IoT

Is Your Home Giving Away Your Secrets?

/ bugejajoseph / Leave a comment

With an increasing number of companies providing consumers with their smart home products and related services, smart homes are quickly becoming the norm. This trend is likely to continue in the future, as more people are realizing the benefits of having a smart home.

Source: UR.se

Making a home smarter with sensing technologies can seem like a good idea, but it also gives attackers an opportunity to break into your devices and steal your personal data. This could be a problem for you and your family if you have smart devices in your home without having configured them properly or regularly updated them.

In a televised public lecture, I discuss the smart home, its privacy risks, and what can be done to secure the contemporary home. Here is the link to the full lecture: https://urplay.se/program/228807-ur-samtiden-malmoforskare-forelaser-avslojar-ditt-hem-dina-hemligheter

IoT Cybersecurity: Two New Documents Published by NIST

/ bugejajoseph / Leave a comment

As an IoT practitioner or device manufacturer, it is important to keep up with the latest developments in IoT cybersecurity. The National Institute of Standards and Technology (NIST) has recently released two draft documents for public comment that are relevant to the IoT.

The first is a discussion essay titled “Ideas for the Future of IoT Cybersecurity at NIST: IoT Risk Identification Complexity“. This discussion paper lays the groundwork for forward-looking talks on detecting and addressing risks for IoT devices by drawing on NIST’s earlier work in cybersecurity for the IoT (for example, NISTIR 8259).

The second is a draft NIST Internal Report (‘NISTIR’) 8425 titled “Profile of the IoT Core Baseline for Consumer IoT Products“. NISTIR 8425 recalls the consumer IoT cybersecurity criteria from NIST’s white paper on “Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products,” and incorporates them into the family of NIST’s IoT cybersecurity recommendations. 

I recommend you keep tabs on these documents, particularly NISTIR 8425. 

Panel Discussion on the topic of Designing IoT Systems

/ bugejajoseph / Leave a comment

I was invited to participate in a panel discussion at Malmö University on Friday, April 8th. The topic of “Designing IoT Systems” was the one I was asked to speak about. There were representatives from Sony and Sigma Connectivity in the panel with me. Concerns about trustworthiness were a major topic of discussion during the session. 

Safety, security, privacy, reliability, and resilience tend to be identified by several researchers as the main trustworthiness concerns in the IoT domain. These concerns are there to ensure that systems function as intended in a variety of situations.

According to several academics, the most challenging aspects of designing trustworthy IoT systems are achieving privacy and security. From applications to devices, each layer of the Internet of Things has its own set of security risks and potential attacks. From a research perspective, a hot topic is that of building energy-efficient security, along with scalable and dynamic security architectures. Preserving data privacy in the IoT, on the other hand, is also particularly challenging. Existing IoT privacy mechanisms are often built for single services, and not necessarily for interdependent, dynamic, and heterogeneous services. Building new privacy preservation techniques for interdependent services is a hot topic, as is federated learning when it comes to data privacy.

Panel discussion on the topic of “Designing IoT Systems”

Finally, there are a number of standards that pertain to trustworthiness. ISO/IEC 30147 “Integration of trustworthiness in IoT lifecycle processes” and ISO/IEC 30149 “IoT trustworthiness principles” are two ISO/IEC standards.

If you want to collaborate with me or learn more about a specific topic that is related to my research topics, please send me an email.

Where are we today with IoT Security Standards?

/ bugejajoseph / Leave a comment

IoT security standards are necessary because the IoT is fundamentally insecure. It is hard to predict whether or not an IoT device will be hacked, and even if it is, what data will be compromised. There must be defined criteria for security standards for this technology to evolve responsibly without introducing new problems. Here is a quick rundown of some of the most recent security standards.

In the United States, in December 2020, the IoT Cybersecurity Improvement Act of 2020 was signed into law. This is the first piece of IoT legislation in the US aimed at ensuring that federal agencies only buy IoT devices that adhere to strict security protocols. A new cybersecurity standard for consumer IoT (ETSI EN 303 645 V2.1.1) products was introduced in the European Union in June 2020. The purpose of this standard is to encourage better security practices and the use of security-by-design concepts in the creation of new connected consumer products. The Department of Culture, Media, and Sport in the United Kingdom announced new measures also in June 2020 to protect users of internet-connected household devices from cyberattacks. They implemented a product assurance scheme that requires certified IoT devices to bear an assurance label or kitemark indicating that they have completed independent testing or a thorough and accredited self-assessment process.

When it comes to the IoT, one of the most crucial considerations is security. As the IoT grows more intertwined in people’s lives, security standards are required to keep it safe from hostile attacks and prying eyes. There is so much that can be done to improve IoT security, and this is an opportunity for bright minds to get together and influence the IoT’s future.

Finally please remember that you are welcome to contact me and suggest themes for future posts.

The Internet of Things and Security

/ bugejajoseph / Leave a comment

The Internet of Things (IoT) is changing the way we live. The IoT is the idea of having devices that are connected to each other and can be controlled via the Internet. Cameras, refrigerators, alarm systems, televisions, and other electronic gadgets are examples of such devices. The IoT has contributed to giving people an improved quality of life.

But how can we put our trust in all of these IoT devices? How can we be sure they will not turn against us? How will we know whether or not the device we are utilizing is safe? All of these questions are key to unlocking growth in the IoT.

IoT devices can be both, physical and virtual in nature. They can have a variety of different functions, from being a simple remote control to being a complex system that monitors the environment, collects data, and sends it back for analysis.

Many people do not realize that their smart home devices may contain security vulnerabilities that hackers could exploit. Hackers can enter a smart home or even switch off the power by exploiting weaknesses in IoT devices such as connected door locks and lighting systems. For instance, over the course of one week, a study by the UK-based consumer group Which? discovered 2,435 malicious attempts to enter into devices with weak default usernames and passwords in a fake “smart home.”

