Adaptive security and privacy management for the internet of things (ASPI 2013)

The Internet of Things (IoT) was initially proposed to connect specific things via the Internet using devices, such as RFID readers, to realise intelligent identification and management. This vision has since expanded to include a more diverse range of devices, services and networks to become an Internet of anything, anywhere, connected, anyhow. Security and privacy management for the IoT remains a core challenge. Many IoT devices maybe may have zero or minimal security by design because they are low resource, low power devices, designed to work as closed vertical services. Security threats and risks may be higher because devices are unattended, use local wireless communication that have no or weak encryption making them more susceptible to eavesdropping and because users find security too unusable to setup and operate and hence leave devices relatively unsecure. It may also be less problematic to reproduce and fake data sources, access nodes and data sinks that interact with IoT devices in order to attack devices or the services they access. Devices can be moved between or removed from private, communal, public and hostile physical spaces. There is a higher risk of a loss of privacy for human users and organisations because of an increased ability to eavesdrop, because of wireless networks with soft boundaries, and because embedded environment devices can sense smaller amounts of physical trails with a greater degree of sensitivity and accuracy. A specific focus is on the need for IoT security to adapt. The adaptation has multiple dimensions. We can adapt existing conventional security models to more effectively secure an IoT. We can adapt security pre-planned and unplanned context changes such as different moving around in different physical spaces. IoT systems can be designed to self-adapt. IoT systems need to adapt to the active (re) configuration and maintenance of IoT devices and systems of devices by users and by artificial agents. The proposed workshop intends to bring together researchers and practitioners from relevant fields to present and disseminate the latest on-going research focussing on adapting security, privacy & management for the Internet of Things. It aims to facilitate knowledge transfer and synergy, bridge gaps between different research communities and groups, to lay down foundation for common purposes, and to help identify opportunities and challenges for interested researchers and technology and system developers.