Making IoT Worthy of Human Trust

12 Pages Posted: 29 Jul 2019 Last revised: 16 Aug 2019

See all articles by Hilda Hadan

Hilda Hadan

Indiana University Bloomington - School of Informatics, Computing & Engineering

Nicolas Serrano

Indiana University - Bloomington, School of Informatics, Computing & Engineering

Sanchari Das

Indiana University Bloomington, School of Informatics and Computing

L. Jean Camp

Indiana University Bloomington - School of Informatics and Computing

Date Written: July 25, 2019

Abstract

The Public Key Infrastructure (PKI) is the foundation which enables secure and trusted transactions across the Internet. PKI is subject to both continuous attacks and regular improvements; for example, advances in cryptography have led to rejections of previously trusted algorithms (i.e., SHA1, MD5). Yet there have also been organizational failures and malicious acts by trusted parties. In this work, we focus on the sociotechnical components of the current X.509 PKI with the goals of better understanding its vulnerabilities, and ideally informing the implementation of future PKIs. We begin with a taxonomy of chronic, catastrophic, high impact, or frequent PKI failures. This categorization was informed by a survey of non-expert perceptions of PKI and an interdisciplinary workshop addressing the future of security in the Internet of Things. To evaluate the failure modes, we conducted qualitative interviews with policy scholars and experts in applied cryptography. We summarize the results of the survey and workshop, and detail the expert interviews. Our findings indicate that there are significant failure types which neither the technical nor policy community are deeply engaging. The underlying assumptions about rate and severity of failure differ between these communities. Yet there is a common awareness of the vulnerabilities of the end users: the people who are required to trust PKI to interact and engage with the Internet. We identify an urgency in mitigating such critical issues, because of the increasing adoption of cyberphysical systems and the Internet of Things (IoT). We concluded that there is a need for integrated organizational, policy, and technical coordination to address the chronic and potentially catastrophic risks. We introduce possible economic and regulatory solutions, and highlight the key takeaways which pave our future research directions.

Keywords: IoT, PKI, Security, Privacy

Suggested Citation

Hadan, Hilda and Serrano, Nicolas and Das, Sanchari and Camp, L. Jean, Making IoT Worthy of Human Trust (July 25, 2019). Available at SSRN: https://ssrn.com/abstract=3426871 or http://dx.doi.org/10.2139/ssrn.3426871

Hilda Hadan (Contact Author)

Indiana University Bloomington - School of Informatics, Computing & Engineering ( email )

901 E 10th St
Bloomington, IN 47405
United States

HOME PAGE: http://www.usablesecurity.net/people/profile.php?name=Hilda%20Hadan

Nicolas Serrano

Indiana University - Bloomington, School of Informatics, Computing & Engineering ( email )

Bloomington, IN
United States

Sanchari Das

Indiana University Bloomington, School of Informatics and Computing ( email )

Bloomington, IN
United States

L. Jean Camp

Indiana University Bloomington - School of Informatics and Computing ( email )

901 E 10th St
Bloomington, IN 47401
United States

Here is the Coronavirus
related research on SSRN

Paper statistics

Downloads
57
Abstract Views
522
rank
400,434
PlumX Metrics