Enabling trust in IoT is critical. IoT extends to everyday items not normally considered computers, allowing them to generate, exchange and consume data with minimal human intervention. Users of IoT systems must have confidence that their data is collected, stored and used in a manner that benefits them and does not jeopardise their privacy.
The GDPR (General Data Protection Regulation) brings new requirements on IoT systems to be transparent about personal data collection, monitor and authorise access to personal data, obtain consent for data processing and give users control over their personal data.
Privacy solutions for IoT need to help users decide who can legitimately access and alter information. The regulations state that it must be possible for users to give consent to process personal data freely, specifically, and unambiguously.
To enable this consent, we are working towards an authorisation system suited to different needs for
IoT systems. The solution closely follows standards including Kantara UMA (User Managed Access), IETF OAuth2 and ACE (Authentication and Authorisation in Constrained Environments). Our goal is to provide users with an intuitive interface to their IoT devices that allows them to view requests, create privacy policies, and ensure authorised access to their personal data.
Security in IoT is a challenge due to:
Traditional approaches to cyber security are not sufficient to deal with these challenges or cope with the vast volume and speed of data coming from the IoT networks.
Leveraging our expertise in DNS we have developed a product that provides network-level monitoring of IoT systems. Originally developed for domain registries, large internet service providers and enterprise networks, turing provides an end-to-end view of IoT networks, providing early warning for risks such as misconfigurations, bugs or security threats. This is currently being used to monitor the devices on the Oxford Flood Network, providing invaluable insight into the traffic talking to the network.
Find out more about Nominet’s DNS solution turing.