SlideShare ist ein Scribd-Unternehmen logo

iBeacons: Security and Privacy?

Jim Fenton
Jim Fenton

Presentation at iBeacon Makers' Workshop held at Andreesen Horowitz on 29 April 2014, describing some security and privacy concerns with the new iBeacon micro-location technology.

TechnologieNews & Politik
1 von 12
Downloaden Sie, um offline zu lesen
iBeacons: Security and Privacy? Jim Fenton iBeacon Makers’ Workshop 29 April 2014
Introduction • Security • What is the threat model? • What are the threat countermeasures? • [User] Privacy • How might iBeacons impact users?
Threat Analysis • Who are the bad actors? • What are their capabilities? • What are the bad acts we want to protect against?
Bad Actors • Competitors • Competitive analysis, offers • Vandals • Physically move and/or destroy beacons • Script kiddies • Opportunists - Gaming the system “Security Checks” by Flickr user David Woo used under CC BY-ND 2.0 license
Bad Actors’ Capabilities • Create beacon clones • Place your beacons in unauthorized places • Disable beacons • Move beacons • Monitor interactions with beacons
Bring In The Clones! • Place duplicates of existing beacons • Pollutes analytics • Can be used to annoy users, encourage them to disable app • Might be used to “game” special offers • Countermeasure: Fusion of beacon location with rough geolocation from other sources • No effective crypto countermeasure
Beacon Planting • Place beacons in unauthorized places, like competitors’ premises • Car salesman gives user an app • Salesman gets notified when prospective customer enters competitors’ showroom • Salesman calls customer and sweetens offer • Countermeasures: WarBeaconing, public shaming, search-and-destroy
Beacon Abuse • Destruction or movement of existing beacons • Countermeasures • Detect unexpected loss of beacon “hits” • Geolocation fusion • Camouflage “beacons” by Flickr user jnxyz.education used under CC BY-2.0 license
Privacy Issues • Alerts and user visibility • Aggregation
User Alerts • Concern about over- alerting users • But this problem is self-correcting • Not alerting users can be a concern -- users may not know they’re being tracked “estimote” by Flickr user Sam Churchill used under CC BY-2.0 license
Aggregation • Beacon services potentially have access to lots of behavioral information • Shopping center apps can aggregate behavior within centers (and co-owned centers) • Popular apps (Facebook, Google) could roll out beacon services with great potential to aggregate user data
Summary • Significant security threats exist • Beacons will require active management to mitigate loss, cloning, and movement • Deployment scenarios that support wide aggregation of beacon data are problematic for privacy

Empfohlen

Beacon Security
Beacon SecurityBeacon Security
Beacon Securitykontakt.io
 
iBeacon security overview
iBeacon security overviewiBeacon security overview
iBeacon security overviewLocalz
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsPing Identity
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingPing Identity
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldPing Identity
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA Ping Identity
 
Identity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTIdentity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTAllSeen Alliance
 
An Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIsAn Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIsEricsson Labs
 

Empfohlen

Beacon Security
Beacon SecurityBeacon Security
Beacon Securitykontakt.io
 
iBeacon security overview
iBeacon security overviewiBeacon security overview
iBeacon security overviewLocalz
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsPing Identity
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingPing Identity
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldPing Identity
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA Ping Identity
 
Identity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTIdentity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTAllSeen Alliance
 
An Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIsAn Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIsEricsson Labs
 
Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsGeorge Fletcher
 
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Ping Identity
 
PayPal Beacon and Apple iBeacon
PayPal Beacon and Apple iBeaconPayPal Beacon and Apple iBeacon
PayPal Beacon and Apple iBeaconChitpong Wuttanan
 
9.35am robert humphrey
9.35am robert humphrey9.35am robert humphrey
9.35am robert humphreyArgyle Executive Forum
 
Sprite guard on line brochure
Sprite guard on line brochureSprite guard on line brochure
Sprite guard on line brochureJames Doherty PgDipFM CBIFM
 
Get an overview of your network and relax with aruba clear pass and device in...
Get an overview of your network and relax with aruba clear pass and device in...Get an overview of your network and relax with aruba clear pass and device in...
Get an overview of your network and relax with aruba clear pass and device in...Xylos
 
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass Ping Identity
 
Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoTPaul Madsen
 
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Ping Identity
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsLiwei Ren任力偉
 
Designing For Interoperability in Mobile
Designing For Interoperability in MobileDesigning For Interoperability in Mobile
Designing For Interoperability in MobileAllSeen Alliance
 
