  
 +**Comply with policies and regulations**:
 +adherence to policies, laws, and regulations such as ISO 29100, OECD privacy principles and the European Commission’s rules on the protection of personal data will reduce privacy risks.
  
en/iot-open/security_and_privacy_in_iot_ume/iot_privacy.1558709062.txt.gz · Last modified: (external edit)
CC Attribution-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0