Smart Humans... WannaDie?

It won't be long until our prostheses, ECG personal monitors, subcutaneous insulin infusors, glasses, etc. become devices of the Internet of Things (IoT), always connected for monitoring, maintenance, charging and tracking. This will be the dawn of the Smart Human, not just a user of the IoT but a Thing in the Internet. How long would it then take for hackers to attack us like they have been attacking IoT devices? What would happen if hackers were able to blackmail us threatening our IoT body parts? Smart Humans may become victims of the devastating attack of WannaDie, a new ransomware that could provide the plot-line for a possible future episode of the Black Mirror TV series.Comment: 5 pages, 3 figures, Accepted at the "Re-Coding Black Mirror" workshop of the International Conference Data Protection and Democracy (CPDP

Localization to Enhance Security and Services in Wi-Fi Networks under Privacy Constraints

Developments of seamless mobile services are faced with two broad challenges, systems security and user privacy - access to wireless systems is highly insecure due to the lack of physical boundaries and, secondly, location based services (LBS) could be used to extract highly sensitive user information. In this paper, we describe our work on developing systems which exploit location information to enhance security and services under privacy constraints. We describe two complimentary methods which we have developed to track node location information within production University Campus Networks comprising of large numbers of users. The location data is used to enhance security and services. Specifically, we describe a method for creating geographic firewalls which allows us to restrict and enhance services to individual users within a specific containment area regardless of physical association. We also report our work on LBS development to provide visualization of spatio-temporal node distribution under privacy considerations

Conceivable security risks and authentication techniques for smart devices

With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques

Provably-secure symmetric private information retrieval with quantum cryptography

Private information retrieval (PIR) is a database query protocol that provides user privacy, in that the user can learn a particular entry of the database of his interest but his query would be hidden from the data centre. Symmetric private information retrieval (SPIR) takes PIR further by additionally offering database privacy, where the user cannot learn any additional entries of the database. Unconditionally secure SPIR solutions with multiple databases are known classically, but are unrealistic because they require long shared secret keys between the parties for secure communication and shared randomness in the protocol. Here, we propose using quantum key distribution (QKD) instead for a practical implementation, which can realise both the secure communication and shared randomness requirements. We prove that QKD maintains the security of the SPIR protocol and that it is also secure against any external eavesdropper. We also show how such a classical-quantum system could be implemented practically, using the example of a two-database SPIR protocol with keys generated by measurement device-independent QKD. Through key rate calculations, we show that such an implementation is feasible at the metropolitan level with current QKD technology.Comment: 19 page

Privacy-Protecting Energy Management Unit through Model-Distribution Predictive Control

The roll-out of smart meters in electricity networks introduces risks for consumer privacy due to increased measurement frequency and granularity. Through various Non-Intrusive Load Monitoring techniques, consumer behavior may be inferred from their metering data. In this paper, we propose an energy management method that reduces energy cost and protects privacy through the minimization of information leakage. The method is based on a Model Predictive Controller that utilizes energy storage and local generation, and that predicts the effects of its actions on the statistics of the actual energy consumption of a consumer and that seen by the grid. Computationally, the method requires solving a Mixed-Integer Quadratic Program of manageable size whenever new meter readings are available. We simulate the controller on generated residential load profiles with different privacy costs in a two-tier time-of-use energy pricing environment. Results show that information leakage is effectively reduced at the expense of increased energy cost. The results also show that with the proposed controller the consumer load profile seen by the grid resembles a mixture between that obtained with Non-Intrusive Load Leveling and Lazy Stepping.Comment: Accepted for publication in IEEE Transactions on Smart Grid 2017, special issue on Distributed Control and Efficient Optimization Methods for Smart Gri