Tip: Keep tabs while waiting for your acceptance notification

/ bugejajoseph / Leave a comment

It is common that when we submit a paper to a conference we have to wait a bit until we get an acceptance notification. In my research area, it is not unusual to wait for about 3 months to get a thumbs up or a thumbs down. This can be stretched further especially if the conference deadline was extended.  During this review time, typically we work on other things, come up with alternative ideas,  and maybe take a break.  It is also common that in this waiting time we may start noticing already how the paper can get improved. Maybe, you find a more recent related work that tackles the problem in a different way or perhaps simply find arguments that strengthen your proposal. Whatever the case, you want to keep track of those.  This is as you might what to consider them when revising your article. How do I do that?

On my Mac, I simply keep track of these using Notes app. I just create a new folder under iCloud and name it as the conference article or an alias of it.  In that folder, I create a note, titled “Ideas” and simply throw in any points or stuff to take care of when updating the paper submitted earlier. Then, when the notification of acceptance is due, I simply go through the reviewer comments together with the Ideas note and update the paper accordingly. I store my notes in iCloud because I can easily manage them for example through my smartphone. It often happens that the best ideas come when we are away or while resting from a problem.

So, my point is to encourage you to get organized early on in your research and simply not to leave it to the end to update your article. There are ideas that I am sure you came across while waiting for a notification of acceptance. Best to keep tabs and have notes readily available when you need them.

Human-centered AI Course

/ bugejajoseph / Leave a comment

In the fall of 2019, I enrolled in the PhD course titled “Introduction to Human-centered AI. ” The course is delivered and managed by Cecilia Ovesdotter Alm from RIT university.

Human-centered AI is essentially a perspective on AI and ML that algorithms must be designed with awareness that they are part of a larger system consisting of human stakeholders. According to Mark O. Riedl,  the main requirements of human-centered AI can be broken into two aspects: (a) AI systems that have an understanding of human sociocultural norms as part of a theory of mind about people, and (b) AI systems that are capable of producing explanations that non-experts in AI or computer science can understand.

Human-centered AI

Course introduction lecture held at Malmö University (2019).

One of the course learning outcomes is to be able to demonstrate critical thinking concerning bias and fairness in data analysis, including but not limited to gender aspects. With regard to this, I have put together a 10 minutes presentation of the article “50 Years of Test (Un)fairness: Lessons for Machine Learning” written by Ben Hutchinson and Margaret Mitchell.

Lecturing about IoT Security at Lund University

/ bugejajoseph / Leave a comment

On Thursday, 03 October 2019, I was cordially invited as an external guest lecturer to deliver a 2-hour lecture to undergraduate students at Lund University. Lund University is a prestigious university in Sweden and one of northern Europe’s oldest universities.

In my presentation, I covered some of the notable IoT security threats, attacks, and countermeasures. I emphasized the difficulties of implementing traditional security measures and strategies, such as standard asymmetric encryption algorithms, end-to-end security, and scheduled patching. This is especially due to the heterogeneous nature of devices, various resource and energy constraints, and the dynamic nature of the environment. The characteristics of an IoT environment further bring in a different set of security threats, including those that can cause permanent physical damage to a system. In the second and final part of my lecture, I talked about the persons behind the attacks, their skills, their motives, and how challenging it is to defend against certain classes of malicious threat agents.

Entrance to the Informatics department in Lund University.

Entrance to the Informatics department at Lund University.

You can download my presentation from the adjacent link: IoT Security at Lund University.

Presenting at the Science Day in Angelholm

/ bugejajoseph / Leave a comment

This Wednesday, 25 September 2019, I was invited to deliver a lecture at the science day (Vetenskapsdagen) in the Gymnasieskolan in Ängelholm.  Ängelholm is a tranquil locality in Skåne, south of Sweden, about an hour away by train from Malmö.

I have to say that it was a very rewarding experience for me.  It was so nice to see young students, with age varying between 16 and 18 years old, getting interested in the topic of information security and my journey into that. This so much reminded me of myself at that time and how curious about science and experimentation I was.

Entrance to the Gymnasieskolan in Ängelholm

Back then, when I had the age of these students, I was inspired by the famous Kevin Mitnick a hacker (probably the most famous one in the 90s) now turned into a computer security consultant; and intrigued by The Mentor’s “The Hacker Manifesto”.  I still remember me getting hold of articles on computer security through a dial-up modem working at a peak rate of 56 kbit/s rate.

Download my presentation: InfoSec: Agents, Attacks, and Tools.

My Presentation at FHNW

/ bugejajoseph / Leave a comment

This week, between August 19-23 2019, I was in Switzerland attending the International Federation for Information Processing (IFIP) Summer School at the University of Applied Sciences Northwestern Switzerland (FHNW) in Brugg/Windisch.  Attending this school is of great benefit to strengthen your network of professional and academic contacts, especially for those working on Information Privacy.  Topics covered in the jam-packed schedule included:  the ethics of Artificial Intelligence, sensors and biometrics, privacy by design (PbD), identity management, users and usability, and more.

On Tuesday 20, I presented my paper therein titled: “On the Design of a Privacy-Preserving Data Lifecycle for Smart Living Spaces” in the “Privacy by Design” track. I had a 30 mins presentation slot and following that a 10 mins critical review from two pre-assigned paper discussants including questions from the attendees. I have to say that I have received very positive and constructive feedback. Hereunder, is a photo of myself presenting some of the related work in PbD, threat analysis, and threat modeling.

Explaining the related research work before positioning my contribution.

Overall, I can say that there were some fantastic keynotes and excellent presentations from diverse Phd students.  Especially, I liked the keynote “Privacy as Innovation opportunity” by Marc van Lieshout from Radboud University.  In particular, I enjoyed his mentioning of Alan Westin’s privacy dimensions: reserve, intimacy, anonymity, and solitude; and how these are to different extents being hampered by privacy-evasive technologies, affecting the physical, individual, collective, and virtual dimensions of human beings. At the same time, I like his take on the increasing market of privacy, in particular with privacy service features such as activity monitoring, assessment manager, data mapping, etc.

My advice, if you are a doctoral student or interested in learning information privacy from a computer science or informatics standpoint, then I highly recommend you to attend the IFIP school at some point. Typically, there are ECTS credits for this course, (possibly 1.5 HP – 3 HP) if you attend and/or present your paper. In the meantime, check out my presentation (redacted version). The full version will be uploaded after the paper gets published.

How to Create an Effective Scientific Presentation in Little Time

/ bugejajoseph / Leave a comment

As a researcher, one of the core chores you have to do in your academic journey is to deliver presentations. A presentation, whether it is for a workshop, conference, seminar, etc. can take you a while to compile. I remember some of my earlier talks took me quite a hefty amount of time to put together. Most of the time the challenge was how to structure the presentation in order to make it interesting for the attendees. In this article, I highlight the most important things that helped me organize a presentation and tips on how to create that in little time.

Creating an effective presentation

Similar to when organizing a manuscript, I tend to follow the IMRAD (Introduction, Methods, Results, and Discussion) formula to put together a presentation.  Nonetheless, while it is important to mirror key parts of the corresponding paper; if it is a paper presentation;  the scope is that of using the presentation to encourage the audience to read the article instead of regurgitating it.  The model that I follow consists of 7 main points each corresponding to a slide heading or section to talk about. It starts with the title slide (point 1), followed by a body (point 2 – point 6), and ending with a closing slide (point 7).  Hereunder is the model:

  1. Title: Title slide indicating the title of the talk and authors
  2. Agenda: Presenting the structure or outline of the presentation
  3. Introduction:
    • Identify the research question, tested hypothesis, or research purpose
    • Justify the importance of such work
  4. Materials and Methods:
    • Indicate the equipment used and the experiment setup
    • Highlight the sampling technique and analysis method performed
  5. Results and Discussion:
    • Demonstrate through images, tables, or statements, the answer found to the research question or hypothesis
    • Underscore the  implications or relevance of the obtained results
  6. Final remarks:
    • Reiterate the objectives and provide a general statement on the extent to which you have accomplished them
    • Identify some avenues for future work
  7. Closing:
    • Question and answer session slide with your contact information
This model is typically useful for a talk that is longer than 10 minutes. For a short presentation, it is rarely necessary to have such an explicit structure and to cover all that is mentioned therein. This is as there is usually only enough time to introduce the topic and to give a brief introduction to the method or results.

  
Then, when it comes to the actual compilation of the presentation, I tend to use a number of utilities; mostly on Mac; implemented in the workflow below:

  1. Use Skim to open the PDF paper
  2. Highlight sections (Note Type -> Highlight) that are relevant to the presented model
  3. Copy the highlighted statements from the ‘Notes pane’ and load them to Notes app as a new note
  4. Assign and group the statements under the different model headings
  5. Reorganize, rephrase, and shorten/expand some statements
  6. Launch PowerPoint and create new slides following the previous step
  7. Refine and embellish by introducing images or icons, e.g., through Google Images or that you draw for instance using draw.io.

Other general tips:

  • Draw principles from real stories using specific data, anecdotes, or screenshots to back up the stories
  • Have one main idea per slide and limiting to no more than about 4-5 major bullets per slide
  • Use design templates for consistency
  • Check spelling and grammar for accuracy
  • Speak slowly, clearly, and loudly!

