the sustainability of safety security and privacy
play

The sustainability of safety, security and privacy Ross Anderson - PowerPoint PPT Presentation

Aug 25, 2023 •338 likes •663 views

The sustainability of safety, security and privacy Ross Anderson Cambridge Darmstadt, September 2019 EU RAPEX A12/0157/19 Enoxs Safe-Kid One was recalled on Saturday 1 Feb Unencrypted communications with its backend

  1. The sustainability of safety, security and privacy Ross Anderson Cambridge Darmstadt, September 2019

  2. EU RAPEX A12/0157/19 Enox’s ‘Safe-Kid One’ was recalled on Saturday 1 Feb • “Unencrypted communications with its backend • server … enables unauthenticated access” Hackers can track and call kids, change device ID… • Doesn’t comply with Radio Equipment Directive • Darmstadt, September 2019

  3. How does IoT change safety? • The EU regulates safety of all sorts of devices • In 2015, they asked Éireann Leverett, Richard Clayton and me to examine what IoT implied • 2016 report (WEIS 2017): once there’s software everywhere, safety and security get entangled • (The two are the same in the languages spoken by most EU citizens – sicurezza, seguridad, sûreté, Sicherheit, trygghet…) • How will we have to update safety regulation (and safety regulators) to cope? Darmstadt, September 2019

  4. Background • Markets do safety in some industries (aviation) way better than others (medicine) • Cars were dreadful until Nader’s ‘Unsafe at Any Speed’ led to the NHTSA • In the EU, we have broad frameworks such as the Product Liability Directive 85/374/EES, Framework Directive 2007/43/EC on type approval, plus many detailed rules • Over 20 EU agencies (plus UNECE) in play Darmstadt, September 2019

  5. When cars get hacked Darmstadt, September 2019

  6. When cars get hacked (2) • 2011: Carshark needed physical access • 2015: Charlie Miller and Chris Valasek hacked a jeep Cherokee via Chrysler’s Uconnect • So now we just need your IP address! • Suddenly people cared… • Chrysler recalled 1.4m vehicles for software fix Darmstadt, September 2019

  7. When cars get hacked (3) Darmstadt, September 2019

  8. Darmstadt, September 2019

  9. Darmstadt, September 2019

  10. Background (2) • Research by Harold Thimbleby: hospital safety usability failures kill about 2000 p.a. in the UK, about the same as road accidents • Safety usability ignored – incentives wrong… • But attacks are very much harder to ignore – a wifi tampering demo in 2015 led the FDA to blacklist the Hospira Symbiq infusion pump • 2017: recall of 450,000 St Jude pacemakers • What should Europe do? Darmstadt, September 2019

  11. Background (3) • The Medical Device Directives have been revised: reg 2017/745 comes into force 2020 requiring post-market surveillance, a risk management plan for each device, ergonomic design … • Reg 17.2: ‘for devices that incorporate software… the software shall be developed … in accordance with the state of the art taking into account the principles of development life cycle, risk management, including information security, verification and validation’ Darmstadt, September 2019

  12. Background (4) • 18.8 ‘Devices shall be designed and manufactured in such a way as to protect, as far as possible, against unauthorised access that could hamper the device from functioning as intended’. • It’s still not perfect (there’s wriggle room on ergonomics, network security assumptions…) but it’s a huge improvement! Darmstadt, September 2019

  13. Background (5) • Electricity substations: 40-year lifecycle, protocols (DNP3) don’t support authentication • IP networking: suddenly anyone who knows a sensor’s IP address can read from it, and with an actuator’s IP address you can activate it • Only practical fix: re-perimeterise! • Have one component that connects you to the network and replace it every 5 years (harder for cars which have multiple RF interfaces) Darmstadt, September 2019

  14. Broad questions include… • Who will investigate incidents, and to whom will they be reported? • How do we embed responsible disclosure? • How do we bring safety engineers and security engineers together? • Will regulators all need security engineers? • How do we prevent abusive lock-in? Note the US DMCA exemption to repair tractors … Darmstadt, September 2019

