research

Human-centered AI Course

/ bugejajoseph / Leave a comment

In the fall of 2019, I enrolled in the PhD course titled “Introduction to Human-centered AI. ” The course is delivered and managed by Cecilia Ovesdotter Alm from RIT university.

Human-centered AI is essentially a perspective on AI and ML that algorithms must be designed with awareness that they are part of a larger system consisting of human stakeholders. According to Mark O. Riedl,  the main requirements of human-centered AI can be broken into two aspects: (a) AI systems that have an understanding of human sociocultural norms as part of a theory of mind about people, and (b) AI systems that are capable of producing explanations that non-experts in AI or computer science can understand.

Human-centered AI

Course introduction lecture held at Malmö University (2019).

One of the course learning outcomes is to be able to demonstrate critical thinking concerning bias and fairness in data analysis, including but not limited to gender aspects. With regard to this, I have put together a 10 minutes presentation of the article “50 Years of Test (Un)fairness: Lessons for Machine Learning” written by Ben Hutchinson and Margaret Mitchell.

Presenting at the Science Day in Angelholm

/ bugejajoseph / Leave a comment

This Wednesday, 25 September 2019, I was invited to deliver a lecture at the science day (Vetenskapsdagen) in the Gymnasieskolan in Ängelholm.  Ängelholm is a tranquil locality in Skåne, south of Sweden, about an hour away by train from Malmö.

I have to say that it was a very rewarding experience for me.  It was so nice to see young students, with age varying between 16 and 18 years old, getting interested in the topic of information security and my journey into that. This so much reminded me of myself at that time and how curious about science and experimentation I was.

Entrance to the Gymnasieskolan in Ängelholm

Back then, when I had the age of these students, I was inspired by the famous Kevin Mitnick a hacker (probably the most famous one in the 90s) now turned into a computer security consultant; and intrigued by The Mentor’s “The Hacker Manifesto”.  I still remember me getting hold of articles on computer security through a dial-up modem working at a peak rate of 56 kbit/s rate.

Download my presentation: InfoSec: Agents, Attacks, and Tools.

My Presentation at FHNW

/ bugejajoseph / Leave a comment

This week, between August 19-23 2019, I was in Switzerland attending the International Federation for Information Processing (IFIP) Summer School at the University of Applied Sciences Northwestern Switzerland (FHNW) in Brugg/Windisch.  Attending this school is of great benefit to strengthen your network of professional and academic contacts, especially for those working on Information Privacy.  Topics covered in the jam-packed schedule included:  the ethics of Artificial Intelligence, sensors and biometrics, privacy by design (PbD), identity management, users and usability, and more.

On Tuesday 20, I presented my paper therein titled: “On the Design of a Privacy-Preserving Data Lifecycle for Smart Living Spaces” in the “Privacy by Design” track. I had a 30 mins presentation slot and following that a 10 mins critical review from two pre-assigned paper discussants including questions from the attendees. I have to say that I have received very positive and constructive feedback. Hereunder, is a photo of myself presenting some of the related work in PbD, threat analysis, and threat modeling.

Explaining the related research work before positioning my contribution.

Overall, I can say that there were some fantastic keynotes and excellent presentations from diverse Phd students.  Especially, I liked the keynote “Privacy as Innovation opportunity” by Marc van Lieshout from Radboud University.  In particular, I enjoyed his mentioning of Alan Westin’s privacy dimensions: reserve, intimacy, anonymity, and solitude; and how these are to different extents being hampered by privacy-evasive technologies, affecting the physical, individual, collective, and virtual dimensions of human beings. At the same time, I like his take on the increasing market of privacy, in particular with privacy service features such as activity monitoring, assessment manager, data mapping, etc.

My advice, if you are a doctoral student or interested in learning information privacy from a computer science or informatics standpoint, then I highly recommend you to attend the IFIP school at some point. Typically, there are ECTS credits for this course, (possibly 1.5 HP – 3 HP) if you attend and/or present your paper. In the meantime, check out my presentation (redacted version). The full version will be uploaded after the paper gets published.

