Publikationer från Malmö universitet
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
On Privacy and Security in Smart Connected Homes
Malmö universitet, Internet of Things and People (IOTAP). Malmö universitet, Fakulteten för teknik och samhälle (TS), Institutionen för datavetenskap och medieteknik (DVMT).ORCID-id: 0000-0003-0546-072X
2021 (Engelska)Doktorsavhandling, sammanläggning (Övrigt vetenskapligt)
Abstract [en]

The growth and presence of heterogeneous sensor-equipped Internet-connected devices inside the home can increase efficiency and quality of life for the residents. Simultaneously, these devices continuously collect, process, and transmit data about the residents and their daily lifestyle activities to unknown parties outside the home. Such data can be sensitive and personal, leading to increasingly intimate insights into private lives. This data allows for the implementation of services, personalization support, and benefits offered by smart home technologies. Alas, there has been a surge of cyberattacks on connected home devices that essentially compromise privacy and security of the residents.

Providing privacy and security is a critical issue in smart connected homes. Many residents are concerned about unauthorized access into their homes and about the privacy of their data. However, it is typically challenging to implement privacy and security in a smart connected home because of its heterogeneity of devices, the dynamic nature of the home network, and the fact that it is always connected to the Internet, amongst other things. As the numbers and types of smart home devices are increasing rapidly, so are the risks with these devices. Concurrently, it is also becoming increasingly challenging to gain a deeper understand- ing of the smart home. Such understanding is necessary to build a more privacy-preserving and secure smart connected home. Likewise, it is needed as a precursor to perform a comprehensive privacy and security analysis of the smart home.

In this dissertation, we render a comprehensive description and account of the smart connected home that can be used for conducting risk analysis. In doing so, we organize the underlying smart home devices ac- cording to their functionality, identify their data-collecting capabilities, and survey the data types being collected by them. Such is done using the technical specification of commercial devices, including their privacy policies. This description is then leveraged for identifying threats and for analyzing risks present in smart connected homes. Such is done by analyzing both scholarly literature and examples from the industry, and leveraging formal modeling. Additionally, we identify malicious threat agents and mitigations that are relevant to smart connected homes. This is performed without limiting the research and results to a particular configuration and type of smart home.

This research led to three main findings. First, the majority of the surveyed commercial devices are collecting instances of sensitive and personal data but are prone to critical vulnerabilities. Second, there is a shortage of scientific models that capture the complexity and heterogeneity of real-world smart home deployments, especially those intended for privacy risk analysis. Finally, despite the increasing regulations and attention to privacy and security, there is a lack of proactive and integrative approaches intended to safeguard privacy and security of the residents. We contributed to addressing these three findings by developing a framework and models that enable early identification of threats, better planning for risk management scenarios, and mitigation of potential impacts caused by attacks before they reach the homes and compromise the lives of the residents.

Overall, the scientific contributions presented in this dissertation help deepen the understanding and reasoning about privacy and security concerns affecting smart connected homes, and contributes to advancing the research in the area of risk analysis as applied to such systems.

Ort, förlag, år, upplaga, sidor
Malmö: Malmö universitet, 2021. , s. 66
Serie
Studies in Computer Science
Nyckelord [en]
smart connected homes, Internet of Things, smart homes devices, smart home data, threat identification, risk analysis, privacy, security, vulnerability assessment, mitigations, threat agents
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
URN: urn:nbn:se:mau:diva-39619DOI: 10.24834/isbn.9789178771646ISBN: 978-91-7877-163-9 (tryckt)ISBN: 978-91-7877-164-6 (digital)OAI: oai:DiVA.org:mau-39619DiVA, id: diva2:1520701
Disputation
2021-01-11, D138 Orkanen och Zoom, Malmö University, Malmö, 13:15 (Engelska)
Opponent
Handledare
Anmärkning

Note: The papers are not included in the fulltext online

Tillgänglig från: 2021-01-21 Skapad: 2021-01-21 Senast uppdaterad: 2024-03-04Bibliografiskt granskad
Delarbeten
1. An Investigation of Vulnerabilities in Smart Connected Cameras
Öppna denna publikation i ny flik eller fönster >>An Investigation of Vulnerabilities in Smart Connected Cameras
2018 (Engelska)Ingår i: 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), IEEE, 2018, s. 656-661Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