  15. Policy recommendations included • Requiring vendors to self-certify, for their CE mark, that products can be patched if need be • Requiring a secure development lifecycle with vulnerability management (ISO 29174, 30111) • Creating a European Security Engineering Agency to support policymakers (now: ENISA) • Extending the Product Liability Directive to services • Updating NIS Directive to report breaches and vulnerabilities to safety regulators and users Darmstadt, September 2019

  16. The punch line • Phones, laptops: patch them monthly, but make them obsolete quickly so you don’t have to support 100 different models Darmstadt, September 2019

  17. The punch line • Phones, laptops: patch them monthly, but make them obsolete quickly so you don’t have to support 100 different models • Cars, medical devices: we test them to death before release, but don’t connect them to the Internet, and almost never patch Darmstadt, September 2019

  18. The punch line • Phones, laptops: patch them monthly, but make them obsolete quickly so you don’t have to support 100 different models • Cars, medical devices: we test them to death before release, but don’t connect them to the Internet, and almost never patch • So what happens to support costs now we’re starting to patch cars? Darmstadt, September 2019

  19. The trilemma • Standard safety lifecycle, no patching -> safety + sustainability -> go online, get hacked • Standard security lifecycle, patching -> breaks safety certification • Patching plus redoing safety certification with current methods -> costs of maintaining safety rating can be sky high • So: can we get safety, security and sustainability at the same time? Cambridge, November 2018

  20. The right to repair • The Centennial Light has been burning since 1901 • In 1924, a cartel of GE, Osram and Philips agreed to reduce average bulb lifetimes from 2500h to 1000h • Many firms make it hard or even illegal to fix products • Shortening product life a crime in France (Apple is being investigated) Darmstadt, September 2019

  21. Vehicle lifecycle economics • Vehicle lifetimes in Europe have about doubled in 40 years • Average age at scrappage in UK now 14.8y • Some vehicle makers want to say “scrap it after 7 years and buy a new one!” • But the embedded CO 2 cost of a car often exceeds its lifetime fuel burn • And what about Africa, where most vehicles are imported second-hand? Darmstadt, September 2019

  22. Trust & Technology: Sep 20 2018

  23. What is a reasonable design lifetime? • Cars: maybe 18 years (10 years from sale of last product in a model range) • Domestic appliances: surely 10 years because of spares obligation, plus store life … 15? • Medical devices: if a pacemaker has a 10-year in-service life, then surely 20 • Electricity substations: maybe 40 years • WEF “circular vision for electronics” Darmstadt, September 2019

  24. 2019 Consumer Protection Upgrade • 2019/771: EU directive on smart goods • Buyers of goods with digital elements are entitled to necessary updates for two years, or a longer period of time if this is a reasonable expectation of the customer • We expect this will mean at least 10 years for cars, ovens, fridges, air-conditioning… • Trader has burden of proof in first two years Darmstadt, September 2019

  25. The grand challenge for research • If the durable goods we’re designing today are still working in 2038 then things must change • Computer science = managing complexity • The history goes through high-level languages, then types, then objects, and tools like git, Jenkins, Coverity … • What else will be needed for sustainable computing once we have software in just about everything? Darmstadt, September 2019

  26. New directions… • Research topics to support 20-year patching Include a more stable and powerful toolchain • Crypto teaches how complex this can be • Cars teach: how do we sustain all the test environments? • Control systems teach: can small changes to the architecture limit what you have to patch? • Android teaches: how do we motivate OEMs to patch products they no longer sell? Cambridge, November 2018

  27. Implications for research and teaching • Since 2016–7 I’ve been teaching safety and security together in the same course to first- year undergraduates • We’re starting to look at what we can do to make the tool chain more sustainable • For example, can we stop the compiler writers being a subversive fifth column? • Better ways to communicate intent might help (‘What you get is what you C’) Cambridge, November 2018

  28. Micro-scale sustainable security • Laurent Simon, David Chisnall and I worked on compiler support for crypto – Easy problem 1: zeroising sensitive variables – Easy problem 2: constant time loops • Can we do these properly, with compiler annotations that make intent explicit? • Answer: yes, but doing it right is nontrivial! • EuroS&P paper ‘What you get is what you C’ 15/06/18 Berlin, June 15 2018

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Digital Privacy, Safety & Security Module Its About Navigating the Journey FERPA &

Digital Privacy, Safety & Security Module Its About Navigating the Journey FERPA &

Digital Privacy, Safety & Security Module Its About Navigating the Journey FERPA & PPRA COPPA SIS, CIPA Parent Digital Engagement Incidents Student Behavior School Educational New Privacy Boards Apps Laws Creating

591 views • 14 slides
CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
Internet Safety Safety and Security Issues Inappropriate content. Online privacy.

