Increasing user controllability on device specific privacy in the Internet of Things

With recent advancements in information technology more and more devices are integrated in the Internet of Things. These devices gather significant amount of private information pertinent to a user and while, in some cases it helps in improving the life style of an individual, in others it raises major privacy concerns. This trade-off between utility and privacy is highly dependent upon the devices in consideration and as the utility of the generated data increases, the privacy of an individual decreases. In this paper, we formulate a utility-privacy trade-off that enables a user to make appliance specific decisions as to how much data can be shared. This is achieved by parametrizing the degree of privacy allowed for each device and enabling the user to configure the parameter of each device. We use the smart metering application as the test case scenario for the proposed approach. We evaluate its performance using simulations conducted on the ECO data set. Our results indicate that, the proposed approach is successful in identifying appliances with an accuracy of 81.8% and a precision of 70.1%. In addition, it is demonstrated that device specific changes of the configuration parameters allow the degree of privacy achieved for the particular device and the utility to be well controlled, thus demonstrating the effectiveness of the proposed approach. Moreover, it is shown that, as expected, devices with higher power consumption contribute more to the overall privacy and utility achieved. A comparative study is also conducted and the proposed approach is shown to outperform the existing ElecPrivacy approach by producing a trace that is harder to identify, as reported after testing the Weiss’ and Baranski’s algorithm, both of which are well known Non-Intrusive Load Monitoring algorithms. Finally, it is demonstrated that the addition of noise, which is an integral part of the propose approach, can greatly improve performance

Quality assessment technique for ubiquitous software and middleware

The new paradigm of computing or information systems is ubiquitous computing systems. The technology-oriented issues of ubiquitous computing systems have made researchers pay much attention to the feasibility study of the technologies rather than building quality assurance indices or guidelines. In this context, measuring quality is the key to developing high-quality ubiquitous computing products. For this reason, various quality models have been defined, adopted and enhanced over the years, for example, the need for one recognised standard quality model (ISO/IEC 9126) is the result of a consensus for a software quality model on three levels: characteristics, sub-characteristics, and metrics. However, it is very much unlikely that this scheme will be directly applicable to ubiquitous computing environments which are considerably different to conventional software, trailing a big concern which is being given to reformulate existing methods, and especially to elaborate new assessment techniques for ubiquitous computing environments. This paper selects appropriate quality characteristics for the ubiquitous computing environment, which can be used as the quality target for both ubiquitous computing product evaluation processes ad development processes. Further, each of the quality characteristics has been expanded with evaluation questions and metrics, in some cases with measures. In addition, this quality model has been applied to the industrial setting of the ubiquitous computing environment. These have revealed that while the approach was sound, there are some parts to be more developed in the future

IAMS framework: a new framework for acceptable user experiences for integrating physical and virtual identity access management systems

The modern world is populated with so many virtual and physical Identity Access Management Systems (IAMSs) that individuals are required to maintain numerous passwords and login credentials. The tedious task of remembering multiple login credentials can be minimised through the utilisation of an innovative approach of single sign-in mechanisms. During recent times, several systems have been developed to provide physical and virtual identity management systems; however, most have not been very successful. Many of the available systems do not provide the feature of virtual access on mobile devices via the internet; this proves to be a limiting factor in the usage of the systems. Physical spaces, such as offices and government entities, are also favourable places for the deployment of interoperable physical and virtual identity management systems, although this area has only been explored to a minimal level. Alongside increasing the level of awareness for the need to deploy interoperable physical and virtual identity management systems, this paper addresses the immediate need to establish clear standards and guidelines for successful integration of the two medium

Adaptation and application of the IEEE 2413-2019 standard security mechanisms to IoMT systems

Healthcare information systems are evolving from traditional centralised architectures towards highly-mobile distributed environments within the connected health context. The IoMT paradigm is at the forefront of this technological revolution underlying the development of communication infrastructures connecting smart medical devices, healthcare information systems and services. The IEEE 2413 standard, a promising general architectural framework for the design and implementation of IoT systems, has recently been announced. This standard proposes a general description for different types of domains, including healthcare, but it does not contain an extension developed for the IoMT systems domain. This paper presents a first approach to adapt the IEEE 2413 standard to the design of IoMT systems from a security perspective, considering the most relevant aspects of the standard for the construction of this type of systems. The application to an IoMT system for monitoring patients with chronic obstructive pulmonary disease is presented as a use case.Fundación Mutua MadrileñaSociedad Española de Diabete

Individual Differences in Cyber Security

A survey of IT professionals suggested that despite technological advancement and organizational procedures to prevent cyber-attacks, users are still the weakest link in cyber security (Crossler, 2013). This suggests it is important to discover what individual differences may cause a user to be more or less vulnerable to cyber security threats. Cyber security knowledge has been shown to lead to increased learning and proactive cyber security behavior (CSB). Self-efficacy has been shown to be a strong predictor of a user’s intended behavior. Traits such as neuroticism have been shown to negatively influence cyber security knowledge and self-efficacy, which may hinder CSB. In discovering what individual traits may predict CSB, users and designers may be able to implement solutions to improve CSB. In this study, 183 undergraduate students at San José State University completed an online survey. Students completed surveys of self-efficacy in information security, and cyber security behavioral intention, as well as a personality inventory and a semantic cyber security knowledge quiz. Correlational analyses were conducted to test hypotheses related to individual traits expected to predict CSB. Results included a negative relationship between neuroticism and self-efficacy and a positive relationship between self-efficacy and CSB. Overall, the results support the conclusion that individual differences can predict self-efficacy and intention to engage in CSB. Future research is needed to investigate whether CSB is influenced by traits such as neuroticism, if CSB can be improved through video games, and which are the causal directions of these effects

Integration of Legacy Appliances into Home Energy Management Systems

The progressive installation of renewable energy sources requires the coordination of energy consuming devices. At consumer level, this coordination can be done by a home energy management system (HEMS). Interoperability issues need to be solved among smart appliances as well as between smart and non-smart, i.e., legacy devices. We expect current standardization efforts to soon provide technologies to design smart appliances in order to cope with the current interoperability issues. Nevertheless, common electrical devices affect energy consumption significantly and therefore deserve consideration within energy management applications. This paper discusses the integration of smart and legacy devices into a generic system architecture and, subsequently, elaborates the requirements and components which are necessary to realize such an architecture including an application of load detection for the identification of running loads and their integration into existing HEM systems. We assess the feasibility of such an approach with a case study based on a measurement campaign on real households. We show how the information of detected appliances can be extracted in order to create device profiles allowing for their integration and management within a HEMS

Recommendations on the Internet of Things: Requirements, Challenges, and Directions

© 1997-2012 IEEE. The Internet of Things (IoT) is accelerating the growth of data available on the Internet, which makes the traditional search paradigms incapable of digging the information that people need from massive and deep resources. Furthermore, given the dynamic nature of organizations, social structures, and devices involved in IoT environments, intelligent and automated approaches become critical to support decision makers with the knowledge derived from the vast amount of information available through IoT networks. Indeed, IoT is more desirable of an effective and efficient paradigm of proactive discovering rather than postactive searching. This paper discusses some of the important requirements and key challenges to enable effective and efficient thing-of-interest recommendation and provides an array of new perspectives on IoT recommendation

Security issues and defences for Internet of Things

The Internet of Things (IoT) aims at linking billions of devices using the internet and other heterogeneous networks to share information. However, the issues of security in IoT environments are more challenging than with ordinary Internet. A vast number of devices are exposed to the attackers, and some of those devices contain sensitive personal and confidential data. For example, the sensitive flows of data such as autonomous vehicles, patient life support devices, traffic data in smart cities are extremely concerned by researchers from the security field. The IoT architecture needs to handle security and privacy requirements such as provision of authentication, access control, privacy and confidentiality. This thesis presents the architecture of IoT and its security issues. Additionally, we introduce the concept of blockchain technology, and the role of blockchain in different security aspects of IoT is discussed through a literature review. In case study of Mirai, we explain how snort and iptables based approach can be used to prevent IoT botnet from finding IoT devices by port scanning