privacy

Special Issue on Privacy and Trust

/ bugejajoseph / Leave a comment

We are guest editing a Special Issue on Privacy and Trust in IoT-Based Smart Homes and Buildings, and would like to personally invite you to contribute a paper.

For this Special Issue we are looking for high-quality original contributions including, but not limited to, the topical areas listed below:

  • Novel architectures, concepts, and models for trustworthy smart homes and smart buildings;
  • Privacy-enhancing and transparency-enhancing technologies for smart homes and smart buildings;
  • Privacy-by-design mechanisms for smart homes and buildings;
  • Vulnerability discovery and analysis for smart homes and buildings;
  • Threat modeling and risk assessment for smart homes and buildings;
  • Attack and attacker simulation for smart homes and buildings;
  • Trust and identity management for smart homes and buildings;
  • Access control models for smart homes and buildings;
  • Human factors in privacy and security of smart homes and buildings.

Please spread the word!

More info: https://www.mdpi.com/journal/sensors/special_issues/PT_SM

Interactive Event on Digital Ethics

/ bugejajoseph / Leave a comment

On Friday, 23th April, I attended an interactive event on the topic of digital ethics. This event was organised by RISE in collaboration with industry. Together, we explored and discussed the topic of data privacy, integrity, trust, and transparency in AI. Many interesting discussions followed in Zoom breakout rooms, especially after the presentation from “Sjyst data!” project.

We talked about the generic development and implementation of AI for emerging systems, and related ethical implications. An interesting point was raised about the passive collection of MAC addresses and whether these are considered personal data by the GDPR. On that note, over Zoom chat, someone also mentioned foot traffic data and the processing of that, especially during the pandemic of Covid-19. Data, even though, may appear to mean nothing particular or worrying to us at some point, when aggregated and linked with other data sources, it can paint a detailed profile about us.

Here is a screenshot showing the event hosts: Nina Bozic (senior researcher) and Katarina Pietrzak (educational strategist) along with RISE experts and guests.

Interactive event on Digital Ethics

I am looking forward to the next one!

Some initiatives to help secure smart home devices

/ bugejajoseph / Leave a comment

Smart home devices make people’s lives more efficient. However, implementing cyber security of smart home devices is just as important as the physical security of our homes. Below are three popular initiatives by governments to help secure consumer IoT, particularly smart home devices.

  • The Department for Digital, Culture, Media, and Sport (DCMS) published a Code of Practice titled “Code of Practice for Consumer IoT Security” to support all parties involved in the development, manufacturing, and retail of consumer IoT. Essentially DCMS guidelines are proposed to ensure that IoT products are secure-by-design and to make it easier for people to stay secure in a digital world.
  • The Federal Trade Commission (FTC) proposed in a detailed report on the IoT concrete steps that businesses can take to enhance and protect consumers’ privacy and security. Additionally, it introduced further guidance for companies to implement “reasonable security” in order to actively enhance and protect consumers’ IoT privacy and security.
  • The European Union Agency for Cybersecurity (ENISA) in their publication titled “Security and Resilience of Smart Home Environments” present examples of actions for users to perform in order to: choose a smart home device securely, operate a smart home device securely, and use online services for smart home securely.  ENISA later introduced good practices guidelines for securing IoT products and services throughout their lifetime.

There are a number of measures and practices identified by the three bodies above that apply to different IoT stakeholders. The stakeholders can range from device manufacturers to service providers to mobile application developers, and more. One core recommendation that applies, especially to the device manufacturers, is that of having no default passwords. The recommendation of changing the device’s password, and potentially have a unique password for every device, is something that I emphasize.

In case you want to know more about how to secure your smart home or are simply curious about IoT security and privacy, you are welcome to get in touch.

Successfully Defended my PhD Dissertation

/ bugejajoseph / Leave a comment

I am pleased to announce, that on Thursday, 11th February, I successfully defended my PhD dissertation in Computer Science, titled On Privacy and Security in Smart Connected Homes.  This was a journey that has been incredible and exciting, to say the least. It took close to 6 years, including taking 12 PhD courses, writing 10 main publications,  authoring and co-authoring 6 other supplementary publications, traveling to 8 different countries, and hundreds of hours of writing.  A heartfelt thanks to all the people who have been part of my journey, especially to my academic advisors – Dr. Andreas Jacobsson and Prof. Paul Davidsson.

Book Cover

Here is a link to access my doctoral defence presentation.

Is Your Home Becoming A Spy?

/ bugejajoseph / 1 Comment

On 9th October, I had the opportunity to present my paper at the IoT 2020 conference. I talked about smart connected homes to conference attendees participating in the security track. The presentation was pre-recorded and played to an online audience over Zoom.  It was in the format of a 12 mins presentation followed by 8 mins QA.

My presentation slot at IoT 2020.

The theme that I covered was about covert surveillance facilitated through commercial smart home systems retrofitted in homes around the globe.  In the study, we organized 81 systems by their data-collection capabilities with the intention of better understanding their privacy implications. Also, we identified research directions and suggested ways that allow users more control, transparency, and ethical uses over their personal data.

You can take a look at the presentation slides here. Also, please free to email me in case you need more information about my work.

Interesting Book Showed Up In My Mailbox

/ bugejajoseph / Leave a comment

Today, I am happy to have received a hardcopy of the book – Privacy and Identity Management. Data for Better Living: AI and Privacy. There is a chapter in this book, which I have authored together with my academic advisor titled: “On the Design of a Privacy-Centered Data Lifecycle for Smart Living Spaces.” In that article, I have identified how the software development process can be enhanced to manage privacy threats, amongst other things.

Privacy and Identity Management

Hardcopy of the book “Privacy and Identity Management. Data for Better Living: AI and Privacy”

All the articles included in the book are certainly worth a read covering various aspects of privacy ranging from a technical, compliance, and law perspective.

Investigating Privacy Threats in Smart Homes

/ bugejajoseph / Leave a comment

On Tuesday, I gave a presentation at PerCom 2020. This was the first time, the conference was held completely online (due to the global pandemic of COVID-19), and speakers were asked to deliver their presentations remotely over Zoom.

In my case, I gave two live presentations in the Work In Progress (WiP) session being chaired by Diane Cook.  During this time, I discussed how smart connected homes can be formally modeled so that privacy threats can be systematically identified and analyzed.  Take a look at my short teaser clip below.

In case you are interested in the accompanying poster for my presentation, you can access it either from my Presentations menu tab or otherwise by clicking here.  Also, I have uploaded the slides for the video which you can access here.

As always, please feel free to contact me in case you want to know more about this paper, and about security and privacy in general. Finally, I want to remind and encourage you to submit to PerCom or its workshops. You can get some high-quality feedback on your work that can help you improve it and more.

The Current State of IoT Security and a Glimpse Into The Future

/ bugejajoseph / Leave a comment

On Tuesday 10th March, I  was invited to give a guest lecture about IoT security in Blekinge Tekniska Högskola (BTH) in Karlskrona, Sweden. Karlskrona is approximately 3 hours away from Malmö.

During my lecture, I gave realistic examples of attacks that targeted IoT systems. For instance, attacks targeting consumer drones, electric cars, and IP cameras. I also discussed the technical, procedural, and human challenges involved in securing IoT and some safeguards.

Blekinge Tekniska Högskola.

In the future, I will work to automate IoT security.  Similar to smart devices acting autonomously to perceive and act on their environment, IoT security should evolve towards greater autonomy in detecting threats and reacting to attacks. This evolution relates to the autoimmunity of smart devices allowing for the prevention and containment of attacks in hostile environments.

You can access a condensed version of my lecture here.

 

My Presentation at FHNW

/ bugejajoseph / Leave a comment

This week, between August 19-23 2019, I was in Switzerland attending the International Federation for Information Processing (IFIP) Summer School at the University of Applied Sciences Northwestern Switzerland (FHNW) in Brugg/Windisch.  Attending this school is of great benefit to strengthen your network of professional and academic contacts, especially for those working on Information Privacy.  Topics covered in the jam-packed schedule included:  the ethics of Artificial Intelligence, sensors and biometrics, privacy by design (PbD), identity management, users and usability, and more.

On Tuesday 20, I presented my paper therein titled: “On the Design of a Privacy-Preserving Data Lifecycle for Smart Living Spaces” in the “Privacy by Design” track. I had a 30 mins presentation slot and following that a 10 mins critical review from two pre-assigned paper discussants including questions from the attendees. I have to say that I have received very positive and constructive feedback. Hereunder, is a photo of myself presenting some of the related work in PbD, threat analysis, and threat modeling.

Explaining the related research work before positioning my contribution.

Overall, I can say that there were some fantastic keynotes and excellent presentations from diverse Phd students.  Especially, I liked the keynote “Privacy as Innovation opportunity” by Marc van Lieshout from Radboud University.  In particular, I enjoyed his mentioning of Alan Westin’s privacy dimensions: reserve, intimacy, anonymity, and solitude; and how these are to different extents being hampered by privacy-evasive technologies, affecting the physical, individual, collective, and virtual dimensions of human beings. At the same time, I like his take on the increasing market of privacy, in particular with privacy service features such as activity monitoring, assessment manager, data mapping, etc.

My advice, if you are a doctoral student or interested in learning information privacy from a computer science or informatics standpoint, then I highly recommend you to attend the IFIP school at some point. Typically, there are ECTS credits for this course, (possibly 1.5 HP – 3 HP) if you attend and/or present your paper. In the meantime, check out my presentation (redacted version). The full version will be uploaded after the paper gets published.

Weak risk awareness of our connected homes

/ bugejajoseph / Leave a comment

Traditionally, only a handful of household devices were connected to the Internet. Nowadays, we have everyday devices ranging from toasters, lightbulbs, TVs all connected to the Internet and with the possibly of being remotely controlled.  These devices often go by the name of Internet of Things or smart home devices. While these networked devices bring added convenience, efficiency, and peace of mind, they also bring unique perils to the smart home residents.

man-65049_1920.jpg

The more smart devices are connected to the home’s network, the more can go wrong. Malicious threat agents such as hackers can reprogram the devices to attack others, vendors can collect fine-grained information on your activities and behaviours, or your devices could become infected with malware possibly preventing you from entering your home or adjusting the temperature to your liking. Many of the manufacturers making these devices have shallow experience with information security and see security and privacy as a burden. As a result, many of the devices available in the market have little or no security backed into them. For example, some devices come with default passwords that are easily retrieved on the Internet, or they cannot be easily updated or reconfigured in a more secure or privacy-preserving way.

In August 2018, I was interviewed by Malmö University on a similar topic.  The interview was transcribed in Swedish but now you can read the full interview in English at the following link: http://iotap.mau.se/weak-risk-awareness-connected-homes/