Difference between revisions of "IoTSec:Y1 Suggestions Research Council"
From its-wiki.no
Josef.Noll (Talk | contribs) (→IoTSec recommendations for future research) |
Josef.Noll (Talk | contribs) (→IoTSec recommendations for future research) |
||
| Line 2: | Line 2: | ||
High-level recommendations and more detailed research specific challenges as identified by IoTSec (''Nov2016'') | High-level recommendations and more detailed research specific challenges as identified by IoTSec (''Nov2016'') | ||
| − | * '''Privacy labelling''': We have identified privacy labelling as a potential for making privacy work into a commercially viable alternative for companies that put more privacy into their products, apps, services. These can be seen for privacy the same as the energy labels for electronic equipment. | + | * '''Privacy labelling''': We have identified privacy labelling as a potential for making privacy work into a commercially viable alternative for companies that put more privacy into their products, apps, services. These can be seen for privacy the same as the energy labels for electronic equipment. - see: [[IoTSec:Privacy_Label]] |
| − | * '''Regulations and policies''': | + | * '''Regulations and policies''': Pilot-based developments of regulations, ''allowance to fail'', answering the need for quick developments. |
| − | * '''User-involvement''': Research should be directed more towards the society, towards people. Incorporate citizens in projects, give them power to participate. | + | * '''User-involvement''': Research should be directed more towards the society, towards people. Incorporate citizens in projects, give them power to participate. E.g. high-frequency reading from smart meters |
* '''Early design''': Use of fast prototyping and visualisation as a tool for reducing research cost. When ideas are tested in early stage, critical mistakes may be avoided, thus saving resources. | * '''Early design''': Use of fast prototyping and visualisation as a tool for reducing research cost. When ideas are tested in early stage, critical mistakes may be avoided, thus saving resources. | ||
| − | |||
==Research specific challenges== | ==Research specific challenges== | ||
Revision as of 22:50, 21 November 2016
| Security in IoT for Smart Grids | |||||||
|---|---|---|---|---|---|---|---|
|
|
IoTSec recommendations for future research
High-level recommendations and more detailed research specific challenges as identified by IoTSec (Nov2016)
- Privacy labelling: We have identified privacy labelling as a potential for making privacy work into a commercially viable alternative for companies that put more privacy into their products, apps, services. These can be seen for privacy the same as the energy labels for electronic equipment. - see: IoTSec:Privacy_Label
- Regulations and policies: Pilot-based developments of regulations, allowance to fail, answering the need for quick developments.
- User-involvement: Research should be directed more towards the society, towards people. Incorporate citizens in projects, give them power to participate. E.g. high-frequency reading from smart meters
- Early design: Use of fast prototyping and visualisation as a tool for reducing research cost. When ideas are tested in early stage, critical mistakes may be avoided, thus saving resources.
Research specific challenges
- Complexity due to the concurrency and distributed nature of IoT systems
- Context-centric computation, since the IoT devices, e.g., in the Smart Home, must be aware of the humans. Includes also concepts for privacy-aware cloud computing, e.g. fog/edge computing
- Lack of semantics, since IoT systems would produce large amounts of data, need semantic information in order to become usable.
- Models vs. programs: Analysis and evaluation for agile prototyping based on executable models and semantic-based tools, as and evolution from programming and their low-level tools.
- Semantics for Security and Privacy: Semantic technologies and ontologies are need to establish a unified terminology for fields of privacy and security. This would provide machine-readable data and would allow development of more automated tools.
- Edge and fog computing for privacy
- Measurable security and privacy: A novel concept being in conflict with some purist researchers in security. Though, part of day-to-day business in companies, often entitled as "risk analysis". We see a lack of automated tools and methodologies to help in measuring such important “unmeasurable” aspects like security, privacy, or robustness, which are essential in evaluating smart infrastructures.
- Metrics for translating (functional and non-functional) security into measurable units, e.g. AES 2048 = 85(?) (scale: 0...100)