How to Create an Effective Scientific Presentation in Little Time

/ bugejajoseph / Leave a comment

As a researcher, one of the core chores you have to do in your academic journey is to deliver presentations. A presentation, whether it is for a workshop, conference, seminar, etc. can take you a while to compile. I remember some of my earlier talks took me quite a hefty amount of time to put together. Most of the time the challenge was how to structure the presentation in order to make it interesting for the attendees. In this article, I highlight the most important things that helped me organize a presentation and tips on how to create that in little time.

Creating an effective presentation

Similar to when organizing a manuscript, I tend to follow the IMRAD (Introduction, Methods, Results, and Discussion) formula to put together a presentation.  Nonetheless, while it is important to mirror key parts of the corresponding paper; if it is a paper presentation;  the scope is that of using the presentation to encourage the audience to read the article instead of regurgitating it.  The model that I follow consists of 7 main points each corresponding to a slide heading or section to talk about. It starts with the title slide (point 1), followed by a body (point 2 – point 6), and ending with a closing slide (point 7).  Hereunder is the model:

  1. Title: Title slide indicating the title of the talk and authors
  2. Agenda: Presenting the structure or outline of the presentation
  3. Introduction:
    • Identify the research question, tested hypothesis, or research purpose
    • Justify the importance of such work
  4. Materials and Methods:
    • Indicate the equipment used and the experiment setup
    • Highlight the sampling technique and analysis method performed
  5. Results and Discussion:
    • Demonstrate through images, tables, or statements, the answer found to the research question or hypothesis
    • Underscore the  implications or relevance of the obtained results
  6. Final remarks:
    • Reiterate the objectives and provide a general statement on the extent to which you have accomplished them
    • Identify some avenues for future work
  7. Closing:
    • Question and answer session slide with your contact information
This model is typically useful for a talk that is longer than 10 minutes. For a short presentation, it is rarely necessary to have such an explicit structure and to cover all that is mentioned therein. This is as there is usually only enough time to introduce the topic and to give a brief introduction to the method or results.

  
Then, when it comes to the actual compilation of the presentation, I tend to use a number of utilities; mostly on Mac; implemented in the workflow below:

  1. Use Skim to open the PDF paper
  2. Highlight sections (Note Type -> Highlight) that are relevant to the presented model
  3. Copy the highlighted statements from the ‘Notes pane’ and load them to Notes app as a new note
  4. Assign and group the statements under the different model headings
  5. Reorganize, rephrase, and shorten/expand some statements
  6. Launch PowerPoint and create new slides following the previous step
  7. Refine and embellish by introducing images or icons, e.g., through Google Images or that you draw for instance using draw.io.

Other general tips:

  • Draw principles from real stories using specific data, anecdotes, or screenshots to back up the stories
  • Have one main idea per slide and limiting to no more than about 4-5 major bullets per slide
  • Use design templates for consistency
  • Check spelling and grammar for accuracy
  • Speak slowly, clearly, and loudly!

Take a look at some of my recent slides in Presentations.

Smart home datasets and a realtime Internet-connected home

/ bugejajoseph / 1 Comment
When designing an algorithm or as a means  to justify an approach you have  pursued in your research you need at some point empirical data.  In the case of the IoT, more specifically when it comes to smart homes, there is a lack of open-source datasets available for public access and unfortunately some of them disappear (from the Internet) after being active for a couple of months. My preferred collection of smart home datasets are developed and curated by Washington State University. In particular, I am referring to the  Centre for Advanced Studies in Adaptive Systems (CASAS) smart home project.
 
CASAS  is a multi-disciplinary research project focused on creating an intelligent home environment by using IoT technologies such as sensors and actuators. This same team has developed in its recent research the “smart home in a box”, which is a lightweight smart home design that has been installed in 32 homes to capture the participants interactions.
 
The link to access CASAS datasets is: http://casas.wsu.edu/datasets/. Datasets included consist mainly of ADL activity data of single/two/multi-resident apartments. Some of the datasets are fully annotated with some of them going back to 2007 (and still running) and spanning different countries from Europe to Asia.
 
