iMinds creates a private and secure Internet of Things

Beyond the quality and integrity of the (wireless) signal, the information transmitted by the IoT’s underlying (wireless) networks must also be kept secure — for the sake of operational safety as well as personal privacy. Yet, building an Internet of Things that is ‘secure by design’ is a complex challenge - as it requires all of the IoT’s components to be secure. That’s why iMinds researchers are looking into IoT security from all possible angles - from embedding security features in the hardware that makes up the IoT, to securing IoT applications, as well as enabling secure (wireless) transmissions and tackling cloud security.

That’s why iMinds researchers are looking into IoT security from all possible angles - from embedding security features in the hardware that makes up the IoT, to securing IoT applications, as well as enabling secure (wireless) transmissions and tackling cloud security.

Users need to be able to control what happens with data collected by their homes, appliances, vehicles and bodies — and to propagate their personal wishes for privacy throughout the network.

Making the Internet of Things more secure

The IoT will completely change the way we live and work: billions of connected devices (ranging from household to industrial appliances) will provide a constant flow of data and knowledge, and will help us make better decisions in all aspects of our lives. Yet, the IoT also comes with a number of security challenges.

“As the IoT matures, we risk no longer being in control. Connected devices monitor our activities and behavior 24/7 and – unless stringent security mechanisms are in place – all of the info these devices gather, might be shared (without our consent) with unknown parties. It is a threat that particularly holds true if the IoT is built on so-called closed source software,” says Prof. Dr. Bart Preneel, iMinds - COSIC - KU Leuven.

“There’s no need to panic, but we do have to think of ways to protect our data and keep them as local as possible (ideally in our personal environment); the cloud is not the ultimate solution to everything. Technologically, this is perfectly possible already – a.o. by using open source software,” Prof. Preneel continues. “While it is true that open source software is not inherently safer than the closed-source approaches, it does allow for more thorough checks and bug reporting – so that abuse becomes much more difficult."

iMinds is already developing such an open source platform, building on the Contiki Operating System, which is designed to run on the kinds of low-power wireless devices that will make up the Internet of Things. The challenge is to provide an open foundation that gives users more control while at the same time ensuring strong security to protect individual and corporate data. To put it simply, the platform should be open but the data must be closed.

Biometric encryption for wearables

In a recent article in Nature, Bart Preneel sheds his light on the security and privacy issues that come with the use of health apps and wearables. As an internationally acclaimed expert on cryptography and information security, Prof. Preneel considers using internal signals from the body – such as DNA or heartbeat patterns – as a promising approach to keep personal health data safe from unauthorized decryption. Continue reading

Privacy by design

A related question is who will be accountable for the intelligence embedded in the objects that make up the IoT. How will we, as individuals, be sure our right to privacy is protected in a world of ‘things’ that know our preferences and habits? iMinds researchers are committed to asking questions like these, knowing the answers will shape our society in essential ways for decades to come.

Imagine, for example, a vending machine in one’s workplace equipped with RFID technology to recognize each individual purchaser and match selections to his or her food preferences, taking into consideration concerns such as food allergies. Who is entitled to know about those allergies? Would the company that employs the individual be made aware? What would be the implications? Issues such as these — related to how people manage their digital destinies — require regulatory frameworks or legislation.

To deal with this type of questions, we require an informed public policy and legislation – with clear laws and regulations. To this end, iMinds is studying ethical issues – and fusing theory and practice through ’moral fieldwork’, which applies empirical data collection and analysis to philosophical questions – going out in the field for surveys and studies that can provide hard data to evaluate moral issues.

Wired magazine recently devised a thought experiment in which a self-driving vehicle about to crash must choose whether to swerve into a lane containing a packed SUV or into a lane with a smaller automobile. If the computer’s choice causes a fatality, who is accountable? The computer? Its programmer?

In summary: the privacy and data security questions raised by the Internet of Things are complex but not entirely new: it is the specifics — and magnitude — that will differ in the IoT. Further iMinds research will help us determine how to adapt and evolve existing policies and laws to encompass those challenges, ensuring we enjoy all the benefits of a connected world while protecting citizens’ rights and freedoms.

Responsible Innovation in the IoT

Innovation is driving the new economic order; it’s good for society, but new technologies can have unexpected negative consequences. The term ‘Responsible Innovation’ refers to innovation that addresses this issue, ideally by introducing responsibility at the design stage. The European Commission has included this concept in many of its research projects, as have various engineering and academic bodies – including iMinds.

“I’m seeing ethical, privacy and legislative concerns being addressed in parallel with the creation and deployment of IoT solutions. Engineers no longer look at their work from a purely technical point of view; they are increasingly considering the impact of innovative developments on society and in this way they take on a huge responsibility.” – Prof. Dr. Anton Vedder, iMinds - CiTiP - KU Leuven.

Background

Telit2market: Prof. Vedder’s take on Responsible Innovation
Organisation: iMinds - CiTiP - KU Leuven

‘Own Your Own Data’ in the Antwerp City of Things

The Antwerp City of Things is an initiative by the City of Antwerp, mobile operator Mobile Vikings and iMinds. It is a testing ground to experiment with products and services while staying in constant contact with the user base – through user research, prototyping, data capture, data mapping, etc.

Concretely, iBeacon devices are installed throughout Antwerp and are linked up with point-of-sale systems in stores all over the city. As such, all sorts of user data can be monitored non-stop and in real-time, which is invaluable for developers.

“Our focus on privacy is one of the things that makes this project unique. One of our primary tenets as a company is that the user owns their own data — and it’s up to them to decide what to do with it. That sense of empowerment tends to make them more eager to participate. They control what data is available to which partner,” explains Pieter Vandekerckhove, Chief Strategic Officer at Mobile Vikings.

In the City of Things scenario, security and privacy are enforced through a combination of technical solutions and governance. On the one hand, encryption helps keep data secure. On the other hand, a charter is being developed that all partners have to sign and respect. It will spell out privacy policies, and will include provisions for auditing, to make sure the charter is being respected by all parties.