Internet Safety Safety and Security Issues Inappropriate content. Online privacy.

Internet Safety Safety and Security Issues Inappropriate content. Online privacy. Cyberbullying. Resources http://www.netsmartz.org/Parents https://www.commonsensemedia.org/ Nearpod presentations https://nearpod.com/ Parents

466 views • 28 slides
Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

5/18/2016 Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B. Authentication 12C. Authorization Security and Privacy 12D. Trust 12E. At-Rest Encryption Mark Kampe (markk@cs.ucla.edu) Security and Privacy

116 views • 8 slides
SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY Christian Kaestner with slides from Eunsuk Kang Required reading: Hulten, Geoff. "Building Intelligent Systems: A Guide to Machine Learning

1.95k views • 113 slides
Beyond the Pile of Knobs: Usability and Design for Privacy, Security, Safety & Consent

Beyond the Pile of Knobs: Usability and Design for Privacy, Security, Safety & Consent

Beyond the Pile of Knobs: Usability and Design for Privacy, Security, Safety & Consent Georgia Bullen // @georgiamoon Executive Director Simply Secure FOSDEM // 2 February 2020 Everyone deserves technology they can trust. Simply Secure

437 views • 28 slides
S & P SECURITY & PRIVACY GROUP Security and Privacy for Payment Channel Networks

S & P SECURITY & PRIVACY GROUP Security and Privacy for Payment Channel Networks

FAKULTT FR !NFORMATIK Faculty of Informatics S & P SECURITY & PRIVACY GROUP Security and Privacy for Payment Channel Networks Pedro Moreno-Sanchez Blockchain Summer School BDLT19 Vienna, Sep 2nd 2019 Blockchain Research

1.41k views • 73 slides
Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much

Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much

Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much easier if there were someone we could all TRUST with our data Be8er data mining -- using MORE data, while respec@ng users PRIVACY

888 views • 35 slides
Open Source Physical Security: Can we have both privacy and safety? Chris Peterson Foresight

Open Source Physical Security: Can we have both privacy and safety? Chris Peterson Foresight

Open Source Physical Security: Can we have both privacy and safety? Chris Peterson Foresight Institute www.foresight.org Please check the logic "The best weapon of a dictatorship is secrecy, but the best weapon of a democracy

586 views • 30 slides
Balancing Privacy, Public Safety and Network Security Concerns Under the USA PATRIOT Act of 2001

Balancing Privacy, Public Safety and Network Security Concerns Under the USA PATRIOT Act of 2001

NOVEMBER 2001 Balancing Privacy, Public Safety and Network Security Concerns Under the USA PATRIOT Act of 2001 By Mark A. Rush and Lucas G. Paglia *

1.01k views • 12 slides
Web Privacy Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI)

Web Privacy Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI)

CS 563 - Advanced Computer Security: Web Privacy Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI) Administrative Learning Objectives : Consider the difference between security and privacy Discuss work

814 views • 43 slides
Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data

Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data

Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data Protecting Personal Data Privacy & Security Project HIPAA: What it is Health Insurance Portability and Accountability Act of 1996 Also known as

445 views • 26 slides
Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned

Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned

Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned Did you know... 77 percent of all Americans feel their personal health information privacy is very important, and 84 percent said they

769 views • 50 slides
How Badly Broken is Privacy Legislation? And what can we do to fix it? 17th Annual Privacy and

How Badly Broken is Privacy Legislation? And what can we do to fix it? 17th Annual Privacy and

How Badly Broken is Privacy Legislation? And what can we do to fix it? 17th Annual Privacy and Security Conference Privacy and Security by Choice, not Chance Afternoon Workshop Wednesday February 3, 2016 Victoria, B.C. Canada Gerry Bliss

1.11k views • 63 slides
CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local Differential Privacy in Practice (Module 1) Graham Cormode, Somesh Jha, Tejas Kulkarni, Ninghui Li, Divesh Srivastava, and Tianhao Wang Differential