Cybersecurity is a critical responsibility for organizations of all sizes, but manufacturers, in particular, must do more to ensure that IoT devices are secure from hackers and do not endanger consumer lives. Recently, in the UK, the Product Security and Telecommunications Infrastructure (PSTI) Bill was introduced subjecting stricter cybersecurity rules for manufacturers, importers, and distributors of IoT technologies. This new legislation intends to better protect consumers’ IoT devices from hackers, as well as help the IoT market get the trust it needs to reach its full potential. 

If you would like to learn about IoT security and how to safeguard your IoT devices, please get in touch.

My Lecture about the IoT and Data Privacy

/ bugejajoseph / Leave a comment

We live in a world where even brushing our teeth can constitute the transmission of data to servers across the world. One day, we will sleep with smart pillows that will be able to detect our stress levels and send them to an app on our phone. We already wear fitness trackers all day, every day. What does this mean for our privacy? This is what I talked about during my 2-hour guest lecture at Malmö University on December 15.

The Internet of Things (IoT) is all around us, and with it comes an increased risk of privacy and security breaches. In the age of the IoT, we must be cautious about the information we make available to the public or share with shops and manufacturers. We must also consider how businesses may exploit personal data to discriminate against us or charge us extra since they have more knowledge about us thanks to these devices. 

Please feel free to get in touch if you need any information about privacy, security, or related topics.

Life as a postdoc

/ bugejajoseph / Leave a comment

What is a postdoc? A postdoctoral researcher (postdoc) is a scientist who receives advanced training in a certain domain by collaborating with a subject matter expert. It is a temporary position that bridges the gap between a Ph.D. and a career in academia. There is no other job like this. You get to choose what you want to accomplish and how you want to do it as a postdoc. You may work on new projects almost autonomously or design your research projects with the help of your mentors. 

My work as a postdoc in computer science focuses mainly on cyber security and digital privacy. Most of my days are spent researching topics like machine learning and artificial intelligence, as well as how they may be utilised to automate security processes and privacy management on the Internet of Things. I examine solutions that have been developed to assist secure systems and user data against evolving threats. Some of the domains I am researching are related to smart buildings and smart homes.

Life as a postdoc can be challenging, but it is also full of opportunities. Aside from your research tasks, which will mostly revolve around publishing, you will be required to take on responsibilities that go beyond those of your Ph.D. You could be handling administrative tasks, including funding applications and working long hours in the lab, as well as lecturing and supervising Bachelor’s or Master’s students. Fortunately, I had the opportunity to complete the majority of the aforementioned activities throughout my Ph.D.

What else can I say? On a typical day, there is rarely a moment when I am bored or feel as if I do not have enough to do. You will likely find a large amount of freedom in what you choose to focus on. You do not need to think about whether you are using your time well because there is so much interesting work to be pursued! Of course, I am biased here because my postdoc themes are partly related to what I studied during my doctoral studies and on which I have industrial expertise.

If you want to learn more about postdoc life in Sweden, have questions about my research interests, or simply want to get in touch, you are welcome to email or tweet me.

Lecture about IoT Security

/ bugejajoseph / Leave a comment

On Tuesday, September 28th, I delivered an online lecture to Bachelor’s students at Lund University in Sweden. In the lecture I covered the topic of IoT security, especially in relation to consumer IoT systems.

One of the slides that I discussed in my lecture is shown below. Mirai malware is seen as a watershed moment in the threat landscape, demonstrating that IoT botnets can be deployed in distributed denial-of-service (DDoS) attacks and do substantial damage.

  • The equipment that was used to deliver the online lecture (September 2021).

Recognizing the significance of addressing IoT security, especially as more and more things become connected to the Internet, European Commission President Ursula von der Leyen unveiled a Cyber Resilience Act on September 15, 2021. This Act lays out a common European approach to cyber security by establishing common cybersecurity standards for connected devices.

If you have any queries about information security or would like to collaborate with me, please contact me.

A Research Proposal about Poisoning Attacks

/ bugejajoseph / Leave a comment

On Tuesday, 29th June, I did my last presentation before taking my Summer vacation. In the presentation, I talked about a potential research proposal concentrated on data poisoning attacks. Specifically, I discussed how this attack class could target an IoT-based system, such as a smart building, resulting in potentially severe consequences to a business. While poisoning attacks have been researched for a bit, they are relatively understudied especially in contexts involving online learning and interactive learning.

Here is a link to a redacted version of my presentation:

Research ProposalDownload

In case you want to know more about cyber security especially its application to the IoT and Machine Learning based systems you are welcome to drop me a message.

Special Issue on Privacy and Trust

/ bugejajoseph / Leave a comment

We are guest editing a Special Issue on Privacy and Trust in IoT-Based Smart Homes and Buildings, and would like to personally invite you to contribute a paper.

For this Special Issue we are looking for high-quality original contributions including, but not limited to, the topical areas listed below:

  • Novel architectures, concepts, and models for trustworthy smart homes and smart buildings;
  • Privacy-enhancing and transparency-enhancing technologies for smart homes and smart buildings;
  • Privacy-by-design mechanisms for smart homes and buildings;
  • Vulnerability discovery and analysis for smart homes and buildings;
  • Threat modeling and risk assessment for smart homes and buildings;
  • Attack and attacker simulation for smart homes and buildings;
  • Trust and identity management for smart homes and buildings;
  • Access control models for smart homes and buildings;
  • Human factors in privacy and security of smart homes and buildings.

Please spread the word!

More info: https://www.mdpi.com/journal/sensors/special_issues/PT_SM