research

Where are we today with IoT Security Standards?

/ bugejajoseph / Leave a comment

IoT security standards are necessary because the IoT is fundamentally insecure. It is hard to predict whether or not an IoT device will be hacked, and even if it is, what data will be compromised. There must be defined criteria for security standards for this technology to evolve responsibly without introducing new problems. Here is a quick rundown of some of the most recent security standards.

In the United States, in December 2020, the IoT Cybersecurity Improvement Act of 2020 was signed into law. This is the first piece of IoT legislation in the US aimed at ensuring that federal agencies only buy IoT devices that adhere to strict security protocols. A new cybersecurity standard for consumer IoT (ETSI EN 303 645 V2.1.1) products was introduced in the European Union in June 2020. The purpose of this standard is to encourage better security practices and the use of security-by-design concepts in the creation of new connected consumer products. The Department of Culture, Media, and Sport in the United Kingdom announced new measures also in June 2020 to protect users of internet-connected household devices from cyberattacks. They implemented a product assurance scheme that requires certified IoT devices to bear an assurance label or kitemark indicating that they have completed independent testing or a thorough and accredited self-assessment process.

When it comes to the IoT, one of the most crucial considerations is security. As the IoT grows more intertwined in people’s lives, security standards are required to keep it safe from hostile attacks and prying eyes. There is so much that can be done to improve IoT security, and this is an opportunity for bright minds to get together and influence the IoT’s future.

Finally please remember that you are welcome to contact me and suggest themes for future posts.

The Benefits and Drawbacks of Doing a Ph.D. at Different Times in Your Life 

/ bugejajoseph / Leave a comment

A Ph.D. is a big commitment, and there is no doubt that it is a big investment in your future career. Figuring out when to make this investment can be tricky, but there are a few factors to consider to find the right time for you.

For most people, their 20s are the perfect time to do a Ph.D. That is when your career is just beginning, you can take advantage of the opportunities that being a student provides, and you still have lots of energy and enthusiasm for the subject after several years of hard work. The problem, though, with youth is that they may not be adequately aware of the commitment a Ph.D. requires. One can argue that they are not mature enough to understand that they will need to work long hours to do well.

For other people, there are many benefits to starting a Ph.D. as late as in their 50s or 60s. You might have already achieved financial stability or professional goals, and carrying on with a Ph.D. may be something you want to do for yourself. On the other hand, it can be harder to do a Ph.D. as an older student because of a lack of time and energy.

Overall, the benefits and drawbacks of doing a Ph.D. at different ages depend on individual circumstances and goals. But your life stage will have a significant impact on your Ph.D experience and your career prospects. I think, overall, the right time to do a Ph.D. is when you have a stable life. If you are a single person, it is also important to make sure that you have enough time to devote to your research and still have the ability to have a social life.

You are welcome to contact me for more information and tips on what it is like to be a Ph.D. student, particularly in Sweden, but also worldwide.

How to Find a Good Research Topic?

/ bugejajoseph / Leave a comment

Finding a good research topic is not an easy task. Rookies and even seasoned professionals struggle with brainstorming about topics in academic or workplace settings. If you have not already been through the process of selecting a dissertation topic and writing your Ph.D., then it is best to think about suitable research topics before starting work on your dissertation.

There are numerous research topics that you can investigate and write about. Whether you choose to specialize or explore different areas at the same time, you need to ensure that your research topic will help establish your reputation as a professional in the field. The most important thing to remember when choosing a study topic to write about is to choose one that has a lot of promise.

There are various ways to find a good topic. You could find a gap in the scientific literature, you could look into emerging technologies, or you could focus on an issue that has personal meaning for you. No matter how you go about it, it is important to familiarize yourself with a topic before diving right in.

A good research topic is likely to carry you through your entire thesis and/or dissertation process. While the process of finding a topic may be difficult and time-consuming, the rewards are great. When done correctly and with effort, this will be a good exercise for you and will help you in the future. Once you have the right topic, your thesis will come to you naturally.

If you need help deciding on a topic for your thesis or your next paper, please do not hesitate to contact me.

Life as a postdoc

/ bugejajoseph / Leave a comment

What is a postdoc? A postdoctoral researcher (postdoc) is a scientist who receives advanced training in a certain domain by collaborating with a subject matter expert. It is a temporary position that bridges the gap between a Ph.D. and a career in academia. There is no other job like this. You get to choose what you want to accomplish and how you want to do it as a postdoc. You may work on new projects almost autonomously or design your research projects with the help of your mentors. 

My work as a postdoc in computer science focuses mainly on cyber security and digital privacy. Most of my days are spent researching topics like machine learning and artificial intelligence, as well as how they may be utilised to automate security processes and privacy management on the Internet of Things. I examine solutions that have been developed to assist secure systems and user data against evolving threats. Some of the domains I am researching are related to smart buildings and smart homes.

