1 / 18

SWAMI

SWAMI. Threats, vulnerabilities & safeguards in a World of Ambient Intelligence David Wright Trilateral Research & Consulting 21 March 2006. SWAMI. Privacy Identity Security Trust Digital divide. SWAMI goal.

raven
Download Presentation

SWAMI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SWAMI Threats, vulnerabilities & safeguards in a World of Ambient Intelligence David Wright Trilateral Research & Consulting 21 March 2006

  2. SWAMI Privacy Identity Security Trust Digital divide

  3. SWAMI goal Identify research & policy options re safeguards & privacy-enhancing mechanisms needed to ensure user control, acceptance and enforceability of policy with equal rights & opportunities for citizens

  4. Privacy threats & vulnerabilities - 1 • Hackers & malware • Function creep • Security & surveillance • Profiling • Sharing of data between companies & government • Lack of public awareness about privacy rights • Lack of enforcement & oversight • Erosion of rights & values • Uncertainties about what to protect & costs

  5. Privacy threats & vulnerabilities - 2 • Uncertainties about the economic costs of privacy erosion • Lax security • Government and industry are less than forthright

  6. Identity threats & vulnerabilities - 1 • Identity theft • Function creep • Exploitation of linkages by industry & government • Penetration of identity management systems (hacking, spoofing, denial of service, etc) • Authentication may intrude upon privacy • Complexity of identity management systems

  7. Identity threats & vulnerabilities - 2 • Failures in identity management & authentication systems • Inadequate protection of cyber identity • Misplaced trust in security mechanisms

  8. Security threats Attackers - viruses, worms, Trojans, phishing, denial of service attacks Attackers – criminals, terrorists, government, industry

  9. Security vulnerabilities System complexity, unexpected behaviour, not sufficiently reliable, generating false positives, insider attacks (authorised, but dishonest employee) Individuals are careless, lose their mobiles, forget to use security measures, are easily tricked Organisations don’t take adequate security measures, don’t know what to protect, don’t keep software up to date, have cost issues

  10. Undermining trust - 1 • Lack of trust in underlying cyber infrastructure and other people • Identity theft • Resourcefulness of hackers & intruders • Inadequate profiling (attribution conflicts & misinterpretation of user needs)

  11. Undermining trust - 2 • Loss of control • Technology paternalism (machines know best) • Unpredictable system behaviour • Hijacking of an AmI system • Service denial & discrimination • Victimisation

  12. The digital divide could grow wider because of • technological & user dependencies • insufficient interoperability • cost • isolation • AmI “technosis” • stress • exclusion & discrimination – unequal access & stigmatisation

  13. Safeguards A multiplicity of threats & vulnerabilities require a multiplicity of safeguards Technological Socio-economic Legal & regulatory

  14. Technological safeguards - 1 Main privacy-protecting principles in network applications: • Anonymity • Pseudonymity • Unlinkability • Unobservability

  15. Technological safeguards - 2 • Minimal data collection, transmission & storage • Active intrusion prevention – e.g., antivirus software • Passive intrusion prevention - encryption • Prove user authorisation locally, transmit only confirmation of authorisation • Hide relations between user identity & actions • Communications protocols that hide device ID • Limiting signal range

  16. Technological safeguards - 3 Access control ISO 17799 – good but focuses on organisational security In AmI world access control will be needed in the wider, embedded world Unobtrusive, continuous, multimodal authentication Context-dependent access control Embedding legal requirements & personal user wishes Problem of authorised, but dishonest person Artificial intelligence to catch unusual patterns

  17. Socio-economic safeguards Open standards Codes of practice Service contracts Trust marks Privacy audits Education Public awareness & media attention

  18. Actions by the EC & Member States • Accessibility & inclusion • Accountability, audits, international collaboration, enforcement • Research proposals to identify potential privacy impacts • Guidelines for ICT research • Public procurement • Developing the legal framework to take AmI into account

More Related