IEEE 4th World Forum on Internet of Things
05-08 February 2018 – Singapore

Top1 – Security and Privacy Regimes

Track Summary

IoT applications and prospective solutions mandate consideration of a broad set of security and privacy requirements. The explosion in the number of connected devices poses a significant challenge, as does the diversity of end uses. The World Forum will address the component and platform implications for IoT in the context of the full life cycle for security and privacy regimes. It will also address the many security architectures and approaches that have emerged from Government organizations around the world, from the Commercial Market space, and from the Research Community. Across the wide spectrum of use cases there is a need to appropriately balance security and privacy, and it is useful to think of classifications that distinguish the levels required. As an example these may be thought of as:

  • Highly security-centric “life-and-death” applications such as: critical infrastructure; control systems for connected automobiles, railroads, or aircraft; emergency healthcare
  • Intermediate security uses that include: smart home; routine monitoring of facilities; sports and physical exercise activities that involve tracking such as geolocation
  • Lower security casual uses such as: games, entertainment, public virtual reality applications, and aspects of social media and general information services

The topics that the Presentations, Panels, and Working Group discussions, for the Track on “Security and Privacy Regimes for IoT” will cover include:

  • Achieving secure compose-ability of individually secure devices and components
  • Scalability (for massive number of devices, and as contributors to- and consumers of- big data)
  • Device-associated robustness levels that also deal with the high variations in heterogeneity (such as stationary and mobile infrastructure, smart phones and user terminals, wearables, the wide range of possible sensors and actuator types, and embedded IoT devices)
  • Device ownership and component control (accounting for interoperability, regulatory compliance, governance, audit-ability and risk management)
  • Remediation for the reigning confusion caused by the proliferation of standards and certification, and the realization that IoT will create new experiences and a vulnerability surface that is not  accounted for
  • Testing approaches and procedures that overcome the lack of efficacious and accepted practices — These include: interfacing with and leveraging legacy devices and services; containment against expansion of compromise to other units, systems or networks; effective crypto-agility; defense against advanced threats such as quantum-computing attacks. These also include testing approaches for the differing device lifetimes, and lifecycle support of IoT solutions such as over-the-air firmware and software upgrades

One of the objectives of the Track is to launch future actions and activities that continue beyond the World Forum as part of the IoT Initiative Working Group on “IoT Security and Privacy”.