In Things We Trust? : Towards trustability in the Internet of Things
article
The Internet of Things is nothing new. First introduced as Ubiquitous Computing by Mark Weiser [49] around 1990, the basic concept of the “disappearing computer” has been studied as Ambient Intelligence or Pervasive Computing in the decades that followed. Today we witness the first large scale applications of these ideas. We see RFID technology being used in logistics, shopping, public transport and the like. The use of smart phones is soaring. Many of them are able to determine their location using GPS (Global Positioning System). Some phones already have NFC (Near Field Communication) capabilities, allowing them to communicate with objects tagged with RFID directly. Combined with social networking (like Facebook or Twitter), this gives rise to advanced location based services, and augmented reality applications. In fact social networks interconnecting things as well as humans have already emerged. Example are Patchube, a web-based service built to manage the world’s real-time data1 and Flukso, a web-based community metering application2. As the full ramifications of the Internet of Things start to unfold, this confluence of cyberspace and physical space is posing interesting new and fundamental research challenges. In particular, as we will argue in this essay, it has a huge impact in the area of security, privacy and trustability. As Bruce Schneier puts it in a recent issue of CryptoGram [38] (while discussing IT ingeneral):
“[...] it’s not under your control, it’s doing things without your knowledge and consent, and it’s not necessarily acting in your best interests.”
The question then is how to ensure that, despite these adverse conditions, the Internet of Things is a safe, open, supportive and in general pleasant environment for people to engage with, or in fact for people to live in. This essay is structured as follows. We define the Internet of Things in section 2, and describe the main privacy, security and trustability issues associated with it in section 3. Solutions to these problems will have to deal with certain constraints, as explained in section 4. Section 5 discusses classical solutions based on data minimisation techniques, while section 6 discusses more recent alternative approaches.We conclude with an extensive overview of research challenges in section 7.
“[...] it’s not under your control, it’s doing things without your knowledge and consent, and it’s not necessarily acting in your best interests.”
The question then is how to ensure that, despite these adverse conditions, the Internet of Things is a safe, open, supportive and in general pleasant environment for people to engage with, or in fact for people to live in. This essay is structured as follows. We define the Internet of Things in section 2, and describe the main privacy, security and trustability issues associated with it in section 3. Solutions to these problems will have to deal with certain constraints, as explained in section 4. Section 5 discusses classical solutions based on data minimisation techniques, while section 6 discusses more recent alternative approaches.We conclude with an extensive overview of research challenges in section 7.
TNO Identifier
462398
Source
arXiv preprint(September 12)
Article nr.
arXiv:1109.2637