My Final Seminar

September 30, 2020September 30, 2020 / bugejajoseph / Leave a comment

On September 18, I had the opportunity to present my PhD work to my fellow colleagues at Malmö University. I had a 25 minutes slot, over Zoom, where essentially I summarized my research topic and presented my main contributions to the scholarly and industry community.

The discussion was led by Assoc. Prof. Martin Boldt from Blekinge Institute of Technology. We had a very detailed and insightful 90 minutes conversation about smart homes, IoT, security and privacy. After the meeting, I also received detailed written feedback about my work.

Some interesting points raised during our exchange are how homes are evolving and becoming more interconnected to different networks and services (whether it is the entertainment providers, healthcare providers, smart grids, and more). With this evolution, the role and function of our home but as well our expectations of privacy are changing. What if our intimate data gets in the hands of criminals? What if companies providing our services get hacked? What if our home technology is covertly spying on our children? These are some of the topics we talked about.

You can take a look at a redacted version of my presentation here. A full version of the presentation will be uploaded in due time.

That is a Wrap On Computing 2020

July 18, 2020 / bugejajoseph / Leave a comment

As a follow-up to my previous blog post, I can say that it was an honor to participate yesterday and on Thursday at the Computing Conference 2020. It was very well organized, professionally executed, and fun!

There was a wide range of presenters coming from different research areas covering computing, AI, security, IoT, and much more. It was also cool to have a Mindfulness and Yoga general session at the conference. This was something unique!

Here, is a screenshot of my presentation with feedback received. Also, I got private messages for collaboration work and I truly appreciate those!

My presentation with feedback received.

Once again thanks for the thumbs up and already looking forward to next year’s edition!

Talking about DoS Attacks at the Computing Conference

July 6, 2020 / bugejajoseph / Leave a comment

On Friday, 17 July 2020, I will be talking at the Computing Conference 2020. This conference going was going to be held in London but due to the COVID-19 pandemic, it is now going to be held fully online. I am especially excited to listen to the keynote of Vinton G. Cerf. He is widely known as a “father of the Internet”. Cerf is also the vice president and Chief Internet Evangelist for Google. During the conference, I will be talking about Denial of Service (DoS) attacks and how commercial devices are prone to severe forms of this attack.

DoS is a widely used attack vector by various malicious threat agents from hackers to nation-states. Its consequences range from a nuisance to loss of revenues to even loss of life. Think about for instance the effects of disabling medical devices such as pacemakers, drones and weapon systems, connected alarm systems, and so on. In the case of smart homes, DoS may be the first attack to remove a component from a network to exploit a vulnerability. In our study, we found devices manufactured by established commercial players prone especially to HTTP GET DoS attacks. This can result in the complete shutdown of the device, possibly remotely, by using a simple exploit with code available over the Internet.

DoS attacks targeting the smart connected home.

Take a look at the conference agenda and have a read of my conference paper. I will be uploading my presentation slides after the conference is held under my Presentations tab.

Feel free to drop me a message or get in touch if you want to know more about this topic or in case you are interested in information security.

Investigating Privacy Threats in Smart Homes

March 28, 2020March 28, 2020 / bugejajoseph / Leave a comment

On Tuesday, I gave a presentation at PerCom 2020. This was the first time, the conference was held completely online (due to the global pandemic of COVID-19), and speakers were asked to deliver their presentations remotely over Zoom.

In my case, I gave two live presentations in the Work In Progress (WiP) session being chaired by Diane Cook. During this time, I discussed how smart connected homes can be formally modeled so that privacy threats can be systematically identified and analyzed. Take a look at my short teaser clip below.

In case you are interested in the accompanying poster for my presentation, you can access it either from my Presentations menu tab or otherwise by clicking here. Also, I have uploaded the slides for the video which you can access here.

As always, please feel free to contact me in case you want to know more about this paper, and about security and privacy in general. Finally, I want to remind and encourage you to submit to PerCom or its workshops. You can get some high-quality feedback on your work that can help you improve it and more.

Smart home datasets and a realtime Internet-connected home

June 3, 2019June 3, 2019 / bugejajoseph / 1 Comment

When designing an algorithm or as a means to justify an approach you have pursued in your research you need at some point empirical data. In the case of the IoT, more specifically when it comes to smart homes, there is a lack of open-source datasets available for public access and unfortunately some of them disappear (from the Internet) after being active for a couple of months. My preferred collection of smart home datasets are developed and curated by Washington State University. In particular, I am referring to the Centre for Advanced Studies in Adaptive Systems (CASAS) smart home project.

CASAS is a multi-disciplinary research project focused on creating an intelligent home environment by using IoT technologies such as sensors and actuators. This same team has developed in its recent research the “smart home in a box”, which is a lightweight smart home design that has been installed in 32 homes to capture the participants interactions.

