This document discusses privacy considerations for IoT devices and how the XMPP protocol can help address privacy. It provides an overview of key privacy concepts like what constitutes personal data and individuals' rights. It then discusses how XMPP supports privacy through features like decentralization, encryption, authentication and flexible communication patterns. The document is presented as part of an IoT conference on using XMPP to enable privacy for IoT applications and devices.

1. © Waher Data AB, 2018.
IoT-Day 2018
Privacy for IoT with XMPP

2. © Waher Data AB, 2018.
1. Privacy

3. © Waher Data AB, 2018.
What is privacy?
A fundamental human right:
 The right to have confidential conversations.
 The ability to select with whom we communicate.
 Protection against unwarranted monitoring or
searches.
 Protection against attacks on honor and reputation.

4. © Waher Data AB, 2018.
Universal Declaration of Human Rights
Article 12:
No one shall be subjected to arbitrary
interference with his privacy, family,
home or correspondence, nor to attacks
upon his honour and reputation. Everyone
has the right to the protection of the
law against such interference or
attacks.
https://www.un.org/en/universal-declaration-human-rights/

5. © Waher Data AB, 2018.
Does privacy extend to the IoT?
Who can communicate with devices around you,
and about what?
Do you want uninvited to know:
 When you’re home?
 If you’re in the shower?
 What places you visit?
 Your health status?
Or be able to:
 Control your vehicle?
 Turn off your pacemaker?

6. © Waher Data AB, 2018.
E.U. privacy legislation (GDPR)
EU Regulation:
 Comes into full effect May 2018
 Automatic law in all member states
 Applicable to
 Anyone, if system in E.U.
 Any European citizen, in any system in the
world
 Heavy sanctions
 Suddenly, corporations become interested
in privacy.

7. © Waher Data AB, 2018.
Proportionality
GDPR balances:
 Rights to privacy for individuals
 Interests of corporations
 Legal requirements
Maximum requirement:
 Proportional to the rights of all participants
Minimum requirement:
 State of the art
 People “skilled in the art” (professionals)
 Lack of knowledge not valid reason

8. © Waher Data AB, 2018.
Personal Data
Any information that relates directly or
indirectly to an identified or identifiable
natural person.
Notice:
 Indirect means, you have to think before you
say there is no relation.
 Identifiable means, the individual might not
have been identified by your system. But if
anyone, perhaps smarter than you, can identify
the person from your data, perhaps with the use
of other external data, it’s personal data.
Easier to just assume data is personal, if
there’s doubt.

9. © Waher Data AB, 2018.
Personality is contagious
Data relating to personal data,
automatically becomes personal data.
(Personality acts like a virus, or disease, at
least for the data hoarder, or Big Brother.)

10. © Waher Data AB, 2018.
Removing personality
Removing personality is difficult.
Methods:
 Data aggregation
 Data masking or obfuscation
 Anonymization
 Anonymization ≠ Pseudonymization

11. © Waher Data AB, 2018.
Processing
Any operation (or set of operations) which
is performed on personal data (or on sets
of personal data)
Notice:
 The word “automatic” is not present in definition
 Manual processing is included (if sorted).

12. © Waher Data AB, 2018.
Minimalistic definition
A minimalistic definition of GDPR is:
Minimalism
You’re allowed to:
 Do as little as possible
 For as short a time as possible
 Share it with as few as possible
 For as few purposes as possible
 As correctly as possible
 Always transparently informing subjects about it
 With proportional data protection mechanisms

13. © Waher Data AB, 2018.
Transparency
Information you provide must be:
 Short
 Concise
 Clear
 Easy to understand
 Explicit
Transparency is measured on how your information
is received and understood.

14. © Waher Data AB, 2018.
Openness
Openness ≠ Transparency
Providing too much information hides
relevant information.
Transparency means you provide the
subjects with the information that is
relevant to them, not to you.