819 views • 38 slides
Safety and Security Certification Program Safety and Security Certification A process to

Safety and Security Certification Program Safety and Security Certification A process to

Safety and Security Certification Program Safety and Security Certification A process to assure that safety & security concerns, vulnerabilities, and hazards are adequately addressed prior to the initiation of service. Safety and

97 views • 9 slides
"Never doubt that a small group of thoughtful, committed citizens can change the world;

"Never doubt that a small group of thoughtful, committed citizens can change the world;

"Never doubt that a small group of thoughtful, committed citizens can change the world; indeed, it's the only thing that ever has." Margaret Mead Timing Note Approval of Tonight's Agenda President: If there is no objection, we

767 views • 37 slides
Computational Pragmatics Autumn 2015 Raquel Fernndez Institute for Logic, Language &

Computational Pragmatics Autumn 2015 Raquel Fernndez Institute for Logic, Language &

Computational Pragmatics Autumn 2015 Raquel Fernndez Institute for Logic, Language & Computation University of Amsterdam Where we are Today: Alignment and convergence of linguistic forms Homework #3 (available tomorrow)

491 views • 21 slides
Pose Estimation for Robotic Soccer Players in the Context of RoboCup Judith Hartfill University

Pose Estimation for Robotic Soccer Players in the Context of RoboCup Judith Hartfill University

MIN Faculty Department of Informatics Pose Estimation for Robotic Soccer Players in the Context of RoboCup Judith Hartfill University of Hamburg Faculty of Mathematics, Informatics and Natural Sciences Department of Informatics Technical

410 views • 21 slides
Man in the middle attacks on IEC 60870-5-104 Pete Maynard @pgmaynard ORCID 0000-0002-6267-7530

Man in the middle attacks on IEC 60870-5-104 Pete Maynard @pgmaynard ORCID 0000-0002-6267-7530

Man in the middle attacks on IEC 60870-5-104 Pete Maynard @pgmaynard ORCID 0000-0002-6267-7530 Introduction Pete Maynard PhD Student CSIT Queen's University Belfast, UK Industrial Control System Security Partnership with

584 views • 34 slides
Cosmological Weak Gravitational Lensing Hendrik Hildebrandt - Ruhr-Universitt Bochum Credit:

Cosmological Weak Gravitational Lensing Hendrik Hildebrandt - Ruhr-Universitt Bochum Credit:

Cosmological Weak Gravitational Lensing Hendrik Hildebrandt - Ruhr-Universitt Bochum Credit: LSST CDM Cosmological Constant / Vacuum Energy / Dark Energy Credit: Planck Gravitational light deflection Credit: Michael Sachs

973 views • 47 slides
Progress in perturbative QCD Fabrizio Caola, IPPP Durham & CERN University of Durham Annual

Progress in perturbative QCD Fabrizio Caola, IPPP Durham & CERN University of Durham Annual

Progress in perturbative QCD Fabrizio Caola, IPPP Durham & CERN University of Durham Annual Theory Meeting, Durham, Dec. 19th 2016 Disclaimer A lot of progress in pQCD in the last year Impossible / useless to cover everything in 45

870 views • 48 slides
Systems Mathias Lux, mlux@itec.uni-klu.ac.at Dienstags, 16.oo Uhr c.t., E.1.42 This work is

Systems Mathias Lux, mlux@itec.uni-klu.ac.at Dienstags, 16.oo Uhr c.t., E.1.42 This work is

VK Multimedia Information Systems Mathias Lux, mlux@itec.uni-klu.ac.at Dienstags, 16.oo Uhr c.t., E.1.42 This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Agenda Topics & goals Modalities

1.16k views • 52 slides
Outline Special Topics in AI: Intelligent Agents and Multi-Agent Systems Introduction

Outline Special Topics in AI: Intelligent Agents and Multi-Agent Systems Introduction

23/10/2012 Outline Special Topics in AI: Intelligent Agents and Multi-Agent Systems Introduction DCOP for MAS how to model problems in the DCOP framework Distributed Constraint Optimization Solution Techniques for DCOPs (Exact

441 views • 12 slides

More recommend