Digital security department Seminar: "Removing mandatory manufacturer TTPs from IoT and communication device management."

Lasse Øverlier -
Digital Security

Date: -
Location: Eurecom

Abstract: Almost all home electronics that is built to be available from "anywhere", like from a cell phone, are using a Trusted Third Party (TTP) communication hub for achieving this. You trust the TTP with confidentiality, integrity, and availability. This trust exists today only because of the current default practice of allowing commercial devices to connect back to the manufacturer's service, thus the user is unable to control the data. This has become an unfortunate precedent that has been allowed to continue because of the claim "this is how it has to work" for the users to reach their firewall protected devices from anywhere. We are working on implementing and testing a “new” community third party protocol using existing security principles, anonymity network principles and building blocks. This aims to remove the need to trust the confidentiality and the integrity of TTPs to achieve a secure device-to-device communication channel regardless whether any or both of them are located behind a firewall or NAT. By making this a community supported service, we also eliminate the death of devices if (when?) the manufacturer goes out of business or simply stops supporting the device. Bio : Lasse Øverlier is an Associate Professor at the Norwegian University of Science and Technology and a Principal Scientist at the Norwegian Defence Research Establishment, with research visit to US Naval Research Laboratory in the early phase of Tor in 2005, and to US Army Research Laboratory in 2015. His research is mainly centered around anonymity, privacy and dark nets, in addition to network security, digital forensics and investigations.