SlideShare a Scribd company logo

The Internet of Things: Privacy and Security Issues

European Union Agency for Network and Information Security (ENISA)
European Union Agency for Network and Information Security (ENISA)

The Internet of Things: Privacy and Security Issues, Stefan Schiffner NIS expert, ENISA

Internet
1 of 21
The Internet of Things: Privacy and Security Issues Stefan Schiffner NIS expert, ENISA European Union Agency for Network and Information Security www.enisa.europa.eu
ENISA’’s Mission European Union Agency for Network and Information Security www.enisa.europa.eu
Securing Europe’s Information Society Operational Office in Athens Seat in Heraklion European Union Agency for Network and Information Security www.enisa.europa.eu
ENISA activities Policy Recommendations Implementation Mobilising Communities Hands on European Union Agency for Network and Information Security www.enisa.europa.eu
Privacy in the internet of things European Union Agency for Network and Information Security www.enisa.europa.eu
What is the internet of things? • Network of interconnected objects for data processing – Cyber physical – Self configuration • Specialized & Embedded – Seamless integration – Reduced HCI • Multiple stake holders – For common or individual goals • Integrated in legacy systems O i i d d t i f t t • Or in independent infrastructure European Union Agency for Network and Information Security www.enisa.europa.eu 6
Privacy concerns • An object can reveal information about the individual • IoT introduces new ways of collecting and processing such information from objects: – collection of data from different sources – correlation and association – > abuse potential S i i d h • Storing is easy and cheap European Union Agency for Network and Information Security www.enisa.europa.eu 7
Security concerns • Objects are small and everywhere – Prone to environmental influences – Unprotected places (unnoticed manipulation) – Weak calculation power (limited crypto) • Autonomous – Acting without user awareness European Union Agency for Network and Information Security www.enisa.europa.eu 8
The data protection challenge and requirements European Union Agency for Network and Information Security www.enisa.europa.eu
Trust assumption for crypto trusted environment trusted environment protected communication adversairial environment European Union Agency for Network and Information Security www.enisa.europa.eu 10
Security silos • The world is divided in In and Out group • They might be nested and intersecting • complex structures • Rather static •• Administrative overhead • Fragile European Union Agency for Network and Information Security www.enisa.europa.eu 11
To avoid new silos we need: • Reduction of management burden wrt security and privacy policies • Dynamic Automatic negotiation of policies •• Resilience • Leads to new (priority) of requirements European Union Agency for Network and Information Security www.enisa.europa.eu 12
Control • How to obtain informed consent? – How can information be presented? – How can individuals have overall control over their data? European Union Agency for Network and Information Security www.enisa.europa.eu 13
Liability and enforcement • Who is responsible • How can rights be exercised – access, deletion • How can data be safeguarded – Detection of attacks and damages European Union Agency for Network and Information Security www.enisa.europa.eu 14
Data Protection requirements • Privacy & security by design • Purpose limitation – no use beyond predefined purposes • Data minimization: – collect & process only necessary data – anonymize or delete data after use • Distributed protection models – move away from walled gardens – multi layer security – Resilience • Automated decisions European Union Agency for Network and Information Security www.enisa.europa.eu 15
The role and needs for standards • Privacy – as part of the IoT ontologies and semantics • New protection protocols • As an integral control mechanism for the development and implementation of M2M architectures European Union Agency for Network and Information Security www.enisa.europa.eu 16
ENISA’s work on IoT & data protection European Union Agency for Network and Information Security www.enisa.europa.eu
ENISA activities Policy Recommendations Implementation Mobilising Communities Hands on European Union Agency for Network and Information Security www.enisa.europa.eu
Current activities • Support all involved stakeholders in the translation of legal requirements to technical solutions: • Privacy by design and by default – Technical tools and mechanisms for information and control – Privacy Principles – Anonymisation and pseudonymisation techniques • Technical protection measures – Cryptographic algorithms, parameters, key sizes European Union Agency for Network and Information Security www.enisa.europa.eu 19
Published Reports – Survey of accountability, trust, consent, tracking, security and privacy mechanisms in online environments (2011) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/survey‐pat – Privacy, Accountability and Trust – Challenges and Opportunities (2011) http://www.enisa.europa.eu/activities/identity‐and‐trust/privacy‐and‐trust/pat/activities‐initiated‐in‐2010 – Bittersweet cookies. Some security and privacy considerations (2011) http://www enisa europa www.enisa.europa.eu/activities/identity‐and‐trust/library/pp/cookies – Study on the use of cryptographic techniques in Europe (2011) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/the‐use‐of‐cryptographic‐techniques‐in‐europe – Report on trust and reputation models (2011) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/trust‐and‐reputation‐models – Study on monetising privacy. An economic model for pricing personal information (2012) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/monetising‐privacy – Study on data collection and storage in the EU (2012) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/data‐collection – Privacy considerations of online behavioural tracking (2012) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/privacy‐considerations‐of‐online‐behavioural‐tracking – The right to be forgotten – between expectations and practice (2012) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/the‐right‐to‐be‐forgotten – Security certification practice in the EU ‐ Information Security Management Systems ‐ A case study (November,2013) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/security‐certification‐practice‐in‐the‐eu‐information‐security‐management‐systems‐a‐case‐study – Algorithms, Key Sizes and Parameters Report. 2013 Recommendations (October 2013) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/algorithms‐key‐sizes‐and‐parameters‐report – Recommended cryptographic measures ‐ Securing personal data (November 2013) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/recommended‐cryptographic‐measures‐securing‐personal‐data – Securing personal data in the context of data retention. Analysis and recommendations (December 2013) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/securing‐personal‐data‐in‐the‐context‐of‐data‐retention – On the security, privacy and usability of online seals. An overview . (December 2013) http://www www.enisa enisa.europa europa.eu/activities/identity identity‐and and‐trust/library/deliverables/on on‐the the‐security security‐privacy privacy‐and and‐usability usability‐of of‐online online‐seals European Union Agency for Network and Information Security www.enisa.europa.eu 20
Thank you very much for your attention Follow ENISA: European Union Agency for Network and Information Security www.enisa.europa.eu

