German Professor Develops Method to Secure IoT Smart Device Data
Zitterbart has developed a methodology in which usage data is anonymized by combining that total usage with several other nearby users, adding a random number and then dividing that total by the number of users. That way no single number being reported is the same as their actual usage, and because of the random number, their actual number can't be easily determined. But because the power company has a legitimate need to know how much power is being used in a neighborhood so that it can configure the infrastructure to support demand, it can find out by adding the total usage and removing the random number. "They have exactly the information they need but not more," Zitterbart told eWEEK. The same methodology can just as easily work for other types of smart devices, including water meters.Unfortunately, the problem with utility meters or cable interfaces is only the beginning. While it's important that you be able to keep your consumption numbers private from the prying eyes of others, especially if they're your competitors, there are other even thornier problems. "Cars," Zitterbart said. "They're moving around in traffic, and you need information about traffic flow," she said. "Cars will soon be talking to each other and to infrastructure components." Already there are reports of the New Jersey Turnpike staff issuing tickets to drivers when their E-ZPass data showed that they might be speeding, and lawyers in cases ranging from criminal activity to divorce are using such data to show where someone may have been at any given time. The problem, obviously, is that reports of E-ZPass usage only show where the pass itself was, not who had it, why it was there or who was using it at the time. Zitterbart said that she's already working on solutions to limit the amount of sharing that takes place. "We are playing around with not having such central solutions but having self-organized ways," Zitterbart said. She noted that she can see this issue moving quickly into such problems as sharing parking places or planning routes through cities. The problem is only going to get worse as automated data sharing becomes more common. Right now, while automatic meter reporting is already well-established in some communities in the U.S. and Europe, it's not yet widespread. But even in its early stages, such information can be misused. This becomes even worse when there are no established rules for data protection and sharing. Clearly, automated information can be about much more than how much electricity your company uses in a month. The real issue becomes, What can rightly be shared and under what circumstances?
Of course, the utility company still needs to be able to send you a bill, and that means that its accounting department must be able to receive detailed usage data, but otherwise the amount of power or water you use is nobody's business.