 Some other useful datasets; highly cited in scholarly publications; that are also featured on CASAS’ website are:
 
In case you are not satisfied with the datasets identified here you can also consider two generic sites, working similar to a search engine, but for datasets. I am referring specifically to: DataHub and Google datasets.
 

An Internet-connected home in the Netherlands.

Now, if you want to take a peek at a cool smart home setup in the Netherlands displaying its captured and processed data in realtime on the Internet take a look at https://www.bwired.nl/index.asp
 
If you need any information about smart homes or related just get in touch 🙂

Organizing research articles

/ bugejajoseph / Leave a comment

Whether you work as a researcher, student, or industry professional you may at some point in your career or in your studies have to carry out research.  This can be example to draft a report on a particular technology product (e.g., discussing the pros/cons of upgrading your platform from PHP to Javascript) or for instance to compile a scientific journal article (e.g., an article that discusses IoT state-of-the-art security challenges and opportunities).  When it comes to this a number of tools can be leveraged.  Here, I focus specifically on research article management.

The crude way is to directly download research articles from a scientific database such as IEEE, ACM, or ScienceDirect, and then simply to store the files inside a folder, e.g., titled “research” or more specifically under a sub-folder named after the article theme, e.g., “differential_privacy”.  There are other, perhaps better, ways of organizing these, for instance, by publication date, research authors, tags, or some combination of this, and so on.  While this may work, especially for small research projects, your folder structure can become pretty cumbersome for large projects – in particular those involving 100s of files. Here, one key thing is how to retrieve the articles pertaining to your topic of writing, and later how to reference them.  Yes, you may rely on the operating system indexing tools sometimes (e.g., Spotlight indexing on Mac) or on some other program (e.g., Evernote) but that may not be enough.  Example, how can you categorize the information further, e.g., tagging articles, adding search terms, assigning a rating score, etc. Here, a nice tool that can come to the rescue is a free software called Mendeley.

A snapshot of Mendeley Desktop illustrating different research articles and their organization into separate folders (inc. shared groups for collaborative work).

Mendeley is a program for managing and sharing research papers, discovering research data, and collaborating online. Through its browser extension (Mendeley Importer) with a click of a button you can also have the file automatically downloaded inside its database. The advantage of this is that then you can easily retrieve the file by searching for text also inside the actual PDF file and also by using other structures such as notes,  publication date, authors, etc. Mendeley also makes it easy to reference research articles (…and if you are using Ms. Word or LibreOffice you can also have your bibliography automatically managed and generated through Mendeley’s plugins). Another cool feature about Mendeley is that you can also create shared groups where you can share part of your library with your colleagues and work collaboratively.  Here, you can also annotate and comment on the actual articles using Mendeley’s built-in PDF editor.  This is pretty cool (although two cons are that you cannot, at least easily, export highlighted text as you can do in Skim PDF editor for instance; and that unfortunately a pen, e.g., Apple pencil, which is ideal for sketching some notes or diagram, is not supported at least in the free version ). Finally, in case your Mendeley database gets corrupted or your machine gets stolen or slammed, you can quickly recover your data by having your local account sync with Mendeley’s cloud (just remember: to keep your password safe and in case your machine is compromised to change your password immediately!).

Naturally, there is no tool that fits the need of everyone. In my case, I tried out many other tools but Mendeley seems to be my favourite so far especially for reference management and collaborative work.

My talk in Japan

/ bugejajoseph / Leave a comment

On Monday 11th March, I attended IEEE PerCom in Kyoto, Japan.  PerCom is regarded as a top scholarly venue in the areas of pervasive computing and communications. It is my third year participating in this conference. This year, I presented a paper titled: “IoTSM: An End-to-end Security Model for IoT Ecosystems”, in PerLS’19 – Third International Workshop on Pervasive Smart Living Spaces.

My presentation, live demos, and paper awards at the International Conference Center in Kyoto (2019).