15. © Waher Data AB, 2018.
Woods and aquariums
“Can’t see the wood for all the trees”
If you can’t find the fish in the aquarium:
 The water might be muddy
 Or the aquarium too big
Transparency is about the correct amount
of easily understood, relevant information.

16. © Waher Data AB, 2018.
No retroactive processing
If you invent a new process, you must:
 Inform subjects before you process
 Not process historical data
You are only allowed to process the data
collected for that purpose, from the time
you inform the data subjects.

17. © Waher Data AB, 2018.
Paradigm shift
No longer true:
“The more data you collect (or process),
the more potential future value you have.”
New true:
“The more data you collect (or process),
the more risk you have.”
New paradigm:
You should only collect and process data,
to which you can assign value.

18. © Waher Data AB, 2018.
Individual rights
GDPR gives subjects following rights:
 Get information
 Access to data
 Export data (provided by subject)
 Correct (erroneous) data
 Erase data (under certain conditions)
 Object to processing
 Restrict processing of data
 Consent & withdrawal of consent (if applicable)
 Avoid being subject of automatic profiling that can
lead to automatic decisions having negative
consequences in a legal sense.

19. © Waher Data AB, 2018.
Sharing of personal data
When sharing data with others:
 Subjects must be informed
 Responsibilities must be delegated
 Requests from subjects must be
forwarded
 Includes links, copies and reproductions

20. © Waher Data AB, 2018.
2. Ownership

21. © Waher Data AB, 2018.
Who owns the data?
Who is the owner of data?
 The person/entity generating (inventing) the data?
 The person/entity storing (controlling) the data?
 The person about whom the data relates to?
Is it important?

22. © Waher Data AB, 2018.
Legislation
Which law is applicable?
 Copyright?
 Trade secrets?
 Intellectual Property?
 Privacy?
Enforcing ownership through legal means
is difficult.

23. © Waher Data AB, 2018.
Ownership of things
How is normal ownership enforced?
 Protection behind lock & key.
 Access only to trusted parties.
 Monitoring.
 Demonstration of ownership.

24. © Waher Data AB, 2018.
Ownership of data
Why treat data differently?
Local storage (decentralization) allows:
 Protection behind lock & key.
 Limiting access to trusted parties.
 Monitoring access.
 Demonstrating ownership.
 Enforcing ownership of data.
Added benefits:
 Intrinsic value of data through access.
 Easier to maintain integrity.

25. © Waher Data AB, 2018.
3. Security

26. © Waher Data AB, 2018.
Security
GDPR references as benchmark:
 “State of the art”.
 “Data protection by design and by
default”.

27. © Waher Data AB, 2018.
Data Protection by design
 Cannot be superficial:
 Not sufficient with log-in
 Or apparent security
 Must permeate architecture:
 APIs
 Databases
 Communication (Protocols)
 Code
 Hosting
 Runtime

28. © Waher Data AB, 2018.
Examples
Examples of Data Protection by design:
 Decentralization
 Ubiquitous encryption
 Authentication
 Authorization
 Hashing
 Signatures
 Anonymization
 Pseudonymization
 Obfuscation
 Data masking
 Data aggregation
 Security logging
 Monitoring
 …

29. © Waher Data AB, 2018.
Data Protection by default
You don’t add protection
 It’s all on by default
You remove protection
 Permissions are granted
Compare difference between:
 White-list (by default)
 Black-list (not by default)

30. © Waher Data AB, 2018.
Decentralization & security
Decentralization has security implications:
 More attack surfaces.
 But value of each node is small.
 Value/Effort ratio small.
 Easier to protect.
 Massive data breaches difficult.
 You don’t put all your eggs into the same basket.
 More resilient.
 End-to-end encryption.
Bonuses:
 Permits enforcing ownership of data
 Owner can authorize access, restrict processing or delete data

31. © Waher Data AB, 2018.
Anonymization vs. Strong Identities
Anonymization:
 Protects whistle blower or dissident
(or criminal or terrorist)
 Makes security decisions difficult.
Strong identities (pseudonyms):
 Protect information owners.
 Allows selective responses.
Both protect privacy, in different ways.