Take a look at some of my recent slides in Presentations.

Common Attacks in the IoT

/ bugejajoseph / Leave a comment

In general, an IoT architecture is composed of three layers: physical layer, network layer, and services layer. The physical layer (also called perception layer) constitutes of hardware, namely, sensors, actuators, RFID, etc., that collect data from individuals and their environment. The network layer (also called transport layer) facilitates the interchange and processing of data between the physical and services layer.  Examples of technologies used here are: 4G/5G, Wi-Fi, Bluetooth, etc. The services layer (also called application layer) is responsible for processing the received information from the network layer and issuing instructions to be implemented by the equipment in the physical layer.  Hereunder, I identify some of the common attacks occurring at the different IoT architecture layers:

Attacks at the Physical Layer

  • Denial-of-service: Packets are sent along the routing path to the base station causing network disruption and battery exhaustion of the node.
  • False node: Addition of a node to the network which sends malicious data and thereby affecting the availability of a system.
  • Integrity: Injection of false sensor measurements and control inputs causing system disruption.
  • Node capture: Information leakage caused by taking control over a node that could contain sensitive data such as encryption keys.
  • Node outage: Node services are stopped making it rather difficult to extract information from them.

Attacks at the Network Layer

  • Jamming: The wireless channel between the sensor nodes and the remote base station becomes obstructed through a signal with the same frequency.
  • Selective Forwarding: A compromised node is introduced to drop and discard packets and forward selected packets.
  • Sinkhole: The attacking node offers the best routing path for the devices in the network; and hence resulting in congestion (amongst other issues) in the IoT environment.
  • Sybil: An attacker can manipulate false identities or misuse pseudo identities to compromise the efficiency of the IoT and even spread spam.
  • Wormhole: Creation of information holes in the network by the announcement of false paths through which all the packets are routed.

Attacks at the Services Layer

  • Buffer Overflow: The vulnerable features in the software lead to buffer overflow vulnerabilities (where a program while writing data to a buffer overwrites adjacent memory locations) and exploit it to launch attacks.
  • Malicious Code: Services are attacked by via malware, worms, virus, adware, and spyware. These can degrade performance or collapse client devices.
  • Phishing: This attack aims to capture an individual’s personal information where an attacker appears as legitimate user in the network and gains knowledge about the sensitive information regarding an individual.

In this article, I listed some of the more common security attacks affecting IoT-based systems. The reality, is that there can be more attacks (e.g., man-in-the-middle attacks), and the architecture can be further decomposed into additional layers (e.g., physical layer, data link layer, network layer, transport layer, and application layer).

Given that there is no dictionary, glossary, or list of some kind, that acts as a reference identifying the different IoT security and privacy attacks, from my side I will be working to put one myself. I believe that this will be somewhat useful for both researchers and industry, e.g., as a way to measure the strength of their product or as a tool to assess risks in an IoT-based system.

Stay tuned, as I will be soon having such a list available under the “Projects” section. In the meantime, as always if you want to learn more about IoT attacks, cybersecurity threats, risks, etc. get in touch; and I would be willing to help.

Smart home datasets and a realtime Internet-connected home

/ bugejajoseph / 1 Comment
When designing an algorithm or as a means  to justify an approach you have  pursued in your research you need at some point empirical data.  In the case of the IoT, more specifically when it comes to smart homes, there is a lack of open-source datasets available for public access and unfortunately some of them disappear (from the Internet) after being active for a couple of months. My preferred collection of smart home datasets are developed and curated by Washington State University. In particular, I am referring to the  Centre for Advanced Studies in Adaptive Systems (CASAS) smart home project.
 
CASAS  is a multi-disciplinary research project focused on creating an intelligent home environment by using IoT technologies such as sensors and actuators. This same team has developed in its recent research the “smart home in a box”, which is a lightweight smart home design that has been installed in 32 homes to capture the participants interactions.
 
The link to access CASAS datasets is: http://casas.wsu.edu/datasets/. Datasets included consist mainly of ADL activity data of single/two/multi-resident apartments. Some of the datasets are fully annotated with some of them going back to 2007 (and still running) and spanning different countries from Europe to Asia.
 
 Some other useful datasets; highly cited in scholarly publications; that are also featured on CASAS’ website are:
 
In case you are not satisfied with the datasets identified here you can also consider two generic sites, working similar to a search engine, but for datasets. I am referring specifically to: DataHub and Google datasets.
 

An Internet-connected home in the Netherlands.

Now, if you want to take a peek at a cool smart home setup in the Netherlands displaying its captured and processed data in realtime on the Internet take a look at https://www.bwired.nl/index.asp
 
If you need any information about smart homes or related just get in touch 🙂

Organizing research articles

/ bugejajoseph / Leave a comment

Whether you work as a researcher, student, or industry professional you may at some point in your career or in your studies have to carry out research.  This can be example to draft a report on a particular technology product (e.g., discussing the pros/cons of upgrading your platform from PHP to Javascript) or for instance to compile a scientific journal article (e.g., an article that discusses IoT state-of-the-art security challenges and opportunities).  When it comes to this a number of tools can be leveraged.  Here, I focus specifically on research article management.

The crude way is to directly download research articles from a scientific database such as IEEE, ACM, or ScienceDirect, and then simply to store the files inside a folder, e.g., titled “research” or more specifically under a sub-folder named after the article theme, e.g., “differential_privacy”.  There are other, perhaps better, ways of organizing these, for instance, by publication date, research authors, tags, or some combination of this, and so on.  While this may work, especially for small research projects, your folder structure can become pretty cumbersome for large projects – in particular those involving 100s of files. Here, one key thing is how to retrieve the articles pertaining to your topic of writing, and later how to reference them.  Yes, you may rely on the operating system indexing tools sometimes (e.g., Spotlight indexing on Mac) or on some other program (e.g., Evernote) but that may not be enough.  Example, how can you categorize the information further, e.g., tagging articles, adding search terms, assigning a rating score, etc. Here, a nice tool that can come to the rescue is a free software called Mendeley.

A snapshot of Mendeley Desktop illustrating different research articles and their organization into separate folders (inc. shared groups for collaborative work).

Mendeley is a program for managing and sharing research papers, discovering research data, and collaborating online. Through its browser extension (Mendeley Importer) with a click of a button you can also have the file automatically downloaded inside its database. The advantage of this is that then you can easily retrieve the file by searching for text also inside the actual PDF file and also by using other structures such as notes,  publication date, authors, etc. Mendeley also makes it easy to reference research articles (…and if you are using Ms. Word or LibreOffice you can also have your bibliography automatically managed and generated through Mendeley’s plugins). Another cool feature about Mendeley is that you can also create shared groups where you can share part of your library with your colleagues and work collaboratively.  Here, you can also annotate and comment on the actual articles using Mendeley’s built-in PDF editor.  This is pretty cool (although two cons are that you cannot, at least easily, export highlighted text as you can do in Skim PDF editor for instance; and that unfortunately a pen, e.g., Apple pencil, which is ideal for sketching some notes or diagram, is not supported at least in the free version ). Finally, in case your Mendeley database gets corrupted or your machine gets stolen or slammed, you can quickly recover your data by having your local account sync with Mendeley’s cloud (just remember: to keep your password safe and in case your machine is compromised to change your password immediately!).

Naturally, there is no tool that fits the need of everyone. In my case, I tried out many other tools but Mendeley seems to be my favourite so far especially for reference management and collaborative work.

My talk in Japan

/ bugejajoseph / Leave a comment

On Monday 11th March, I attended IEEE PerCom in Kyoto, Japan.  PerCom is regarded as a top scholarly venue in the areas of pervasive computing and communications. It is my third year participating in this conference. This year, I presented a paper titled: “IoTSM: An End-to-end Security Model for IoT Ecosystems”, in PerLS’19 – Third International Workshop on Pervasive Smart Living Spaces.

My presentation, live demos, and paper awards at the International Conference Center in Kyoto (2019).

In my presentation, I talked about how most of the reviewed security frameworks and maturity models, tend to focus more on securing web applications and services, but have not evolved particularly to cater for the additional complexities and challenges that IoT technologies bring to the table. While most of the security practices remain similar, IoT requires additional checks and balances to implement effective security.  Some reasons for this, is that IoT applications by their nature tend to be Internet-connected, deal with highly personal data, and feature complex interdependencies involving multiple stakeholders and third-party systems.

Reviewing the existing scholarly literature and interviewing various IoT security experts based in Sweden, we especially observe the need for continuous processes rather periodical processes. For instance, when it comes to risk assessment in IoT it is especially preferred if it is “continuous” in order to deal with the highly dynamic nature of IoT systems. Unfortunately, there is a shortage of methodologies for that and most of the related research work is still in its early stages.  Moreover, we note the lack of security awareness common across the industry, e.g., with regards to “threat modelling”, but as well its applications to model data flows, in particular to deal with information privacy.  Finally, we recognise the diversity of IoT security requirements. While for a traditional application, one needs to ensure service, network, and physical security for IoT one might need as well other to consider other requirements, e.g., that of ensuring resilience, data security, cloud security. Likewise, IoT may require to cater for additional threat agent goals. Such goals may not necessarily be related to confidentiality, integrity, and availability.

Take a look at my presentation: IoTSM: An End-to-end Security Model for IoT Ecosystems