New products, Conferences, Books, Papers, Internet of Things

Posts tagged ‘security’

Praetorian researchers use drone to discover IOT devices in Austin, TX – Fortune

Given the explosion of connected devices, also known as the Internet-of-things, it’s natural that people would want to know just how many such devices are out there.

But how do you go about figuring out just how many of these devices—like thermometers or light bulbs hooked to the Internet—are being used in a given city? The answer is apparently to enlist the services of a drone that can fly above the city proper and gather tons of data pertaining to the connected gadgets and appliances.

A team of researchers at security company Praetorian wanted to discover how many IOT-friendly devices were being used in Austin, TX, and found that the best way to do so would be to outfit a drone with the company’s custom built connected-device tracking appliance and have it fly over the city, Praetorian vice president of marketing Paul Jauregui told Fortune.

More info here.

Google’s Vint Cerf defines Internet of Things challenges

logoWe are going to have to live through a period of mistakes and challenges before we can make any strong regulations about the privacy issues and other challenges the Internet of Things present.  That was Vint Cerf, vice president and chief internet evangelist for Google’s response to a regulation question at his keynote before today’s Federal Trade Commission’s workshop on the Internet of Things trend. The FTC workshop was examining the issues and challenges of everyday devices to communicate with each other and with people or “The Internet of Things” and ultimately how the agency might regulate that activity.

“Connected devices can communicate with consumers, transmit data back to companies, and compile data for third parties such as researchers, health care providers, or even other consumers, who can measure how their product usage compares with that of their neighbors,” the FTC stated.

Reuters noted that in announcing the workshop in April and soliciting comments, the FTC asked how such gadgets can be updated when security holes are discovered and how to weigh privacy concerns against societal benefits from aggregating data provided by health-tracking gadgets. Cerf was the keynoter of the workshop which also included FTC execs and representatives from GE Appliances, SmartThings, the Electronic Frontier Foundation and others.The issue of privacy was a hot one.  For his part, Cerf said he would not “simply assert privacy is dead” but rather that it will be increasingly difficult to achieve.

“Our social behavior is quite damaging…technology has outraced our social intuition,” he said. Cerf went on to say he wanted to “build a congressional comic book to help them understand the way in which the Internet works…a lightweight cartoon model to help people to understand what laws make sense.”

More info here.

M2M Tackles Security

M2M technology is moving into more areas of business and personal life. With this larger presence comes an increased focus on security. As more end users become interested in the security of their systems, M2M providers are devoting more effort to ensuring the safety and resilience of their offerings.

In the business world, M2M security is especially vital when sensitive information may be communicated through M2M channels. A recent report from Frost & Sullivan, www.frost.com, suggests security must be a “core component” when an enterprise is using M2M.

Frost Senior Industry Analyst Yiru Zhong describes traditional M2M deployments as having security solutions embedded within the network. She says players in the M2M value chain, such as chip makers, SIM card vendors, and module makers, have embedded security solutions into their products. But in the future, Zhong says additional security measures may be necessary.

As more devices become connected and business solutions connect to other systems outside the enterprise, a complete risk analysis may be needed to ensure data is secure. Frost says in addition to industry players, standardization groups and international bodies are also working on the development of M2M security solutions.

Overall, network security is important for any system that connects to sensitive information. This is true of critical infrastructures such as energy and transportation, and a recent report says spending for cyber security will increase.

ABI Research, www.abiresearch.com, says cyber security spending by nation states, non-governmental organizations, technical bodies, and private sector operators for critical infrastructure totaled $41.76 billion globally in 2012. The research firm also predicts increased spending during the next five years.

More info here.

FTC Seeks Input on Privacy and Security Implications of the Internet of Things

The staff of the Federal Trade Commission is interested in the consumer privacy and security issues posed by the growing connectivity of consumer devices, such as cars, appliances, and medical devices, and invites comments on these issues in advance of a public workshop to be held on November 21, 2013 in Washington, D.C.

The ability of everyday devices to communicate with each other and with people is becoming more prevalent and often is referred to as “The Internet of Things.”  Consumers already are able to use their mobile phones to open their car doors, turn off their home lights, adjust their thermostats, and have their vital signs, such as blood pressure, EKG, and blood sugar levels, remotely monitored by their physicians. In the not too distant future, consumers approaching a grocery store might receive messages from their refrigerator reminding them that they are running out of milk.

Connected devices can communicate with consumers, transmit data back to companies, and compile data for third parties such as researchers, health care providers, or even other consumers, who can measure how their product usage compares with that of their neighbors.  The devices can provide important benefits to consumers:  they can handle tasks on a consumer’s behalf, improve efficiency, and enable consumers to control elements of their home or work environment from a distance. At the same time, the data collection and sharing that smart devices and greater connectivity enable pose privacy and security risks.

FTC staff seeks input on the privacy and security implications of these developments.  For example:

  • What are the significant developments in services and products that make use of this connectivity (including prevalence and predictions)?
  • What are the various technologies that enable this connectivity (e.g., RFID, barcodes, wired and wireless connections)?
  • What types of companies make up the smart ecosystem?
  • What are the current and future uses of smart technology?
  • How can consumers benefit from the technology?
  • What are the unique privacy and security concerns associated with smart technology and its data?  For example, how can companies implement security patching for smart devices?  What steps can be taken to prevent smart devices from becoming targets of or vectors for malware or adware?
  • How should privacy risks be weighed against potential societal benefits, such as the ability to generate better data to improve health-care decisionmaking or to promote energy efficiency? Can and should de-identified data from smart devices be used for these purposes, and if so, under what circumstances?

FTC staff will accept submissions through June 1, 2013, electronically through iot@ftc.gov or in written form.  Paper submissions should be mailed or delivered to:  600 Pennsylvania Avenue N.W., Room H-113 (Annex B), Washington, DC 20580.  The FTC requests that any paper submissions be sent by courier or overnight service, if possible, because postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions.

More info here.

Encryption Libraries for Waspmote Sensor Networks (AES / RSA)

Libelium has released a set of Encryption Libraries for Waspmote and Plug & Sense!™ sensor platforms in order to ensure the authentication, confidentiality (privacy) and integrity of the information gathered by the sensors. To do so different cryptography algorithms including AES 256 and RSA 1024 have been implemented in the libraries and released under an open source license.

Read more.

Help – My Thermostat is Calling Home to China!

According to a recent report in the Wall Street Journal, a group of hackers in China broke into the U.S. Chamber of Commerce’s network around November 2009 and were not discovered until more than a year later.

The hackers likely used a spearphishing attack to install spyware on end-user machines.  The spyware was used to steal employee administrative credentials, which were then used to install about a half dozen back doors which communicated with computers in China every week or two.

The hackers stole sensitive Chamber data such as trade-policy documents, meeting notes, trip reports and schedules, and emails containing the names of companies and individuals in contact with the Chamber.  They even used their own search tools to locate documents containing keywords related to financial and budget information, and stole all emails from four targeted employees – who worked on Asia policy – for approximately six weeks during one portion of the attack.

And here’s an interesting twist — a thermostat at a Chamber town house on Capitol Hill was communicating with an Internet address in China, and a printer spontaneously started printing pages with Chinese characters.

More info here.

The 2nd Workshop on the Security of the Internet of Things

The 2nd Workshop on the Security of the Internet of Things

Dalian, China – October 19, 2011, in conjunction with IEEE iThings 2011

Important Dates

Paper Submission due: June 17, 2011
Acceptance notification: July 18, 2011
Final papers due: August 1, 2011

Workshop date: 19 October 2011

Before the Internet of Things (IoT) vision takes its first steps, it is essential to consider the security implications of billions of intelligent things cooperating with other real and virtual entities over the Internet. In fact, we need to plan well in advance what kind of technological mechanisms, protocols and standard infrastructures we will need in order to protect the IoT.

The goal of the second edition of this wokshop, which is organized in conjunction with IEEE iThings 2011, is to continue the debate on the existing advances and the different security challenges associated with the protection of the IoT.

All papers included in the iThings 2011 workshops will be published by IEEE Computer Society (EI indexed). Besides, selected best papers from iThings 2011 workshops will be recommended for publication in special issues ofseveral SCI-indexed international journals.

More information about this workshop is available here. Also, the papers from the previous edition (SecIoT’10) can be accessed for free here.