IoT

Interactive Event on Digital Ethics

/ bugejajoseph / Leave a comment

On Friday, 23th April, I attended an interactive event on the topic of digital ethics. This event was organised by RISE in collaboration with industry. Together, we explored and discussed the topic of data privacy, integrity, trust, and transparency in AI. Many interesting discussions followed in Zoom breakout rooms, especially after the presentation from “Sjyst data!” project.

We talked about the generic development and implementation of AI for emerging systems, and related ethical implications. An interesting point was raised about the passive collection of MAC addresses and whether these are considered personal data by the GDPR. On that note, over Zoom chat, someone also mentioned foot traffic data and the processing of that, especially during the pandemic of Covid-19. Data, even though, may appear to mean nothing particular or worrying to us at some point, when aggregated and linked with other data sources, it can paint a detailed profile about us.

Here is a screenshot showing the event hosts: Nina Bozic (senior researcher) and Katarina Pietrzak (educational strategist) along with RISE experts and guests.

Interactive event on Digital Ethics

I am looking forward to the next one!

Two-Minute Elevator Pitch to Swedish Companies

/ bugejajoseph / Leave a comment

On Thursday, 25th March, I was invited, along with 6 other universities and colleges, located in the south of Sweden, to deliver a presentation to Swedish companies. Each presentation highlighted the research profile, research areas, and the number of potential PhD students that each institution is seeking to recruit from the industry.

The presentation was in the form of a 2-minutes pitch. It was delivered online through Microsoft Teams. Fortunately, many companies attended this event, including, TrueSec, Ideon, Expisoft, and many others. Sweden’s research institute and innovation partner, RISE, and Karlstad University acted as the coordinators between the institutions and the industry.

You can click the Download button below to access my presentation.

Malmö University PresentationDownload

Some initiatives to help secure smart home devices

/ bugejajoseph / Leave a comment

Smart home devices make people’s lives more efficient. However, implementing cyber security of smart home devices is just as important as the physical security of our homes. Below are three popular initiatives by governments to help secure consumer IoT, particularly smart home devices.

  • The Department for Digital, Culture, Media, and Sport (DCMS) published a Code of Practice titled “Code of Practice for Consumer IoT Security” to support all parties involved in the development, manufacturing, and retail of consumer IoT. Essentially DCMS guidelines are proposed to ensure that IoT products are secure-by-design and to make it easier for people to stay secure in a digital world.
  • The Federal Trade Commission (FTC) proposed in a detailed report on the IoT concrete steps that businesses can take to enhance and protect consumers’ privacy and security. Additionally, it introduced further guidance for companies to implement “reasonable security” in order to actively enhance and protect consumers’ IoT privacy and security.
  • The European Union Agency for Cybersecurity (ENISA) in their publication titled “Security and Resilience of Smart Home Environments” present examples of actions for users to perform in order to: choose a smart home device securely, operate a smart home device securely, and use online services for smart home securely.  ENISA later introduced good practices guidelines for securing IoT products and services throughout their lifetime.

There are a number of measures and practices identified by the three bodies above that apply to different IoT stakeholders. The stakeholders can range from device manufacturers to service providers to mobile application developers, and more. One core recommendation that applies, especially to the device manufacturers, is that of having no default passwords. The recommendation of changing the device’s password, and potentially have a unique password for every device, is something that I emphasize.

In case you want to know more about how to secure your smart home or are simply curious about IoT security and privacy, you are welcome to get in touch.

Initiatives being brewed by governments to strengthen the IoT privacy and security

/ bugejajoseph / Leave a comment

Last week, I have been asked by several news reporters what can be done to have more secure and privacy-preserving smart home technologies. In this post, I focus on some of the more recent and upcoming regulations and initiatives that are affecting, and likely to affect it more in the future, the IoT world. Purposely, I exclude the EU GDPR  and its US counterpart the CCPA, as I will talk about those in a separate post.

  • The EU ePrivacy Regulation. This  EU regulation aims to ensure privacy in all electronic communications – including instant messaging apps and VoIP platforms, and machine-to-machine communications such as the IoT. Also, it carries an identical penalty regime for non-compliance as the GDPR.
  • The EU Cybersecurity Act. This establishes an EU-wide cybersecurity certification framework for digital products, services, and processes. This includes the IoT, cloud infrastructure and services, threat intelligence in the financial sector, electronic health records in healthcare, and qualified trust services.
  • The IoT Cybersecurity Improvement Act of 2020. This new US law establishes minimum security requirements for IoT devices owned or controlled by the federal government. Specifically, it requires any IoT devices purchased by the federal government to comply with the NIST standards and guidelines.

In the future, I will talk about some of the standards and best practice frameworks that can help organizations develop secure and privacy-preserving IoT technologies. Also, I will suggest some guidelines that consumers can adopt to secure their home devices.

Successfully Defended my PhD Dissertation

/ bugejajoseph / Leave a comment

I am pleased to announce, that on Thursday, 11th February, I successfully defended my PhD dissertation in Computer Science, titled On Privacy and Security in Smart Connected Homes.  This was a journey that has been incredible and exciting, to say the least. It took close to 6 years, including taking 12 PhD courses, writing 10 main publications,  authoring and co-authoring 6 other supplementary publications, traveling to 8 different countries, and hundreds of hours of writing.  A heartfelt thanks to all the people who have been part of my journey, especially to my academic advisors – Dr. Andreas Jacobsson and Prof. Paul Davidsson.

Book Cover

Here is a link to access my doctoral defence presentation.

