A Research Proposal about Poisoning Attacks

July 2, 2021 / bugejajoseph / Leave a comment

On Tuesday, 29th June, I did my last presentation before taking my Summer vacation. In the presentation, I talked about a potential research proposal concentrated on data poisoning attacks. Specifically, I discussed how this attack class could target an IoT-based system, such as a smart building, resulting in potentially severe consequences to a business. While poisoning attacks have been researched for a bit, they are relatively understudied especially in contexts involving online learning and interactive learning.

Here is a link to a redacted version of my presentation:

Research Proposal Download

In case you want to know more about cyber security especially its application to the IoT and Machine Learning based systems you are welcome to drop me a message.

Successfully Defended my PhD Dissertation

February 13, 2021 / bugejajoseph / Leave a comment

I am pleased to announce, that on Thursday, 11th February, I successfully defended my PhD dissertation in Computer Science, titled On Privacy and Security in Smart Connected Homes. This was a journey that has been incredible and exciting, to say the least. It took close to 6 years, including taking 12 PhD courses, writing 10 main publications, authoring and co-authoring 6 other supplementary publications, traveling to 8 different countries, and hundreds of hours of writing. A heartfelt thanks to all the people who have been part of my journey, especially to my academic advisors – Dr. Andreas Jacobsson and Prof. Paul Davidsson.

Book Cover

Here is a link to access my doctoral defence presentation.

Inside the dolls house…

October 25, 2020 / bugejajoseph / Leave a comment

Earlier in September, I participated in a short film showcasing some of the research projects being carried out by the Faculty of Technology and Society, part of Malmö University. The film was directed by Hanna Solberger (media producer at Malmö University) and her talented production team.

This was my first experience of being filmed in a professional studio and being directed by a film crew in Sweden. It was a very professional job filled with amazing touches of creativity by the film director! You can see me featured in the video cover picture below, inside the most private room in the house…and yes I am talking about privacy 😉

Image taken from the video ‘Människan & Tekniken’.

The video was used for research funding purposes part of the event called ‘Människan & Tekniken’. You can access the full video by clicking the link here: https://play.mau.se/media/t/0_7vlkv9tz

Online Lecture about IoT Security

October 4, 2020October 4, 2020 / bugejajoseph / Leave a comment

On 01 October, I was invited to deliver an online lecture about the topic of securing the Internet of Things (IoT) to Lund University Bachelors students. I have been researching security and privacy on a full-time time basis for the past five years and working on information security for well over a decade.

My lecture consisted of a two-hour presentation, where I focused on some key attacks targeting consumer and industrial IoT applications. Denial-of-service attacks, routing attacks, and service attacks of which we have been talking about for many years have become even more serious. For instance, think about Mirai, the botnet which broke out in 2016, and other malware targeting unsecured IoT devices such as webcams. This is partly happening due to the interconnectedness of the devices, but especially due to a lack of inbuilt security measures. In this regard, Vint Cerf, one of the computer scientists hailed as a founding father of the Internet, said in an ACM panel in 2017:

“The biggest worry I have is that people building [IoT] devices will grab a piece of open source software or operating system and just jam it into the device and send it out into the wild without giving adequate thought and effort to securing the system and providing convenient user access to those devices.”

Although plugging any device to the Internet is becoming the trend especially with the rise of the IoT, I believe that companies should put in more effort into securing their devices prior to releasing them to the consumer market. Unfortunately, it is still common to run simple attacks, such as SQL injections, on IoT devices, and finding them vulnerable to that.

My take on internships, summer schools, and exchanges

May 7, 2020May 7, 2020 / bugejajoseph / Leave a comment

Earlier this year, I was interviewed about traveling opportunities for doctoral students, and experiences gained pursuing various internships, summer schools, and exchanges as a visiting scholar.

Some of the points I emphasized are that traveling broadens your horizons and that when well-planned can help you along in your academic journey. For instance, you may come to learn a new perspective on your research that you may have not considered or explored before, and as well learn about potential pitfalls. Another thing is that you might meet people who have strong academic networks. These people may help you widen your academic network and may play a role in your future endeavors.

You can access the full article by clicking here. If you are a student, or maybe a prospective one, I highly encourage you to seize traveling opportunities related to your studies.

Also, feel free to drop me a message if you want to know more about my experiences.

Using Mindmaps to Organize My Writing

April 10, 2020April 10, 2020 / bugejajoseph / Leave a comment

Especially, when working with a long manuscript but as well when you want to organize concepts and brainstorm ideas, mind maps offer a great visual tool for helping in that.

You can draw mind maps by hand but personally, I prefer to use software tools for this. A tool that I find particularly effective is XMind. I have used the free version of this software to layout the structure of my thesis. Once you know the shortcuts keys you can layout a structure in minutes and then refine it accordingly.

Take a look at the main structure of my licentiate hereunder and an expansion of it in the second diagram.

Mind map showing the main structure of my licentiate thesis.

Expanding the nodes of the mind map to show some of the concepts I have used for Part 1 and Part 2 of my thesis.

At the moment, I am also working on an idea for my journal article, and have already created a structure for that as a mind map. After I get the structure ready and approved by my coauthors, I can start working on the actual text. I would already know how the pieces would connect together in a cohesive structure and flow well if I follow the mind map in my writing.

Certainly, if you need help on how to create mind maps for your manuscript, course, talk, or for whatever reason you may have, feel free to get in touch.

Interesting Book Showed Up In My Mailbox

April 9, 2020April 10, 2020 / bugejajoseph / Leave a comment

Today, I am happy to have received a hardcopy of the book – Privacy and Identity Management. Data for Better Living: AI and Privacy. There is a chapter in this book, which I have authored together with my academic advisor titled: “On the Design of a Privacy-Centered Data Lifecycle for Smart Living Spaces.” In that article, I have identified how the software development process can be enhanced to manage privacy threats, amongst other things.

Hardcopy of the book “Privacy and Identity Management. Data for Better Living: AI and Privacy”

All the articles included in the book are certainly worth a read covering various aspects of privacy ranging from a technical, compliance, and law perspective.

Presenting my research project at LTH

March 4, 2020July 5, 2020 / bugejajoseph / Leave a comment

On 4 March 2020, I had the opportunity to present my PhD research project at Lund University. My presentation titled “Security and privacy in smart connected homes” was held in front of a mixed audience, consisting of key industry professionals and well-established academics. Many interesting questions were raised after each presentation. Two questions directed to me were about updates concerning attacks targeting smart speaker systems, and another one whether secure regions within the home area network can be configured to have parts of the home or the entire home offline.

The workshop opening slide by Prof. Per Runeson.

Moving on to the discussion part of the workshop there were different takeaways. One of the main ones was the difficulty of instilling security awareness, especially to the general consumer when purchasing and using IoT products. One can have a lot of security features embedded in his product but if the customer is not aware of those or does not know how to enable them then that is a challenge. Another key point that was shared across multiple presentations and raised as a discussion item, was the huge spike of vulnerabilities being reported, especially during the past 3 years. Here, it is interesting to investigate what is actually being targeted and the causes of that. Perhaps, this is not only related to the digitization of ‘everything’ but as well to the constant reuse of software code, including the heavy reliance on software frameworks (including some operating systems that may have not been properly audited). Organizations should remember that in addition to the tangible benefits you gain from building your software from reusable modular and perhaps opensource components you automatically inherit security vulnerabilities and risks.

My presentation at LTH.

I highly encourage you to attend this quarterly workshop especially if you are into software engineering but even if you are not. Certainly, you can learn about what’s happening from the research side but as well from industry professionals. Besides, it is a good opportunity to network and share ideas with other likeminded people!

Check the workshop agenda: https://www.lth.se/digitalth/events/?event=softwarelth-workshop-internet-of-things-and-security

Strengthen your academic writing skills with this resource

March 4, 2020 / bugejajoseph / Leave a comment

If you are planning on writing a scholarly publication, maybe it is your first research article, you want to make sure that you use the appropriate jargon for that. This is especially if you are a non-native speaker of English. A truly good resource that can help in that is the Academic Phrasebank maintained by The University of Manchester.

This resource provides numerous examples of phraseological “nuts and bolts” for writing organized according to the main sections of a research paper or dissertation. The phrases in this resource have been extracted from authentic academic sources including postgraduate dissertations and phrases from academic articles drawn from a broad spectrum of disciplines.

Consider consulting it for your next manuscript.

Tip: Keep tabs while waiting for your acceptance notification

January 16, 2020 / bugejajoseph / Leave a comment

It is common that when we submit a paper to a conference we have to wait a bit until we get an acceptance notification. In my research area, it is not unusual to wait for about 3 months to get a thumbs up or a thumbs down. This can be stretched further especially if the conference deadline was extended. During this review time, typically we work on other things, come up with alternative ideas, and maybe take a break. It is also common that in this waiting time we may start noticing already how the paper can get improved. Maybe, you find a more recent related work that tackles the problem in a different way or perhaps simply find arguments that strengthen your proposal. Whatever the case, you want to keep track of those. This is as you might what to consider them when revising your article. How do I do that?

On my Mac, I simply keep track of these using Notes app. I just create a new folder under iCloud and name it as the conference article or an alias of it. In that folder, I create a note, titled “Ideas” and simply throw in any points or stuff to take care of when updating the paper submitted earlier. Then, when the notification of acceptance is due, I simply go through the reviewer comments together with the Ideas note and update the paper accordingly. I store my notes in iCloud because I can easily manage them for example through my smartphone. It often happens that the best ideas come when we are away or while resting from a problem.

So, my point is to encourage you to get organized early on in your research and simply not to leave it to the end to update your article. There are ideas that I am sure you came across while waiting for a notification of acceptance. Best to keep tabs and have notes readily available when you need them.

Joseph Bugeja

Security, Privacy, and Trust

research