Iot Governance, Privacy and Security Issues EUROPEAN RESEARCH CLUSTER on the INTERNET of THINGS
Total Page:16
File Type:pdf, Size:1020Kb
Internet of Things IoT Governance, Privacy and Security Issues EUROPEAN RESEARCH CLUSTER ON THE INTERNET OF THINGS January, 2015 “Just as energy is the basis of life itself, and ideas the source of innovation, so is innovation the vital spark of all human change, improvement and progress.” Ted Levitt IERC Coordinators: HINGS Ovidiu Vermesan, Coordinator IERC Cluster, [email protected] T Peter Friess, Coordinator IERC Cluster, European Commission, [email protected] Authors Gianmarco Baldini, (DG JRC-EC) Trevor Peirce (Avanta Global), Maarten Botterman (GNKS Consult) Maria Chiara Talacchini, (DG JRC-EC) NTERNET OF I Angela Pereira (DG JRC – EC) Marcus Handte (University of Duisburg-Essen), Domenico Rotondi (TXT Group), Henrich C. Pöhls (Passau University), Ovidiu Vermesan (SINTEF), Atta Baddii (University of Reading), Bertrand Copigneaux (Inno Ag), Schreckling, Daniel (Passau University), THE ON LUSTER Luca Vigano (University of Verona), C Gary Steri (DG JRC – EC) Salvatore Piccione (TXT Group), Panagiotis Vlacheas (UPRC) Vera Stavroulaki (UPRC) ESEARCH Dimitris Kelaidonis (UPRC) R Ricardo Neisse (DG JRC-EC) Elias Tragos (ICS - FORTH), Philippe Smadja (GEMALTO) Christine Hennebert (CEA LETI) Martin Serrano (National University of Ireland Galway) UROPEAN E Stefano Severi (Jacobs University) - Giuseppe Abreu (Jacobs University) Peter T. Kirstein (University College London) Socrates Varakliotis (University College London) IERC Antonio Skarmeta (University of Murcia) Contributing SDOs, Projects and Initiatives ••• 2 / 128 iCore, GAMBAS, BUTLER, CEN/CENELEC, ETSI, ISO, PROBE-IT, SPaCIoS, IoT@Work, COMPOSE, RERUM, OpenIoT, IoT6, Value-Ageing IERC Acknowledgements The IERC would like to thank the European Commission services for their support in the planning and preparation of this document. The recommendations and opinions expressed in this document do not necessarily represent those of the European Commission. The views expressed herein do not commit the European Commission in any way. © European Communities, 2015. Reproduction authorised for non-commercial purposes HINGS provided the source is acknowledge. T NTERNET OF I LUSTER ON THE THE ON LUSTER C ESEARCH R UROPEAN UROPEAN E - IERC ••• 3 / 128 IERC Table of content Table of content ..................................................................................................... 4 Executive Summary ................................................................................................ 9 Introduction ......................................................................................................... 10 Overview of IoT Governance, Privacy and Security Issues ..................................... 13 RELATED WORK ......................................................................................................... 13 IDENTIFICATION OF CHALLENGES FOR GOVERNANCE SECURITY AND PRIVACY IN IOT .................................................................................................................................. 15 Context based security and privacy ....................................................................... 15 Cyber-Physical systems and IoT ............................................................................. 16 Identification in a distributed environment ........................................................... 17 Device authentication ............................................................................................ 18 Data Correlation and Information Retrieval ......................................................... 18 Anonymization of users’ data in a distributed and mobile environment .............. 18 Anonymization of protocol metadata in a distributed and mobile environment . 18 Scalability for the billions of devices in IoT ............................................................ 19 Secure Setup and Configuration ............................................................................ 19 Physical availability of devices .............................................................................. 19 Critical infrastructures and IoT .............................................................................. 20 Conflicting market interest .................................................................................... 20 Considering IoT in an evolving Internet ................................................................. 20 Delegation of human autonomy in IoT ................................................................. 21 Human IoT Trust relationship ................................................................................ 21 Risks of isolation and confinement ........................................................................ 22 Ethics and Internet of Things ................................................................................ 23 ETHICS AND SCIENCE & TECHNOLOGY ................................................................................. 23 ETHICS & ICT ................................................................................................................ 24 ETHICS AND ASSISTIVE ROBOTICS ...................................................................................... 25 FROM ICT TO IOT ETHICS ................................................................................................ 27 SOME ETHICAL HINTS FOR IOT .......................................................................................... 29 SPACES FOR ETHICS IN THE GOVERNANCE OF IOT ...................................................... 31 Map of FP7 projects in the cluster ........................................................................ 33 INTRODUCTION .............................................................................................................. 33 MAP OF DELIVERABLES FROM FP7 PROJECTS TO GOVERNANCE, SECURITY, PRIVACY AND ETHICS. .. 33 MAP OF THE RESULTS/TECHNICAL SOLUTIONS FROM FP7 PROJECTS ......................................... 34 PROJECTS CONTRIBUTING TO AC05 CLUSTER ....................................................................... 36 iCore ....................................................................................................................... 36 BUTLER .................................................................................................................. 37 HINGS T GAMBAS ................................................................................................................ 39 SPaCIoS .................................................................................................................. 40 RERUM ................................................................................................................... 41 IoT@Work.............................................................................................................. 43 COMPOSE .............................................................................................................. 45 OpenIoT ................................................................................................................. 47 NTERNET OF I Value-Ageing ......................................................................................................... 49 IoT6 ........................................................................................................................ 50 Technological enablers and design solutions ......................................................... 52 SOLUTIONS FROM CLUSTERS PROJECTS ............................................................................... 53 Usage Control Toolkit ............................................................................................ 53 Sticky Flow Policies ................................................................................................ 56 Secure Middleware based on policy management ............................................... 57 THE ON LUSTER C Capabilities based policy management ................................................................. 58 Contracts ............................................................................................................... 58 Models for verification and testing ....................................................................... 59 Authentication/Authorization ............................................................................... 61 ESEARCH R Authorisation and Service Composition using HANDLE ........................................ 62 Cryptography in IoT ............................................................................................... 64 Management functions ......................................................................................... 65 Secure Setup and Configuration ............................................................................ 66 Audit and monitoring solutions ............................................................................. 66 UROPEAN E Using Pseudonymization ....................................................................................... 67 - Trust and Reputation Systems ............................................................................... 67 SOLUTIONS NOT DEFINED IN THE CLUSTER PROJECTS ............................................................. 68 IERC Identity management ............................................................................................ 68 Autonomic Computing ........................................................................................... 70 Anonymizing the