1,009 research outputs found
Program Analysis of Commodity IoT Applications for Security and Privacy: Challenges and Opportunities
Recent advances in Internet of Things (IoT) have enabled myriad domains such
as smart homes, personal monitoring devices, and enhanced manufacturing. IoT is
now pervasive---new applications are being used in nearly every conceivable
environment, which leads to the adoption of device-based interaction and
automation. However, IoT has also raised issues about the security and privacy
of these digitally augmented spaces. Program analysis is crucial in identifying
those issues, yet the application and scope of program analysis in IoT remains
largely unexplored by the technical community. In this paper, we study privacy
and security issues in IoT that require program-analysis techniques with an
emphasis on identified attacks against these systems and defenses implemented
so far. Based on a study of five IoT programming platforms, we identify the key
insights that result from research efforts in both the program analysis and
security communities and relate the efficacy of program-analysis techniques to
security and privacy issues. We conclude by studying recent IoT analysis
systems and exploring their implementations. Through these explorations, we
highlight key challenges and opportunities in calibrating for the environments
in which IoT systems will be used.Comment: syntax and grammar error are fixed, and IoT platforms are updated to
match with the submissio
Fog Computing in Medical Internet-of-Things: Architecture, Implementation, and Applications
In the era when the market segment of Internet of Things (IoT) tops the chart
in various business reports, it is apparently envisioned that the field of
medicine expects to gain a large benefit from the explosion of wearables and
internet-connected sensors that surround us to acquire and communicate
unprecedented data on symptoms, medication, food intake, and daily-life
activities impacting one's health and wellness. However, IoT-driven healthcare
would have to overcome many barriers, such as: 1) There is an increasing demand
for data storage on cloud servers where the analysis of the medical big data
becomes increasingly complex, 2) The data, when communicated, are vulnerable to
security and privacy issues, 3) The communication of the continuously collected
data is not only costly but also energy hungry, 4) Operating and maintaining
the sensors directly from the cloud servers are non-trial tasks. This book
chapter defined Fog Computing in the context of medical IoT. Conceptually, Fog
Computing is a service-oriented intermediate layer in IoT, providing the
interfaces between the sensors and cloud servers for facilitating connectivity,
data transfer, and queryable local database. The centerpiece of Fog computing
is a low-power, intelligent, wireless, embedded computing node that carries out
signal conditioning and data analytics on raw data collected from wearables or
other medical sensors and offers efficient means to serve telehealth
interventions. We implemented and tested an fog computing system using the
Intel Edison and Raspberry Pi that allows acquisition, computing, storage and
communication of the various medical data such as pathological speech data of
individuals with speech disorders, Phonocardiogram (PCG) signal for heart rate
estimation, and Electrocardiogram (ECG)-based Q, R, S detection.Comment: 29 pages, 30 figures, 5 tables. Keywords: Big Data, Body Area
Network, Body Sensor Network, Edge Computing, Fog Computing, Medical
Cyberphysical Systems, Medical Internet-of-Things, Telecare, Tele-treatment,
Wearable Devices, Chapter in Handbook of Large-Scale Distributed Computing in
Smart Healthcare (2017), Springe
Recent Advances in Wearable Sensing Technologies
Wearable sensing technologies are having a worldwide impact on the creation of novel business opportunities and application services that are benefiting the common citizen. By using these technologies, people have transformed the way they live, interact with each other and their surroundings, their daily routines, and how they monitor their health conditions. We review recent advances in the area of wearable sensing technologies, focusing on aspects such as sensor technologies, communication infrastructures, service infrastructures, security, and privacy. We also review the use of consumer wearables during the coronavirus disease 19 (COVID-19) pandemic caused by the severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2), and we discuss open challenges that must be addressed to further improve the efficacy of wearable sensing systems in the future
Solution for Capturing Data from Wearable Devices
Cursos e Congresos , C-155[Abstract] Thanks to the rise of wearable devices, people have more direct access to a variety of
health data, such as physical activity, sleep and heart rate. For the research field, these devices
represent a powerful tool for monitoring and evaluating different parameters. However, the procedure
of capturing data for storage in an independent and self-managed database is not standardised.
