We live in a world where even brushing our teeth can constitute the transmission of data to servers across the world. One day, we will sleep with smart pillows that will be able to detect our stress levels and send them to an app on our phone. We already wear fitness trackers all day, every day. What does this mean for our privacy? This is what I talked about during my 2-hour guest lecture at Malmö University on December 15.
The Internet of Things (IoT) is all around us, and with it comes an increased risk of privacy and security breaches. In the age of the IoT, we must be cautious about the information we make available to the public or share with shops and manufacturers. We must also consider how businesses may exploit personal data to discriminate against us or charge us extra since they have more knowledge about us thanks to these devices.
Please feel free to get in touch if you need any information about privacy, security, or related topics.
What is a postdoc? A postdoctoral researcher (postdoc) is a scientist who receives advanced training in a certain domain by collaborating with a subject matter expert. It is a temporary position that bridges the gap between a Ph.D. and a career in academia. There is no other job like this. You get to choose what you want to accomplish and how you want to do it as a postdoc. You may work on new projects almost autonomously or design your research projects with the help of your mentors.
My work as a postdoc in computer science focuses mainly on cyber security and digital privacy. Most of my days are spent researching topics like machine learning and artificial intelligence, as well as how they may be utilised to automate security processes and privacy management on the Internet of Things. I examine solutions that have been developed to assist secure systems and user data against evolving threats. Some of the domains I am researching are related to smart buildings and smart homes.
Life as a postdoc can be challenging, but it is also full of opportunities. Aside from your research tasks, which will mostly revolve around publishing, you will be required to take on responsibilities that go beyond those of your Ph.D. You could be handling administrative tasks, including funding applications and working long hours in the lab, as well as lecturing and supervising Bachelor’s or Master’s students. Fortunately, I had the opportunity to complete the majority of the aforementioned activities throughout my Ph.D.
What else can I say? On a typical day, there is rarely a moment when I am bored or feel as if I do not have enough to do. You will likely find a large amount of freedom in what you choose to focus on. You do not need to think about whether you are using your time well because there is so much interesting work to be pursued! Of course, I am biased here because my postdoc themes are partly related to what I studied during my doctoral studies and on which I have industrial expertise.
If you want to learn more about postdoc life in Sweden, have questions about my research interests, or simply want to get in touch, you are welcome to email or tweet me.
I am incredibly honoured and humbled to receive the Ph.D. Thesis of the Year Award (Årets avhandling) in Computer Science from Malmö University in Sweden. This prize extremely acknowledges my 5+ years of research on the topic of threats and risks affecting IoT-based smart homes.
Ph.D. Thesis of the Year Award (Årets avhandling) in Computer Science (2021).
Learn more about the award by clicking here. Furthermore, you can access the presentation I delivered during that event by clicking here.
On Tuesday, September 28th, I delivered an online lecture to Bachelor’s students at Lund University in Sweden. In the lecture I covered the topic of IoT security, especially in relation to consumer IoT systems.
One of the slides that I discussed in my lecture is shown below. Mirai malware is seen as a watershed moment in the threat landscape, demonstrating that IoT botnets can be deployed in distributed denial-of-service (DDoS) attacks and do substantial damage.
The equipment that was used to deliver the online lecture (September 2021).
Recognizing the significance of addressing IoT security, especially as more and more things become connected to the Internet, European Commission President Ursula von der Leyen unveiled a Cyber Resilience Act on September 15, 2021. This Act lays out a common European approach to cyber security by establishing common cybersecurity standards for connected devices.
If you have any queries about information security or would like to collaborate with me, please contact me.
We are guest editing a Special Issue on Privacy and Trust in IoT-Based Smart Homes and Buildings, and would like to personally invite you to contribute a paper.
For this Special Issue we are looking for high-quality original contributions including, but not limited to, the topical areas listed below:
Novel architectures, concepts, and models for trustworthy smart homes and smart buildings;
Privacy-enhancing and transparency-enhancing technologies for smart homes and smart buildings;
Privacy-by-design mechanisms for smart homes and buildings;
Vulnerability discovery and analysis for smart homes and buildings;
Threat modeling and risk assessment for smart homes and buildings;
Attack and attacker simulation for smart homes and buildings;
Trust and identity management for smart homes and buildings;
Access control models for smart homes and buildings;
Human factors in privacy and security of smart homes and buildings.
Smart homes are increasingly being subjected to attacks. The motives for this range from pranking users, causing chaos, cyberstalking, and more nefarious purposes. In spite of that, there are various strategies that residents can use to keep their home secure from intruders. In my latest article, I identify and discuss five of these strategies.
