Re: Notes on W3C WoT Security Use Cases

Hello All,

One more use case from my side. I did a study with some students on 
wearable devices. We found that most of them do not use "https" or 
encrypt the data they are sending to a cloud. I think we can extend our 
scope to cover fitness trackers/wearables as well.

I will join the Security TF in the WG from now on.

Thanks,

Soumya

Research Engineer, EURECOM, France | +33658194342 | @skdatta2010 |
http://iot.eurecom.fr | Skype id: soumyakantidatta

On 12-07-2017 13:45, Mccool, Michael wrote:
> Notes from security use cases discussion today in the F2F.
> (These are cc'd to the public WoT IG/WG lists so be careful with reply-to-all).
>
> Have come up with some things in our threat model.. but are missing more specific use cases.   Want to find scenarios that are different from the security viewpoint.
>
> First thing we tried to define was the "home" use case (see link).
> https://github.com/ereshetova/wot/blob/master/security-privacy/SecurityScenarios.md
> Wand to add additional scenarios to this document... have moved the scenarios out of the threat model into a separate document.
>
> For home scenario, privacy is important, for instance; it may be more or less important in other scenarios (eg more in medical, less in industrial, etc).
>
> Don't really need details, just an idea of which environments are important.
>
> Why?  To be able to define levels of security for implementation.  Different standards apply to different use cases, and also interoperability may or may not be desirable between different ecosystems if they have different security and privacy standards they need to satisfy.  Cross-domain information exchange permitted and when?
>
> Question from google: do we consider security and privacy together, or separately?
> Response: together for this discussion, but separately later.  Also, use cases important for more than security.
>
> Privacy: only relevant if there are people involved.  People have classes: employees, citizens, police, nurse/doctor, owner, etc.
> Issue: indirect information about people possible, eg. heat systems -> people home or not.   Also issue of tying data about people to a particular person, vs aggregate or anonymized information.
> What are other good differentiating feature:
> Critical infrastructure (failure -> safety  or physical security issue issue).    Level of impact.
> Cost (failure -> equipment damage).
> Confidentiality (failure -> leakage of sensitive information, which could be personal, corporate, or municipal, or governmental (eg national security))
> TODO: look at existing standards and frameworks, such as the IIC, to find additional differentiating features
>
> Might be able to manage with semantic classes using differentiating factors.   For example, could restrict data to devices with an appropriate level of security.
>
> Additional Use Cases:
>
> Medical: Medical devices communicating with hospital IT system and monitoring patients.  This means they carry personal patient data and will be subject to privacy legislation.  Critical, people  => High security and privacy requirements.
>
> Industrial Automation: Industrial use cases not directly monitoring people, eg a fully automated factory.  Cost => security requirement.
>
> Corporate Employee Monitoring /{Office, Manufacturing}: Corporate use cases including monitoring of people, which might be office or industrial (eg manufacturing).
>
> Smart Cities/Building/Campus: Municipal system monitoring, including monitoring of both infrastructure and people (both citizens and employees).  Failures may have both privacy and safety implications.  Law and order.  Emergency services (Fire and EMG).
>
> Mobile: personal devices (including voice recog access points) communicating with IoT devices.
>
> Scripting API, post-data-consuming vs exposed side.  How does security look from the consumer viewpoint?  From the exposed data viewpoint?   Consumer is the data user; exposer is data provider.  But need to consider flow of both data and commands; latter can cause a safety issue, for instance.   To further consider direction of flow of data and threats, who is attacker, etc.
>
> Could be an issue, for instance, with an exposed thing producing false data (eg a security sensor) that influences a system consuming that data, causing a physical security risk.
>
>
> -----Original Message-----
> From: Reshetova, Elena
> Sent: Wednesday, July 12, 2017 08:29
> To: Mccool, Michael <michael.mccool@intel.com>
> Subject: Link to the security use cases doc
>
> Michael,
>
> Here is the link to the security scenarios/use cases doc: https://github.com/ereshetova/wot/blob/master/security-privacy/SecurityScenarios.md
> It has the home scenario now moved from threat document, as well as tentative placeholders for two more use cases, but let's see how the discussion goes today.
>
> Best Regards,
> Elena
>

Received on Wednesday, 12 July 2017 09:23:16 UTC