How ZipKey improves Wi-Fi Products
How ZipKey improves Wi-Fi ProductsHow ZipKey improves Wi-Fi Products
How ZipKey improves Wi-Fi ProductsCirrent
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeBlock Armour
 
Beacon FAQ
Beacon FAQBeacon FAQ
Beacon FAQJarno Malaprade
 
Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016Erez Metula
 
Adaptive Trust for Strong Network Security
Adaptive Trust for Strong Network SecurityAdaptive Trust for Strong Network Security
Adaptive Trust for Strong Network SecurityAruba, a Hewlett Packard Enterprise company
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the EnterpriseDaniel Miessler
 
Securing IoT at Scale Requires a Holistic Approach
Securing IoT at Scale Requires a Holistic ApproachSecuring IoT at Scale Requires a Holistic Approach
Securing IoT at Scale Requires a Holistic ApproachJuniper Networks
 
Context-aware mobile messages
Context-aware mobile messagesContext-aware mobile messages
Context-aware mobile messagesColdbeans Software
 
NFC Everywhere Brochure 2016_WEB
NFC Everywhere Brochure 2016_WEBNFC Everywhere Brochure 2016_WEB
NFC Everywhere Brochure 2016_WEBRichard Schmidmaier
 
Security Questions Considered Harmful
Security Questions Considered HarmfulSecurity Questions Considered Harmful
Security Questions Considered HarmfulJim Fenton
 
What can beacons do for your business?
What can beacons do for your business?What can beacons do for your business?
What can beacons do for your business?kontakt.io
 

Weitere ähnliche Inhalte

Was ist angesagt?

Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsGeorge Fletcher
 
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Ping Identity
 
PayPal Beacon and Apple iBeacon
PayPal Beacon and Apple iBeaconPayPal Beacon and Apple iBeacon
PayPal Beacon and Apple iBeaconChitpong Wuttanan
 
Get an overview of your network and relax with aruba clear pass and device in...
Get an overview of your network and relax with aruba clear pass and device in...Get an overview of your network and relax with aruba clear pass and device in...
Get an overview of your network and relax with aruba clear pass and device in...Xylos
 
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass Ping Identity
 
Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoTPaul Madsen
 
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Ping Identity
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsLiwei Ren任力偉
 
Designing For Interoperability in Mobile
Designing For Interoperability in MobileDesigning For Interoperability in Mobile
Designing For Interoperability in MobileAllSeen Alliance
 
How ZipKey improves Wi-Fi Products
How ZipKey improves Wi-Fi ProductsHow ZipKey improves Wi-Fi Products
How ZipKey improves Wi-Fi ProductsCirrent
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeBlock Armour
 
Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016Erez Metula
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the EnterpriseDaniel Miessler
 
Securing IoT at Scale Requires a Holistic Approach
Securing IoT at Scale Requires a Holistic ApproachSecuring IoT at Scale Requires a Holistic Approach
Securing IoT at Scale Requires a Holistic ApproachJuniper Networks
 
NFC Everywhere Brochure 2016_WEB
NFC Everywhere Brochure 2016_WEBNFC Everywhere Brochure 2016_WEB
NFC Everywhere Brochure 2016_WEBRichard Schmidmaier
 

Was ist angesagt? (20)

Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open Standards
 
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
 
PayPal Beacon and Apple iBeacon
PayPal Beacon and Apple iBeaconPayPal Beacon and Apple iBeacon
PayPal Beacon and Apple iBeacon
 
9.35am robert humphrey
9.35am robert humphrey9.35am robert humphrey
9.35am robert humphrey
 
Sprite guard on line brochure
Sprite guard on line brochureSprite guard on line brochure
Sprite guard on line brochure
 
Get an overview of your network and relax with aruba clear pass and device in...
Get an overview of your network and relax with aruba clear pass and device in...Get an overview of your network and relax with aruba clear pass and device in...
Get an overview of your network and relax with aruba clear pass and device in...
 