32. © Waher Data AB, 2018.
4. XMPP

33. © Waher Data AB, 2018.
XMPP
 eXtensible Messaging and Presence
Protocol
 Standardized (IETF)
 RFC 6120-6122
 Originally developed in the late 1990-ies.
 “Jabber”
 Based on XML
 Open
 Free
 Free interfaces, libraries & software

34. © Waher Data AB, 2018.
Basic features
Some basic features of XMPP include:
 Global scalability (federation)
 Global federated identities
 Extensibility (namespaces)
 Robustness (close to 20 years of operation)
 Open (public & free)
 Standardized
 Secure
 Interoperable

35. © Waher Data AB, 2018.
Extensibility
 XML Namespaces
 Avoid collisions
 Owner of domain can extend it freely
 Extensions standardized by XSF
 XMPP Standards Foundation
 XMPP Extension Protocol (XEP)
 Types
 Client-side extensions
 Component-extensions
 Server-side extensions

36. © Waher Data AB, 2018.
Communication Patterns
Async.
Msg.
Req/Resp Pub/Sub Federation Broker P2P7
MQTT ✓ ✓
HTTP ✓ ✓
CoAP ✓ ✓ ✓
XMPP ✓ ✓ ✓✓ ✓ ✓* ✓
* Note: XMPP supports server-less communication as well.

37. © Waher Data AB, 2018.
Stanzas
Three types of stanzas:
 message
 Asynchronous messages
 iq
 Information Query
 Request/Response
 Requires resource part
 presence
 Publish/subscribe
 Transmitted to contacts with approved subscription
 Forwards resource part
Note: A 2nd publish/subscribe mechanism exists, defined in XEP-0060. It’s
node-based.

38. © Waher Data AB, 2018.
Federated Brokers
 Authenticate clients
 SASL
 Cooperate (federation)
 Forward identities
 Authorization
 Roster
 Presence
 Subscription
 Solve
 Topology problem.
 Latency problem.
 Scalability problem.

39. © Waher Data AB, 2018.
Security
 Encryption
 TLS
 End-to-end encryption optional
 Authentication
 SASL
 Distributed authentication model
 Identities always forwarded in stanzas
 Authorization
 Presence subscription
 Trust-based
 Provisioning (IoT)
 Decision support for things
 Control details
 Blocking
 Spam reporting

40. © Waher Data AB, 2018.
Data Protection by Design
XMPP supports data protection by design:
 Decentralization
 Ubiquitous encryption
 Even end-to-end encryption
 Global identities
 Authenticated
 Forwarded

41. © Waher Data AB, 2018.
Data Protection by Default
XMPP supports data protection by default:
 Presence negotiation
 Consent-based
 Required to be able to communicate
using iq and presence.
 Consent can be withdrawn.

42. © Waher Data AB, 2018.
IEEE IoT Harmonization
Interoperability interfaces for IoT
 Sensor Data (former XEP-0323)
 Provisioning (former XEP-0324)
 Control (former XEP-0325)
 Concentrator/Bridge (former XEP-0326)
 Thing Registries & Discovery (XEP-0347)
 Secure Account Creation (XEP-0348)
https://gitlab.com/IEEE-SA/XMPPI/IoT
https://prezi.com/esosntqhewhs/iot-xmpp/
https://www.slideshare.net/peterwaher/iot-harmonization-using-xmpp

43. © Waher Data AB, 2018.
 Raspberry Pi & Arduino
 Sensors, Actuators, Controllers,
Concentrators, Bridges
 Protocols:
MQTT, HTTP, CoAP, LWM2M,
XMPP
 Interoperability
 Social Interaction
 Decision Support
 Product Lifecycle
 IoT Service Platforms
 IoT Harmonization
 Security
 Privacy
Amazon
Packt
Bokus
Bokus (e-book version)
Contact: https://waher.se/
Mastering Internet of Things