Steve Olshansky
Author Archives: Steve Olshansky
- Home → Author's archive:
Steve Olshansky
How Do Surveillance Laws Impact the Economy?
In 2018 the Australian parliament passed the “TOLA” Act, expanding the government’s powers to bypass digital data protections, and bringing with it the potential for significant harm to the economy and to trust in digital services and the Internet. Under TOLA, law enforcement and security agencies can require “designated communications providers,” or other businesses associated […]
The post How Do Surveillance Laws Impact the Economy? appeared first on Internet Society.
The Internet of Things: Connecting the Dots to Become a Smart Consumer
According to a recent survey conducted by Consumers International and the Internet Society, 63% of consumers think the way Internet-connected devices collect data is “creepy.” The Trust Opportunity: Exploring Consumer Attitudes to the Internet of Things, which polled people in the US, Canada, Japan, Australia, France, and the UK, also found that 73% of consumers think people using connected devices should worry about eavesdropping. And yet, new connected devices are being introduced practically every day, and sales show no sign of slowing down.
The word “smart” is used to describe almost all of these devices. But is that right?
The marketing around the Internet of Things (IoT) has become almost non-stop. Smart-this will make your life better, happier, more efficient. If only you had smart-that, you would reap the benefits of the marvelous technological age in which we live. But this often leaves out key information consumers need to make real smart choices.
It’s really about connectivity. For instance, that smart oven is a computer that happens to get hot in the middle. These IoT devices are able to perform smart functions because they are connected to the Internet. And while the marketing focuses on features and functionality, Continue reading
The Internet of Things: Why ‘Trust By Design’ Matters
As we have seen vividly in recent years, inadequate security and privacy protections in the Internet of Things (IoT) can have devastating impacts – on Internet users and core infrastructure. The high profile Mirai botnet distributed denial of service (DDoD) attack in 2016 was a dramatic example of the effects of poor security in IoT devices, and CloudPets connected teddy bears were withdrawn from sale by most retailers after it was revealed that millions of voice recordings between parents and their children were exposed. But the threats from these insecure devices don’t vanish when they are updated or recalled, since there is often a large number of them still in service, and still vulnerable.
Because of this, the Internet Society is particularly focused on improving the security and privacy of consumer IoT. As a rapidly growing area, it is especially vulnerable and has been exploited by malicious actors.
That’s why we’re encouraging manufacturers to adopt Trust by Design.
“Trust by Design” – an umbrella term that includes Privacy by Design and Security by Design – is an essential component of a healthy IoT ecosystem. It has significant implications beyond IoT for the health of the Internet as a whole, and Continue reading
Rough Guide to IETF 103: Internet of Things
Not surprisingly it has been a busy 4 months in IoT, and IoT-related work in IETF has been buzzing right along. This post is intended to highlight some of these activities, and to provide a guide to relevant sessions scheduled during the upcoming IETF 103 meeting in Bangkok. Also check out the IETF Journal IoT Category, the IETF IoT page, the IETF IoT Directorate, the Internet Society’s IoT page, or the Online Trust Alliance IoT page for more details about many of these topics.
The IETF Hackathon, held on the weekend preceding the main IETF meeting (November 3-4, 2018), includes several projects directly related to IoT, with the possibility of more being added. Remote participation is available. More information is on the Hackathon wiki. Projects of interest (at the time of this writing) include those relating to:
- LPWAN CoAP/UDP/IPv6 SCHC compression and fragmentation
- ST-COAPS (ACE WG) + ANIMA BRSK
- WISHI (Work on IoT Semantic / Hypermedia Interoperability
- Trusted Execution Environment Provisioning (TEEP)
The Thing-to-Thing Research Group (T2TRG), under the Internet Research Task Force (IRTF), investigates open research issues towards turning the promise of IoT into reality. The research group will be meeting on Tuesday afternoon Continue reading
Rough Guide to IETF 102: Internet of Things
The buzz around the Internet of Things (IoT) is only increasing, to the surprise of, well, no one. We are often asked what is happening in the IETF in relation to IoT and in this short post I’d like to highlight some of the relevant activities and sessions scheduled during the upcoming IETF 102 meeting in Montreal. Also check out the IETF Journal IoT Category, the IETF IoT page, the IETF IoT Directorate, the Internet Society’s IoT page, or the Online Trust Alliance (OTA, which became an Internet Society Initiative in April 2017) IoT page for more details about many of these topics.
The IETF Hackathon, held on the weekend preceding the main IETF meeting (July 14-15), includes projects directly related to IoT, with the possibility of more being added. More information is on the Hackathon wiki. Projects of interest include those relating to:
- Software Updates for Internet of Things (suit)
- Authentication and Authorization for Constrained Environments (ace)
- IPv6 over Low Power Wide-Area Networks (lpwan)
- Work on IoT Semantic / Hypermedia Interoperability (WISHI)
The Thing-to-Thing Research Group (T2TRG) investigates open research issues towards turning the IoT into reality. The research group will be meeting on Thursday afternoon Continue reading
Wouldn’t it be nice…if you could trust your device?