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
 
Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoT
 
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
 
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and SolutionsIoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
 
Designing For Interoperability in Mobile
Designing For Interoperability in MobileDesigning For Interoperability in Mobile
Designing For Interoperability in Mobile
 
How ZipKey improves Wi-Fi Products
How ZipKey improves Wi-Fi ProductsHow ZipKey improves Wi-Fi Products
How ZipKey improves Wi-Fi Products
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space Age
 
Beacon FAQ
Beacon FAQBeacon FAQ
Beacon FAQ
 
Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016Iot top 10 vulnerabilities and misconceptions 2016
Iot top 10 vulnerabilities and misconceptions 2016
 
Adaptive Trust for Strong Network Security
Adaptive Trust for Strong Network SecurityAdaptive Trust for Strong Network Security
Adaptive Trust for Strong Network Security
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the Enterprise
 
Securing IoT at Scale Requires a Holistic Approach
Securing IoT at Scale Requires a Holistic ApproachSecuring IoT at Scale Requires a Holistic Approach
Securing IoT at Scale Requires a Holistic Approach
 
Context-aware mobile messages
Context-aware mobile messagesContext-aware mobile messages
Context-aware mobile messages
 
NFC Everywhere Brochure 2016_WEB
NFC Everywhere Brochure 2016_WEBNFC Everywhere Brochure 2016_WEB
NFC Everywhere Brochure 2016_WEB
 

Andere mochten auch

Security Questions Considered Harmful
Security Questions Considered HarmfulSecurity Questions Considered Harmful
Security Questions Considered HarmfulJim Fenton
 
What can beacons do for your business?
What can beacons do for your business?What can beacons do for your business?
What can beacons do for your business?kontakt.io
 
Toward Better Password Requirements
Toward Better Password RequirementsToward Better Password Requirements
Toward Better Password RequirementsJim Fenton
 
Agile for Embedded & System Software Development : Presented by Priyank KS
Agile for Embedded & System Software Development : Presented by Priyank KS Agile for Embedded & System Software Development : Presented by Priyank KS
Agile for Embedded & System Software Development : Presented by Priyank KS oGuild .
 
Interfaces to ubiquitous computing
Interfaces to ubiquitous computingInterfaces to ubiquitous computing
Interfaces to ubiquitous computingswati sonawane
 
Agile London: Industrial Agility, How to respond to the 4th Industrial Revolu...
Agile London: Industrial Agility, How to respond to the 4th Industrial Revolu...Agile London: Industrial Agility, How to respond to the 4th Industrial Revolu...
Agile London: Industrial Agility, How to respond to the 4th Industrial Revolu...Paolo Sammicheli
 
Demystifying dependency Injection: Dagger and Toothpick
Demystifying dependency Injection: Dagger and ToothpickDemystifying dependency Injection: Dagger and Toothpick
Demystifying dependency Injection: Dagger and ToothpickDanny Preussler
 
Agile Methodology PPT
Agile Methodology PPTAgile Methodology PPT
Agile Methodology PPTMohit Kumar
 
HUG Ireland Event Presentation - In-Memory Databases
HUG Ireland Event Presentation - In-Memory DatabasesHUG Ireland Event Presentation - In-Memory Databases
HUG Ireland Event Presentation - In-Memory DatabasesJohn Mulhall
 
Privacy Concerns and Social Robots
Privacy Concerns and Social Robots Privacy Concerns and Social Robots
Privacy Concerns and Social Robots Christoph Lutz
 
Skiena algorithm 2007 lecture07 heapsort priority queues
Skiena algorithm 2007 lecture07 heapsort priority queuesSkiena algorithm 2007 lecture07 heapsort priority queues
Skiena algorithm 2007 lecture07 heapsort priority queueszukun
 
ScrumGuides training: Agile Software Development With Scrum
ScrumGuides training: Agile Software Development With ScrumScrumGuides training: Agile Software Development With Scrum
ScrumGuides training: Agile Software Development With ScrumAlexey Krivitsky
 
Design & Analysis of Algorithms Lecture Notes
Design & Analysis of Algorithms Lecture NotesDesign & Analysis of Algorithms Lecture Notes
Design & Analysis of Algorithms Lecture NotesFellowBuddy.com
 
09 Machine Learning - Introduction Support Vector Machines
09 Machine Learning - Introduction Support Vector Machines09 Machine Learning - Introduction Support Vector Machines
09 Machine Learning - Introduction Support Vector MachinesAndres Mendez-Vazquez
 
Going native with less coupling: Dependency Injection in C++
Going native with less coupling: Dependency Injection in C++Going native with less coupling: Dependency Injection in C++
Going native with less coupling: Dependency Injection in C++Daniele Pallastrelli
 
Final Year Project-Gesture Based Interaction and Image Processing
Final Year Project-Gesture Based Interaction and Image ProcessingFinal Year Project-Gesture Based Interaction and Image Processing
Final Year Project-Gesture Based Interaction and Image ProcessingSabnam Pandey, MBA
 
In-Memory Database Performance on AWS M4 Instances
In-Memory Database Performance on AWS M4 InstancesIn-Memory Database Performance on AWS M4 Instances
In-Memory Database Performance on AWS M4 InstancesSingleStore
 
Machine learning support vector machines
Machine learning support vector machinesMachine learning support vector machines
Machine learning support vector machinesSjoerd Maessen
 

Andere mochten auch (20)

Security Questions Considered Harmful
Security Questions Considered HarmfulSecurity Questions Considered Harmful
Security Questions Considered Harmful
 
What can beacons do for your business?
What can beacons do for your business?What can beacons do for your business?
What can beacons do for your business?
 
