IoPP

I am using these letters as acronyms IoPP (Internet of Personal Profiles), since this is a concept project that , in my opinion, will arise in near future. We have recently witnessed IoT, Automation over Internet, and now Smart Security is on the rise that refers to ISGRC over information in Smart Cities & Industry.

In recent years we have witnessed a tendency of many industries to re-focus on how human factor will enjoy technology without having to bother knowing how such a service or a machine functions. Functionality transparency is a “must have” today, for many industries using technology and internet services of any kind. This perception has now penetrated almost all aspects of modern life and we can notice today that what was once has been an IT joke (mentality of “one button does it all”) is today’s must have, if there is a wish to get a large portion of the market.

For instance modern cars have the ability to be adjusted personally to drivers choices, from the position of the seat to how car is driven and then store them as a setting. This can be restored if another driver from the family or a company uses the car and adjusts it again to his own preference. Another example is how a smartphone is configured and how this may be used as a sum of setting to another smartphone , by just using users profile and settings stored in there along with backed up data, usually over cloud services. A more sophisticated example is also a smart home configuration which will be used by the user to different places.

What is IoPP

This brings things to a very interesting concept. An internet network of roaming personal profiles (IoPP)for a vendor agnostic environment, that will be identified and implemented by using a 2FA mechanism in a login procedure. This profile will be able to work over IoT connections world wide. A simple example here:

A person from USA is traveling for work or vacations, to Europe and then to Middle East. His traveling arrangement includes renting a car, staying at air bnb residence or hotel room, where smart home services may be available, accessing various WiFi networks and connect over them with VPN clients, roaming over telecommunication networks,…even watching favorite programs over smart tv/smartphones. So lets imagine that this whole travel is already ready per this persons’ requests, before he even makes them. Everything adjusted and set to person’s preference like he is working from his home office, driving his own car, connecting without having to adjust anything on his devices and in general feel like he is still at home although physically he is thousands of miles away from home base.

Some now may claim that this will face several issues like privacy settings, security risks, ..even the fact that such similarities may take the edge of being in a trip. The answers of course are not all easy or even exist today in full scale, as this is a concept scenario, based on the fact that IoT does exist and roaming is a feature already used on small scale (e.g. roaming telecommunication over GSM). Add to this all smart devices, networks, even cities.. and then someone may get the whole picture and more essentially. The business case behind it which will decrease time spent on things quite boring and the increase of time spent to do something more productive and with no setbacks from minor details.

In regards to security , indeed this is a whole new case and approach , but 2FA especially when used with a biometric feature that can not be replicated, can give some foundation on security settings to move from there. Not to mention that when quantum technology is available (maybe in next few years) , then quantum based encryption may be a key feature to protect and ensure integrity and confidentiality for the profile of the person, as availability will be handled by IoPP.

Main question that many will ask .. and what about privacy? Handling such data may be a serious headache especially for overseas travels for a person. My answer may surprise. Profile of person will be stored only to his computer/terminal/device or even cloud profile. Giving settings to a device does not mean that it is a procedure that would be done by broadcasting and storing a whole sum of profile data. Every device will be identified and only associated data will be sent , with no real name but under a temporary token , similar to a transaction that banks have today when working with an outside partner via iframe or other ways of connecting.

The Future.

So what may future look like if (or when) such a network exist? As said, the whole world will be a very familiar place for a person to work, travel, spent his holidays, even change residences every time, by just buying a ticket and use his unique id documentation (passport or other) to simply change everything , but still enjoy simple things as he is used to.

P.S. Before anyone rushes into dropping everything this text says, just think, … all systems are already in place while thinking of EURODAC, AFIS,CODIS, TSA Database, Cloud services, etc.

Alexandros Niklan
Sr. Security Consultant