The link to access CASAS datasets is: http://casas.wsu.edu/datasets/. Datasets included consist mainly of ADL activity data of single/two/multi-resident apartments. Some of the datasets are fully annotated with some of them going back to 2007 (and still running) and spanning different countries from Europe to Asia.

Some other useful datasets; highly cited in scholarly publications; that are also featured on CASAS’ website are:

MavLab Sensor data: http://casas.wsu.edu/datasets/mavlab.zip
MIT Activity Recognition data: https://courses.media.mit.edu/2004fall/mas622j/04.projects/home/
University of Amsterdam activity recognition dataset: http://casas.wsu.edu/datasets/kasterenDataset.zip

In case you are not satisfied with the datasets identified here you can also consider two generic sites, working similar to a search engine, but for datasets. I am referring specifically to: DataHub and Google datasets.

An Internet-connected home in the Netherlands.

Now, if you want to take a peek at a cool smart home setup in the Netherlands displaying its captured and processed data in realtime on the Internet take a look at https://www.bwired.nl/index.asp

If you need any information about smart homes or related just get in touch 🙂

Weak risk awareness of our connected homes

September 21, 2018September 23, 2018 / bugejajoseph / Leave a comment

Traditionally, only a handful of household devices were connected to the Internet. Nowadays, we have everyday devices ranging from toasters, lightbulbs, TVs all connected to the Internet and with the possibly of being remotely controlled. These devices often go by the name of Internet of Things or smart home devices. While these networked devices bring added convenience, efficiency, and peace of mind, they also bring unique perils to the smart home residents.

The more smart devices are connected to the home’s network, the more can go wrong. Malicious threat agents such as hackers can reprogram the devices to attack others, vendors can collect fine-grained information on your activities and behaviours, or your devices could become infected with malware possibly preventing you from entering your home or adjusting the temperature to your liking. Many of the manufacturers making these devices have shallow experience with information security and see security and privacy as a burden. As a result, many of the devices available in the market have little or no security backed into them. For example, some devices come with default passwords that are easily retrieved on the Internet, or they cannot be easily updated or reconfigured in a more secure or privacy-preserving way.

In August 2018, I was interviewed by Malmö University on a similar topic. The interview was transcribed in Swedish but now you can read the full interview in English at the following link: http://iotap.mau.se/weak-risk-awareness-connected-homes/

Thesis hardcopies

September 12, 2018September 23, 2018 / bugejajoseph / Leave a comment

I have few hardcopies available of my licentiate thesis for interested readers. In case, you are a university student or a researcher working on similar topics kindly get in touch with me and you may receive a free copy.

Talk about my Research Topics at Vetenskapens Dag

September 12, 2018September 23, 2018 / bugejajoseph / Leave a comment

Today, I was invited to speak about my research topics at Vetenskapens Dag (Science Day). Here, I did a short talk to IT and Economics students in Malmö University where I touched on the following topics:

What is a smart connected home?
Why it is important to study smart homes?
What data are being collected by connected devices?
What risks to security and privacy are introduced by such IoT devices?
Who are the threat agents interested in gaining a foothold in our lives?
What can we do as consumers to protect ourselves?

Below is a screenshot of my presentation cover:

Please feel free to get in touch if you want to know more about this and related!

My Licentiate Seminar

August 28, 2018 / bugejajoseph / Leave a comment

On Monday, 03 September, I have my licentiate seminar at Malmö University. On that day, I will give a presentation, where I will talk for about 40 minutes about the smart connected home ecosystem.

Here, I will emphasize the security and privacy risks such as an Internet of Things system bring to the smart home residents, threat agents interested in conducting attacks on the home, challenges in implementing effective mitigations, and more.

This talk is essentially a summary highlighting key parts of my licentiate thesis (see picture of it below):

The full thesis is 192 pages long with a word count of about 48,000 words.

Take a look at my thesis and upcoming seminar by following the link: http://iotap.mah.se/smart-connected-homes-joseph-bugeja/

Data Collected by Smart Home Devices

July 4, 2018 / bugejajoseph / Leave a comment

What type of data smart home devices collect? This is exactly what I talked about last week in Seattle (USA) at the Services Conference Federation (SCF 2018). Understanding the data smart home systems collect is useful to assess what is at stake if a device is compromised and as a precursor for conducting privacy analysis.

Image result for data privacy

By analysing the privacy policies of different smart home and IoT device manufacturers we observed that all investigated devices collect instances of personal data. This in the worst case can include biometric data. Such data is used for instance in smart TVs for authentication purposes and sometimes to support advanced interaction features.

However, there are many other instances of non-personal data which when aggregated can truly paint a detailed coarse-grained model of an individual’s lifestyle preferences, habits, and history.

Joseph Bugeja

Security, Privacy, and Trust

smart homes