Malmö University Publications
Change search
Link to record
Permanent link

Direct link
Publications (10 of 23) Show all publications
Flores, C., Gonzalez, J., Kajtazi, M., Bugeja, J. & Vogel, B. (2023). Human Factors for Cybersecurity Awareness in a Remote Work Environment. In: Proceedings of the 9th International Conference on Information Systems Security and Privacy ICISSP: . Paper presented at 9th International Conference on Information Systems Security and Privacy (ICISSP 2023), Lisbon, Portugal, 22–24 February 2023 (pp. 608-616). SciTePress, 1
Open this publication in new window or tab >>Human Factors for Cybersecurity Awareness in a Remote Work Environment
Show others...
2023 (English)In: Proceedings of the 9th International Conference on Information Systems Security and Privacy ICISSP, SciTePress, 2023, Vol. 1, p. 608-616Conference paper, Published paper (Refereed)
Abstract [en]

The conveniences of remote work are various, but a surge in cyberthreats has heavily affected the optimal processes of organizations. As a result, employees’ cybersecurity awareness was jeopardized, prompting organizations to require improvement of cybersecurity processes at all levels. This paper explores which cybersecurity aspects are more relevant and/or relatable for remote working employees. A qualitative approach via interviews is used to collect experiences and perspectives from employees in different organizations. The results show that human factors, such as trust in cybersecurity infrastructure, previous practices, training, security fatigue, and improvements with gamification, are core to supporting the success of a cybersecurity program in a remote work environment.

 

 

 

Place, publisher, year, edition, pages
SciTePress, 2023
Series
ICISSP, E-ISSN 2184-4356
Keywords
Cybersecurity, Trust, Human Factors, Awareness, Employees, Remote Work Environment
National Category
Computer Sciences
Identifiers
urn:nbn:se:mau:diva-64247 (URN)10.5220/0011746000003405 (DOI)2-s2.0-85176343851 (Scopus ID)978-989-758-624-8 (ISBN)
Conference
9th International Conference on Information Systems Security and Privacy (ICISSP 2023), Lisbon, Portugal, 22–24 February 2023
Available from: 2023-12-11 Created: 2023-12-11 Last updated: 2023-12-11Bibliographically approved
Persson, J. A., Bugeja, J., Davidsson, P., Holmberg, J., Kebande, V. R., Mihailescu, R.-C., . . . Tegen, A. (2023). The Concept of Interactive Dynamic Intelligent Virtual Sensors (IDIVS): Bridging the Gap between Sensors, Services, and Users through Machine Learning. Applied Sciences, 13(11), Article ID 6516.
Open this publication in new window or tab >>The Concept of Interactive Dynamic Intelligent Virtual Sensors (IDIVS): Bridging the Gap between Sensors, Services, and Users through Machine Learning
Show others...
2023 (English)In: Applied Sciences, E-ISSN 2076-3417, Vol. 13, no 11, article id 6516Article in journal (Refereed) Published
Abstract [en]

This paper concerns the novel concept of an Interactive Dynamic Intelligent Virtual Sensor (IDIVS), which extends virtual/soft sensors towards making use of user input through interactive learning (IML) and transfer learning. In research, many studies can be found on using machine learning in this domain, but not much on using IML. This paper contributes by highlighting how this can be done and the associated positive potential effects and challenges. An IDIVS provides a sensor-like output and achieves the output through the data fusion of sensor values or from the output values of other IDIVSs. We focus on settings where people are present in different roles: from basic service users in the environment being sensed to interactive service users supporting the learning of the IDIVS, as well as configurators of the IDIVS and explicit IDIVS teachers. The IDIVS aims at managing situations where sensors may disappear and reappear and be of heterogeneous types. We refer to and recap the major findings from related experiments and validation in complementing work. Further, we point at several application areas: smart building, smart mobility, smart learning, and smart health. The information properties and capabilities needed in the IDIVS, with extensions towards information security, are introduced and discussed.

Place, publisher, year, edition, pages
MDPI, 2023
National Category
Computer Sciences
Identifiers
urn:nbn:se:mau:diva-60144 (URN)10.3390/app13116516 (DOI)001004726600001 ()2-s2.0-85163091186 (Scopus ID)
Available from: 2023-06-07 Created: 2023-06-07 Last updated: 2023-09-05Bibliographically approved
Bugeja, J. & Persson, J. A. (2022). A Data-Centric Anomaly-Based Detection System for Interactive Machine Learning Setups. In: Proceedings of the 18th International Conference on Web Information Systems and Technologies - WEBIST: . Paper presented at 18th International Conference on Web Information Systems and Technologies - WEBIST, 2022 , Valletta, Malta (pp. 182-189). SciTePress
Open this publication in new window or tab >>A Data-Centric Anomaly-Based Detection System for Interactive Machine Learning Setups
2022 (English)In: Proceedings of the 18th International Conference on Web Information Systems and Technologies - WEBIST, SciTePress, 2022, p. 182-189Conference paper, Published paper (Refereed)
Abstract [en]

A major concern in the use of Internet of Things (IoT) technologies in general is their reliability in the presence of security threats and cyberattacks. Particularly, there is a growing recognition that IoT environments featuring virtual sensing and interactive machine learning may be subject to additional vulnerabilities when compared to traditional networks and classical batch learning settings. Partly, this is as adversaries could more easily manipulate the user feedback channel with malicious content. To this end, we propose a data-centric anomaly-based detection system, based on machine learning, that facilitates the process of identifying anomalies, particularly those related to poisoning integrity attacks targeting the user feedback channel of interactive machine learning setups. We demonstrate the capabilities of the proposed system in a case study involving a smart campus setup consisting of different smart devices, namely, a smart camera, a climate sensmitter, smart lighting, a smart phone, and a user feedback channel over which users could furnish labels to improve detection of correct system states, namely, activity types happening inside a room. Our results indicate that anomalies targeting the user feedback channel can be accurately detected at 98% using the Random Forest classifier.

Place, publisher, year, edition, pages
SciTePress, 2022
Series
WEBIST, E-ISSN 2184-3252
Keywords
Anomaly Detection, Interactive Machine Learning, Internet of Things, Virtual Sensors, Intrusion Detection, Poisoning Attack, IoT Security
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mau:diva-55923 (URN)10.5220/0011560100003318 (DOI)2-s2.0-85146200321 (Scopus ID)978-989-758-613-2 (ISBN)
Conference
18th International Conference on Web Information Systems and Technologies - WEBIST, 2022 , Valletta, Malta
Available from: 2022-11-10 Created: 2022-11-10 Last updated: 2023-12-12Bibliographically approved
Bugeja, J., Jacobsson, A. & Davidsson, P. (2022). The Ethical Smart Home: Perspectives and Guidelines. IEEE Security and Privacy, 20(1), 72-80
Open this publication in new window or tab >>The Ethical Smart Home: Perspectives and Guidelines
2022 (English)In: IEEE Security and Privacy, ISSN 1540-7993, E-ISSN 1558-4046, Vol. 20, no 1, p. 72-80Article in journal (Refereed) Published
Place, publisher, year, edition, pages
IEEE, 2022
Keywords
ethics, smart homes, security, guidelines, privacy, internet of things, data privacy
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mau:diva-47468 (URN)10.1109/MSEC.2021.3111668 (DOI)000732920200001 ()2-s2.0-85118646780 (Scopus ID)
Available from: 2021-12-13 Created: 2021-12-13 Last updated: 2024-02-05Bibliographically approved
Alawadi, S., Kebande, V. R., Dong, Y., Bugeja, J., Persson, J. A. & Olsson, C. M. (2021). A Federated Interactive Learning IoT-Based Health Monitoring Platform. In: New Trends in Database and Information Systems: . Paper presented at ADBIS 2021: New Trends in Database and Information Systems. Tartu, Estonia, August 24-26, 2021. (pp. 235-246). Springer
Open this publication in new window or tab >>A Federated Interactive Learning IoT-Based Health Monitoring Platform
Show others...
2021 (English)In: New Trends in Database and Information Systems, Springer, 2021, p. 235-246Conference paper, Published paper (Refereed)
Abstract [en]

Remote health monitoring is a trend for better health management which necessitates the need for secure monitoring and privacy-preservation of patient data. Moreover, accurate and continuous monitoring of personal health status may require expert validation in an active learning strategy. As a result, this paper proposes a Federated Interactive Learning IoT-based Health Monitoring Platform (FIL-IoT-HMP) which incorporates multi-expert feedback as ‘Human-in-the-loop’ in an active learning strategy in order to improve the clients’ Machine Learning (ML) models. The authors have proposed an architecture and conducted an experiment as a proof of concept. Federated learning approach has been preferred in this context given that it strengthens privacy by allowing the global model to be trained while sensitive data is retained at the local edge nodes. Also, each model’s accuracy is improved while privacy and security of data has been upheld.

Place, publisher, year, edition, pages
Springer, 2021
Series
Communications in Computer and Information Science, ISSN 1865-0929, E-ISSN 1865-0937 ; 1450
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mau:diva-47470 (URN)10.1007/978-3-030-85082-1_21 (DOI)000775759800021 ()2-s2.0-85115134304 (Scopus ID)978-3-030-85081-4 (ISBN)978-3-030-85082-1 (ISBN)
Conference
ADBIS 2021: New Trends in Database and Information Systems. Tartu, Estonia, August 24-26, 2021.
Available from: 2021-12-13 Created: 2021-12-13 Last updated: 2024-02-05Bibliographically approved
Gabrielsson, J., Bugeja, J. & Vogel, B. (2021). Hacking a Commercial Drone with Open-Source Software: Exploring Data Privacy Violations. In: 2021 10th Mediterranean Conference on Embedded Computing (MECO): . Paper presented at 2021 10th Mediterranean Conference on Embedded Computing (MECO), 7-10 June 2021, Budva, Montenegro (pp. 1-5). IEEE
Open this publication in new window or tab >>Hacking a Commercial Drone with Open-Source Software: Exploring Data Privacy Violations
2021 (English)In: 2021 10th Mediterranean Conference on Embedded Computing (MECO), IEEE, 2021, p. 1-5Conference paper, Published paper (Refereed)
Abstract [en]

Drones have been discussed frequently in both governmental and commercial sectors for their normalization in the airspace. Nonetheless, drones bring diverse privacy concerns to users. In this paper, we explore the ramifications to data privacy from the perspective of drone owners. To investigate privacy in this context, four experiments targeting a commercial drone were conducted using open-source software. The experiments identified personal data (e.g., audio, video, and location) that are at risk of being compromised particularly through the execution of a basic deauthentication attack launched at a commercial drone. Our findings indicate the severity of risks affecting commercial drones. This makes the case for more effective privacy regulations and better guidelines suitable for securing drones.

Place, publisher, year, edition, pages
IEEE, 2021
Series
Mediterranean Conference on Embedded Computing (New Jersey), ISSN 2377-5475, E-ISSN 2637-9511
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mau:diva-47465 (URN)10.1109/MECO52532.2021.9460295 (DOI)2-s2.0-85114205880 (Scopus ID)978-1-6654-3912-1 (ISBN)
Conference
2021 10th Mediterranean Conference on Embedded Computing (MECO), 7-10 June 2021, Budva, Montenegro
Available from: 2021-12-13 Created: 2021-12-13 Last updated: 2024-02-05Bibliographically approved
Bugeja, J. (2021). On Privacy and Security in Smart Connected Homes. (Doctoral dissertation). Malmö: Malmö universitet
Open this publication in new window or tab >>On Privacy and Security in Smart Connected Homes
2021 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The growth and presence of heterogeneous sensor-equipped Internet-connected devices inside the home can increase efficiency and quality of life for the residents. Simultaneously, these devices continuously collect, process, and transmit data about the residents and their daily lifestyle activities to unknown parties outside the home. Such data can be sensitive and personal, leading to increasingly intimate insights into private lives. This data allows for the implementation of services, personalization support, and benefits offered by smart home technologies. Alas, there has been a surge of cyberattacks on connected home devices that essentially compromise privacy and security of the residents.

Providing privacy and security is a critical issue in smart connected homes. Many residents are concerned about unauthorized access into their homes and about the privacy of their data. However, it is typically challenging to implement privacy and security in a smart connected home because of its heterogeneity of devices, the dynamic nature of the home network, and the fact that it is always connected to the Internet, amongst other things. As the numbers and types of smart home devices are increasing rapidly, so are the risks with these devices. Concurrently, it is also becoming increasingly challenging to gain a deeper understand- ing of the smart home. Such understanding is necessary to build a more privacy-preserving and secure smart connected home. Likewise, it is needed as a precursor to perform a comprehensive privacy and security analysis of the smart home.

In this dissertation, we render a comprehensive description and account of the smart connected home that can be used for conducting risk analysis. In doing so, we organize the underlying smart home devices ac- cording to their functionality, identify their data-collecting capabilities, and survey the data types being collected by them. Such is done using the technical specification of commercial devices, including their privacy policies. This description is then leveraged for identifying threats and for analyzing risks present in smart connected homes. Such is done by analyzing both scholarly literature and examples from the industry, and leveraging formal modeling. Additionally, we identify malicious threat agents and mitigations that are relevant to smart connected homes. This is performed without limiting the research and results to a particular configuration and type of smart home.

This research led to three main findings. First, the majority of the surveyed commercial devices are collecting instances of sensitive and personal data but are prone to critical vulnerabilities. Second, there is a shortage of scientific models that capture the complexity and heterogeneity of real-world smart home deployments, especially those intended for privacy risk analysis. Finally, despite the increasing regulations and attention to privacy and security, there is a lack of proactive and integrative approaches intended to safeguard privacy and security of the residents. We contributed to addressing these three findings by developing a framework and models that enable early identification of threats, better planning for risk management scenarios, and mitigation of potential impacts caused by attacks before they reach the homes and compromise the lives of the residents.

Overall, the scientific contributions presented in this dissertation help deepen the understanding and reasoning about privacy and security concerns affecting smart connected homes, and contributes to advancing the research in the area of risk analysis as applied to such systems.

Place, publisher, year, edition, pages
Malmö: Malmö universitet, 2021. p. 66
Series
Studies in Computer Science
Keywords
smart connected homes, Internet of Things, smart homes devices, smart home data, threat identification, risk analysis, privacy, security, vulnerability assessment, mitigations, threat agents
National Category
Computer Sciences
Identifiers
urn:nbn:se:mau:diva-39619 (URN)10.24834/isbn.9789178771646 (DOI)978-91-7877-163-9 (ISBN)978-91-7877-164-6 (ISBN)
Public defence
2021-01-11, D138 Orkanen och Zoom, Malmö University, Malmö, 13:15 (English)
Opponent
Supervisors
Available from: 2021-01-21 Created: 2021-01-21 Last updated: 2022-11-09Bibliographically approved
Bugeja, J., Jacobsson, A. & Davidsson, P. (2021). PRASH: A Framework for Privacy Risk Analysis of Smart Homes.. Sensors, 21(19), Article ID 6399.
Open this publication in new window or tab >>PRASH: A Framework for Privacy Risk Analysis of Smart Homes.
2021 (English)In: Sensors, E-ISSN 1424-8220, Vol. 21, no 19, article id 6399Article in journal (Refereed) Published
Abstract [en]

Smart homes promise to improve the quality of life of residents. However, they collect vasts amounts of personal and sensitive data, making privacy protection critically important. We propose a framework, called PRASH, for modeling and analyzing the privacy risks of smart homes. It is composed of three modules: a system model, a threat model, and a set of privacy metrics, which together are used for calculating the privacy risk exposure of a smart home system. By representing a smart home through a formal specification, PRASH allows for early identification of threats, better planning for risk management scenarios, and mitigation of potential impacts caused by attacks before they compromise the lives of residents. To demonstrate the capabilities of PRASH, an executable version of the smart home system configuration was generated using the proposed formal specification, which was then analyzed to find potential attack paths while also mitigating the impacts of those attacks. Thereby, we add important contributions to the body of knowledge on the mitigations of threat agents violating the privacy of users in their homes. Overall, the use of PRASH will help residents to preserve their right to privacy in the face of the emerging challenges affecting smart homes.

Place, publisher, year, edition, pages
MDPI, 2021
Keywords
IoT, attack taxonomy, privacy, privacy metrics, risk analysis, smart home, system model, threat model
National Category
Computer Sciences
Identifiers
urn:nbn:se:mau:diva-46396 (URN)10.3390/s21196399 (DOI)000759972000012 ()34640718 (PubMedID)2-s2.0-85115805495 (Scopus ID)
Available from: 2021-10-18 Created: 2021-10-18 Last updated: 2024-02-05Bibliographically approved
Bugeja, J., Jacobsson, A. & Davidsson, P. (2020). A Privacy-Centered System Model for Smart Connected Homes. In: 2020 IEEE International Conference on Pervasive Computing and Communications Workshops: PerCom Workshops. Paper presented at IEEE PerCom. IEEE
Open this publication in new window or tab >>A Privacy-Centered System Model for Smart Connected Homes
2020 (English)In: 2020 IEEE International Conference on Pervasive Computing and Communications Workshops: PerCom Workshops, IEEE, 2020Conference paper, Published paper (Refereed)
Abstract [en]

Smart connected homes are integrated with heterogeneous Internet-connected devices interacting with the physical environment and human users. While they have become an established research area, there is no common understanding of what composes such a pervasive environment making it challenging to perform a scientific analysis of the domain. This is especially evident when it comes to discourse about privacy threats. Recognizing this, we aim to describe a generic smart connected home, including the data it deals with in a novel privacy-centered system model. Such is done using concepts borrowed from the theory of Contextual Integrity. Furthermore, we represent privacy threats formally using the proposed model. To illustrate the usage of the model, we apply it to the design of an ambient-assisted living use-case and demonstrate how it can be used for identifying and analyzing the privacy threats directed to smart connected homes.

Place, publisher, year, edition, pages
IEEE, 2020
Keywords
Internet of Things, system model, privacy, privacy threats, home data, smart home, smart living
National Category
Computer Sciences
Identifiers
urn:nbn:se:mau:diva-18127 (URN)10.1109/PerComWorkshops48775.2020.9156246 (DOI)000612838200136 ()2-s2.0-85091968572 (Scopus ID)978-1-7281-4716-1 (ISBN)
Conference
IEEE PerCom
Available from: 2020-08-25 Created: 2020-08-25 Last updated: 2024-02-05Bibliographically approved
Bugeja, J., Jacobsson, A. & Davidsson, P. (2020). Is Your Home Becoming a Spy?: A Data-Centered Analysis and Classification of Smart Connected Home Systems. In: IoT '20: Proceedings of the 10th International Conference on the Internet of Things. Paper presented at IoT '20. New York, United States: ACM Digital Library, Article ID 17.
Open this publication in new window or tab >>Is Your Home Becoming a Spy?: A Data-Centered Analysis and Classification of Smart Connected Home Systems
2020 (English)In: IoT '20: Proceedings of the 10th International Conference on the Internet of Things, New York, United States: ACM Digital Library, 2020, article id 17Conference paper, Published paper (Refereed)
Abstract [en]

Smart connected home systems bring different privacy challenges to residents. The contribution of this paper is a novel privacy grounded classification of smart connected home systems that is focused on personal data exposure. This classification is built empirically through k-means cluster analysis from the technical specification of 81 commercial Internet of Things (IoT) systems as featured in PrivacyNotIncluded – an online database of consumer IoT systems. The attained classification helps us better understand the privacy implications and what is at stake with different smart connected home systems. Furthermore, we survey the entire spectrum of analyzed systems for their data collection capabilities. Systems were classified into four tiers: app-based accessors, watchers, location harvesters, and listeners, based on the sensing data the systems collect. Our findings indicate that being surveilled inside your home is a realistic threat, particularly, as the majority of the surveyed in-home IoT systems are installed with cameras, microphones, and location trackers. Finally, we identify research directions and suggest some best practices to mitigate the threat of in-house surveillance.

Place, publisher, year, edition, pages
New York, United States: ACM Digital Library, 2020
Keywords
IoT, smart home, home automation, privacy, unsupervised classification, survey, web mining
National Category
Computer Sciences
Identifiers
urn:nbn:se:mau:diva-18599 (URN)10.1145/3410992.3411012 (DOI)2-s2.0-85123040173 (Scopus ID)978-1-4503-8758-3 (ISBN)
Conference
IoT '20
Available from: 2020-10-10 Created: 2020-10-10 Last updated: 2024-02-05Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0003-0546-072X

Search in DiVA

Show all publications