Designing connected play: Perspectives from combining industry and academic know-how. In: Chaudron S., Di Gioia R., Gemo M., Holloway D., Marsh J., Mascheroni G., Peter J., Yamada-Rice D. Kaleidoscope on the Internet of Toys - Safety, security, privacy and societal insights, EUR 28397 EN, doi:10.2788/05383

Academics, designers and producers tend to consider the evolving Internet of Toys (IoToys) from within their individual disciplines. On the one hand, academics bring a long history of researching and theorizing play and communication practices to the task of considering young children’s use of connected toys. On the other hand, designers and producers of connected toys have detailed understanding of the possibilities and affordances of technology, as well as the technical mechanics involved in toy production. In other words, they know what it is possible to make, and what it is not possible to make. Industry also has an eye on trends in digital toy production and content, and how these are likely to evolve. This is because the digital play industry track data on technology usage and media consumption, and so on. These are things that academics are often a step behind in understanding because of a tendency to consider children’s use of an end product. However, my work across academia and the commercial toy and digital content industry has taught me that the amount of expertise companies have of child development and theories around play and communication practices is extremely varied and start-up companies in particular have little resource to conduct in-house research. This means that some connected toys are not as well made for young users as they could be. However, these crossovers have also taught me that sometimes academics call for changes to designs that are not easily possible or commercially viable. Therefore, regular collaboration between academia and industry would aid production of the best possible connected toys and content for young children

After the Gold Rush: The Boom of the Internet of Things, and the Busts of Data-Security and Privacy

This Article addresses the impact that the lack of oversight of the Internet of Things has on digital privacy. While the Internet of Things is but one vehicle for technological innovation, it has created a broad glimpse into domestic life, thus triggering several privacy issues that the law is attempting to keep pace with. What the Internet of Things can reveal is beyond the control of the individual, as it collects information about every practical aspect of an individual’s life, and provides essentially unfettered access into the mind of its users. This Article proposes that the federal government and the state governments bend toward consumer protection while creating a cogent and predictable body of law surrounding the Internet of Things. Through privacy-by-design or self-help, it is imperative that the Internet of Things—and any of its unforeseen progeny—develop with an eye toward safeguarding individual privacy while allowing technological development

Towards a Privacy Rule Conceptual Model for Smart Toys

A smart toy is defined as a device consisting of a physical toy component that connects to one or more toy computing services to facilitate gameplay in the cloud through networking and sensory technologies to enhance the functionality of a traditional toy. A smart toy in this context can be effectively considered an Internet of Things (IoT) with Artificial Intelligence (AI) which can provide Augmented Reality (AR) experiences to users. In this paper, the first assumption is that children do not understand the concept of privacy and the children do not know how to protect themselves online, especially in a social media and cloud environment. The second assumption is that children may disclose private information to smart toys and not be aware of the possible consequences and liabilities. This paper presents a privacy rule conceptual model with the concepts of smart toy, mobile service, device, location, and guidance with related privacy entities: purpose, recipient, obligation, and retention for smart toys. Further the paper also discusses an implementation of the prototype interface with sample scenarios for future research works

Fog computing security and privacy issues, open challenges, and blockchain solution: An overview

Due to the expansion growth of the IoT devices, Fog computing was proposed to enhance the low latency IoT applications and meet the distribution nature of these devices. However, Fog computing was criticized for several privacy and security vulnerabilities. This paper aims to identify and discuss the security challenges for Fog computing. It also discusses blockchain technology as a complementary mechanism associated with Fog computing to mitigate the impact of these issues. The findings of this paper reveal that blockchain can meet the privacy and security requirements of fog computing; however, there are several limitations of blockchain that should be further investigated in the context of Fog computing

Remote attestation to ensure the security of future Internet of Things services

The Internet of Things (IoT) evolution is gradually reshaping the physical world into smart environments that involve a large number of interconnected resource-constrained devices which collect, process, and exchange enormous amount of (more or less) sensitive information. With the increasing number of interconnected IoT devices and their capabilities to control the environment, IoT systems are becoming a prominent target of sophisticated cyberattacks. To deal with the expanding attack surface, IoT systems require adequate security mechanisms to verify the reliability of IoT devices. Remote attestation protocols have recently gained wide attention in IoT systems as valuable security mechanisms that detect the adversarial presence and guarantee the legitimate state of IoT devices. Various attestation schemes have been proposed to optimize the effectiveness and efficiency of remote attestation protocols of a single IoT device or a group of IoT devices. Nevertheless, some cyber attacks remain undetected by current attestation methods, and attestation protocols still introduce non-negligible computational overheads for resource-constrained devices. This thesis presents the following new contributions in the area of remote attestation protocols that verify the trustworthiness of IoT devices. First, this thesis shows the limitations of existing attestation protocols against runtime attacks which, by compromising a device, may maliciously influence the operation of other genuine devices that interact with the compromised one. To detect such an attack, this thesis introduces the service perspective in remote attestation and presents a synchronous remote attestation protocol for distributed IoT services. Second, this thesis designs, implements and evaluates a novel remote attestation scheme that releases the constraint of synchronous interaction between devices and enables the attestation of asynchronous distributed IoT services. The proposed scheme also attests asynchronously a group of IoT devices, without interrupting the regular operations of all the devices at the same time. Third, this thesis proposes a new approach that aims to reduce the interruption time of the regular work that remote attestation introduces in an IoT device. This approach intends to decrease the computational overhead of attestation by allowing an IoT device to securely offload the attestation process to a cloud service, which then performs attestation independently on the cloud, on behalf of the IoT device