Re: [m2m-iwg] Consumer device security (was: M3DA presentation)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [m2m-iwg] Consumer device security (was: M3DA presentation)

From: Fabien Fleutot <fleutot@xxxxxxxxx>
Date: Thu, 14 Mar 2013 13:19:53 +0100
Delivered-to: m2m-iwg@xxxxxxxxxxx
List-archive: <http://dev.eclipse.org/mailman/private/m2m-iwg>
List-help: <mailto:m2m-iwg-request@eclipse.org?subject=help>
List-subscribe: <http://dev.eclipse.org/mailman/listinfo/m2m-iwg>, <mailto:m2m-iwg-request@eclipse.org?subject=subscribe>
List-unsubscribe: <http://dev.eclipse.org/mailman/options/m2m-iwg>, <mailto:m2m-iwg-request@eclipse.org?subject=unsubscribe>

I agree that currently M2M relies too much on physical security, and that the model of the single company owning all of the devices and servers will limit applicability to other domains.

However, when developers depend on a technology they aren't very comfortable with (databases for web applications yesterday, embedded software tomorrow for IoT), they want to put the scary technology in a little sandbox that makes it look, from outside, like the things they're already familiar with. That's the raison d'etre of the many DB abstraction contraptions, of SSL/TLS which exposes a TCP-like or HTTP-like API, etc. My guess is, they'll want something which abstracts them away from embedded matters as fast as possible: "make it look like my on-field data comes from a regular always-on, dependable, cheap AWS instance, through the usual JSON-over-HTTP interface".

So the "device -> first aggregation server" protocol will probably not be the same as "first server -> other servers". Data ownership issues will be a delicate matter on both sides, but will probably take a different form on each side. How should it be articulated between these two universes, I don't know and it's a very interesting discussion matter indeed.

As for people's concern for privacy and cryptographically-safe ownership of their data, I'm consistently dismayed by how little they care about it. I would, personally, pay for such a service, but I would certainly not bet money on the fact that other people would. If people cared about this, Facebook, Google, Microsoft and Apple would all be broke, which hardly is the case. A possible consequence might be that they'll trust the entity which takes care of the device -> first server data transfer, and let it operate with very coarse granularity.

For companies, there's a different internal dynamics to take into account: IT departments want to take and keep responsibility for business-critical data, even if they're less skilles, less safe and more expansive than a specialized operator. But there's no resisting to the move towards the cloud: this issue is solving itself already.

Follow-Ups:
- Re: [m2m-iwg] Consumer device security (was: M3DA presentation)
  - From: T-Rob

References:
- Re: [m2m-iwg] M3DA presentation - Security
  - From: UOMo
- Re: [m2m-iwg] M3DA presentation - Security
  - From: Rick Bullotta
- Re: [m2m-iwg] M3DA presentation - Security
  - From: Fabien Fleutot
- [m2m-iwg] Consumer device security (was: M3DA presentation)
  - From: T-Rob

Prev by Date: Re: [m2m-iwg] Chair position at M2M IWG
Next by Date: Re: [m2m-iwg] Chair position at M2M IWG
Previous by thread: Re: [m2m-iwg] Consumer device security (was: M3DA presentation)
Next by thread: Re: [m2m-iwg] Consumer device security (was: M3DA presentation)
Index(es):
- Date
- Thread

Breadcrumbs