Cyber Security Violation in I0T-Enabled Bright Society: A Proposed Framework

The undesirable consequences of ICT proliferation remains a big concern. The rise in Internet of Things (IoT) have further exacerbated security and information privacy challenges. One main reason is organizations and individuals constantly violate regulations and rules. While cybersecurity and privacy scholars accentuate on the likelihood of rule violations at the individual and organizational levels, the evidence for and discussion of this concept is still scant. This study proposes an empirical response to the Bright ICT initiative of the Association of Information System. This initiative aims to drastically eliminate adverse effect of Internet of Things (IoT). However, a robust privacy and cybersecurity model is needed. This study draws on the selective organizational information privacy and security violation model and delineate it at individual level. Specifically, attitude towards behaviour and subjective norms, contextual conditions, rule and regulatory conditions, perceived risk of violating a privacy or security rule, economic and non-economic strain constructs are hypothesized to determine the likelihood of a privacy and cybersecurity rule violation. In this context, pertinent cybersecurity literatures for IoT-enabled environment were examined to suggest solutions to reduce the dark side of IoT-enabled bright society. This paper presents the proposed model

Envisioning Tool Support for Designing Privacy-Aware Internet of Thing Applications

The design and development process for Internet of Things (IoT) applications is more complicated than for desktop, mobile, or web applications. IoT applications require both software and hardware to work together across multiple different types of nodes (e.g., microcontrollers, system-on-chips, mobile phones, miniaturised single-board computers, and cloud platforms) with different capabilities under different conditions. IoT applications typically collect and analyse personal data that can be used to derive sensitive information about individuals. Without proper privacy protections in place, IoT applications could lead to serious privacy violations. Thus far, privacy concerns have not been explicitly considered in software engineering processes when designing and developing IoT applications, partly due to a lack of tools, technologies, and guidance. This paper presents a research vision that argues the importance of developing a privacy-aware IoT application design tool to address the challenges mentioned above. This tool should not only transform IoT application designs into privacy-aware application designs but also validate and verify them. First, we outline how this proposed tool should work in practice and its core functionalities. Then, we identify research challenges and potential directions towards developing the proposed tool. We anticipate that this proposed tool will save many engineering hours which engineers would otherwise need to spend on developing privacy expertise and applying it. We also highlight the usefulness of this tool towards privacy education and privacy compliance

Your Smart Home Can't Keep a Secret: Towards Automated Fingerprinting of IoT Traffic with Neural Networks

The IoT (Internet of Things) technology has been widely adopted in recent years and has profoundly changed the people's daily lives. However, in the meantime, such a fast-growing technology has also introduced new privacy issues, which need to be better understood and measured. In this work, we look into how private information can be leaked from network traffic generated in the smart home network. Although researchers have proposed techniques to infer IoT device types or user behaviors under clean experiment setup, the effectiveness of such approaches become questionable in the complex but realistic network environment, where common techniques like Network Address and Port Translation (NAPT) and Virtual Private Network (VPN) are enabled. Traffic analysis using traditional methods (e.g., through classical machine-learning models) is much less effective under those settings, as the features picked manually are not distinctive any more. In this work, we propose a traffic analysis framework based on sequence-learning techniques like LSTM and leveraged the temporal relations between packets for the attack of device identification. We evaluated it under different environment settings (e.g., pure-IoT and noisy environment with multiple non-IoT devices). The results showed our framework was able to differentiate device types with a high accuracy. This result suggests IoT network communications pose prominent challenges to users' privacy, even when they are protected by encryption and morphed by the network gateway. As such, new privacy protection methods on IoT traffic need to be developed towards mitigating this new issue

Trust and Privacy in Development of Publish/Subscribe Systems

Publish/subscribe (pub/sub) is a widely deployed paradigm for information dissemination in a variety of distributed applications such as financial platforms, e-health frameworks and the Internet-of-Things. In essence, the pub/sub model considers one or more publishers generating feeds of information and a set of subscribers, the clients of the system. A pub/sub service is in charge of delivering the published information to interested clients. With the advent of cloud computing, we observe a growing tendency to externalize applications using pub/sub services to public clouds. This trend, despite its advantages, opens up multiple important data privacy and trust issues. Although multiple solutions for data protection have been proposed by the academic community, there is no unified view or framework describing how to deploy secure pub/sub systems on public clouds. To remediate this, we advocate towards a trust model which we believe can serve as basis for such deployments

Understanding security risks and users perception towards adopting wearable Internet of Medical Things

This thesis examines users’ perception of trust within the context of security and privacy of Wearable Internet of Medical Things (WIoMT). WIoMT is a collective term for all medical devices connected to internet to facilitate collection and sharing of health-related data such as blood pressure, heart rate, oxygen level and more. Common wearable devices include smart watches and fitness bands. WIoMT, a phenomenon due to Internet of Things (IoT) has become prevalent in managing the day-to-day activities and health of individuals. This increased growth and adoption poses severe security and privacy concerns. Similar to IoT, there is a need to analyse WIoMT security risks as they are used by individuals and organisations on regular basis, risking personal and confidential information. Additionally, for better implementation, performance, adoption, and secured wearable medical devices, it is crucial to observe users’ perception. Users’ perspectives towards trust are critical for adopting WIoMT. This research aimed to understand users’ perception of trust in the adoption of WIoMT, while also exploring the security risks associated with adopting wearable IoMT. Employing a quantitative method approach, 189 participants from Western Sydney University completed an online survey. The results of the study and research model indicated more than half of the variance (R2 = 0.553) in the Intention to Use WIoMT devices, which was determined by the significant predictors (95% Confidence Interval; p < 0.05), Perceived Usefulness, Perceived Ease of Use and Perceived Security and Privacy. Among these two, the domain Perceived Security and Privacy was found to have significant outcomes. Hence, this study reinforced that a WIoMT user intends to use the device only if he/she trusts the device; trust here has been defined in terms of its usefulness, easy to use and security and privacy features. This finding will be a steppingstone for equipment vendors and manufacturers to have a good grasp on the health industry, since the proper utilisation of WIoMT devices results in the effective and efficient management of health and wellbeing of users. The expected outcome from this research also aims to identify how users’ security and perception matters while adopting WIoMT, which in future can benefit security professionals to examine trust factors when implementing new and advanced WIoMT devices. Moreover, the expected result will help consumers as well as different healthcare industry to create a device which can be easily adopted and used securely by consumers

Taxonomic Classification of IoT Smart Home Voice Control

Voice control in the smart home is commonplace, enabling the convenient control of smart home Internet of Things hubs, gateways and devices, along with information seeking dialogues. Cloud-based voice assistants are used to facilitate the interaction, yet privacy concerns surround the cloud analysis of data. To what extent can voice control be performed using purely local computation, to ensure user data remains private? In this paper we present a taxonomy of the voice control technologies present in commercial smart home systems. We first review literature on the topic, and summarise relevant work categorising IoT devices and voice control in the home. The taxonomic classification of these entities is then presented, and we analyse our findings. Following on, we turn to academic efforts in implementing and evaluating voice-controlled smart home set-ups, and we then discuss open-source libraries and devices that are applicable to the design of a privacy-preserving voice assistant for smart homes and the IoT. Towards the end, we consider additional technologies and methods that could support a cloud-free voice assistant, and conclude the work

Applications of Internet of Things

This book introduces the Special Issue entitled “Applications of Internet of Things”, of ISPRS International Journal of Geo-Information. Topics covered in this issue include three main parts: (I) intelligent transportation systems (ITSs), (II) location-based services (LBSs), and (III) sensing techniques and applications. Three papers on ITSs are as follows: (1) “Vehicle positioning and speed estimation based on cellular network signals for urban roads,” by Lai and Kuo; (2) “A method for traffic congestion clustering judgment based on grey relational analysis,” by Zhang et al.; and (3) “Smartphone-based pedestrian’s avoidance behavior recognition towards opportunistic road anomaly detection,” by Ishikawa and Fujinami. Three papers on LBSs are as follows: (1) “A high-efficiency method of mobile positioning based on commercial vehicle operation data,” by Chen et al.; (2) “Efficient location privacy-preserving k-anonymity method based on the credible chain,” by Wang et al.; and (3) “Proximity-based asynchronous messaging platform for location-based Internet of things service,” by Gon Jo et al. Two papers on sensing techniques and applications are as follows: (1) “Detection of electronic anklet wearers’ groupings throughout telematics monitoring,” by Machado et al.; and (2) “Camera coverage estimation based on multistage grid subdivision,” by Wang et al

Gamification: A Necessary Element for Designing Privacy Training Programs

The benefits, deriving from utilizing new Information and Communication Technologies (ICTs), such as Internet of Things or cloud computing, raise at the same time several privacy risks and concerns for users. Despite the fact that users’ inability to protect their privacy has been recognized, hence users do not get involved in processes for enhancing their awareness on such issues. However, in order to protect their fundamental right of privacy and to manage it in a practical way when using ICT, privacy literacy is crucial. Users should be trained on privacy issues through appropriate educational programs. Specifically, the development of instructional simulation programs could be of great importance. Relevant methodologies for the development of such services have been recorded in previous literature. Since the concept of training is advanced by creating attractive interaction environments, the educational privacy process could be also more efficient. Towards this, the implementation of game elements serves that purpose, contributing to the design of gameful educational programs. However, despite its benefits, gamification has been noticed to be used more as a tool rather than a concept which could be included in instructional methods. Thus, in this work, gamification features are explained to highlight their importance along with the recorded in the literature educational methods and privacy awareness issues