Wouldn’t it be nice if you could trust that your device is secure, so that it isn’t leaking your private data, becoming a bot and attacking other users, or putting you at risk?
We think so too.
By using their buying power to influence the market, combined with forward-looking, smart policies and regulations, governments can help build an Internet of Things (IoT) we can trust. With over ten billion IoT devices, applications, and services already in use, and the number of connected devices forecasted to jump to over thirty-eight billion by 2020, ensuring that governments take the right actions now around IoT security is critical.
Governments have important choices to make now to help ensure that IoT consumers are secure, innovation can flourish, and we can all fully benefit from IoT.
We are pleased to release IoT Security for Policymakers, a discussion paper to help provide a solid foundation for policymakers and regulators as they address IoT security. In the paper, we highlight key issues and challenges of IoT security, along with guiding principles and recommendations. While many of IoT’s challenges are technical, some of the most pressing are social, economic, or legal. There are countless consumers with little Continue reading
Blockchain and Digital Identity – A Good Fit?
Every time you see “Login with Facebook” or “Login with Twitter” etc. on a website or use login credentials issued by your employer or school, you’re using Identity and Access Management (IAM) technologies in the background. IAM has become central to our online interactions, but like a lot of infrastructure it’s largely invisible to users (at least when it’s well designed and implemented). IAM is evolving rapidly, the stakes are high, and enterprises face an increasingly complex and puzzling digital identity landscape. There is also growing concern that businesses know too much about us, and therefore end users should reclaim control over their own identities. IAM is a hot topic in the technology world, with new architectures, business models, and philosophies all in play.
Blockchain technology (sometimes also called distributed ledger technology – DLT) is also gaining attention. Proponents advocate it for a wide variety of use cases, including IAM. Blockchain is a broad class of relatively new data security methods, with certain properties of potential value in IAM. Many IAM companies have launched identity registration solutions “on the blockchain,” while others are developing new blockchain-inspired infrastructure for distributing information about users (called “attributes” and used to inform decisions about Continue reading
Rough Guide to IETF 101: Internet of Things
The Internet of Things (IoT) is an increasingly hot buzzword around the Internet industry and the broader technology and innovation business arenas. We are often asked what the IETF is doing in relation to IoT and in this short Rough Guide to IETF 101 post I’d like to highlight some of the relevant sessions scheduled during the upcoming IETF 101 meeting in London. Also check out the IETF Journal IoT Category, the IETF IoT page, the IETF IoT Directorate, the Internet Society’s IoT page, or the Online Trust Alliance IoT page for more details about many of these topics. See also this recent article in the IETF Journal: Internet of Things: Standards and Guidance from the IETF.
The IETF Hackathon, held the weekend preceding the main IETF meeting (17-18 March), will include at least four projects directly related to IoT, with the possibility of more being added. More information is on the Hackathon wiki.
- Firmware Updates for Internet of Things
- Semantic Interoperability (WISHI – Workshop on IoT Semantic/Hypermedia Interoperability) Test Event
- 6LoRITT: 6LoWPAN Interoperability Testing Sessions (plugtest) with the F-Interop Testing Platform
- Measuring leakage from IoT with a MITM (“man in the middle”) proxy
Rough Guide to IETF 100: Internet of Things
The Internet of Things (IoT) is a major buzzword around the Internet industry and the broader technology and innovation business arenas. We are often asked what the IETF is doing in relation to IoT and in this Rough Guide to IETF 100 post I’d like to highlight some of the relevant sessions scheduled during the upcoming IETF 100 meeting in Singapore. Check out the IETF Journal IoT Category, the Internet Society’s IoT page, or the Online Trust Alliance IoT page for more details about many of these topics.
The Thing-to-Thing Research Group (T2TRG) investigates open research issues in turning the IoT into reality. The research group will be holding a half-day joint meeting with the Open Connectivity Foundation (OCF) on the Friday before IETF, and they will also be meeting on Tuesday afternoon in Singapore to report out on their recent activities. Included on the agenda is the upcoming Workshop on Decentralized IoT Security and Standards (DISS). This workshop will be held in conjunction with the Network and Distributed System Security (NDSS) Symposium on 18 February 2018 in San Diego, CA, USA. The DISS workshop will gather researchers and the open standards community together to help address Continue reading
Some Yubikeys Affected by Infineon Security Weakness
As Robin Wilton discussed a few days ago in Roca: Encryption Vulnerability and What to do About It, yet another security vulnerability has been discovered. If you have one of the ISOC-branded Yubikey 4s that we have given out at some conferences, they were affected by the recently disclosed Infineon vulnerability. See these two links for details:
- https://www.yubico.com/2017/10/infineon-rsa-key-generation-issue/
- https://www.yubico.com/support/security-advisories/ysa-2017-01/
This issue impacts only some limited uses of the keys. For details, see
https://www.yubico.com/keycheck/functionality_assessment.
You can get your ISOC-branded Yubikey 4 replaced at no cost to you by going to this page and following the instructions.
If you have questions or concerns, please contact Steve Olshansky, Internet Technology Program Manager, at <[email protected]>.
The post Some Yubikeys Affected by Infineon Security Weakness appeared first on Internet Society.