Some amount of security and surveillance is necessary in today’s world (Photo: Bosch)
Security – precautions taken to guard against crime, attack, sabotage, espionage, etc.
Security and surveillance has become a common facet of business. There are dangers in the world: some are personal dangers, others are dangers or risks associated with assets. While there has been much recent debate about the appropriate use and amount of surveillance, it is fair to say that some amount of security and surveillance is necessary in today’s world.
Security and surveillance solutions include everything from the most simple home monitoring systems and burglar alarms, to high-definition, motion-detecting cameras and retina scanning security solutions. Various forms of connectivity – both fixed-line and wireless – enable a basic type of M2M security solutions. However, when data from the solutions are aggregated and analyzed to predict behavior or thwart crimes, and we are able to access these data on common platforms and devices – including mobile devices – we have entered the world of the Internet of Things (IoT). I described this type of change from an M2M to an IoT world in a prior blog post entitled Progression from M2M to the Internet of Things: an introductory blog. Read more…
In my first post here in this Security blog series, I explained how we do threat analysis and how we map potential security threats to software architecture. With this second post, I would like to share with you a more technical view of security. Get ready to roll your sleeves up for this hands-on session on securing an Internet of Things (IoT) application.
The first thing I would like to introduce is how to secure a document server. Please refer to the following illustration:
Access to a content database over an HTTP server from a single-sign-on (SSO) application
Tobias Kowatsch, Senior Researcher at the Institute of Technology Management (ITEM) at the University of St. Gallen (HSG)
Every now and then there is a new debate about privacy issues in an internet context. I recently had an interesting conversation with Tobias Kowatsch. He is a senior researcher at the Institute of Technology Management at the University of St. Gallen and he published a paper* regarding privacy in the context of the Internet of Things and Services (IoT).
Tobias, are there differences regarding privacy in the Internet of Things compared to other information systems?
In general, the underlying “contract” for many well known internet applications is: give up a little of your privacy, and you get worthwhile information. Privacy and security topics have been addressed extensively by information systems research. But to my knowledge, up to now there are no publications focusing on specific aspects of IoT services. These are significantly different from other IT-related applications in traditional office or home situations. That is due to their ubiquitous and embedded characteristics that pervade everyday life. Thus, privacy concerns due to unobtrusive data collection methods are more critical for this class of applications. Therefore, it is very important to better understand usage patterns and perceptions from an end-user perspective.
So, you conducted a study to approach the topic. What exactly did you do?
Like all hardware, applications and services in the communications and IT world, the Internet of things (IoT) must be secure. Think about all those billions of devices connected in 10 year. Now think about all the rich, personal data collected on those devices, flying over networks, stored on virtualized servers, and accessed by various end-users of the data. We need to consider the security implications of IoT devices and the systems surrounding them. I postulate that the risks are greatest where sensor data are combined with customer information are stored in large volumes on enterprise servers (see Figure 1).
Figure 1: Security risk level for a simple Internet-of-things architecture [Source: Analysys Mason, 2012]
I am constantly confronted with the challenging task to specify and implement security aspects for different IoT (Internet of Things) projects. Let me take a current project in the Automotive sector to illustrate a deep dive into the security matter.
One thing that needs to be considered is that it is very important to get to know your customer´s value and to understand why these are the values that are so important for him. Let´s start here with a threat analysis as this kind of analysis should always be the first thing when you start a new security concept. Read more…