In this project we analysed two methods of data capture for the Xiaomi Mi Bands. One
uses the official application together with Google Fit and the other uses the open source application
GadgetBridge. The advantages and disadvantages of each system were studied, concluding
that both could be very beneficial as data capture solutions for wearable devices in research, although
with different target projects due to their particularities. Future work will explore these
systems in more depth, addressing limitations, automation and optimising for specific research
needsXunta de Galicia; ED431B 2022/39CITIC is financed by the Xunta de Galicia through the collaboration agreement between the Consellería de Cultura, Educaci´on, Formación Profesional e Universidades and the Galician universities for the reinforcement of the research centres of the GalicianUniversity System (CIGUS). The research carried out by TALIONIS group is financed by the Xunta de Galicia (Aid from the Consellería de Cultura, Educación, Formación Profesional e Universidades for the consolidation and structuring of competitive research units) ED431B 2022/39. The publication is part of the project TED2021-130127A-I00, funded by MCIN/AEI/10.13039/501100011033 and by the European Union ”NextGenerationEU”/PRT
Mobile Software Assurance Informed through Knowledge Graph Construction: The OWASP Threat of Insecure Data Storage
Many organizations, to save costs, are moving to the Bring Your Own Mobile Device (BYOD) model and adopting applications built by third-parties at an unprecedented rate. Our research examines software assurance methodologies specifically focusing on security analysis coverage of the program analysis for mobile malware detection, mitigation, and prevention. This research focuses on secure software development of Android applications by developing knowledge graphs for threats reported by the Open Web Application Security Project (OWASP). OWASP maintains lists of the top ten security threats to web and mobile applications. We develop knowledge graphs based on the two most recent top ten threat years and show how the knowledge graph relationships can be discovered in mobile application source code. We analyze 200+ healthcare applications from GitHub to gain an understanding of their software assurance of their developed software for one of the OWASP top ten mobile threats, the threat of “Insecure Data Storage.” We find that many of the applications are storing personally identifying information (PII) in potentially vulnerable places leaving users exposed to higher risks for the loss of their sensitive data
Big data privacy in the Internet of Things era
Over the last few years, we've seen a plethora of Internet of Things (IoT) solutions, products, and services make their way into the industry's marketplace. All such solutions will capture large amounts of data pertaining to the environment as well as their users. The IoT's objective is to learn more and better serve system users. Some IoT solutions might store data locally on devices ('things'), whereas others might store it in the cloud. The real value of collecting data comes through data processing and aggregation on a large scale, where new knowledge can be extracted. However, such procedures can lead to user privacy issues. This article discusses some of the main challenges of privacy in the IoT as well as opportunities for research and innovation. The authors also introduce some of the ongoing research efforts that address IoT privacy issues
Understanding IoT Security Through the Data Crystal Ball: Where We Are Now and Where We Are Going To Be
Inspired by the boom of the consumer IoT market, many device manufacturers, new start-up companies and technology behemoths have jumped into the space. Indeed, in a span of less than 5 years, we have experienced the manifestation of an array of solutions for the smart home, smart cities and even smart cars. Unfortunately, the exciting utility and rapid marketization of IoTs, come at the expense of privacy and security. Online and industry reports, and academic work have revealed a number of attacks on IoT systems, resulting in privacy leakage, property loss and even large-scale availability problems on some of the most influential Internet services (e.g. Netflix, Twitter). To mitigate such threats, a few new solutions have been proposed. However, it is still less clear what are the impacts they can have on the IoT ecosystem. In this work, we aim to perform a comprehensive study on reported attacks and defenses in the realm of IoTs aiming to find out what we know, where the current studies fall short and how to move forward. To this end, we first build a toolkit that searches through massive amount of online data using semantic analysis to identify over 3000 IoT-related articles (papers, reports and news). Further, by clustering such collected data using machine learning technologies, we are able to compare academic views with the findings from industry and other sources, in an attempt to understand the gaps between them, the trend of the IoT security risks and new problems that need further attention. We systemize this process, by proposing a taxonomy for the IoT ecosystem and organizing IoT security into five problem areas. We use this taxonomy as a beacon to assess each IoT work across a number of properties we define. Our assessment reveals that despite the acknowledged and growing concerns on IoT from both industry and academia, relevant security and privacy problems are far from solved. We discuss how each proposed solution can be applied to a problem area and highlight their strengths, assumptions and constraints. We stress the need for a security framework for IoT vendors and discuss the trend of shifting security liability to external or centralized entities. We also identify open research problems and provide suggestions towards a secure IoT ecosystem
- …