Recommended

A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTUniversity of Ontario Institute of Technology (UOIT)
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issuesAnastasios Economides
 
Security of iot device
Security of iot deviceSecurity of iot device
Security of iot deviceMayank Pandey
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of thingssreelekha appakondappagari
 
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...CableLabs
 

Recommended

A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTUniversity of Ontario Institute of Technology (UOIT)
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issuesAnastasios Economides
 
Security of iot device
Security of iot deviceSecurity of iot device
Security of iot deviceMayank Pandey
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of thingssreelekha appakondappagari
 
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...CableLabs
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTAutomatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTautomatskicorporation
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prustyamarprusty
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015Hildebrand Technology
 
Security in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) EcosystemSecurity in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) Ecosystemrahulbindra
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security ElementsEurotech
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot securityUsman Anjum
 
IoT Security
IoT SecurityIoT Security
IoT SecurityPeter Waher
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesDenim Group
 
Security and Privacy Issues in IoT Environment
Security and Privacy Issues in IoT EnvironmentSecurity and Privacy Issues in IoT Environment
Security and Privacy Issues in IoT EnvironmentDr. Amarjeet Singh
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
 
Cyber Security - ICCT Colleges
Cyber Security - ICCT CollegesCyber Security - ICCT Colleges
Cyber Security - ICCT CollegesPotato
 
Iot and ethics
Iot and ethicsIot and ethics
Iot and ethicsErling Hesselberg
 
Wearable Technology for Enhanced Security.
Wearable Technology for Enhanced Security.Wearable Technology for Enhanced Security.
Wearable Technology for Enhanced Security.Dr. Michael Agbaje
 
Internet of things security challenges
Internet of things security challengesInternet of things security challenges
Internet of things security challengesHadi Fadlallah
 
Internet of things
Internet of thingsInternet of things
Internet of thingsvarungoyal98
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkClearnetwork
 
IoT security presented in Ada's List Conference
IoT security presented in Ada's List ConferenceIoT security presented in Ada's List Conference
IoT security presented in Ada's List ConferenceCigdem Sengul
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)SecPod Technologies
 
Trustworthy infrastructure for personal data management
Trustworthy infrastructure for personal data management Trustworthy infrastructure for personal data management
Trustworthy infrastructure for personal data management European Union Agency for Network and Information Security (ENISA)
 
Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure Protecting Europe's Network Infrastructure
Protecting Europe's Network InfrastructureEuropean Union Agency for Network and Information Security (ENISA)
 

More Related Content

What's hot

IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTAutomatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTautomatskicorporation
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prustyamarprusty
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015Hildebrand Technology
 
Security in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) EcosystemSecurity in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) Ecosystemrahulbindra
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security ElementsEurotech
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot securityUsman Anjum
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesDenim Group
 
Security and Privacy Issues in IoT Environment
Security and Privacy Issues in IoT EnvironmentSecurity and Privacy Issues in IoT Environment
Security and Privacy Issues in IoT EnvironmentDr. Amarjeet Singh
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
 
Cyber Security - ICCT Colleges
Cyber Security - ICCT CollegesCyber Security - ICCT Colleges
Cyber Security - ICCT CollegesPotato
 
Wearable Technology for Enhanced Security.
Wearable Technology for Enhanced Security.Wearable Technology for Enhanced Security.
Wearable Technology for Enhanced Security.Dr. Michael Agbaje
 
Internet of things security challenges
Internet of things security challengesInternet of things security challenges
Internet of things security challengesHadi Fadlallah
 
Internet of things
Internet of thingsInternet of things
Internet of thingsvarungoyal98
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkClearnetwork
 
IoT security presented in Ada's List Conference
IoT security presented in Ada's List ConferenceIoT security presented in Ada's List Conference
IoT security presented in Ada's List ConferenceCigdem Sengul
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)SecPod Technologies
 

What's hot (20)

IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTAutomatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoT
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prusty
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015
 
Security in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) EcosystemSecurity in Internet of Things(IoT) Ecosystem
Security in Internet of Things(IoT) Ecosystem
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security Elements
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot security
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
 
Security and Privacy Issues in IoT Environment
Security and Privacy Issues in IoT EnvironmentSecurity and Privacy Issues in IoT Environment
Security and Privacy Issues in IoT Environment
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
 
Cyber Security - ICCT Colleges
Cyber Security - ICCT CollegesCyber Security - ICCT Colleges
Cyber Security - ICCT Colleges
 
Iot and ethics
Iot and ethicsIot and ethics
Iot and ethics
 
Wearable Technology for Enhanced Security.
Wearable Technology for Enhanced Security.Wearable Technology for Enhanced Security.
Wearable Technology for Enhanced Security.
 
Internet of things security challenges
Internet of things security challengesInternet of things security challenges
Internet of things security challenges
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by Clearnetwork
 
IoT security presented in Ada's List Conference
IoT security presented in Ada's List ConferenceIoT security presented in Ada's List Conference
IoT security presented in Ada's List Conference
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)
 

Similar to The Internet of Things: Privacy and Security Issues

The European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaThe European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaEUBrasilCloudFORUM .
 
BigDataEurope - Big Data & Transport
BigDataEurope - Big Data & TransportBigDataEurope - Big Data & Transport
BigDataEurope - Big Data & TransportBigData_Europe
 
Cybercrime Risks Eu
Cybercrime Risks EuCybercrime Risks Eu
Cybercrime Risks Eumanelmedina
 
PrivacyOS2009
PrivacyOS2009PrivacyOS2009
PrivacyOS2009ULD62
 
28032012 Jacques Bus Privacy en Identiteit in Europese richtlijnen en program...
28032012 Jacques Bus Privacy en Identiteit in Europese richtlijnen en program...28032012 Jacques Bus Privacy en Identiteit in Europese richtlijnen en program...
28032012 Jacques Bus Privacy en Identiteit in Europese richtlijnen en program...Stichting ePortfolio Support
 
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...BigData_Europe
 
Isoc2011 new release
Isoc2011 new releaseIsoc2011 new release
Isoc2011 new releaseElena Zvarici
 
North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...DATA SECURITY SOLUTIONS
 
Smartie - Project overview
Smartie - Project overview Smartie - Project overview
Smartie - Project overview DunavNET
 

Similar to The Internet of Things: Privacy and Security Issues (20)

Trustworthy infrastructure for personal data management
Trustworthy infrastructure for personal data management Trustworthy infrastructure for personal data management
Trustworthy infrastructure for personal data management
 
Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure
 
The European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaThe European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agenda
 
Resilience of the Interdomain Routing System
Resilience of the Interdomain Routing System Resilience of the Interdomain Routing System
Resilience of the Interdomain Routing System
 
European priorities in information security
European priorities in information securityEuropean priorities in information security
European priorities in information security
 
BigDataEurope - Big Data & Transport
BigDataEurope - Big Data & TransportBigDataEurope - Big Data & Transport
BigDataEurope - Big Data & Transport
 
Enisa and cyber security standards
Enisa and cyber security standardsEnisa and cyber security standards
Enisa and cyber security standards
 
FIRE overview
FIRE overviewFIRE overview
FIRE overview
 
Steve Purser
Steve Purser Steve Purser
Steve Purser
 
European Critical Internet Infrastructure: past, present and future challenges
European Critical Internet Infrastructure: past, present and future challengesEuropean Critical Internet Infrastructure: past, present and future challenges
European Critical Internet Infrastructure: past, present and future challenges
 
Cybercrime Risks Eu
Cybercrime Risks EuCybercrime Risks Eu
Cybercrime Risks Eu
 
PrivacyOS2009
PrivacyOS2009PrivacyOS2009
PrivacyOS2009
 
28032012 Jacques Bus Privacy en Identiteit in Europese richtlijnen en program...
28032012 Jacques Bus Privacy en Identiteit in Europese richtlijnen en program...28032012 Jacques Bus Privacy en Identiteit in Europese richtlijnen en program...
28032012 Jacques Bus Privacy en Identiteit in Europese richtlijnen en program...
 
EU data protection issues in IoT
EU data protection issues in IoTEU data protection issues in IoT
EU data protection issues in IoT
 
Day 02 - EDPS Technology & Privacy unit.pdf
Day 02 - EDPS Technology & Privacy unit.pdfDay 02 - EDPS Technology & Privacy unit.pdf
Day 02 - EDPS Technology & Privacy unit.pdf
 
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
Big Data Europe SC6 WS 3: Where we are and are going for Big Data in OpenScie...
 
Gérald Santucci
Gérald SantucciGérald Santucci
Gérald Santucci
 
Isoc2011 new release
Isoc2011 new releaseIsoc2011 new release
Isoc2011 new release
 
North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...
 
Smartie - Project overview
Smartie - Project overview Smartie - Project overview
Smartie - Project overview
 

Recently uploaded

Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdfMatthew Sinclair
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样ayvbos
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查ydyuyu
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsMonica Sydney
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查ydyuyu
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsMonica Sydney
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftAanSulistiyo
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...gajnagarg
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.krishnachandrapal52
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfJOHNBEBONYAP1
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolinonuriaiuzzolino1
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制pxcywzqs
 

Recently uploaded (20)

Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 

The Internet of Things: Privacy and Security Issues

  • 1. The Internet of Things: Privacy and Security Issues Stefan Schiffner NIS expert, ENISA European Union Agency for Network and Information Security www.enisa.europa.eu
  • 2. ENISA’’s Mission European Union Agency for Network and Information Security www.enisa.europa.eu
  • 3. Securing Europe’s Information Society Operational Office in Athens Seat in Heraklion European Union Agency for Network and Information Security www.enisa.europa.eu
  • 4. ENISA activities Policy Recommendations Implementation Mobilising Communities Hands on European Union Agency for Network and Information Security www.enisa.europa.eu
  • 5. Privacy in the internet of things European Union Agency for Network and Information Security www.enisa.europa.eu
  • 6. What is the internet of things? • Network of interconnected objects for data processing – Cyber physical – Self configuration • Specialized & Embedded – Seamless integration – Reduced HCI • Multiple stake holders – For common or individual goals • Integrated in legacy systems O i i d d t i f t t • Or in independent infrastructure European Union Agency for Network and Information Security www.enisa.europa.eu 6
  • 7. Privacy concerns • An object can reveal information about the individual • IoT introduces new ways of collecting and processing such information from objects: – collection of data from different sources – correlation and association – > abuse potential S i i d h • Storing is easy and cheap European Union Agency for Network and Information Security www.enisa.europa.eu 7
  • 8. Security concerns • Objects are small and everywhere – Prone to environmental influences – Unprotected places (unnoticed manipulation) – Weak calculation power (limited crypto) • Autonomous – Acting without user awareness European Union Agency for Network and Information Security www.enisa.europa.eu 8
  • 9. The data protection challenge and requirements European Union Agency for Network and Information Security www.enisa.europa.eu
  • 10. Trust assumption for crypto trusted environment trusted environment protected communication adversairial environment European Union Agency for Network and Information Security www.enisa.europa.eu 10
  • 11. Security silos • The world is divided in In and Out group • They might be nested and intersecting • complex structures • Rather static •• Administrative overhead • Fragile European Union Agency for Network and Information Security www.enisa.europa.eu 11
  • 12. To avoid new silos we need: • Reduction of management burden wrt security and privacy policies • Dynamic Automatic negotiation of policies •• Resilience • Leads to new (priority) of requirements European Union Agency for Network and Information Security www.enisa.europa.eu 12
  • 13. Control • How to obtain informed consent? – How can information be presented? – How can individuals have overall control over their data? European Union Agency for Network and Information Security www.enisa.europa.eu 13
  • 14. Liability and enforcement • Who is responsible • How can rights be exercised – access, deletion • How can data be safeguarded – Detection of attacks and damages European Union Agency for Network and Information Security www.enisa.europa.eu 14
  • 15. Data Protection requirements • Privacy & security by design • Purpose limitation – no use beyond predefined purposes • Data minimization: – collect & process only necessary data – anonymize or delete data after use • Distributed protection models – move away from walled gardens – multi layer security – Resilience • Automated decisions European Union Agency for Network and Information Security www.enisa.europa.eu 15
  • 16. The role and needs for standards • Privacy – as part of the IoT ontologies and semantics • New protection protocols • As an integral control mechanism for the development and implementation of M2M architectures European Union Agency for Network and Information Security www.enisa.europa.eu 16
  • 17. ENISA’s work on IoT & data protection European Union Agency for Network and Information Security www.enisa.europa.eu
  • 18. ENISA activities Policy Recommendations Implementation Mobilising Communities Hands on European Union Agency for Network and Information Security www.enisa.europa.eu
  • 19. Current activities • Support all involved stakeholders in the translation of legal requirements to technical solutions: • Privacy by design and by default – Technical tools and mechanisms for information and control – Privacy Principles – Anonymisation and pseudonymisation techniques • Technical protection measures – Cryptographic algorithms, parameters, key sizes European Union Agency for Network and Information Security www.enisa.europa.eu 19
  • 20. Published Reports – Survey of accountability, trust, consent, tracking, security and privacy mechanisms in online environments (2011) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/survey‐pat – Privacy, Accountability and Trust – Challenges and Opportunities (2011) http://www.enisa.europa.eu/activities/identity‐and‐trust/privacy‐and‐trust/pat/activities‐initiated‐in‐2010 – Bittersweet cookies. Some security and privacy considerations (2011) http://www enisa europa www.enisa.europa.eu/activities/identity‐and‐trust/library/pp/cookies – Study on the use of cryptographic techniques in Europe (2011) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/the‐use‐of‐cryptographic‐techniques‐in‐europe – Report on trust and reputation models (2011) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/trust‐and‐reputation‐models – Study on monetising privacy. An economic model for pricing personal information (2012) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/monetising‐privacy – Study on data collection and storage in the EU (2012) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/data‐collection – Privacy considerations of online behavioural tracking (2012) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/privacy‐considerations‐of‐online‐behavioural‐tracking – The right to be forgotten – between expectations and practice (2012) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/the‐right‐to‐be‐forgotten – Security certification practice in the EU ‐ Information Security Management Systems ‐ A case study (November,2013) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/security‐certification‐practice‐in‐the‐eu‐information‐security‐management‐systems‐a‐case‐study – Algorithms, Key Sizes and Parameters Report. 2013 Recommendations (October 2013) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/algorithms‐key‐sizes‐and‐parameters‐report – Recommended cryptographic measures ‐ Securing personal data (November 2013) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/recommended‐cryptographic‐measures‐securing‐personal‐data – Securing personal data in the context of data retention. Analysis and recommendations (December 2013) http://www.enisa.europa.eu/activities/identity‐and‐trust/library/deliverables/securing‐personal‐data‐in‐the‐context‐of‐data‐retention – On the security, privacy and usability of online seals. An overview . (December 2013) http://www www.enisa enisa.europa europa.eu/activities/identity identity‐and and‐trust/library/deliverables/on on‐the the‐security security‐privacy privacy‐and and‐usability usability‐of of‐online online‐seals European Union Agency for Network and Information Security www.enisa.europa.eu 20
  • 21. Thank you very much for your attention Follow ENISA: European Union Agency for Network and Information Security www.enisa.europa.eu