- From: Göran Eriksson AP <goran.ap.eriksson@ericsson.com>
- Date: Thu, 21 Jun 2018 15:37:33 +0000
- To: Iñaki Baz Castillo <ibc@aliax.net>, "jianjun.zhu@intel.com" <jianjun.zhu@intel.com>
- CC: Peter Thatcher <pthatcher@google.com>, "misi@niif.hu" <misi@niif.hu>, WebRTC WG <public-webrtc@w3.org>
It also reduces the privacy of the communication. No. Encryption is
required, even more in IoT devices.
I agree!
Given that in many cases the information acquired in IoT devices will be used as data sets in machine learning, "security considerations" must take new matters into account, i.e. new attack vectors, such as malicious injection of bias in data set.
Encryption is part of toolbox addressing these kind of attacks.
The desire for small footprint and (ultra low) latency is understandable, but history and current situation out there, has shown that 'defence in depth' is necessary; assuming for instance that no one will get into the 'wire' between the IoT device and servers is risky in my mind, and definitely not advisable when stuff are connected to the Internet.
Also, making security optional for special use cases may increase the risk of said 'flexibility' to also be used by mistake, or intent, in other situations increasing the attack vector.
5 cents!
Göran
Received on Thursday, 21 June 2018 15:38:01 UTC