In my presentation, I talked about how most of the reviewed security frameworks and maturity models, tend to focus more on securing web applications and services, but have not evolved particularly to cater for the additional complexities and challenges that IoT technologies bring to the table. While most of the security practices remain similar, IoT requires additional checks and balances to implement effective security.  Some reasons for this, is that IoT applications by their nature tend to be Internet-connected, deal with highly personal data, and feature complex interdependencies involving multiple stakeholders and third-party systems.

Reviewing the existing scholarly literature and interviewing various IoT security experts based in Sweden, we especially observe the need for continuous processes rather periodical processes. For instance, when it comes to risk assessment in IoT it is especially preferred if it is “continuous” in order to deal with the highly dynamic nature of IoT systems. Unfortunately, there is a shortage of methodologies for that and most of the related research work is still in its early stages.  Moreover, we note the lack of security awareness common across the industry, e.g., with regards to “threat modelling”, but as well its applications to model data flows, in particular to deal with information privacy.  Finally, we recognise the diversity of IoT security requirements. While for a traditional application, one needs to ensure service, network, and physical security for IoT one might need as well other to consider other requirements, e.g., that of ensuring resilience, data security, cloud security. Likewise, IoT may require to cater for additional threat agent goals. Such goals may not necessarily be related to confidentiality, integrity, and availability.

Take a look at my presentation: IoTSM: An End-to-end Security Model for IoT Ecosystems

Keynote that made me reflect…

/ bugejajoseph / Leave a comment

On October 24-25 2018, I attended a conference about Counterterrorism and Criminology (EISIC 2018) at Blekinge Institute of Technology in Karlskrona, Sweden. Among, the keynotes was Dr. Dieter Gollman professor of security in distributed applications at Hamburg University of Technology. Among his wide repertoire of contributions, his textbook “Computer Security” is a household name among Information Security students. Personally, I have used it for my Masters and am using it now for my students.

Two key points that Dr. Gollman mentioned and that me reflect on are: i) that the Internet of Things (IoT) especially when it comes to network security “is a new balloon for floating ideas”, and ii) that better models than the CIA triad may be needed for IoT systems.

IMG_5199.jpg

Photo of Prof. Dieter Gollman taken at Blekinge Institute of Technology on 24-Oct-2018.

On i) it was emphasised that especially when it comes to working on IoT security one should not only coin something as state-of-the-art without having done a proper review of literature. For doing so, one must not simply search for IoT and security, but should also consult the literature for WSN and MANET security as otherwise 15-20 years of relevant results may be lost.

In terms of ii), it was suggested to replace the CIA model with a new model – the Control Triad (CO2).  In the new model, there are three dimensions: Controllability, Observability, and Operability. These dimensions are important because in a control system, as is the IoT, a threat agent may not be keen on CIA but instead wants to control the system, to put it in a state that the actor wants it to be in or to operate it according to the agent liking, etc.

I hope that this short post will somewhat make you reflect on stuff you may be working on.

Weak risk awareness of our connected homes

/ bugejajoseph / Leave a comment

Traditionally, only a handful of household devices were connected to the Internet. Nowadays, we have everyday devices ranging from toasters, lightbulbs, TVs all connected to the Internet and with the possibly of being remotely controlled.  These devices often go by the name of Internet of Things or smart home devices. While these networked devices bring added convenience, efficiency, and peace of mind, they also bring unique perils to the smart home residents.

man-65049_1920.jpg

The more smart devices are connected to the home’s network, the more can go wrong. Malicious threat agents such as hackers can reprogram the devices to attack others, vendors can collect fine-grained information on your activities and behaviours, or your devices could become infected with malware possibly preventing you from entering your home or adjusting the temperature to your liking. Many of the manufacturers making these devices have shallow experience with information security and see security and privacy as a burden. As a result, many of the devices available in the market have little or no security backed into them. For example, some devices come with default passwords that are easily retrieved on the Internet, or they cannot be easily updated or reconfigured in a more secure or privacy-preserving way.

In August 2018, I was interviewed by Malmö University on a similar topic.  The interview was transcribed in Swedish but now you can read the full interview in English at the following link: http://iotap.mau.se/weak-risk-awareness-connected-homes/