ebook img

Where We Stand On Privacy and Security Controls for the Internet of Things Brandon Allan Karpf PDF

218 Pages·2017·1.8 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Where We Stand On Privacy and Security Controls for the Internet of Things Brandon Allan Karpf

Dead Reckoning: Where We Stand On Privacy and Security Controls for the Internet of Things by Brandon Allan Karpf B.S., Weapons and Systems Engineering (Honors Program) United States Naval Academy (2015) Submitted to the Institute for Data, Systems, and Society in partial fulfillment of the requirements for the degree of Master of Science in Technology and Policy at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY June 2017 ○c Massachusetts Institute of Technology 2017. All rights reserved. Author ................................................................ Institute for Data, Systems, and Society May 12, 2017 Certified by............................................................ David D. Clark Senior Research Scientist, CSAIL Thesis Supervisor Accepted by ........................................................... W.A. Coolidge Professor Munther Dahleh Director, Institute for Data, Systems, and Society 2 Dead Reckoning: Where We Stand On Privacy and Security Controls for the Internet of Things by Brandon Allan Karpf Submitted to the Institute for Data, Systems, and Society on May 12, 2017, in partial fulfillment of the requirements for the degree of Master of Science in Technology and Policy Abstract Thisthesisprovidesananalysisofprivacyandsecuritycontrolsforinternet-connected data-driven systems, known as the Internet of Things (IoT). The grounding theory is that numerous pre-existing privacy and security control methods – not necessarily crafted for IoT – will bear on the future of IoT privacy and security. This thesis covers fifteen case studies across six different control categories: Individual Choice, Command and Control Regulations, Operational Standards, Technical Standards, Compliance Frameworks, and Federal Authorities. These case studies reveal major deficiencies in current IoT privacy and security con- trols. IoT privacy and security controls lack a domain or contextual-use focus. Fur- ther,mostcurrentcontrolsalsofailtospecifytherisksorharmstheyintendtoresolve. Therefore, the current IoT privacy and security controls induce a significant privacy and security market failure. This market failure is evident in recent IoT privacy and security events such as the Federal Trade Commission’s cases against the IoT system developers TRENDnet and D-Link. I define three necessary paradigm shifts needed to improve IoT privacy and security controls. I also recommend a specific research endeavor to develop domain-, risk-, and harms-centric privacy and security standards. The realization of these paradigm shifts, and the products from this research endeavor, will navigate the IoT ecosystem towards more effective privacy and security control. Thesis Supervisor: David D. Clark Title: Senior Research Scientist, CSAIL 3 4 Acknowledgments1 David D. Clark thank you for giving me this extraordinary experience. Your men- torship and flexibility made this opportunity one of immense growth. Thank you for allowing me to discover the balance that works best. Your support and feedback was invaluable – I could not have survived without it. I’ve never know a man to be busier than you, and yet you still made the time to read through the entire density of this work again and again. May your blueberries be forever fresh. Daniel J. Weitzner thank you for giving me this fantastic opportunity and accept- ing me during “year zero” of the Internet Policy Research Initiative. Your feedback on my thesis pushed my work to the next level. Thank you for sharing your experi- ences, wisdom, andknowledge. Ifollowtheroadaheadpreparedtothinkstrategically thanks to your guidance. Steve Bauer, Shirley Hung, and Susan Perez thank you for your continued help navigating this graduate school experience. Sweets flowed like ale, technical knowl- edge extended as deep as the sea, and life advice proved as reliable as the trade winds. Bill Lehr, Karen Sollins, and Arthur Berger thank you for your support, wis- dom, and friendship these past two years. Nathaniel Fruchter and Ilaria Liccardi thank you for your hard work on our IoT device/consumer sentiment study that I have included in full as Appendix A. Office32-G806: ZaneMarkel,CeciliaTestartPacheco,SamuelDeLaughter,Nathaniel Fruchter, Georgios Smaragdakis, and yes, even James Loving, thanks for the laughs, the good company, and the challenging discussions. Frank Field thank you for your friendship and pilotage through this crazy world that is technology and policy. Everyone else knows how much I want to be you (even down to the bracelets). I hope you know it as well. Barbara DeLaBarre and Ed Ballo thank you both for being the most incredible, lively, and consistently happy people I know. You are the soul of TPP and none of us would even come close to succeeding without you. TPPers should express this more often: we are forever indebted to you. TPP and all of my fascinating classmates who do some of the most varied and inter- esting work at MIT. Thank you for teaching me so much. 1My work was supported by the William and Flora Hewlett Foundation grant. Disclaimer: Brandon Karpf is an active duty Officer in the U.S. Navy. Any views, opinions, assumptions, or conclusions expressed in this work are those of the author and do not reflect the official policy or position of any agency of the U.S. government. 