The Internet of Things is enabling innovative ser-vices promising added convenience and value in various domains such as the smart home. Increasingly, households, office envi-ronments and cities, are being fitted with smart camera systems aimed to enhance the security of citizens. At the same time, sev-eral systems being deployed suffer from weak security implemen-tations. Recognizing this, and to understand the extent of this situation, in this study we perform a global vulnerability assess-ment using the Shodan search engine and the Common Vulnera-bilities and Exposures database. This is done to detect smart con-nected cameras exposed on the Internet alongside their sensitive, potentially private, data being broadcasted. Furthermore, we discuss whether the discovered data can be used to compromise the safety and privacy of individuals, and identify some mitiga-tions that can be adopted. The results indicate that a significant number of smart cameras are indeed prone to diverse security and privacy vulnerabilities.

Ort, förlag, år, upplaga, sidor
IEEE, 2018
Nyckelord
IoT, IoT security, Shodan, smart connected cameras, smart connected homes, vulnerabilities
Nationell ämneskategori
Teknik och teknologier
Identifikatorer
urn:nbn:se:mau:diva-12708 (URN)10.1109/PERCOMW.2018.8480184 (DOI)000541062400110 ()2-s2.0-85056473592 (Scopus ID)26328 (Lokalt ID)978-1-5386-3227-7 (ISBN)978-1-5386-3228-4 (ISBN)26328 (Arkivnummer)26328 (OAI)
Konferens
IEEE PerCom 2018 - Second International Workshop on Pervasive Smart Living Spaces (PerLS 2018), Athens, Greece (19 March - 23 March)
Tillgänglig från: 2020-02-29 Skapad: 2020-02-29 Senast uppdaterad: 2024-04-05Bibliografiskt granskad
2. On Privacy and Security Challenges in Smart Connected Homes
Öppna denna publikation i ny flik eller fönster >>On Privacy and Security Challenges in Smart Connected Homes
2016 (Engelska)Ingår i: Proceedings: 2016 European Intelligence and Security Informatics Conference, IEEE, 2016Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Smart homes have become increasingly popular for IoT products and services with a lot of promises for improving the quality of life of individuals. Nevertheless, the heterogeneous, dynamic, and Internet-connected nature of this environment adds new concerns as private data becomes accessible, often without the householders’ awareness. This accessibility alongside with the rising risks of data security and privacy breaches, makes smart home security a critical topic that deserves scrutiny. In this paper, we present an overview of the privacy and security challenges directed towards the smart home domain. We also identify constraints, evaluate solutions, and discuss a number of challenges and research issues where further investigation is required.

Ort, förlag, år, upplaga, sidor
IEEE, 2016
Nyckelord
smart home, security, privacy, IoT
Nationell ämneskategori
Datorsystem
Identifikatorer
urn:nbn:se:mau:diva-12630 (URN)10.1109/EISIC.2016.044 (DOI)000411272300033 ()2-s2.0-85017282760 (Scopus ID)21507 (Lokalt ID)21507 (Arkivnummer)21507 (OAI)
Konferens
European Intelligence and Security Informatics Conference (EISIC), Uppsala, Sweden (August 17-19)
Tillgänglig från: 2020-02-29 Skapad: 2020-02-29 Senast uppdaterad: 2024-02-05Bibliografiskt granskad
3. An Analysis of Malicious Threat Agents for the Smart Connected Home
Öppna denna publikation i ny flik eller fönster >>An Analysis of Malicious Threat Agents for the Smart Connected Home
2017 (Engelska)Ingår i: Proceeding of 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), IEEE, 2017Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Smart connected home systems aim to enhance the comfort, convenience, security, entertainment, and health of the householders and their guests. Despite their advantages, their interconnected characteristics make smart home devices and services prone to various cybersecurity and privacy threats. In this paper, we analyze six classes of malicious threat agents for smart connected homes. We also identify four different motives and three distinct capability levels that can be used to group the different intruders. Based on this, we propose a new threat model that can be used for threat profiling. Both hypothetical and real-life examples of attacks are used throughout the paper. In reflecting on this work, we also observe motivations and agents that are not covered in standard agent taxonomies.