Toward Better Password Requirements
Toward Better Password RequirementsToward Better Password Requirements
Toward Better Password Requirements
 
Agile for Embedded & System Software Development : Presented by Priyank KS
Agile for Embedded & System Software Development : Presented by Priyank KS Agile for Embedded & System Software Development : Presented by Priyank KS
Agile for Embedded & System Software Development : Presented by Priyank KS
 
3.7 heap sort
3.7 heap sort3.7 heap sort
3.7 heap sort
 
Interfaces to ubiquitous computing
Interfaces to ubiquitous computingInterfaces to ubiquitous computing
Interfaces to ubiquitous computing
 
Agile London: Industrial Agility, How to respond to the 4th Industrial Revolu...
Agile London: Industrial Agility, How to respond to the 4th Industrial Revolu...Agile London: Industrial Agility, How to respond to the 4th Industrial Revolu...
Agile London: Industrial Agility, How to respond to the 4th Industrial Revolu...
 
Dependency Injection with Apex
Dependency Injection with ApexDependency Injection with Apex
Dependency Injection with Apex
 
Demystifying dependency Injection: Dagger and Toothpick
Demystifying dependency Injection: Dagger and ToothpickDemystifying dependency Injection: Dagger and Toothpick
Demystifying dependency Injection: Dagger and Toothpick
 
Agile Methodology PPT
Agile Methodology PPTAgile Methodology PPT
Agile Methodology PPT
 
HUG Ireland Event Presentation - In-Memory Databases
HUG Ireland Event Presentation - In-Memory DatabasesHUG Ireland Event Presentation - In-Memory Databases
HUG Ireland Event Presentation - In-Memory Databases
 
Privacy Concerns and Social Robots
Privacy Concerns and Social Robots Privacy Concerns and Social Robots
Privacy Concerns and Social Robots
 
Skiena algorithm 2007 lecture07 heapsort priority queues
Skiena algorithm 2007 lecture07 heapsort priority queuesSkiena algorithm 2007 lecture07 heapsort priority queues
Skiena algorithm 2007 lecture07 heapsort priority queues
 
ScrumGuides training: Agile Software Development With Scrum
ScrumGuides training: Agile Software Development With ScrumScrumGuides training: Agile Software Development With Scrum
ScrumGuides training: Agile Software Development With Scrum
 
Design & Analysis of Algorithms Lecture Notes
Design & Analysis of Algorithms Lecture NotesDesign & Analysis of Algorithms Lecture Notes
Design & Analysis of Algorithms Lecture Notes
 
09 Machine Learning - Introduction Support Vector Machines
09 Machine Learning - Introduction Support Vector Machines09 Machine Learning - Introduction Support Vector Machines
09 Machine Learning - Introduction Support Vector Machines
 
Going native with less coupling: Dependency Injection in C++
Going native with less coupling: Dependency Injection in C++Going native with less coupling: Dependency Injection in C++
Going native with less coupling: Dependency Injection in C++
 
Final Year Project-Gesture Based Interaction and Image Processing
Final Year Project-Gesture Based Interaction and Image ProcessingFinal Year Project-Gesture Based Interaction and Image Processing
Final Year Project-Gesture Based Interaction and Image Processing
 
In-Memory Database Performance on AWS M4 Instances
In-Memory Database Performance on AWS M4 InstancesIn-Memory Database Performance on AWS M4 Instances
In-Memory Database Performance on AWS M4 Instances
 
Machine learning support vector machines
Machine learning support vector machinesMachine learning support vector machines
Machine learning support vector machines
 

Ähnlich wie iBeacons: Security and Privacy?

Bug bounties - cén scéal?
Bug bounties - cén scéal?Bug bounties - cén scéal?
Bug bounties - cén scéal?Ciaran McNally
 
The challenge of security awareness
The challenge of security awarenessThe challenge of security awareness
The challenge of security awarenessJisc
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseJason Bloomberg
 
A question of trust - understanding Open Source risks
A question of trust - understanding Open Source risksA question of trust - understanding Open Source risks
A question of trust - understanding Open Source risksTim Mackey
 
451 AppSense Webinar - Why blame the user?
451 AppSense Webinar - Why blame the user?451 AppSense Webinar - Why blame the user?
451 AppSense Webinar - Why blame the user?Adrian Sanabria
 
Crowdsourcing Cyber Security
Crowdsourcing Cyber SecurityCrowdsourcing Cyber Security
Crowdsourcing Cyber SecurityToe Khaing
 
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty ProgramsHI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programsbugcrowd
 
Crispin+mojiva march 2013
Crispin+mojiva march 2013 Crispin+mojiva march 2013
Crispin+mojiva march 2013 Jack Hallahan
 
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...Invincea, Inc.
 
Ivanti Cloud and Solving User Experience Problems
Ivanti Cloud and Solving User Experience ProblemsIvanti Cloud and Solving User Experience Problems
Ivanti Cloud and Solving User Experience ProblemsIvanti
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_230 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2Gaurav Srivastav
 
Outpost24 webinar - Enhance user security to stop the cyber-attack cycle
Outpost24 webinar - Enhance user security to stop the cyber-attack cycleOutpost24 webinar - Enhance user security to stop the cyber-attack cycle
Outpost24 webinar - Enhance user security to stop the cyber-attack cycleOutpost24
 
Securing Microservices with Spring Cloud Security
Securing Microservices with Spring Cloud SecuritySecuring Microservices with Spring Cloud Security
Securing Microservices with Spring Cloud SecurityWill Tran
 
Fight fire with fire draft
Fight fire with fire draftFight fire with fire draft
Fight fire with fire draftNishant Agrawal
 
Social Networks - The Good and the Bad
Social Networks - The Good and the BadSocial Networks - The Good and the Bad
Social Networks - The Good and the BadXavier Mertens
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Andris Soroka
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityAVG Technologies AU
 
Sacon - IoT Hackfest (Sri Chakradhar K)
Sacon - IoT Hackfest (Sri Chakradhar K)Sacon - IoT Hackfest (Sri Chakradhar K)
Sacon - IoT Hackfest (Sri Chakradhar K)Priyanka Aash
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021Adam Shostack
 
Defending Your IBM i Against Malware
Defending Your IBM i Against MalwareDefending Your IBM i Against Malware
Defending Your IBM i Against MalwarePrecisely
 

Ähnlich wie iBeacons: Security and Privacy? (20)

Bug bounties - cén scéal?
Bug bounties - cén scéal?Bug bounties - cén scéal?
Bug bounties - cén scéal?
 
The challenge of security awareness
The challenge of security awarenessThe challenge of security awareness
The challenge of security awareness
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterprise
 
A question of trust - understanding Open Source risks
A question of trust - understanding Open Source risksA question of trust - understanding Open Source risks
A question of trust - understanding Open Source risks
 
451 AppSense Webinar - Why blame the user?
451 AppSense Webinar - Why blame the user?451 AppSense Webinar - Why blame the user?
451 AppSense Webinar - Why blame the user?
 
Crowdsourcing Cyber Security
Crowdsourcing Cyber SecurityCrowdsourcing Cyber Security
Crowdsourcing Cyber Security
 
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty ProgramsHI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
 
Crispin+mojiva march 2013
Crispin+mojiva march 2013 Crispin+mojiva march 2013
Crispin+mojiva march 2013
 
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...
 
Ivanti Cloud and Solving User Experience Problems
Ivanti Cloud and Solving User Experience ProblemsIvanti Cloud and Solving User Experience Problems
Ivanti Cloud and Solving User Experience Problems
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_230 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
 
Outpost24 webinar - Enhance user security to stop the cyber-attack cycle
Outpost24 webinar - Enhance user security to stop the cyber-attack cycleOutpost24 webinar - Enhance user security to stop the cyber-attack cycle
Outpost24 webinar - Enhance user security to stop the cyber-attack cycle
 
Securing Microservices with Spring Cloud Security
Securing Microservices with Spring Cloud SecuritySecuring Microservices with Spring Cloud Security
Securing Microservices with Spring Cloud Security
 
Fight fire with fire draft
Fight fire with fire draftFight fire with fire draft
Fight fire with fire draft
 
Social Networks - The Good and the Bad
Social Networks - The Good and the BadSocial Networks - The Good and the Bad
Social Networks - The Good and the Bad
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our Community
 
