2018-10-26 Security and Privacy in the IoT: An Information-Theoretic Perspective

Abstract

The remarkable advances in electronics and signal processing techniques over the past decades have resulted in a plethora of devices that are constantly collecting and wirelessly transmitting information of their environs. Commonly referred to as the "Internet of Things", this army of devices is forecast to encompass tens of billions of connected units by 2020. New issues thus arise, for instance, how to efficiently use all the generated data and how to safely transmit it if there are privacy concerns.

On the one hand, decreasing manufacturing costs not only have boosted the use of numerous devices that monitor, analyze, and wirelessly communicate sensitive data, but also have allowed third parties to easily spy on them. Data encryption is an effective countermeasure if the legitimate users share a secret key (or a pair of them) to encrypt/decrypt the information. However, in ad-hoc networks where the users may appear and disappear sporadically, a centralized key distribution and management service seems unreasonable.

On the other hand, even in a complete secure communication where there are no unintended eavesdroppers, the disclosure of information is a risk in itself. Users may be inclined to share their own data for personal benefit (e.g., using smart meters to reduce energy bills) or to anonymously contribute to society (e.g., sharing medical records for large-scale studies). However, privacy-aware users may be concerned that the released data is exploited to infer sensitive information that they do not want to disclose (e.g., the home appliances the users own or health conditions and diseases that might affect their careers).

In this talk, we analyze two instances of the problems of security and privacy from an information-theoretic perspective. Specifically, we first consider the limits of decentralized secret key generation; we study the wiretap channel model where the terminals have access to correlated sources. These sources are independent of the main channel and the users observe them before the transmission takes place. Second, we investigate the trade-off between utility and privacy that users have to weigh up before disclosing personal data to third parties. Privacy is measured in terms of the Bayesian statistical risk according to a desired loss function while the quality of the reconstruction (the utility) is measured by the average per-letter distortion.

About Germán Bassi

Germán Bassi is a postdoctoral researcher in the Department of Information Science and Engineering at KTH Royal Institute of Technology. Before joining KTH, he received the B.Sc. and M.Sc. degrees in Electrical Engineering in 2010 from the University of Buenos Aires, Argentina, and the Ph.D. degree in Telecommunications in 2015 from CentraleSupélec, France. His current research focuses on multi-user information theory, physical-layer security, and inference and statistics, with applications to privacy and machine learning.