5 My surrogate family, who gave me a home whenever I felt a bit too normal: Luke, Alex, and Marilyn Koblan, and Bart Johnston and Annaliesa Routh, thank you for always being there when I needed you the most. Most importantly, my actual family: Drs. Gary and Robin Karpf, and Sarah and Evan Kasowitz who put up with my ever-distracted mind. You, who encourage me to “keep your head when all about you are losing theirs and blaming it on you” and to “fill the unforgiving minute with sixty seconds’ worth of distance run”; who taught me that “the credit belongs to the man who is actually in the arena, whose face is marredbydustandsweatandblood; whostrivesvaliantly; whoerrs, whocomesshort again and again”; You are my rock. Everything I do, I do to make you proud. Your supportandpridemeansmoretomethanIcanexpress. Thankyou,andIloveyouall. Fair winds and following seas. The Road goes ever on and on Down from the door where it began. Now far ahead the Road has gone, And I must follow, if I can, Pursuing it with eager feet, Until it joins some larger way Where many paths and errands meet. And whither then? I cannot say. O The Road goes ever on and on Out from the door where it began. Now far ahead the Road has gone, Let others follow it who can! Let them a journey new begin, But I at last with weary feet Will turn towards the lighted inn, My evening-rest and sleep to meet. – J.R.R. Tolkien 6 Contents 1 Introduction 15 1.1 Thesis Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 1.1.1 Intent and Contributions. . . . . . . . . . . . . . . . . . . . . . . . . . 17 1.1.2 How To Approach This Work . . . . . . . . . . . . . . . . . . . . . . . 19 1.2 Background and Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 1.2.1 IoT Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 1.2.2 IoT Reference Architecture . . . . . . . . . . . . . . . . . . . . . . . . 22 1.2.3 IoT Privacy and Security . . . . . . . . . . . . . . . . . . . . . . . . . 24 I MoC Analysis Methodology 27 2 MoC Analysis Framework 29 2.1 IoT Contextual Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 2.2 IoT Stakeholders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 2.3 IoT Privacy and Security Challenges . . . . . . . . . . . . . . . . . . . . . . . 36 II MoC Case Studies 40 3 Individual Choice 41 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 3.2 The History of Notice and Choice . . . . . . . . . . . . . . . . . . . . . . . . . 42 3.3 The Problems with Notice and Choice . . . . . . . . . . . . . . . . . . . . . . 44 3.3.1 Philosophical Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 44 3.3.2 Implementation Problems . . . . . . . . . . . . . . . . . . . . . . . . . 45 3.3.3 Use Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 3.4 Proposed Improvements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 3.5 Individual Choice Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 4 Command and Control Regulation 53 4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 4.2 Resistance to Command and Control Regulation . . . . . . . . . . . . . . . . 54 4.3 The Health Insurance Portability and Accountability Act (HIPAA) . . . . . . . . . . . . . . . . . . . . . . . . . 56 4.3.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 4.3.2 The Privacy Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 4.3.3 The Security Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 7 4.3.4 HIPAA and IoT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 4.4 Command and Control Regulation Conclusion . . . . . . . . . . . . . . . . . . 60 5 Operational Standards 63 5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 5.2 ISO/IEC 27k Series Standards . . . . . . . . . . . . . . . . . . . . . . . . . . 64 5.2.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 5.2.2 ISO/IEC 27k Compliance . . . . . . . . . . . . . . . . . . . . . . . . . 65 5.2.3 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 5.3 ITU-T Global Standards Initiative . . . . . . . . . . . . . . . . . . . . . . . . 68 5.3.1 Y.2060 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 5.3.2 Y.2066 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 5.3.3 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 5.4 Operational Standards Conclusion . . . . . . . . . . . . . . . . . . . . . . . . 73 6 Technical Standards 75 6.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 6.2 3GPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 6.2.1 Mission and Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 6.2.2 Privacy and Security Controls . . . . . . . . . . . . . . . . . . . . . . . 77 6.2.3 What 3GPP Offers and What It Needs . . . . . . . . . . . . . . . . . . 78 6.2.4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 6.3 oneM2M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 6.3.1 Mission and Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 6.3.2 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 6.3.3 Privacy and Security Controls . . . . . . . . . . . . . . . . . . . . . . . 83 6.3.4 What oneM2M Offers and What It Needs . . . . . . . . . . . . . . . . 84 6.3.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 6.4 Technical Standards Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 87 7 Compliance Frameworks 89 7.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 7.2 The Information Technology Infrastructure Library (ITIL) . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 7.2.1 Effectiveness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 7.3 Control Objectives for Information and Related Technologies (COBIT) . . . . . . . . . . . . . . . . . . . . . . . . 94 7.3.1 Effectiveness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 7.4 Capability Maturity Model Integration (CMMI) . . . . . . . . . . . . . . . . . 97 7.4.1 Effectiveness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 7.5 The Open Group Architecture Framework (TOGAF) . . . . . . . . . . . . . . . . . . . . . . . . 101 7.5.1 Effectiveness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 7.6 Compliance Frameworks Conclusion . . . . . . . . . . . . . . . . . . . . . . . 105 8 8 Federal Authorities 107 8.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 8.2 Federal Trade Commission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 8.2.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 8.2.2 Privacy & Data Security Update: 2016 . . . . . . . . . . . . . . . . . . 108 8.2.3 The FTC’s Privacy and Security Philosophy . . . . . . . . . . . . . . . 110 8.2.4 The FTC and IoT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 8.2.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 8.3 Federal Communications Commission . . . . . . . . . . . . . . . . . . . . . . . 113 8.4 U.S. Legislative Branch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 8.4.1 Senate Hearing – February, 2015 . . . . . . . . . . . . . . . . . . . . . 117 8.4.2 Senate Resolution – March, 2015 . . . . . . . . . . . . . . . . . . . . . 118 8.4.3 Congressional Hearing – March, 2015 . . . . . . . . . . . . . . . . . . . 119 8.4.4 Senate Hearing – June, 2016 . . . . . . . . . . . . . . . . . . . . . . . . 120 8.4.5 Congressional Hearing – November, 2016 . . . . . . . . . . . . . . . . . 121 8.4.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 8.5 U.S. Executive Branch: National Privacy Research Strategy (NPRS) . . . . . . . . . . . . . . . . . . . 123 8.6 The Department of Homeland Security: Strategic Principles for Securing the IoT . . . . . . . . . . . . . . . . . . . . . 125 8.7 Federal Authorities Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 127 III Conclusions and Recommendations 129 9 The Course Ahead 131 9.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 9.2 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 9.2.1 MoC-specific Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 133 9.2.2 General MoC Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 135 9.2.3 Specificity and the MoC Faults . . . . . . . . . . . . . . . . . . . . . . 137 9.3 Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 9.3.1 Practical Evidence: Grounding the Meta . . . . . . . . . . . . . . . . . 138 9.3.2 Necessary Paradigm Shifts . . . . . . . . . . . . . . . . . . . . . . . . . 141 9.4 IoT Lab Proposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 9.4.1 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 9.4.2 Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 9.4.3 Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 IV Appendices 150 A Insights into Unsolicited Consumer Thoughts on IoT Device Privacy and Security: A Study 151 A.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 A.1.1 Background and prior work . . . . . . . . . . . . . . . . . . . . . . . . 153 A.2 Study Design and Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . 153 A.2.1 Research Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 9 A.2.2 Gathering a Realistic Data Corpus . . . . . . . . . . . . . . . . . . . . 155 A.2.3 Data Processing and Analysis . . . . . . . . . . . . . . . . . . . . . . . 156 A.2.4 Automated Language Analysis . . . . . . . . . . . . . . . . . . . . . . 158 A.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 A.3.1 RQ1 - Presence of privacy or security discussions . . . . . . . . . . . . 160 A.3.2 RQ2 - Main P&S concerns and popular topics . . . . . . . . . . . . . . 166 A.4 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 A.4.1 Creating More Informed Policy . . . . . . . . . . . . . . . . . . . . . . 170 A.4.2 Future work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 A.5 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 B HIPAA Criteria for PHI 173 C ISO/IEC 27k Series Standards Related to IoT 175 D oneM2M Release 2 Standards 177 E National Privacy Research Strategy Research Questions 179 E.1 NPRS Challenge 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 E.2 NPRS Challenge 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 E.3 NPRS Challenge 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 E.4 NPRS Challenge 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 E.5 NPRS Challenge 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 E.6 NPRS Challenge 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 F 2016 FTC Privacy and Security Enforcement Actions 187 F.1 Information Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 F.2 Data Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 F.3 Rule Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 G IoT Business and Systems Operational Analysis Framework 191 G.1 Focus 1 – Business Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 G.2 Focus 2 – Privacy Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 G.3 Focus 3 – Security Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 10

Description:
Steve Bauer, Shirley Hung, and Susan Perez thank you for your continued help Everything I do, I do to make you proud. Your .. 7.2 Domains covered, stakeholder power, and challenges impacted by COBIT . 97 .. television video surveillance, any new motor vehicle, and the Nest home thermostat.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.