Sacon - IoT Hackfest (Sri Chakradhar K)
Sacon - IoT Hackfest (Sri Chakradhar K)Sacon - IoT Hackfest (Sri Chakradhar K)
Sacon - IoT Hackfest (Sri Chakradhar K)
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
 
Defending Your IBM i Against Malware
Defending Your IBM i Against MalwareDefending Your IBM i Against Malware
Defending Your IBM i Against Malware
 

Mehr von Jim Fenton

REQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS RequirementsREQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS RequirementsJim Fenton
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondJim Fenton
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication OverviewJim Fenton
 
Making User Authentication More Usable
Making User Authentication More UsableMaking User Authentication More Usable
Making User Authentication More UsableJim Fenton
 
LOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest ProposalLOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest ProposalJim Fenton
 
IgnitePII2014 Nōtifs
IgnitePII2014 NōtifsIgnitePII2014 Nōtifs
IgnitePII2014 NōtifsJim Fenton
 
OneID Garage Door
OneID Garage DoorOneID Garage Door
OneID Garage DoorJim Fenton
 
Identity systems
Identity systemsIdentity systems
Identity systemsJim Fenton
 
Adapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICAdapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICJim Fenton
 

Mehr von Jim Fenton (11)

Notifs 2018
Notifs 2018Notifs 2018
Notifs 2018
 
REQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS RequirementsREQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS Requirements
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and Beyond
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication Overview
 
Making User Authentication More Usable
Making User Authentication More UsableMaking User Authentication More Usable
Making User Authentication More Usable
 
LOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest ProposalLOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest Proposal
 
Notifs update
Notifs updateNotifs update
Notifs update
 
IgnitePII2014 Nōtifs
IgnitePII2014 NōtifsIgnitePII2014 Nōtifs
IgnitePII2014 Nōtifs
 
OneID Garage Door
OneID Garage DoorOneID Garage Door
OneID Garage Door
 
Identity systems
Identity systemsIdentity systems
Identity systems
 
Adapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICAdapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTIC
 

Kürzlich hochgeladen

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Kürzlich hochgeladen (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

iBeacons: Security and Privacy?

  • 1. iBeacons: Security and Privacy? Jim Fenton iBeacon Makers’ Workshop 29 April 2014
  • 2. Introduction • Security • What is the threat model? • What are the threat countermeasures? • [User] Privacy • How might iBeacons impact users?
  • 3. Threat Analysis • Who are the bad actors? • What are their capabilities? • What are the bad acts we want to protect against?
  • 4. Bad Actors • Competitors • Competitive analysis, offers • Vandals • Physically move and/or destroy beacons • Script kiddies • Opportunists - Gaming the system “Security Checks” by Flickr user David Woo used under CC BY-ND 2.0 license
  • 5. Bad Actors’ Capabilities • Create beacon clones • Place your beacons in unauthorized places • Disable beacons • Move beacons • Monitor interactions with beacons
  • 6. Bring In The Clones! • Place duplicates of existing beacons • Pollutes analytics • Can be used to annoy users, encourage them to disable app • Might be used to “game” special offers • Countermeasure: Fusion of beacon location with rough geolocation from other sources • No effective crypto countermeasure
  • 7. Beacon Planting • Place beacons in unauthorized places, like competitors’ premises • Car salesman gives user an app • Salesman gets notified when prospective customer enters competitors’ showroom • Salesman calls customer and sweetens offer • Countermeasures: WarBeaconing, public shaming, search-and-destroy
  • 8. Beacon Abuse • Destruction or movement of existing beacons • Countermeasures • Detect unexpected loss of beacon “hits” • Geolocation fusion • Camouflage “beacons” by Flickr user jnxyz.education used under CC BY-2.0 license
  • 9. Privacy Issues • Alerts and user visibility • Aggregation
  • 10. User Alerts • Concern about over- alerting users • But this problem is self-correcting • Not alerting users can be a concern -- users may not know they’re being tracked “estimote” by Flickr user Sam Churchill used under CC BY-2.0 license
  • 11. Aggregation • Beacon services potentially have access to lots of behavioral information • Shopping center apps can aggregate behavior within centers (and co-owned centers) • Popular apps (Facebook, Google) could roll out beacon services with great potential to aggregate user data
  • 12. Summary • Significant security threats exist • Beacons will require active management to mitigate loss, cloning, and movement • Deployment scenarios that support wide aggregation of beacon data are problematic for privacy