Life as a postdoc can be challenging, but it is also full of opportunities. Aside from your research tasks, which will mostly revolve around publishing, you will be required to take on responsibilities that go beyond those of your Ph.D. You could be handling administrative tasks, including funding applications and working long hours in the lab, as well as lecturing and supervising Bachelor’s or Master’s students. Fortunately, I had the opportunity to complete the majority of the aforementioned activities throughout my Ph.D.

What else can I say? On a typical day, there is rarely a moment when I am bored or feel as if I do not have enough to do. You will likely find a large amount of freedom in what you choose to focus on. You do not need to think about whether you are using your time well because there is so much interesting work to be pursued! Of course, I am biased here because my postdoc themes are partly related to what I studied during my doctoral studies and on which I have industrial expertise.

If you want to learn more about postdoc life in Sweden, have questions about my research interests, or simply want to get in touch, you are welcome to email or tweet me.

The Ph.D. Thesis of the Year Award

/ bugejajoseph / Leave a comment

I am incredibly honoured and humbled to receive the Ph.D. Thesis of the Year Award (Årets avhandling) in Computer Science from Malmö University in Sweden. This prize extremely acknowledges my 5+ years of research on the topic of threats and risks affecting IoT-based smart homes.

Ph.D. Thesis of the Year Award (Årets avhandling) in Computer Science (2021).

Learn more about the award by clicking here. Furthermore, you can access the presentation I delivered during that event by clicking here.

Security Engineering and Machine Learning

/ bugejajoseph / Leave a comment

This week I attended the 36th IFIP TC-11 International Information Security and Privacy Conference. The conference was organized by the Department of Informatics at the University of Oslo. During the first day of the conference, there was a keynote on Security Engineering by the celebrated security expert Prof. Dr. Ross Anderson.

He discussed the topic involving the interaction between security engineering and machine learning. He warned us about the things that can go wrong with machine learning systems, including some new attacks and defenses, such as the Taboo Trap, data ordering attacks, sponge attacks, and more.

Outline of Ross Anderson’s keynote (IFIP TC-11).

I especially enjoyed the part of his talk where he mentions the human to machine learning interaction. Coincidentally, this is a topic that I am researching. He discusses cases when robots incorporating machine learning components start mixing with humans, and then some tension and conflict, e.g., robots trying to deceive and bully humans, arises. This is a scenario that we should expect to see more in the future.

I highly recommend you to consider purchasing his brilliant book titled: “Security Engineering: A Guide to Building Dependable Distributed Systems”. This book is filled with actionable advice and latest research on how to design, implement, and test systems to withstand attacks. Certainly, this book has an extremely broad coverage of security in general and absolutely worth the purchase!

Sweden’s cyber range and cyber security

/ bugejajoseph / Leave a comment

On Wednesday, 2nd June, I attended an interesting online program about cybersecurity. This program was organized by the Research Institutes of Sweden (RISE). Its main theme was about the inauguration of RISE’s cyber range and cyber security in Sweden.

A cyber range is a virtual environment that companies can use typically for cyber warfare training. Sweden’s own cyber range was introduced as a multipurpose state-of-the-art cybersecurity research environment, test, and a demo arena. Using RISE’s cyber range it appears that real-world applications, for example, vehicles and automotive systems, could be tested, in a safe environment, against real-world attacks. This is done using a sandboxed virtualised network environment that is managed and operated by professionals.

In addition to cyber range, there were other topics presented from a variety of compelling speakers. Particularly, topics about the Swedish bug bounty, cyber security at the EU level, and cyber security investment opportunities. One delivery (in Swedish) that I think was riveting was an interview with an (unnamed) ethical hacker.

  • Carl Heath (RISE) interview an ethical hacker.

Cyber security is a topic that is becoming increasingly important, especially as more systems are getting interconnected. Unfortunately, there is a shortage of skilled and qualified individuals to fill the increasing demands for cyber security professionals.

From an academic perspective, we have been for years, and especially in recent years, developing and running courses about cybersecurity. However, this year, in Sweden, we are developing something that specifically is meant to help advance cyber security research and competence. More on that in a later post.

Is Your Home Becoming A Spy?

/ bugejajoseph / 1 Comment

On 9th October, I had the opportunity to present my paper at the IoT 2020 conference. I talked about smart connected homes to conference attendees participating in the security track. The presentation was pre-recorded and played to an online audience over Zoom.  It was in the format of a 12 mins presentation followed by 8 mins QA.

My presentation slot at IoT 2020.