The datafication of childhood: examining children's and parent's data practices, children's right to privacy and parent's dilemmas

With an ever-growing use and variety of digital devices, most recently the Internet of Things, children’s and family privacy is an important topic with many under-researched aspects (Livingstone, Stoilova, Nandagiri, 2019). Although children and adolescents might be more likely to share greater amounts of personal information than adults, and to apply more lenient privacy settings on social media (Walrave, Vanwesenbeeck, & Heirman, 2012), studies have also shown that young people tend to care about their privacy (see e.g. boyd, 2014; Marwick & boyd, 2014). In this article, we examine “privacy concern” as a possible source of motivation for privacy protecting behaviors. According to the widely used Communication Privacy Management (CPM) theory (Petronio, 2002, 2015), higher privacy concern leads to employing more restrictive privacy behaviors. Nonetheless, previous research has also identified the concept of “privacy paradox” (De Wolf cf. Acquisti & Gross, 2006; Hargittai & Marwick, 2016), which proposes that despite reported privacy concern, young people nonetheless disclose large amounts of information about themselves. A possible explanation is in the feeling of a lack of control in networked environments generating “apathy” and “cynicism” and the impression that “privacy violations are inevitable” (Hargittai & Marwick, 2016, p. 3752). We test the paradox by studying whether children who report greater privacy concern actually disclose more or less personal information about themselves; or otherwise engage in behaviors that might jeopardize their privacy (e.g. by using wearable devices and the Internet of Things, which might expose them to increased levels of data collection for commercial purposes). We further examine whether children whose parents or caregivers share significant amounts of information about them, and children who have experienced sharentingrelated breaches (such as being upset about what their parents have posted online) are more likely to be concerned about their privacy than other children. Following CPM, such breaches, which the theory terms as “turbulence” would lead to higher privacy concern. Finally, we also test whether children whose parents display higher levels of privacy concern tend to be more concerned about their privacy as well. We study these questions on a nationally representative sample of 9-17-year-old Internet using children from Norway and one of their parents/caregivers, conducted as part of the EU Kids Online project in 2018. As a case study, Norway is a country where the use of digital technology among youth is very high, as confirmed by the most recent analyses on nationally representative samples of children in 19 European countries; and so is exposure to risks (Smahel et al., 2020; Helsper et al., 2013). While children’s independent smartphone and social media use starts early, children also tend to enjoy significant family, social and policy-level support for safe digital media use, as compared to other European countries. With this in mind, we ask the following research questions: RQ1: What are the characteristics of children who report grater levels of concern for their privacy online and with digital technology? RQ1a: Are children with higher digital skills more worried about their privacy (because they are more aware of the dangers)? RQ1b: Are children who have experienced privacy or data-protection-related harms more likely to report privacy concerns? RQ2: What are the characteristics of families of children who report grater levels of concern for their privacy online and with digital technology? RQ2a: How are parental attitudes to privacy online and with digital technology related to children’s levels of concern for their privacy? RQ2b: What is the relationship between parental digital skills and children’s levels of concern for their privacy? RQ3: Do children who report higher privacy concern share more information about themselves online than children who report lower concern? RQ3a: Are children who report higher privacy concern less likely than other children to use wearable devices and the Internet of Things devices? Sampling and method This study relies on a nationally representative survey sample of Internet-using children in Norway. The data was collected between June and October 2018 within the EU Kids Online research project. 1001 children of both sexes, aged from 9 to 17 years, were interviewed via CASI method. The data was collected by Ipsos Mori. 47.1% of the sample was female, Mage= 13.3. The sampling frame was stratified by the economic characteristics of municipalities as well as the number of 9 to 17-year-old children who lived there. Respondents were initially recruited by telephone, followed by face-to-face interviews at home. Respondents’ anonymity and confidentiality were secured. The data collection was approved by the Norwegian national Data Authority (Datatilsynet), and followed procedures established by the National Ethical Committees for Social Science and Humanities and by the Norwegian Center for Research Data (NSD). Informed consent was obtained from each parent and each child that participated. Data analyses and initial results In order to verify determinants of higher levels of privacy concern in children and teenagers, we conducted a series of logistic regression analyses in the proportional odds model, controlling for child demographics and psychological characteristics. Findings indicate that privacy breaches such as sharenting, as well as general risk experiences significantly predict higher levels of privacy concern. Furthermore, children who declare having found themselves in a situation where they could use the privacyrelated advice (e.g. on sharing personal information online) are also more concerned about their privacy online. Additionally, parental level of privacy concern seems to have a modelling effect on a child’s attitude towards privacy online. Preliminary analyses into privacy paradox did not provide support for nor evidence against the effect