Check out the full article (in Swedish) by clicking here.
A full transcript in English is available to any interested reader.
On Friday, 23th April, I attended an interactive event on the topic of digital ethics. This event was organised by RISE in collaboration with industry. Together, we explored and discussed the topic of data privacy, integrity, trust, and transparency in AI. Many interesting discussions followed in Zoom breakout rooms, especially after the presentation from “Sjyst data!” project.
We talked about the generic development and implementation of AI for emerging systems, and related ethical implications. An interesting point was raised about the passive collection of MAC addresses and whether these are considered personal data by the GDPR. On that note, over Zoom chat, someone also mentioned foot traffic data and the processing of that, especially during the pandemic of Covid-19. Data, even though, may appear to mean nothing particular or worrying to us at some point, when aggregated and linked with other data sources, it can paint a detailed profile about us.
Here is a screenshot showing the event hosts: Nina Bozic (senior researcher) and Katarina Pietrzak (educational strategist) along with RISE experts and guests.
Smart home devices make people’s lives more efficient. However, implementing cyber security of smart home devices is just as important as the physical security of our homes. Below are three popular initiatives by governments to help secure consumer IoT, particularly smart home devices.
The Department for Digital, Culture, Media, and Sport (DCMS) published a Code of Practice titled “Code of Practice for Consumer IoT Security” to support all parties involved in the development, manufacturing, and retail of consumer IoT. Essentially DCMS guidelines are proposed to ensure that IoT products are secure-by-design and to make it easier for people to stay secure in a digital world.
The Federal Trade Commission (FTC) proposed in a detailed report on the IoT concrete steps that businesses can take to enhance and protect consumers’ privacy and security. Additionally, it introduced further guidance for companies to implement “reasonable security” in order to actively enhance and protect consumers’ IoT privacy and security.
The European Union Agency for Cybersecurity (ENISA) in their publication titled “Security and Resilience of Smart Home Environments” present examples of actions for users to perform in order to: choose a smart home device securely, operate a smart home device securely, and use online services for smart home securely. ENISA later introduced good practices guidelines for securing IoT products and services throughout their lifetime.
There are a number of measures and practices identified by the three bodies above that apply to different IoT stakeholders. The stakeholders can range from device manufacturers to service providers to mobile application developers, and more. One core recommendation that applies, especially to the device manufacturers, is that of having no default passwords. The recommendation of changing the device’s password, and potentially have a unique password for every device, is something that I emphasize.
In case you want to know more about how to secure your smart home or are simply curious about IoT security and privacy, you are welcome to get in touch.
Last week, I have been asked by several news reporters what can be done to have more secure and privacy-preserving smart home technologies. In this post, I focus on some of the more recent and upcoming regulations and initiatives that are affecting, and likely to affect it more in the future, the IoT world. Purposely, I exclude the EU GDPR and its US counterpart the CCPA, as I will talk about those in a separate post.
The EU ePrivacy Regulation. This EU regulation aims to ensure privacy in all electronic communications – including instant messaging apps and VoIP platforms, and machine-to-machine communications such as the IoT. Also, it carries an identical penalty regime for non-compliance as the GDPR.
The EU Cybersecurity Act. This establishes an EU-wide cybersecurity certification framework for digital products, services, and processes. This includes the IoT, cloud infrastructure and services, threat intelligence in the financial sector, electronic health records in healthcare, and qualified trust services.
The IoT Cybersecurity Improvement Act of 2020. This new US law establishes minimum security requirements for IoT devices owned or controlled by the federal government. Specifically, it requires any IoT devices purchased by the federal government to comply with the NIST standards and guidelines.
In the future, I will talk about some of the standards and best practice frameworks that can help organizations develop secure and privacy-preserving IoT technologies. Also, I will suggest some guidelines that consumers can adopt to secure their home devices.
On 9th October, I had the opportunity to present my paper at the IoT 2020 conference. I talked about smart connected homes to conference attendees participating in the security track. The presentation was pre-recorded and played to an online audience over Zoom. It was in the format of a 12 mins presentation followed by 8 mins QA.
My presentation slot at IoT 2020.
The theme that I covered was about covert surveillance facilitated through commercial smart home systems retrofitted in homes around the globe. In the study, we organized 81 systems by their data-collection capabilities with the intention of better understanding their privacy implications. Also, we identified research directions and suggested ways that allow users more control, transparency, and ethical uses over their personal data.
You can take a look at the presentation slides here. Also, please free to email me in case you need more information about my work.
Joseph Bugeja 