Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Privacy, a competitive advantage.

Mrinal Wadhwa
November 18, 2020

Privacy, a competitive advantage.

Mrinal Wadhwa

November 18, 2020
Tweet

More Decks by Mrinal Wadhwa

Other Decks in Technology

Transcript

  1. Privacy. The ability of an individual or group to control

    the f l ow of information about themselves.
  2. To maximize this degree of resistance, we need to understand

    the possible set of unfortunate events, your threat model.
  3. THREAT DESIRED PROPERTY S Spoo f i ng identity Identi

    f i cation, Authentication T Tampering with data Integrity R Repudiation Non-repudiability (some applications desire the opposite) I Information disclosure Con f i dentiality D Denial of service Availability E Elevation of privilege Authorization The STRIDE threat model.
  4. THREAT DESIRED PROPERTY S Spoo f i ng identity Identi

    f i cation, Authentication T Tampering with data Integrity R Repudiation Non-repudiability (some applications desire the opposite) I Information disclosure Con f i dentiality D Denial of service Availability E Elevation of privilege Authorization The STRIDE threat model.
  5. The tool that system architects use to guarantee data integrity,

    authenticity and con f i dentiality. Cryptography.
  6. 3845 8855 2663 2213 3845 8855 2663 2213 Initially the

    focus was on client-server trust. 0x217c5111…
  7. Gateway Flood Warning Sensor Flood Monitoring System Sensors Vendor’s Service

    LPWAN TLS TLS Usually has different security properties, compared to TLS, often not as well designed. Various protocols have various different secure channel designs.
  8. D D D … Devices … … Gateways … Lighting

    HVAC Water Monitoring Elevators Access Control Fire Safety Waste Parking … Vendor IoT Backends … System Integrator 1 Building Management System … SI IoT Backends … System Integrator 2 G G D D D D D D D D D D D D D D D D D D D D D G G G G G G G G G G G G G G Complexity & attack surfaces grow to be unmanageable. Proprietary data is leaked. Security becomes untenable.
  9. Remove backend infrastructure from an end users threat model. The

    end user may be an individual or a business.