IoTSec:Privacy Label explanation

Security in IoT for Smart Grids
Home Research Security Centre Publications Student corner About

Four areas

1. which data are collected
2. sharing to my phone, my cloud, public cloud,...
3. data communication integrity and storage
4. further distribution of data, ownership of data, further processing

<red>Open issues

• access control (authentication) - transparency of authentication level
• maintenance and update</red>

A++

• no data are shared

A+

A - Very high

• supplier should bear the risk of incidents, e.g. they rathe than I get penalised when things go wrong - equivalent to finansavtaleloven
• if device is stolen - nobody else

B

• customizable access control, eg.. add stronger authentication or consent requirements
• must be able to trade off the various security requirements, e.g. confidentiality agains availability - i.e. I want flexibility
• compliance with other standards - and this be listed (information requirement) - clipper compatible
• anonymity of my interaction with the supplier
• customer can control with how the information is transferred and used by a third party

C

• must be possible to withdraw consent - and that this results in all relevant information being deleted - and proof of deletion

D

• Data is not sold without consent/knowledge
• transparency - I get told about the criteria that the supplier has used in their information classification
• Information is only used for its legitimate purpose

E

• in compliance with GDPR
• if data is stolen, I will get told
• notification if DSO is hacked

F - Failure

• nothing , no expectations