The term Internet of Things (IoT) indicates the interconnection of virtually any entity of the physical world, ranging from home or industrial appliances such as fridges, washing machines, assembly line manufacturing to wearable accessories such as watches, sensors, or medical devices.
The revolutionary aspect is that an IoT bridges the physical world to the digital world in an unprecedented way, creating a dynamic, growing, ubiquitous substrate of sensors and actuators that offer “reading” and “writing” primitives to developers. To some extent, we can say that the IoT phenomenon is commoditising the collection of data, making it easy to approach and accessible. This clearly enables infinite opportunities and application scenarios, from empowered individuals, smart homes, efficient manufacturing, cities, and so forth, up to the entire globe.
More than ever before, however, the apparently uncontrolled collection, sharing and viral proliferation of data seems to be the innovation driver. Therefore, security and privacy must be the highest priority for businesses, governments, and individuals. The latter are particularly critical, as they have become an element in the “loop” of data flowing from and to the digital world. Humans are indeed growing accustomed to being surrounded by a myriad of sensors, which may create new venues for privacy threats.
From another angle, the IoT trend offers novel opportunities toward better security assurance for traditional systems. For example, for several years the security community has been striving to design new approaches to find usable alternatives to passwords. On the other side of the spectrum, biometric authentication offer a high-cost, strong alternative to passwords. Interestingly, IoT technologies bring accessible, low cost and low-form-factor devices to the consumer market (e.g., wearable and unobtrusive sensors), which may very soon allow to “sense” the authenticity of a user in an easy and convenient way.
It can therefore entail a leap forward to more usable authentication techniques, which must be obviously balanced with proper privacy measures.
Tech and Law Center intends to explore through research and active debate the following topics related to Internet of Things:
- policy, strategy, rules for information sharing in a privacy-preserving manner;
- hardware-software design, security and failures;
- threats, vulnerabilities, physical/logical attacks.