Open-Source Smart Home Simulators

/ bugejajoseph / Leave a comment

Following, a blog post I have written in 2019 focusing on real smart home testbeds, a lot of readers have reached out asking me if I am aware of tools that can be used to simulate smart home data. I understand this request, because data collection in smart homes can be a tedious, time-consuming, and expensive process.  I identify three of the recent open-source tools that could be useful to simulate activity and human interactions within a smart home, below:

  • OpenSHS (Open Smart Home Simulator) [1]: This is a hybrid, open-source, cross-platform 3D smart home simulator, developed using Blender and Python, allowing for sophisticated dataset generation.

OpenSHS

Photo adopted from: https://github.com/openshs/openshs

  • Francillette et al. simulator [2]: The authors developed a smart environment simulator, using Java, SketchUp, and Unity engine, capable of generating data from simulated sensors such as RFID, ultrasound, pressure sensors, and contact sensors, amongst others.
  • Smart Environment Simulation (SESim) [3]: This is a simulation tool developed in Unity that supports smart home simulation and the generation of synthetic sensor datasets.

Also, in case you are a researcher and you would like a copy of the data I collected about the technical specifications of smart home products, feel free to get in touch.

[1] Alshammari, N.; Alshammari, T.; Sedky, M.; Champion, J.; Bauer, C. OpenSHS: Open Smart Home Simulator. Sensors 201717, 1003. https://doi.org/10.3390/s17051003

[2]  Francillette, Y.; Boucher, E.; Bouzouane, A.; Gaboury, S. The Virtual Environment for Rapid Prototyping of the Intelligent Environment. Sensors 201717, 2562. https://doi.org/10.3390/s17112562

[3] Brandon Ho, Dieter Vogts, and Janet Wesson. 2019. A Smart Home Simulation Tool to Support the Recognition of Activities of Daily Living. In: Proceedings of the South African Institute of Computer Scientists and Information Technologists 2019. ACM, Article 23, 1–10. DOI:https://doi.org/10.1145/3351108.3351132

Lecturing about security and blockchain in a Masters course

/ bugejajoseph / Leave a comment

On 24 November, I was invited to deliver a guest lecture to Masters students in Computer Science at Malmö University.  The lecture’s main topic was IoT security and the application of blockchain as a security-enhancing technology.  It was fun doing this 2-hour lecture over Zoom, and especially I was pleased to see some former students attending my lecture.

When introducing blockchain, I focused on a  use-case where this technology is used for securing drone communication. In particular, I referenced the paper titled “Towards data assurance and resilience in IoT using blockchain” which uses some of the properties of blockchain for providing instant and permanent data integrity, trusted accountability, and a resilient backend for drones.  Blockchain has several uses including also in smart homes (e.g., as discussed in the paper titled “Blockchain for IoT Security and Privacy: The Case Study of a Smart Home”) and in many other domains.

Recently, I also co-authored a paper with some of my colleagues where we explored the use of blockchain for countering adversarial attacks in incremental learning.

Memories of a Good Seminar

/ bugejajoseph / Leave a comment

It has been a bit more than 2 years ago I defended my Licentiate thesis. Here is a wonderful memory from that time! A lot of things have changed since then in the smart home world and also in the course of my research and academic career.

 

In case you have queries just feel free to get in touch! I am also very much involved in supervising theses on cutting edge technologies of the like of autonomous drones, smart cities, to more industry-oriented work such as measuring the effects of GDPR on IoT consumers.

Is Your Home Becoming A Spy?

/ bugejajoseph / 1 Comment

On 9th October, I had the opportunity to present my paper at the IoT 2020 conference. I talked about smart connected homes to conference attendees participating in the security track. The presentation was pre-recorded and played to an online audience over Zoom.  It was in the format of a 12 mins presentation followed by 8 mins QA.

My presentation slot at IoT 2020.

The theme that I covered was about covert surveillance facilitated through commercial smart home systems retrofitted in homes around the globe.  In the study, we organized 81 systems by their data-collection capabilities with the intention of better understanding their privacy implications. Also, we identified research directions and suggested ways that allow users more control, transparency, and ethical uses over their personal data.

You can take a look at the presentation slides here. Also, please free to email me in case you need more information about my work.

Online Lecture about IoT Security

/ bugejajoseph / Leave a comment

On 01 October, I was invited to deliver an online lecture about the topic of securing the Internet of Things (IoT) to Lund University Bachelors students. I have been researching security and privacy on a full-time time basis for the past five years and working on information security for well over a decade.

My lecture consisted of a two-hour presentation, where I focused on some key attacks targeting consumer and industrial IoT applications. Denial-of-service attacks, routing attacks, and service attacks of which we have been talking about for many years have become even more serious. For instance, think about Mirai, the botnet which broke out in 2016, and other malware targeting unsecured IoT devices such as webcams. This is partly happening due to the interconnectedness of the devices, but especially due to a lack of inbuilt security measures. In this regard, Vint Cerf, one of the computer scientists hailed as a founding father of the Internet, said in an ACM panel in 2017:

“The biggest worry I have is that people building [IoT] devices will grab a piece of open source software or operating system and just jam it into the device and send it out into the wild without giving adequate thought and effort to securing the system and providing convenient user access to those devices.”

Although plugging any device to the Internet is becoming the trend especially with the rise of the IoT, I believe that companies should put in more effort into securing their devices prior to releasing them to the consumer market. Unfortunately, it is still common to run simple attacks, such as SQL injections, on IoT devices, and finding them vulnerable to that.