The theme that I covered was about covert surveillance facilitated through commercial smart home systems retrofitted in homes around the globe.  In the study, we organized 81 systems by their data-collection capabilities with the intention of better understanding their privacy implications. Also, we identified research directions and suggested ways that allow users more control, transparency, and ethical uses over their personal data.

You can take a look at the presentation slides here. Also, please free to email me in case you need more information about my work.

Tip: Keep tabs while waiting for your acceptance notification

/ bugejajoseph / Leave a comment

It is common that when we submit a paper to a conference we have to wait a bit until we get an acceptance notification. In my research area, it is not unusual to wait for about 3 months to get a thumbs up or a thumbs down. This can be stretched further especially if the conference deadline was extended.  During this review time, typically we work on other things, come up with alternative ideas,  and maybe take a break.  It is also common that in this waiting time we may start noticing already how the paper can get improved. Maybe, you find a more recent related work that tackles the problem in a different way or perhaps simply find arguments that strengthen your proposal. Whatever the case, you want to keep track of those.  This is as you might what to consider them when revising your article. How do I do that?

On my Mac, I simply keep track of these using Notes app. I just create a new folder under iCloud and name it as the conference article or an alias of it.  In that folder, I create a note, titled “Ideas” and simply throw in any points or stuff to take care of when updating the paper submitted earlier. Then, when the notification of acceptance is due, I simply go through the reviewer comments together with the Ideas note and update the paper accordingly. I store my notes in iCloud because I can easily manage them for example through my smartphone. It often happens that the best ideas come when we are away or while resting from a problem.

So, my point is to encourage you to get organized early on in your research and simply not to leave it to the end to update your article. There are ideas that I am sure you came across while waiting for a notification of acceptance. Best to keep tabs and have notes readily available when you need them.

How to Create an Effective Scientific Presentation in Little Time

/ bugejajoseph / Leave a comment

As a researcher, one of the core chores you have to do in your academic journey is to deliver presentations. A presentation, whether it is for a workshop, conference, seminar, etc. can take you a while to compile. I remember some of my earlier talks took me quite a hefty amount of time to put together. Most of the time the challenge was how to structure the presentation in order to make it interesting for the attendees. In this article, I highlight the most important things that helped me organize a presentation and tips on how to create that in little time.

Creating an effective presentation

Similar to when organizing a manuscript, I tend to follow the IMRAD (Introduction, Methods, Results, and Discussion) formula to put together a presentation.  Nonetheless, while it is important to mirror key parts of the corresponding paper; if it is a paper presentation;  the scope is that of using the presentation to encourage the audience to read the article instead of regurgitating it.  The model that I follow consists of 7 main points each corresponding to a slide heading or section to talk about. It starts with the title slide (point 1), followed by a body (point 2 – point 6), and ending with a closing slide (point 7).  Hereunder is the model:

  1. Title: Title slide indicating the title of the talk and authors
  2. Agenda: Presenting the structure or outline of the presentation
  3. Introduction:
    • Identify the research question, tested hypothesis, or research purpose
    • Justify the importance of such work
  4. Materials and Methods:
    • Indicate the equipment used and the experiment setup
    • Highlight the sampling technique and analysis method performed
  5. Results and Discussion:
    • Demonstrate through images, tables, or statements, the answer found to the research question or hypothesis
    • Underscore the  implications or relevance of the obtained results
  6. Final remarks:
    • Reiterate the objectives and provide a general statement on the extent to which you have accomplished them
    • Identify some avenues for future work
  7. Closing:
    • Question and answer session slide with your contact information
This model is typically useful for a talk that is longer than 10 minutes. For a short presentation, it is rarely necessary to have such an explicit structure and to cover all that is mentioned therein. This is as there is usually only enough time to introduce the topic and to give a brief introduction to the method or results.

  
Then, when it comes to the actual compilation of the presentation, I tend to use a number of utilities; mostly on Mac; implemented in the workflow below:

  1. Use Skim to open the PDF paper
  2. Highlight sections (Note Type -> Highlight) that are relevant to the presented model
  3. Copy the highlighted statements from the ‘Notes pane’ and load them to Notes app as a new note
  4. Assign and group the statements under the different model headings
  5. Reorganize, rephrase, and shorten/expand some statements
  6. Launch PowerPoint and create new slides following the previous step
  7. Refine and embellish by introducing images or icons, e.g., through Google Images or that you draw for instance using draw.io.

Other general tips:

  • Draw principles from real stories using specific data, anecdotes, or screenshots to back up the stories
  • Have one main idea per slide and limiting to no more than about 4-5 major bullets per slide
  • Use design templates for consistency
  • Check spelling and grammar for accuracy
  • Speak slowly, clearly, and loudly!

Take a look at some of my recent slides in Presentations.