Ort, förlag, år, upplaga, sidor
IEEE, 2017
Nyckelord
Smart homes, Privacy, Terrorism, Computer security, Taxonomy, Home appliances, connected home, IoT, threat agent, threat agent motivations, threat agent capabilities
Nationell ämneskategori
Teknik och teknologier
Identifikatorer
urn:nbn:se:mau:diva-12595 (URN)10.1109/PERCOMW.2017.7917623 (DOI)000411208400111 ()2-s2.0-85020053641 (Scopus ID)22578 (Lokalt ID)22578 (Arkivnummer)22578 (OAI)
Konferens
IEEE International Conference on Pervasive Computing and Communication (PerCom) 2017 - the First International Workshop on Pervasive Smart Living Spaces (PerLS 2017), Kona, Big Island, Hawaii, USA (March 13–17, 2017)
Tillgänglig från: 2020-02-29 Skapad: 2020-02-29 Senast uppdaterad: 2023-12-27Bibliografiskt granskad
4. Is Your Home Becoming a Spy?: A Data-Centered Analysis and Classification of Smart Connected Home Systems
Öppna denna publikation i ny flik eller fönster >>Is Your Home Becoming a Spy?: A Data-Centered Analysis and Classification of Smart Connected Home Systems
2020 (Engelska)Ingår i: IoT '20: Proceedings of the 10th International Conference on the Internet of Things, New York, United States: ACM Digital Library, 2020, artikel-id 17Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Smart connected home systems bring different privacy challenges to residents. The contribution of this paper is a novel privacy grounded classification of smart connected home systems that is focused on personal data exposure. This classification is built empirically through k-means cluster analysis from the technical specification of 81 commercial Internet of Things (IoT) systems as featured in PrivacyNotIncluded – an online database of consumer IoT systems. The attained classification helps us better understand the privacy implications and what is at stake with different smart connected home systems. Furthermore, we survey the entire spectrum of analyzed systems for their data collection capabilities. Systems were classified into four tiers: app-based accessors, watchers, location harvesters, and listeners, based on the sensing data the systems collect. Our findings indicate that being surveilled inside your home is a realistic threat, particularly, as the majority of the surveyed in-home IoT systems are installed with cameras, microphones, and location trackers. Finally, we identify research directions and suggest some best practices to mitigate the threat of in-house surveillance.

Ort, förlag, år, upplaga, sidor
New York, United States: ACM Digital Library, 2020
Nyckelord
IoT, smart home, home automation, privacy, unsupervised classification, survey, web mining
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:mau:diva-18599 (URN)10.1145/3410992.3411012 (DOI)2-s2.0-85123040173 (Scopus ID)978-1-4503-8758-3 (ISBN)
Konferens
IoT '20
Tillgänglig från: 2020-10-10 Skapad: 2020-10-10 Senast uppdaterad: 2024-02-05Bibliografiskt granskad
5. A Privacy-Centered System Model for Smart Connected Homes
Öppna denna publikation i ny flik eller fönster >>A Privacy-Centered System Model for Smart Connected Homes
2020 (Engelska)Ingår i: 2020 IEEE International Conference on Pervasive Computing and Communications Workshops: PerCom Workshops, IEEE, 2020Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Smart connected homes are integrated with heterogeneous Internet-connected devices interacting with the physical environment and human users. While they have become an established research area, there is no common understanding of what composes such a pervasive environment making it challenging to perform a scientific analysis of the domain. This is especially evident when it comes to discourse about privacy threats. Recognizing this, we aim to describe a generic smart connected home, including the data it deals with in a novel privacy-centered system model. Such is done using concepts borrowed from the theory of Contextual Integrity. Furthermore, we represent privacy threats formally using the proposed model. To illustrate the usage of the model, we apply it to the design of an ambient-assisted living use-case and demonstrate how it can be used for identifying and analyzing the privacy threats directed to smart connected homes.

Ort, förlag, år, upplaga, sidor
IEEE, 2020
Nyckelord
Internet of Things, system model, privacy, privacy threats, home data, smart home, smart living
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:mau:diva-18127 (URN)10.1109/PerComWorkshops48775.2020.9156246 (DOI)000612838200136 ()2-s2.0-85091968572 (Scopus ID)978-1-7281-4716-1 (ISBN)
Konferens
IEEE PerCom
Tillgänglig från: 2020-08-25 Skapad: 2020-08-25 Senast uppdaterad: 2024-02-05Bibliografiskt granskad
6. An Empirical Analysis of Smart Connected Home Data
Öppna denna publikation i ny flik eller fönster >>An Empirical Analysis of Smart Connected Home Data
2018 (Engelska)Ingår i: Internet of Things – ICIOT 2018, Springer, 2018, s. 134-149Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

The increasing presence of heterogeneous Internet of Things devices inside the home brings with it added convenience and value to the householders. At the same time, these devices tend to be Internet-connected and continuously monitor and collect data about the residents and their daily lifestyle activities. Such data can be of a sensitive nature, given that the house is the place where privacy is naturally expected. To gain insight into this state of affairs, we empirically investigate the privacy policies of 87 different categories of commercial smart home devices in terms of data being collected. This is done using a combination of manual and data mining techniques. The overall contribution of this work is a model that identifies and categorizes smart connected home data in terms of its collection mode, collection method, and collection phase. Our findings bring up several implications for smart connected home privacy, which include the need for better security controls to safeguard the privacy of the householders.

Ort, förlag, år, upplaga, sidor
Springer, 2018
Serie
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 10972
Nyckelord
Smart home, IoT, Data model, Privacy policies
Nationell ämneskategori
Teknik och teknologier
Identifikatorer
urn:nbn:se:mau:diva-12509 (URN)10.1007/978-3-319-94370-1_10 (DOI)2-s2.0-85049026562 (Scopus ID)26281 (Lokalt ID)26281 (Arkivnummer)26281 (OAI)
Konferens
International Conference on Internet of Things (ICIOT 2018), Seattle, USA (June 25 - June 30)
Tillgänglig från: 2020-02-29 Skapad: 2020-02-29 Senast uppdaterad: 2024-02-05Bibliografiskt granskad
7. Smart Connected Homes
Öppna denna publikation i ny flik eller fönster >>Smart Connected Homes
2018 (Engelska)Ingår i: Internet of Things A to Z: Technologies and Applications / [ed] Qusay F. Hassan, John Wiley & Sons, 2018, s. 359-384Kapitel i bok, del av antologi (Övrigt vetenskapligt)
Ort, förlag, år, upplaga, sidor
John Wiley & Sons, 2018
Nyckelord
smart connected home, Internet of Things, smart home services, system architectures, security, privacy, reliability, usability, interoperability
Nationell ämneskategori
Teknik och teknologier
Identifikatorer
urn:nbn:se:mau:diva-10482 (URN)10.1002/9781119456735.ch13 (DOI)25158 (Lokalt ID)978-1-119-45674-2 (ISBN)25158 (Arkivnummer)25158 (OAI)
Tillgänglig från: 2020-02-28 Skapad: 2020-02-28 Senast uppdaterad: 2022-08-29Bibliografiskt granskad
8. On the Design of a Privacy-Centered Data Lifecycle for Smart Living Spaces
Öppna denna publikation i ny flik eller fönster >>On the Design of a Privacy-Centered Data Lifecycle for Smart Living Spaces
2020 (Engelska)Ingår i: Privacy and Identity Management. Data for Better Living: AI and Privacy: 14th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Windisch, Switzerland, August 19--23, 2019, Revised Selected Papers / [ed] Michael Friedewald, Melek Önen, Eva Lievens, Stephan Krenn, and Samuel Fricker, Springer, 2020, 576, s. 126-141Kapitel i bok, del av antologi (Refereegranskat)
Abstract [en]

Many living spaces, such as homes, are becoming smarter and connected by using Internet of Things (IoT) technologies. Such systems should ideally be privacy-centered by design given the sensitive and personal data they commonly deal with. Nonetheless, few systematic methodologies exist that deal with privacy threats affecting IoT-based systems. In this paper, we capture the generic function of an IoT system to model privacy so that threats affecting such contexts can be identified and categorized at system design stage. In effect, we integrate an extension to so called Data Flow Diagrams (DFD) in the model, which provides the means to handle the privacy-specific threats in IoT systems. To demonstrate the usefulness of the model, we apply it to the design of a realistic use-case involving Facebook Portal. We use that as a means to elicit the privacy threats and mitigations that can be adopted therein. Overall, we believe that the proposed extension and categorization of privacy threats provide a useful addition to IoT practitioners and researchers in support for the adoption of sound privacy-centered principles in the early stages of the smart living design process.

Ort, förlag, år, upplaga, sidor
Springer, 2020 Upplaga: 576
Serie
IFIP Advances in Information and Communication Technology book series, ISSN 1868-4238, E-ISSN 1868-422X ; 576
Nyckelord
IoT, Data lifecycle, Data Flow Diagrams, Data privacy, Privacy threats, Smart connected home, Smart living space, Facebook Portal
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:mau:diva-16962 (URN)10.1007/978-3-030-42504-3_9 (DOI)2-s2.0-85082383912 (Scopus ID)978-3-030-42503-6 (ISBN)978-3-030-42504-3 (ISBN)
Anmärkning

14th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Windisch, Switzerland, August 19--23, 2019, Revised Selected Papers

Tillgänglig från: 2020-03-31 Skapad: 2020-03-31 Senast uppdaterad: 2024-02-05Bibliografiskt granskad
9. Functional Classification and Quantitative Analysis of Smart Connected Home Devices
Öppna denna publikation i ny flik eller fönster >>Functional Classification and Quantitative Analysis of Smart Connected Home Devices
2018 (Engelska)Ingår i: 2018 Global Internet of Things Summit (GIoTS), Institute of Electrical and Electronics Engineers (IEEE), 2018, s. 144-149Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

The home environment is rapidly becoming more complex with the introduction of numerous and heterogeneous Internet of Things devices. This development into smart connected homes brings with it challenges when it comes to gaining a deeper understanding of the home environment as a socio-technical system. A better understanding of the home is essential to build robust, resilient, and secure smart home systems. In this regard, we developed a novel method for classifying smart home devices in a logical and coherent manner according to their functionality. Unlike other approaches, we build the categorization empirically by mining the technical specifications of 1,193 commercial devices. Moreover, we identify twelve capabilities that can be used to characterize home devices. Alongside the classification, we also quantitatively analyze the entire spectrum of commercial smart home devices in accordance to their functionality and capabilities. Overall, the categorization and analysis provide a foundation for identifying opportunities of generalizations and common solutions for the smart home.

Ort, förlag, år, upplaga, sidor
Institute of Electrical and Electronics Engineers (IEEE), 2018
Serie
Global Internet of Things Summit
Nyckelord
classification, connected home, devices, IoT, smart home, survey, taxonomy, web mining
Nationell ämneskategori
Teknik och teknologier
Identifikatorer
urn:nbn:se:mau:diva-12487 (URN)10.1109/giots.2018.8534563 (DOI)000456099600039 ()2-s2.0-85059075949 (Scopus ID)26327 (Lokalt ID)26327 (Arkivnummer)26327 (OAI)
Konferens
Global IoT Summit, Bilbao, Spain (June 4 - June 7)
Tillgänglig från: 2020-02-29 Skapad: 2020-02-29 Senast uppdaterad: 2023-12-15Bibliografiskt granskad

Open Access i DiVA

comprehensive summary(1665 kB)669 nedladdningar
Filinformation
Filnamn SUMMARY01.pdfFilstorlek 1665 kBChecksumma SHA-512
895b0c6114c3e00902a69937886cef2b081b8d6232684dc5621a4ef926a66de2d2c7ae74902431bab934e4b22943f3a9734c2ecdad15be68474cceb4f7526304
Typ fulltextMimetyp application/pdf

Övriga länkar

Förlagets fulltext

Person

Bugeja, Joseph

Sök vidare i DiVA

Av författaren/redaktören
Bugeja, Joseph
Av organisationen
Internet of Things and People (IOTAP)Institutionen för datavetenskap och medieteknik (DVMT)
Datavetenskap (datalogi)

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 0 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

doi
isbn
urn-nbn

Altmetricpoäng

doi
isbn
urn-nbn
Totalt: 4284 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf