Malmö University Publications
Change search
Refine search result
1 - 25 of 25
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Alawadi, Sadi
    et al.
    Uppsala University, Sweden.
    Kebande, Victor R.
    Umeå University, Sweden.
    Dong, Yuji
    School of Internet of ThingsXi’an Jiaotong-Liverpool UniversitySuzhouChina.
    Bugeja, Joseph
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Persson, Jan A.
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Olsson, Carl Magnus
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    A Federated Interactive Learning IoT-Based Health Monitoring Platform2021In: New Trends in Database and Information Systems, Springer, 2021, p. 235-246Conference paper (Refereed)
    Abstract [en]

    Remote health monitoring is a trend for better health management which necessitates the need for secure monitoring and privacy-preservation of patient data. Moreover, accurate and continuous monitoring of personal health status may require expert validation in an active learning strategy. As a result, this paper proposes a Federated Interactive Learning IoT-based Health Monitoring Platform (FIL-IoT-HMP) which incorporates multi-expert feedback as ‘Human-in-the-loop’ in an active learning strategy in order to improve the clients’ Machine Learning (ML) models. The authors have proposed an architecture and conducted an experiment as a proof of concept. Federated learning approach has been preferred in this context given that it strengthens privacy by allowing the global model to be trained while sensitive data is retained at the local edge nodes. Also, each model’s accuracy is improved while privacy and security of data has been upheld.

  • 2.
    Bugeja, Joseph
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    On Privacy and Security in Smart Connected Homes2021Doctoral thesis, comprehensive summary (Other academic)
    Abstract [en]

    The growth and presence of heterogeneous sensor-equipped Internet-connected devices inside the home can increase efficiency and quality of life for the residents. Simultaneously, these devices continuously collect, process, and transmit data about the residents and their daily lifestyle activities to unknown parties outside the home. Such data can be sensitive and personal, leading to increasingly intimate insights into private lives. This data allows for the implementation of services, personalization support, and benefits offered by smart home technologies. Alas, there has been a surge of cyberattacks on connected home devices that essentially compromise privacy and security of the residents.

    Providing privacy and security is a critical issue in smart connected homes. Many residents are concerned about unauthorized access into their homes and about the privacy of their data. However, it is typically challenging to implement privacy and security in a smart connected home because of its heterogeneity of devices, the dynamic nature of the home network, and the fact that it is always connected to the Internet, amongst other things. As the numbers and types of smart home devices are increasing rapidly, so are the risks with these devices. Concurrently, it is also becoming increasingly challenging to gain a deeper understand- ing of the smart home. Such understanding is necessary to build a more privacy-preserving and secure smart connected home. Likewise, it is needed as a precursor to perform a comprehensive privacy and security analysis of the smart home.

    In this dissertation, we render a comprehensive description and account of the smart connected home that can be used for conducting risk analysis. In doing so, we organize the underlying smart home devices ac- cording to their functionality, identify their data-collecting capabilities, and survey the data types being collected by them. Such is done using the technical specification of commercial devices, including their privacy policies. This description is then leveraged for identifying threats and for analyzing risks present in smart connected homes. Such is done by analyzing both scholarly literature and examples from the industry, and leveraging formal modeling. Additionally, we identify malicious threat agents and mitigations that are relevant to smart connected homes. This is performed without limiting the research and results to a particular configuration and type of smart home.

    This research led to three main findings. First, the majority of the surveyed commercial devices are collecting instances of sensitive and personal data but are prone to critical vulnerabilities. Second, there is a shortage of scientific models that capture the complexity and heterogeneity of real-world smart home deployments, especially those intended for privacy risk analysis. Finally, despite the increasing regulations and attention to privacy and security, there is a lack of proactive and integrative approaches intended to safeguard privacy and security of the residents. We contributed to addressing these three findings by developing a framework and models that enable early identification of threats, better planning for risk management scenarios, and mitigation of potential impacts caused by attacks before they reach the homes and compromise the lives of the residents.

    Overall, the scientific contributions presented in this dissertation help deepen the understanding and reasoning about privacy and security concerns affecting smart connected homes, and contributes to advancing the research in the area of risk analysis as applied to such systems.

    List of papers
    1. An Investigation of Vulnerabilities in Smart Connected Cameras
    Open this publication in new window or tab >>An Investigation of Vulnerabilities in Smart Connected Cameras
    2018 (English)In: 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), IEEE, 2018, p. 656-661Conference paper, Published paper (Refereed)
    Abstract [en]

    The Internet of Things is enabling innovative ser-vices promising added convenience and value in various domains such as the smart home. Increasingly, households, office envi-ronments and cities, are being fitted with smart camera systems aimed to enhance the security of citizens. At the same time, sev-eral systems being deployed suffer from weak security implemen-tations. Recognizing this, and to understand the extent of this situation, in this study we perform a global vulnerability assess-ment using the Shodan search engine and the Common Vulnera-bilities and Exposures database. This is done to detect smart con-nected cameras exposed on the Internet alongside their sensitive, potentially private, data being broadcasted. Furthermore, we discuss whether the discovered data can be used to compromise the safety and privacy of individuals, and identify some mitiga-tions that can be adopted. The results indicate that a significant number of smart cameras are indeed prone to diverse security and privacy vulnerabilities.

    Place, publisher, year, edition, pages
    IEEE, 2018
    Keywords
    IoT, IoT security, Shodan, smart connected cameras, smart connected homes, vulnerabilities
    National Category
    Engineering and Technology
    Identifiers
    urn:nbn:se:mau:diva-12708 (URN)10.1109/PERCOMW.2018.8480184 (DOI)000541062400110 ()2-s2.0-85056473592 (Scopus ID)26328 (Local ID)978-1-5386-3227-7 (ISBN)978-1-5386-3228-4 (ISBN)26328 (Archive number)26328 (OAI)
    Conference
    IEEE PerCom 2018 - Second International Workshop on Pervasive Smart Living Spaces (PerLS 2018), Athens, Greece (19 March - 23 March)
    Available from: 2020-02-29 Created: 2020-02-29 Last updated: 2024-04-05Bibliographically approved
    2. On Privacy and Security Challenges in Smart Connected Homes
    Open this publication in new window or tab >>On Privacy and Security Challenges in Smart Connected Homes
    2016 (English)In: Proceedings: 2016 European Intelligence and Security Informatics Conference, IEEE, 2016Conference paper, Published paper (Refereed)
    Abstract [en]

    Smart homes have become increasingly popular for IoT products and services with a lot of promises for improving the quality of life of individuals. Nevertheless, the heterogeneous, dynamic, and Internet-connected nature of this environment adds new concerns as private data becomes accessible, often without the householders’ awareness. This accessibility alongside with the rising risks of data security and privacy breaches, makes smart home security a critical topic that deserves scrutiny. In this paper, we present an overview of the privacy and security challenges directed towards the smart home domain. We also identify constraints, evaluate solutions, and discuss a number of challenges and research issues where further investigation is required.

    Place, publisher, year, edition, pages
    IEEE, 2016
    Keywords
    smart home, security, privacy, IoT
    National Category
    Computer Systems
    Identifiers
    urn:nbn:se:mau:diva-12630 (URN)10.1109/EISIC.2016.044 (DOI)000411272300033 ()2-s2.0-85017282760 (Scopus ID)21507 (Local ID)21507 (Archive number)21507 (OAI)
    Conference
    European Intelligence and Security Informatics Conference (EISIC), Uppsala, Sweden (August 17-19)
    Available from: 2020-02-29 Created: 2020-02-29 Last updated: 2024-02-05Bibliographically approved
    3. An Analysis of Malicious Threat Agents for the Smart Connected Home
    Open this publication in new window or tab >>An Analysis of Malicious Threat Agents for the Smart Connected Home
    2017 (English)In: Proceeding of 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), IEEE, 2017Conference paper, Published paper (Refereed)
    Abstract [en]

    Smart connected home systems aim to enhance the comfort, convenience, security, entertainment, and health of the householders and their guests. Despite their advantages, their interconnected characteristics make smart home devices and services prone to various cybersecurity and privacy threats. In this paper, we analyze six classes of malicious threat agents for smart connected homes. We also identify four different motives and three distinct capability levels that can be used to group the different intruders. Based on this, we propose a new threat model that can be used for threat profiling. Both hypothetical and real-life examples of attacks are used throughout the paper. In reflecting on this work, we also observe motivations and agents that are not covered in standard agent taxonomies.

    Place, publisher, year, edition, pages
    IEEE, 2017
    Keywords
    Smart homes, Privacy, Terrorism, Computer security, Taxonomy, Home appliances, connected home, IoT, threat agent, threat agent motivations, threat agent capabilities
    National Category
    Engineering and Technology
    Identifiers
    urn:nbn:se:mau:diva-12595 (URN)10.1109/PERCOMW.2017.7917623 (DOI)000411208400111 ()2-s2.0-85020053641 (Scopus ID)22578 (Local ID)22578 (Archive number)22578 (OAI)
    Conference
    IEEE International Conference on Pervasive Computing and Communication (PerCom) 2017 - the First International Workshop on Pervasive Smart Living Spaces (PerLS 2017), Kona, Big Island, Hawaii, USA (March 13–17, 2017)
    Available from: 2020-02-29 Created: 2020-02-29 Last updated: 2023-12-27Bibliographically approved
    4. Is Your Home Becoming a Spy?: A Data-Centered Analysis and Classification of Smart Connected Home Systems
    Open this publication in new window or tab >>Is Your Home Becoming a Spy?: A Data-Centered Analysis and Classification of Smart Connected Home Systems
    2020 (English)In: IoT '20: Proceedings of the 10th International Conference on the Internet of Things, New York, United States: ACM Digital Library, 2020, article id 17Conference paper, Published paper (Refereed)
    Abstract [en]

    Smart connected home systems bring different privacy challenges to residents. The contribution of this paper is a novel privacy grounded classification of smart connected home systems that is focused on personal data exposure. This classification is built empirically through k-means cluster analysis from the technical specification of 81 commercial Internet of Things (IoT) systems as featured in PrivacyNotIncluded – an online database of consumer IoT systems. The attained classification helps us better understand the privacy implications and what is at stake with different smart connected home systems. Furthermore, we survey the entire spectrum of analyzed systems for their data collection capabilities. Systems were classified into four tiers: app-based accessors, watchers, location harvesters, and listeners, based on the sensing data the systems collect. Our findings indicate that being surveilled inside your home is a realistic threat, particularly, as the majority of the surveyed in-home IoT systems are installed with cameras, microphones, and location trackers. Finally, we identify research directions and suggest some best practices to mitigate the threat of in-house surveillance.

    Place, publisher, year, edition, pages
    New York, United States: ACM Digital Library, 2020
    Keywords
    IoT, smart home, home automation, privacy, unsupervised classification, survey, web mining
    National Category
    Computer Sciences
    Identifiers
    urn:nbn:se:mau:diva-18599 (URN)10.1145/3410992.3411012 (DOI)2-s2.0-85123040173 (Scopus ID)978-1-4503-8758-3 (ISBN)
    Conference
    IoT '20
    Available from: 2020-10-10 Created: 2020-10-10 Last updated: 2024-02-05Bibliographically approved
    5. A Privacy-Centered System Model for Smart Connected Homes
    Open this publication in new window or tab >>A Privacy-Centered System Model for Smart Connected Homes
    2020 (English)In: 2020 IEEE International Conference on Pervasive Computing and Communications Workshops: PerCom Workshops, IEEE, 2020Conference paper, Published paper (Refereed)
    Abstract [en]

    Smart connected homes are integrated with heterogeneous Internet-connected devices interacting with the physical environment and human users. While they have become an established research area, there is no common understanding of what composes such a pervasive environment making it challenging to perform a scientific analysis of the domain. This is especially evident when it comes to discourse about privacy threats. Recognizing this, we aim to describe a generic smart connected home, including the data it deals with in a novel privacy-centered system model. Such is done using concepts borrowed from the theory of Contextual Integrity. Furthermore, we represent privacy threats formally using the proposed model. To illustrate the usage of the model, we apply it to the design of an ambient-assisted living use-case and demonstrate how it can be used for identifying and analyzing the privacy threats directed to smart connected homes.

    Place, publisher, year, edition, pages
    IEEE, 2020
    Keywords
    Internet of Things, system model, privacy, privacy threats, home data, smart home, smart living
    National Category
    Computer Sciences
    Identifiers
    urn:nbn:se:mau:diva-18127 (URN)10.1109/PerComWorkshops48775.2020.9156246 (DOI)000612838200136 ()2-s2.0-85091968572 (Scopus ID)978-1-7281-4716-1 (ISBN)
    Conference
    IEEE PerCom
    Available from: 2020-08-25 Created: 2020-08-25 Last updated: 2024-02-05Bibliographically approved
    6. An Empirical Analysis of Smart Connected Home Data
    Open this publication in new window or tab >>An Empirical Analysis of Smart Connected Home Data
    2018 (English)In: Internet of Things – ICIOT 2018, Springer, 2018, p. 134-149Conference paper, Published paper (Refereed)
    Abstract [en]

    The increasing presence of heterogeneous Internet of Things devices inside the home brings with it added convenience and value to the householders. At the same time, these devices tend to be Internet-connected and continuously monitor and collect data about the residents and their daily lifestyle activities. Such data can be of a sensitive nature, given that the house is the place where privacy is naturally expected. To gain insight into this state of affairs, we empirically investigate the privacy policies of 87 different categories of commercial smart home devices in terms of data being collected. This is done using a combination of manual and data mining techniques. The overall contribution of this work is a model that identifies and categorizes smart connected home data in terms of its collection mode, collection method, and collection phase. Our findings bring up several implications for smart connected home privacy, which include the need for better security controls to safeguard the privacy of the householders.

    Place, publisher, year, edition, pages
    Springer, 2018
    Series
    Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 10972
    Keywords
    Smart home, IoT, Data model, Privacy policies
    National Category
    Engineering and Technology
    Identifiers
    urn:nbn:se:mau:diva-12509 (URN)10.1007/978-3-319-94370-1_10 (DOI)2-s2.0-85049026562 (Scopus ID)26281 (Local ID)26281 (Archive number)26281 (OAI)
    Conference
    International Conference on Internet of Things (ICIOT 2018), Seattle, USA (June 25 - June 30)
    Available from: 2020-02-29 Created: 2020-02-29 Last updated: 2024-02-05Bibliographically approved
    7. Smart Connected Homes
    Open this publication in new window or tab >>Smart Connected Homes
    2018 (English)In: Internet of Things A to Z: Technologies and Applications / [ed] Qusay F. Hassan, John Wiley & Sons, 2018, p. 359-384Chapter in book (Other academic)
    Place, publisher, year, edition, pages
    John Wiley & Sons, 2018
    Keywords
    smart connected home, Internet of Things, smart home services, system architectures, security, privacy, reliability, usability, interoperability
    National Category
    Engineering and Technology
    Identifiers
    urn:nbn:se:mau:diva-10482 (URN)10.1002/9781119456735.ch13 (DOI)25158 (Local ID)978-1-119-45674-2 (ISBN)25158 (Archive number)25158 (OAI)
    Available from: 2020-02-28 Created: 2020-02-28 Last updated: 2022-08-29Bibliographically approved
    8. On the Design of a Privacy-Centered Data Lifecycle for Smart Living Spaces
    Open this publication in new window or tab >>On the Design of a Privacy-Centered Data Lifecycle for Smart Living Spaces
    2020 (English)In: Privacy and Identity Management. Data for Better Living: AI and Privacy: 14th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Windisch, Switzerland, August 19--23, 2019, Revised Selected Papers / [ed] Michael Friedewald, Melek Önen, Eva Lievens, Stephan Krenn, and Samuel Fricker, Springer, 2020, 576, p. 126-141Chapter in book (Refereed)
    Abstract [en]

    Many living spaces, such as homes, are becoming smarter and connected by using Internet of Things (IoT) technologies. Such systems should ideally be privacy-centered by design given the sensitive and personal data they commonly deal with. Nonetheless, few systematic methodologies exist that deal with privacy threats affecting IoT-based systems. In this paper, we capture the generic function of an IoT system to model privacy so that threats affecting such contexts can be identified and categorized at system design stage. In effect, we integrate an extension to so called Data Flow Diagrams (DFD) in the model, which provides the means to handle the privacy-specific threats in IoT systems. To demonstrate the usefulness of the model, we apply it to the design of a realistic use-case involving Facebook Portal. We use that as a means to elicit the privacy threats and mitigations that can be adopted therein. Overall, we believe that the proposed extension and categorization of privacy threats provide a useful addition to IoT practitioners and researchers in support for the adoption of sound privacy-centered principles in the early stages of the smart living design process.

    Place, publisher, year, edition, pages
    Springer, 2020 Edition: 576
    Series
    IFIP Advances in Information and Communication Technology book series, ISSN 1868-4238, E-ISSN 1868-422X ; 576
    Keywords
    IoT, Data lifecycle, Data Flow Diagrams, Data privacy, Privacy threats, Smart connected home, Smart living space, Facebook Portal
    National Category
    Computer Sciences
    Identifiers
    urn:nbn:se:mau:diva-16962 (URN)10.1007/978-3-030-42504-3_9 (DOI)2-s2.0-85082383912 (Scopus ID)978-3-030-42503-6 (ISBN)978-3-030-42504-3 (ISBN)
    Note

    14th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Windisch, Switzerland, August 19--23, 2019, Revised Selected Papers

    Available from: 2020-03-31 Created: 2020-03-31 Last updated: 2024-02-05Bibliographically approved
    9. Functional Classification and Quantitative Analysis of Smart Connected Home Devices
    Open this publication in new window or tab >>Functional Classification and Quantitative Analysis of Smart Connected Home Devices
    2018 (English)In: 2018 Global Internet of Things Summit (GIoTS), Institute of Electrical and Electronics Engineers (IEEE), 2018, p. 144-149Conference paper, Published paper (Refereed)
    Abstract [en]

    The home environment is rapidly becoming more complex with the introduction of numerous and heterogeneous Internet of Things devices. This development into smart connected homes brings with it challenges when it comes to gaining a deeper understanding of the home environment as a socio-technical system. A better understanding of the home is essential to build robust, resilient, and secure smart home systems. In this regard, we developed a novel method for classifying smart home devices in a logical and coherent manner according to their functionality. Unlike other approaches, we build the categorization empirically by mining the technical specifications of 1,193 commercial devices. Moreover, we identify twelve capabilities that can be used to characterize home devices. Alongside the classification, we also quantitatively analyze the entire spectrum of commercial smart home devices in accordance to their functionality and capabilities. Overall, the categorization and analysis provide a foundation for identifying opportunities of generalizations and common solutions for the smart home.

    Place, publisher, year, edition, pages
    Institute of Electrical and Electronics Engineers (IEEE), 2018
    Series
    Global Internet of Things Summit
    Keywords
    classification, connected home, devices, IoT, smart home, survey, taxonomy, web mining
    National Category
    Engineering and Technology
    Identifiers
    urn:nbn:se:mau:diva-12487 (URN)10.1109/giots.2018.8534563 (DOI)000456099600039 ()2-s2.0-85059075949 (Scopus ID)26327 (Local ID)26327 (Archive number)26327 (OAI)
    Conference
    Global IoT Summit, Bilbao, Spain (June 4 - June 7)
    Available from: 2020-02-29 Created: 2020-02-29 Last updated: 2023-12-15Bibliographically approved
    Download full text (pdf)
    comprehensive summary
    Download (jpg)
    preview image
  • 3.
    Bugeja, Joseph
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Smart connected homes: concepts, risks, and challenges2018Licentiate thesis, comprehensive summary (Other academic)
    Abstract [en]

    The growth and presence of heterogeneous connected devices inside the home have the potential to provide increased efficiency and quality of life to the residents. Simultaneously, these devices tend to be Internet-connected and continuously monitor, collect, and transmit data about the residents and their daily lifestyle activities. Such data can be of a sensitive nature, such as camera feeds, voice commands, physiological data, and more. This data allows for the implementation of services, personalization support, and benefits offered by smart home technologies. Alas, there has been a rift of security and privacy attacks on connected home devices that compromise the security, safety, and privacy of the occupants. In this thesis, we provide a comprehensive description of the smart connected home ecosystem in terms of its assets, architecture, functionality, and capabilities. Especially, we focus on the data being collected by smart home devices. Such description and organization are necessary as a precursor to perform a rigorous security and privacy analysis of the smart home. Additionally, we seek to identify threat agents, risks, challenges, and propose some mitigation approaches suitable for home environments. Identifying these is core to characterize what is at stake, and to gain insights into what is required to build more robust, resilient, secure, and privacy-preserving smart home systems. Overall, we propose new concepts, models, and methods serving as a foundation for conducting deeper research work in particular linked to smart connected homes. In particular, we propose a taxonomy of devices; classification of data collected by smart connected homes; threat agent model for the smart connected home; and identify challenges, risks, and propose some mitigation approaches.

    List of papers
    1. Smart Connected Homes
    Open this publication in new window or tab >>Smart Connected Homes
    2018 (English)In: Internet of Things A to Z: Technologies and Applications / [ed] Qusay F. Hassan, John Wiley & Sons, 2018, p. 359-384Chapter in book (Other academic)
    Place, publisher, year, edition, pages
    John Wiley & Sons, 2018
    Keywords
    smart connected home, Internet of Things, smart home services, system architectures, security, privacy, reliability, usability, interoperability
    National Category
    Engineering and Technology
    Identifiers
    urn:nbn:se:mau:diva-10482 (URN)10.1002/9781119456735.ch13 (DOI)25158 (Local ID)978-1-119-45674-2 (ISBN)25158 (Archive number)25158 (OAI)
    Available from: 2020-02-28 Created: 2020-02-28 Last updated: 2022-08-29Bibliographically approved
    2. On Privacy and Security Challenges in Smart Connected Homes
    Open this publication in new window or tab >>On Privacy and Security Challenges in Smart Connected Homes
    2016 (English)In: Proceedings: 2016 European Intelligence and Security Informatics Conference, IEEE, 2016Conference paper, Published paper (Refereed)
    Abstract [en]

    Smart homes have become increasingly popular for IoT products and services with a lot of promises for improving the quality of life of individuals. Nevertheless, the heterogeneous, dynamic, and Internet-connected nature of this environment adds new concerns as private data becomes accessible, often without the householders’ awareness. This accessibility alongside with the rising risks of data security and privacy breaches, makes smart home security a critical topic that deserves scrutiny. In this paper, we present an overview of the privacy and security challenges directed towards the smart home domain. We also identify constraints, evaluate solutions, and discuss a number of challenges and research issues where further investigation is required.

    Place, publisher, year, edition, pages
    IEEE, 2016
    Keywords
    smart home, security, privacy, IoT
    National Category
    Computer Systems
    Identifiers
    urn:nbn:se:mau:diva-12630 (URN)10.1109/EISIC.2016.044 (DOI)000411272300033 ()2-s2.0-85017282760 (Scopus ID)21507 (Local ID)21507 (Archive number)21507 (OAI)
    Conference
    European Intelligence and Security Informatics Conference (EISIC), Uppsala, Sweden (August 17-19)
    Available from: 2020-02-29 Created: 2020-02-29 Last updated: 2024-02-05Bibliographically approved
    3. An Analysis of Malicious Threat Agents for the Smart Connected Home
    Open this publication in new window or tab >>An Analysis of Malicious Threat Agents for the Smart Connected Home
    2017 (English)In: Proceeding of 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), IEEE, 2017Conference paper, Published paper (Refereed)
    Abstract [en]

    Smart connected home systems aim to enhance the comfort, convenience, security, entertainment, and health of the householders and their guests. Despite their advantages, their interconnected characteristics make smart home devices and services prone to various cybersecurity and privacy threats. In this paper, we analyze six classes of malicious threat agents for smart connected homes. We also identify four different motives and three distinct capability levels that can be used to group the different intruders. Based on this, we propose a new threat model that can be used for threat profiling. Both hypothetical and real-life examples of attacks are used throughout the paper. In reflecting on this work, we also observe motivations and agents that are not covered in standard agent taxonomies.

    Place, publisher, year, edition, pages
    IEEE, 2017
    Keywords
    Smart homes, Privacy, Terrorism, Computer security, Taxonomy, Home appliances, connected home, IoT, threat agent, threat agent motivations, threat agent capabilities
    National Category
    Engineering and Technology
    Identifiers
    urn:nbn:se:mau:diva-12595 (URN)10.1109/PERCOMW.2017.7917623 (DOI)000411208400111 ()2-s2.0-85020053641 (Scopus ID)22578 (Local ID)22578 (Archive number)22578 (OAI)
    Conference
    IEEE International Conference on Pervasive Computing and Communication (PerCom) 2017 - the First International Workshop on Pervasive Smart Living Spaces (PerLS 2017), Kona, Big Island, Hawaii, USA (March 13–17, 2017)
    Available from: 2020-02-29 Created: 2020-02-29 Last updated: 2023-12-27Bibliographically approved
    4. An Investigation of Vulnerabilities in Smart Connected Cameras
    Open this publication in new window or tab >>An Investigation of Vulnerabilities in Smart Connected Cameras
    2018 (English)In: 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), IEEE, 2018, p. 656-661Conference paper, Published paper (Refereed)
    Abstract [en]

    The Internet of Things is enabling innovative ser-vices promising added convenience and value in various domains such as the smart home. Increasingly, households, office envi-ronments and cities, are being fitted with smart camera systems aimed to enhance the security of citizens. At the same time, sev-eral systems being deployed suffer from weak security implemen-tations. Recognizing this, and to understand the extent of this situation, in this study we perform a global vulnerability assess-ment using the Shodan search engine and the Common Vulnera-bilities and Exposures database. This is done to detect smart con-nected cameras exposed on the Internet alongside their sensitive, potentially private, data being broadcasted. Furthermore, we discuss whether the discovered data can be used to compromise the safety and privacy of individuals, and identify some mitiga-tions that can be adopted. The results indicate that a significant number of smart cameras are indeed prone to diverse security and privacy vulnerabilities.

    Place, publisher, year, edition, pages
    IEEE, 2018
    Keywords
    IoT, IoT security, Shodan, smart connected cameras, smart connected homes, vulnerabilities
    National Category
    Engineering and Technology
    Identifiers
    urn:nbn:se:mau:diva-12708 (URN)10.1109/PERCOMW.2018.8480184 (DOI)000541062400110 ()2-s2.0-85056473592 (Scopus ID)26328 (Local ID)978-1-5386-3227-7 (ISBN)978-1-5386-3228-4 (ISBN)26328 (Archive number)26328 (OAI)
    Conference
    IEEE PerCom 2018 - Second International Workshop on Pervasive Smart Living Spaces (PerLS 2018), Athens, Greece (19 March - 23 March)
    Available from: 2020-02-29 Created: 2020-02-29 Last updated: 2024-04-05Bibliographically approved
    5. Functional Classification and Quantitative Analysis of Smart Connected Home Devices
    Open this publication in new window or tab >>Functional Classification and Quantitative Analysis of Smart Connected Home Devices
    2018 (English)In: 2018 Global Internet of Things Summit (GIoTS), Institute of Electrical and Electronics Engineers (IEEE), 2018, p. 144-149Conference paper, Published paper (Refereed)
    Abstract [en]

    The home environment is rapidly becoming more complex with the introduction of numerous and heterogeneous Internet of Things devices. This development into smart connected homes brings with it challenges when it comes to gaining a deeper understanding of the home environment as a socio-technical system. A better understanding of the home is essential to build robust, resilient, and secure smart home systems. In this regard, we developed a novel method for classifying smart home devices in a logical and coherent manner according to their functionality. Unlike other approaches, we build the categorization empirically by mining the technical specifications of 1,193 commercial devices. Moreover, we identify twelve capabilities that can be used to characterize home devices. Alongside the classification, we also quantitatively analyze the entire spectrum of commercial smart home devices in accordance to their functionality and capabilities. Overall, the categorization and analysis provide a foundation for identifying opportunities of generalizations and common solutions for the smart home.

    Place, publisher, year, edition, pages
    Institute of Electrical and Electronics Engineers (IEEE), 2018
    Series
    Global Internet of Things Summit
    Keywords
    classification, connected home, devices, IoT, smart home, survey, taxonomy, web mining
    National Category
    Engineering and Technology
    Identifiers
    urn:nbn:se:mau:diva-12487 (URN)10.1109/giots.2018.8534563 (DOI)000456099600039 ()2-s2.0-85059075949 (Scopus ID)26327 (Local ID)26327 (Archive number)26327 (OAI)
    Conference
    Global IoT Summit, Bilbao, Spain (June 4 - June 7)
    Available from: 2020-02-29 Created: 2020-02-29 Last updated: 2023-12-15Bibliographically approved
    6. An Empirical Analysis of Smart Connected Home Data
    Open this publication in new window or tab >>An Empirical Analysis of Smart Connected Home Data
    2018 (English)In: Internet of Things – ICIOT 2018, Springer, 2018, p. 134-149Conference paper, Published paper (Refereed)
    Abstract [en]

    The increasing presence of heterogeneous Internet of Things devices inside the home brings with it added convenience and value to the householders. At the same time, these devices tend to be Internet-connected and continuously monitor and collect data about the residents and their daily lifestyle activities. Such data can be of a sensitive nature, given that the house is the place where privacy is naturally expected. To gain insight into this state of affairs, we empirically investigate the privacy policies of 87 different categories of commercial smart home devices in terms of data being collected. This is done using a combination of manual and data mining techniques. The overall contribution of this work is a model that identifies and categorizes smart connected home data in terms of its collection mode, collection method, and collection phase. Our findings bring up several implications for smart connected home privacy, which include the need for better security controls to safeguard the privacy of the householders.

    Place, publisher, year, edition, pages
    Springer, 2018
    Series
    Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 10972
    Keywords
    Smart home, IoT, Data model, Privacy policies
    National Category
    Engineering and Technology
    Identifiers
    urn:nbn:se:mau:diva-12509 (URN)10.1007/978-3-319-94370-1_10 (DOI)2-s2.0-85049026562 (Scopus ID)26281 (Local ID)26281 (Archive number)26281 (OAI)
    Conference
    International Conference on Internet of Things (ICIOT 2018), Seattle, USA (June 25 - June 30)
    Available from: 2020-02-29 Created: 2020-02-29 Last updated: 2024-02-05Bibliographically approved
    Download full text (pdf)
    Comprehensive summary
  • 4.
    Bugeja, Joseph
    et al.
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Davidsson, Paul
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Jacobsson, Andreas
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Functional Classification and Quantitative Analysis of Smart Connected Home Devices2018In: 2018 Global Internet of Things Summit (GIoTS), Institute of Electrical and Electronics Engineers (IEEE), 2018, p. 144-149Conference paper (Refereed)
    Abstract [en]

    The home environment is rapidly becoming more complex with the introduction of numerous and heterogeneous Internet of Things devices. This development into smart connected homes brings with it challenges when it comes to gaining a deeper understanding of the home environment as a socio-technical system. A better understanding of the home is essential to build robust, resilient, and secure smart home systems. In this regard, we developed a novel method for classifying smart home devices in a logical and coherent manner according to their functionality. Unlike other approaches, we build the categorization empirically by mining the technical specifications of 1,193 commercial devices. Moreover, we identify twelve capabilities that can be used to characterize home devices. Alongside the classification, we also quantitatively analyze the entire spectrum of commercial smart home devices in accordance to their functionality and capabilities. Overall, the categorization and analysis provide a foundation for identifying opportunities of generalizations and common solutions for the smart home.

    Download full text (pdf)
    FULLTEXT01
  • 5.
    Bugeja, Joseph
    et al.
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Jacobsson, Andreas
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Green Intelligent Homes: A Perspective on the Future of Smart Homes and Their Implications2023In: Proceedings of the 8th International Conference on Internet of Things, Big Data and Security (IoTBDS 2023). / [ed] Gary, Wills; Buttyán, Levante; Kacuk, Péter; Chang, Victor, Portugal, 2023, p. 186-193Conference paper (Refereed)
    Abstract [en]

    The smart home technology market is witnessing rapid growth due to the advent of more advanced, intuitive, and affordable solutions. As the adoption of these technologies becomes more prevalent, there is a need for research to explore potential avenues for pervasive smart living. This study aims to review the available literature and industry studies, along with our own experiences in the field, to identify and discuss potential future research in the smart home. We observe that the future of the smart home will likely be focused on improving the user experience, with a greater emphasis on personalization, automation, and Artificial intelligence (AI)-driven technologies, leading to what we call the "Green Intelligent Home". Through this analysis, this study aims to offer insights into how the development of smart homes could shape society in the future and the potential implications of such a development. This study concludes by suggesting a framework for knowledge development in the smart home domain.

    Download full text (pdf)
    fulltext
  • 6.
    Bugeja, Joseph
    et al.
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Jacobsson, Andreas
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    On the Design of a Privacy-Centered Data Lifecycle for Smart Living Spaces2020In: Privacy and Identity Management. Data for Better Living: AI and Privacy: 14th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Windisch, Switzerland, August 19--23, 2019, Revised Selected Papers / [ed] Michael Friedewald, Melek Önen, Eva Lievens, Stephan Krenn, and Samuel Fricker, Springer, 2020, 576, p. 126-141Chapter in book (Refereed)
    Abstract [en]

    Many living spaces, such as homes, are becoming smarter and connected by using Internet of Things (IoT) technologies. Such systems should ideally be privacy-centered by design given the sensitive and personal data they commonly deal with. Nonetheless, few systematic methodologies exist that deal with privacy threats affecting IoT-based systems. In this paper, we capture the generic function of an IoT system to model privacy so that threats affecting such contexts can be identified and categorized at system design stage. In effect, we integrate an extension to so called Data Flow Diagrams (DFD) in the model, which provides the means to handle the privacy-specific threats in IoT systems. To demonstrate the usefulness of the model, we apply it to the design of a realistic use-case involving Facebook Portal. We use that as a means to elicit the privacy threats and mitigations that can be adopted therein. Overall, we believe that the proposed extension and categorization of privacy threats provide a useful addition to IoT practitioners and researchers in support for the adoption of sound privacy-centered principles in the early stages of the smart living design process.

  • 7.
    Bugeja, Joseph
    et al.
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Jacobsson, Andreas
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Davidsson, Paul
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT). Malmö University, Internet of Things and People (IOTAP).
    A Privacy-Centered System Model for Smart Connected Homes2020In: 2020 IEEE International Conference on Pervasive Computing and Communications Workshops: PerCom Workshops, IEEE, 2020Conference paper (Refereed)
    Abstract [en]

    Smart connected homes are integrated with heterogeneous Internet-connected devices interacting with the physical environment and human users. While they have become an established research area, there is no common understanding of what composes such a pervasive environment making it challenging to perform a scientific analysis of the domain. This is especially evident when it comes to discourse about privacy threats. Recognizing this, we aim to describe a generic smart connected home, including the data it deals with in a novel privacy-centered system model. Such is done using concepts borrowed from the theory of Contextual Integrity. Furthermore, we represent privacy threats formally using the proposed model. To illustrate the usage of the model, we apply it to the design of an ambient-assisted living use-case and demonstrate how it can be used for identifying and analyzing the privacy threats directed to smart connected homes.

  • 8.
    Bugeja, Joseph
    et al.
    Malmö högskola, Faculty of Technology and Society (TS). Malmö högskola, Internet of Things and People (IOTAP).
    Jacobsson, Andreas
    Malmö högskola, Faculty of Technology and Society (TS). Malmö högskola, Internet of Things and People (IOTAP).
    Davidsson, Paul
    Malmö högskola, Faculty of Technology and Society (TS). Malmö högskola, Internet of Things and People (IOTAP).
    An Analysis of Malicious Threat Agents for the Smart Connected Home2017In: Proceeding of 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), IEEE, 2017Conference paper (Refereed)
    Abstract [en]

    Smart connected home systems aim to enhance the comfort, convenience, security, entertainment, and health of the householders and their guests. Despite their advantages, their interconnected characteristics make smart home devices and services prone to various cybersecurity and privacy threats. In this paper, we analyze six classes of malicious threat agents for smart connected homes. We also identify four different motives and three distinct capability levels that can be used to group the different intruders. Based on this, we propose a new threat model that can be used for threat profiling. Both hypothetical and real-life examples of attacks are used throughout the paper. In reflecting on this work, we also observe motivations and agents that are not covered in standard agent taxonomies.

    Download full text (pdf)
    FULLTEXT01
  • 9.
    Bugeja, Joseph
    et al.
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Jacobsson, Andreas
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Davidsson, Paul
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    An Empirical Analysis of Smart Connected Home Data2018In: Internet of Things – ICIOT 2018, Springer, 2018, p. 134-149Conference paper (Refereed)
    Abstract [en]

    The increasing presence of heterogeneous Internet of Things devices inside the home brings with it added convenience and value to the householders. At the same time, these devices tend to be Internet-connected and continuously monitor and collect data about the residents and their daily lifestyle activities. Such data can be of a sensitive nature, given that the house is the place where privacy is naturally expected. To gain insight into this state of affairs, we empirically investigate the privacy policies of 87 different categories of commercial smart home devices in terms of data being collected. This is done using a combination of manual and data mining techniques. The overall contribution of this work is a model that identifies and categorizes smart connected home data in terms of its collection mode, collection method, and collection phase. Our findings bring up several implications for smart connected home privacy, which include the need for better security controls to safeguard the privacy of the householders.

  • 10.
    Bugeja, Joseph
    et al.
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Jacobsson, Andreas
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Davidsson, Paul
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT). Malmö University, Internet of Things and People (IOTAP).
    Is Your Home Becoming a Spy?: A Data-Centered Analysis and Classification of Smart Connected Home Systems2020In: IoT '20: Proceedings of the 10th International Conference on the Internet of Things, New York, United States: ACM Digital Library, 2020, article id 17Conference paper (Refereed)
    Abstract [en]

    Smart connected home systems bring different privacy challenges to residents. The contribution of this paper is a novel privacy grounded classification of smart connected home systems that is focused on personal data exposure. This classification is built empirically through k-means cluster analysis from the technical specification of 81 commercial Internet of Things (IoT) systems as featured in PrivacyNotIncluded – an online database of consumer IoT systems. The attained classification helps us better understand the privacy implications and what is at stake with different smart connected home systems. Furthermore, we survey the entire spectrum of analyzed systems for their data collection capabilities. Systems were classified into four tiers: app-based accessors, watchers, location harvesters, and listeners, based on the sensing data the systems collect. Our findings indicate that being surveilled inside your home is a realistic threat, particularly, as the majority of the surveyed in-home IoT systems are installed with cameras, microphones, and location trackers. Finally, we identify research directions and suggest some best practices to mitigate the threat of in-house surveillance.

  • 11.
    Bugeja, Joseph
    et al.
    Malmö högskola, Faculty of Technology and Society (TS).
    Jacobsson, Andreas
    Malmö högskola, Faculty of Technology and Society (TS).
    Davidsson, Paul
    Malmö högskola, Faculty of Technology and Society (TS).
    On Privacy and Security Challenges in Smart Connected Homes2016In: Proceedings: 2016 European Intelligence and Security Informatics Conference, IEEE, 2016Conference paper (Refereed)
    Abstract [en]

    Smart homes have become increasingly popular for IoT products and services with a lot of promises for improving the quality of life of individuals. Nevertheless, the heterogeneous, dynamic, and Internet-connected nature of this environment adds new concerns as private data becomes accessible, often without the householders’ awareness. This accessibility alongside with the rising risks of data security and privacy breaches, makes smart home security a critical topic that deserves scrutiny. In this paper, we present an overview of the privacy and security challenges directed towards the smart home domain. We also identify constraints, evaluate solutions, and discuss a number of challenges and research issues where further investigation is required.

    Download full text (pdf)
    FULLTEXT01
  • 12.
    Bugeja, Joseph
    et al.
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Jacobsson, Andreas
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Davidsson, Paul
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT). Malmö University, Internet of Things and People (IOTAP).
    PRASH: A Framework for Privacy Risk Analysis of Smart Homes.2021In: Sensors, E-ISSN 1424-8220, Vol. 21, no 19, article id 6399Article in journal (Refereed)
    Abstract [en]

    Smart homes promise to improve the quality of life of residents. However, they collect vasts amounts of personal and sensitive data, making privacy protection critically important. We propose a framework, called PRASH, for modeling and analyzing the privacy risks of smart homes. It is composed of three modules: a system model, a threat model, and a set of privacy metrics, which together are used for calculating the privacy risk exposure of a smart home system. By representing a smart home through a formal specification, PRASH allows for early identification of threats, better planning for risk management scenarios, and mitigation of potential impacts caused by attacks before they compromise the lives of residents. To demonstrate the capabilities of PRASH, an executable version of the smart home system configuration was generated using the proposed formal specification, which was then analyzed to find potential attack paths while also mitigating the impacts of those attacks. Thereby, we add important contributions to the body of knowledge on the mitigations of threat agents violating the privacy of users in their homes. Overall, the use of PRASH will help residents to preserve their right to privacy in the face of the emerging challenges affecting smart homes.

    Download full text (pdf)
    fulltext
  • 13.
    Bugeja, Joseph
    et al.
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Jacobsson, Andreas
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Davidsson, Paul
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Smart Connected Homes2018In: Internet of Things A to Z: Technologies and Applications / [ed] Qusay F. Hassan, John Wiley & Sons, 2018, p. 359-384Chapter in book (Other academic)
  • 14.
    Bugeja, Joseph
    et al.
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT). Malmö University, Internet of Things and People (IOTAP).
    Jacobsson, Andreas
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT). Malmö University, Internet of Things and People (IOTAP).
    Davidsson, Paul
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT). Malmö University, Internet of Things and People (IOTAP).
    The Ethical Smart Home: Perspectives and Guidelines2022In: IEEE Security and Privacy, ISSN 1540-7993, E-ISSN 1558-4046, Vol. 20, no 1, p. 72-80Article in journal (Refereed)
  • 15.
    Bugeja, Joseph
    et al.
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Jacobsson, Andreas
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Spalazzese, Romina
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT). Malmö University, Internet of Things and People (IOTAP).
    On the Analysis of Semantic Denial-of-Service Attacks Affecting Smart Living Devices2020In: Intelligent Computing: Proceedings of the 2020 Computing Conference / [ed] Kohei Arai, Supriya Kapoor, Rahul Bhatia, Springer, 2020, Vol. 2Conference paper (Refereed)
    Abstract [en]

    With the interconnectedness of heterogeneous IoT devices being deployed in smart living spaces, it is imperative to assure that connected devices are resilient against Denial-of-Service (DoS) attacks. DoS attacks may cause economic damage but may also jeopardize the life of individuals, e.g., in a smart home healthcare environment since there might be situations (e.g., heart attacks), when urgent and timely actions are crucial. To achieve a better understanding of the DoS attack scenario in the ever so private home environment, we conduct a vulnerability assessment of five commercial-off-the-shelf IoT devices: a gaming console, media player, lighting system, connected TV, and IP camera, that are typically found in a smart living space. This study was conducted using an automated vulnerability scanner – Open Vulnerability Assessment System (OpenVAS) – and focuses on semantic DoS attacks. The results of the conducted experiment indicate that the majority of the tested devices are prone to DoS attacks, in particular those caused by a failure to manage exceptional conditions, leading to a total compromise of their availability. To understand the root causes for successful attacks, we analyze the payload code, identify the weaknesses exploited, and propose some mitigations that can be adopted by smart living developers and consumers.

  • 16.
    Bugeja, Joseph
    et al.
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Jönsson, Désirée
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Jacobsson, Andreas
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    An Investigation of Vulnerabilities in Smart Connected Cameras2018In: 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), IEEE, 2018, p. 656-661Conference paper (Refereed)
    Abstract [en]

    The Internet of Things is enabling innovative ser-vices promising added convenience and value in various domains such as the smart home. Increasingly, households, office envi-ronments and cities, are being fitted with smart camera systems aimed to enhance the security of citizens. At the same time, sev-eral systems being deployed suffer from weak security implemen-tations. Recognizing this, and to understand the extent of this situation, in this study we perform a global vulnerability assess-ment using the Shodan search engine and the Common Vulnera-bilities and Exposures database. This is done to detect smart con-nected cameras exposed on the Internet alongside their sensitive, potentially private, data being broadcasted. Furthermore, we discuss whether the discovered data can be used to compromise the safety and privacy of individuals, and identify some mitiga-tions that can be adopted. The results indicate that a significant number of smart cameras are indeed prone to diverse security and privacy vulnerabilities.

    Download full text (pdf)
    FULLTEXT01
  • 17.
    Bugeja, Joseph
    et al.
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Persson, Jan A.
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    A Data-Centric Anomaly-Based Detection System for Interactive Machine Learning Setups2022In: Proceedings of the 18th International Conference on Web Information Systems and Technologies - WEBIST, SciTePress, 2022, p. 182-189Conference paper (Refereed)
    Abstract [en]

    A major concern in the use of Internet of Things (IoT) technologies in general is their reliability in the presence of security threats and cyberattacks. Particularly, there is a growing recognition that IoT environments featuring virtual sensing and interactive machine learning may be subject to additional vulnerabilities when compared to traditional networks and classical batch learning settings. Partly, this is as adversaries could more easily manipulate the user feedback channel with malicious content. To this end, we propose a data-centric anomaly-based detection system, based on machine learning, that facilitates the process of identifying anomalies, particularly those related to poisoning integrity attacks targeting the user feedback channel of interactive machine learning setups. We demonstrate the capabilities of the proposed system in a case study involving a smart campus setup consisting of different smart devices, namely, a smart camera, a climate sensmitter, smart lighting, a smart phone, and a user feedback channel over which users could furnish labels to improve detection of correct system states, namely, activity types happening inside a room. Our results indicate that anomalies targeting the user feedback channel can be accurately detected at 98% using the Random Forest classifier.

    Download full text (pdf)
    fulltext
  • 18.
    Bugeja, Joseph
    et al.
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Vogel, Bahtijar
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Jacobsson, Andreas
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Varshney, Rimpu
    Department of Security & Enterprise, Sony Mobile Communications, Lund, Sweden.
    IoTSM: An End-to-end Security Model for IoT Ecosystems2019In: 2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), IEEE, 2019Conference paper (Refereed)
    Abstract [en]

    The Internet of Things (IoT) market is growing rapidly, allowing continuous evolution of new technologies. Alongside this development, most IoT devices are easy to compromise, as security is often not a prioritized characteristic. This paper proposes a novel IoT Security Model (IoTSM) that can be used by organizations to formulate and implement a strategy for developing end-to-end IoT security. IoTSM is grounded by the Software Assurance Maturity Model (SAMM) framework, however it expands it with new security practices and empirical data gathered from IoT practitioners. Moreover, we generalize the model into a conceptual framework. This approach allows the formal analysis for security in general and evaluates an organization’s security practices. Overall, our proposed approach can help researchers, practitioners, and IoT organizations, to discourse about IoT security from an end-to-end perspective.

  • 19.
    Flores, César
    et al.
    Adesso Sweden, Malmö, Sweden.
    Gonzalez, Jose
    Accelerated Growth, Malmö, Sweden.
    Kajtazi, Miranda
    Department of Informatics, Lund University, Lund, Sweden.
    Bugeja, Joseph
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT). Malmö University, Internet of Things and People (IOTAP).
    Vogel, Bahtijar
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT). Malmö University, Internet of Things and People (IOTAP).
    Human Factors for Cybersecurity Awareness in a Remote Work Environment2023In: Proceedings of the 9th International Conference on Information Systems Security and Privacy ICISSP, SciTePress, 2023, Vol. 1, p. 608-616Conference paper (Refereed)
    Abstract [en]

    The conveniences of remote work are various, but a surge in cyberthreats has heavily affected the optimal processes of organizations. As a result, employees’ cybersecurity awareness was jeopardized, prompting organizations to require improvement of cybersecurity processes at all levels. This paper explores which cybersecurity aspects are more relevant and/or relatable for remote working employees. A qualitative approach via interviews is used to collect experiences and perspectives from employees in different organizations. The results show that human factors, such as trust in cybersecurity infrastructure, previous practices, training, security fatigue, and improvements with gamification, are core to supporting the success of a cybersecurity program in a remote work environment.

     

     

     

    Download full text (pdf)
    fulltext
  • 20.
    Gabrielsson, Jonas
    et al.
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Bugeja, Joseph
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Vogel, Bahtijar
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT). Malmö University, Internet of Things and People (IOTAP).
    Hacking a Commercial Drone with Open-Source Software: Exploring Data Privacy Violations2021In: 2021 10th Mediterranean Conference on Embedded Computing (MECO), IEEE, 2021, p. 1-5Conference paper (Refereed)
    Abstract [en]

    Drones have been discussed frequently in both governmental and commercial sectors for their normalization in the airspace. Nonetheless, drones bring diverse privacy concerns to users. In this paper, we explore the ramifications to data privacy from the perspective of drone owners. To investigate privacy in this context, four experiments targeting a commercial drone were conducted using open-source software. The experiments identified personal data (e.g., audio, video, and location) that are at risk of being compromised particularly through the execution of a basic deauthentication attack launched at a commercial drone. Our findings indicate the severity of risks affecting commercial drones. This makes the case for more effective privacy regulations and better guidelines suitable for securing drones.

  • 21.
    Kebande, Victor R.
    et al.
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Alawadi, Sadi
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Bugeja, Joseph
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Persson, Jan A.
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Olsson, Carl Magnus
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Leveraging Federated Learning & Blockchain to counter Adversarial Attacks in Incremental Learning2020In: IoT '20 Companion: 10th International Conference on the Internet of Things Companion, ACM Digital Library, 2020, p. 1-5, article id 2Conference paper (Refereed)
    Abstract [en]

    Whereas data labelling in IoT applications is costly, it is also time consuming to train a supervised Machine Learning (ML) algorithm. Hence, a human oracle is required to gradually annotate the data patterns at run-time to improve the models’ learning behavior, through an active learning strategy in form of User Feedback Process (UFP). Consequently, it is worth to note that during UFP there may exist malicious content that may subject the learning model to be vulnerable to adversarial attacks, more so, manipulative attacks. We argue in this position paper, that there are instances during incremental learning, where the local data model may present wrong output, if retraining is done using data that has already been subjected to adversarial attack. We propose a Distributed Interactive Secure Federated Learning (DISFL) framework that utilizes UFP in the edge and fog node, that subsequently increases the amount of labelled personal local data for the ML model during incremental training. Furthermore, the DISFL framework addresses data privacy by leveraging federated learning, where only the model's knowledge is moved to a global unit, herein referred to as Collective Intelligence Node (CIN). During incremental learning, this would then allow the creation of an immutable chain of data that has to be trained, which in its entirety is tamper-free while increasing trust between parties. With a degree of certainty, this approach counters adversarial manipulation during incremental learning in active learning context at the same time strengthens data privacy, while reducing the computation costs.

  • 22.
    Kebande, Victor R.
    et al.
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT). Malmö University, Internet of Things and People (IOTAP).
    Bugeja, Joseph
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Persson, Jan A.
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Internet of threats introspection in dynamic intelligent virtual sensing2019In: CPSS 2019 Cyber-Physical Social Systems: Proceedings of the 1st Workshop on Cyber-Physical Social Systemsco-located with the 9th International Conference on the Internet of Things (IoT 2019) / [ed] Antonella Longo; Maria Fazio; Rajiv Ranjan; Marco Zappatore, CEUR-WS , 2019, p. 22-29Conference paper (Refereed)
    Abstract [en]

    Continued ubiquity of communication infrastructure across Internet of Things (IoT) ecosystems has seen persistent advances of dynamic, intelligent, virtualised sensing and actuation. This has led to effective interaction across the connected ecosystem of “things”. Furthermore, this has enabled the creation of smart environments that has created the need for the development of different IoT protocols that support the relaying of information across billions of electronic devices over the Internet. That notwithstanding, the phenomenon of virtual sensors that are supported by IoT technologies like Wireless Sensor Networks (WSNs), RFID, WIFI, Bluetooth, ZigBee, IEEE 802.15.4, etc., emulates physical sensors, and enables more efficient resource management through the dynamic allocation of virtual sensor resources. A distinctive example of this has been the proposition of the Dynamic Intelligent Virtual Sensors (DIVS). This DIVS concept is a novel proposition that allows sensing to be done by the use of logical instances through the use of labeled data. This allows for making accurate predictions during data fusion. However, a potential security attack on DIVS may end up providing false labels during the User Feedback Process (UFP), which may interfere with the accuracy of DIVS. This paper investigates the threat landscape in DIVS when employed in IoT ecosystems, in order to identify the extent to which the severity of these threats may hinder accurate prediction of DIVS in IoT, based on labeled data. The authors have conducted a threat introspection in DIVS from a security perspective. 

    Download full text (pdf)
    fulltext
  • 23.
    Persson, Jan A.
    et al.
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Bugeja, Joseph
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Davidsson, Paul
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Holmberg, Johan
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Kebande, Victor R.
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Mihailescu, Radu-Casian
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Sarkheyli-Hägele, Arezoo
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    Tegen, Agnes
    Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
    The Concept of Interactive Dynamic Intelligent Virtual Sensors (IDIVS): Bridging the Gap between Sensors, Services, and Users through Machine Learning2023In: Applied Sciences, E-ISSN 2076-3417, Vol. 13, no 11, article id 6516Article in journal (Refereed)
    Abstract [en]

    This paper concerns the novel concept of an Interactive Dynamic Intelligent Virtual Sensor (IDIVS), which extends virtual/soft sensors towards making use of user input through interactive learning (IML) and transfer learning. In research, many studies can be found on using machine learning in this domain, but not much on using IML. This paper contributes by highlighting how this can be done and the associated positive potential effects and challenges. An IDIVS provides a sensor-like output and achieves the output through the data fusion of sensor values or from the output values of other IDIVSs. We focus on settings where people are present in different roles: from basic service users in the environment being sensed to interactive service users supporting the learning of the IDIVS, as well as configurators of the IDIVS and explicit IDIVS teachers. The IDIVS aims at managing situations where sensors may disappear and reappear and be of heterogeneous types. We refer to and recap the major findings from related experiments and validation in complementing work. Further, we point at several application areas: smart building, smart mobility, smart learning, and smart health. The information properties and capabilities needed in the IDIVS, with extensions towards information security, are introduced and discussed.

    Download full text (pdf)
    fulltext
  • 24.
    Vogel, Bahtijar
    et al.
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT). Malmö University, Internet of Things and People (IOTAP).
    Kajtazi, Miranda
    Department of Informatics, Lund University.
    Bugeja, Joseph
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT). Malmö University, Internet of Things and People (IOTAP).
    Varshney, Rimpu
    Department of Security, Booking.com.
    Openness and Security Thinking Characteristics for IoT Ecosystems2020In: Information, E-ISSN 2078-2489, Vol. 11, no 12Article in journal (Refereed)
    Abstract [en]

    While security is often recognized as a top priority for organizations and a push for competitive advantage, repeatedly, Internet of Things (IoT) products have become a target of diverse security attacks. Thus, orchestrating smart services and devices in a more open, standardized and secure way in IoT environments is yet a desire as much as it is a challenge. In this paper, we propose a model for IoT practitioners and researchers, who can adopt a sound security thinking in parallel with open IoT technological developments. We present the state-of-the-art and an empirical study with IoT practitioners. These efforts have resulted in identifying a set of openness and security thinking criteria that are important to consider from an IoT ecosystem point of view. Openness in terms of open standards, data, APIs, processes, open source and open architectures (flexibility, customizability and extensibility aspects), by presenting security thinking tackled from a three-dimensional point of view (awareness, assessment and challenges) that highlight the need to develop an IoT security mindset. A novel model is conceptualized with those characteristics followed by several key aspects important to design and secure future IoT systems.

    Download full text (pdf)
    fulltext
  • 25.
    Vogel, Bahtijar
    et al.
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT). Malmö University, Internet of Things and People (IOTAP).
    Kajtazi, Miranda
    Lund University.
    Bugeja, Joseph
    Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT). Malmö University, Internet of Things and People (IOTAP).
    Varshney, Rimpu
    Sony Mobile Communications AB.
    State-of-the-Art in Security Thinking for the Internet of Things (IoT)2018In: WISP 2018 Proceedings, San Francisco, California, US: Association for Information Systems, 2018Conference paper (Other academic)
    Abstract [en]

    In this paper we propose a model for Internet of Things (IoT) practitioners and researchers on how to use security thinking in parallel with the IoT technological developments. While security is recognized as a top priority, repeatedly, IoT products have become a target by diverse security attacks. This raises the importance for an IoT security mindset that contributes to building more holistic security measures. In understanding this, we present the state-of-the-art in IoT security. This resulted in the identification of three dimensions (awareness, assessment and challenges) that are needed to develop an IoT security mindset. We then interviewed four security and IoT-related experts from three different organizations that formed the basis for our pilot study to test the model. Our results show that the identified three-dimensional model highlights continuous security thinking as a serious matter to sustain IoT development with positive outcomes for its users.

1 - 25 of 25
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf