PETRAS Publications

Explore PETRAS's research knowledge base of peer reviewed, multidisciplinary publications.

476 entries « ‹ 3 of 10 › » 
101.  Kraemer, Martin J.;  Seymour, William;  Binns, Reuben Daniel;  Kleek, Max Goodwin Van;  Flechais, Ivan: Informing The Future of Data Protection in Smart Homes. In: arxiv:1910.01973, 2019. (Type: Journal Article | Abstract | Links | BibTeX)@article{art-kraemer_informing_2019,

title = {Informing The Future of Data Protection in Smart Homes},

author = {Martin J. Kraemer and William Seymour and Reuben Daniel Binns and Max Goodwin Van Kleek and Ivan Flechais},

url = {http://arxiv.org/abs/1910.01973v1},

year  = {2019},

date = {2019-06-17},

journal = {arxiv:1910.01973},

abstract = {Recent changes to data protection regulation, particularly in Europe, are changing the design landscape for smart devices, requiring new design techniques to ensure that devices are able to adequately protect users' data. A particularly interesting space in which to explore and address these challenges is the smart home, which presents a multitude of difficult social and technical problems in an intimate and highly private context. This position paper outlines the motivation and research approach of a new project aiming to inform the future of data protection by design and by default in smart homes through a combination of ethnography and speculative design.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
Recent changes to data protection regulation, particularly in Europe, are changing the design landscape for smart devices, requiring new design techniques to ensure that devices are able to adequately protect users' data. A particularly interesting space in which to explore and address these challenges is the smart home, which presents a multitude of difficult social and technical problems in an intimate and highly private context. This position paper outlines the motivation and research approach of a new project aiming to inform the future of data protection by design and by default in smart homes through a combination of ethnography and speculative design.
Close
http://arxiv.org/abs/1910.01973v1
Close
102.  Blythe, John M.;  Sombatruang, Nissy;  Johnson, Shane D.: What security features and crime prevention advice is communicated in consumer IoT device manuals and support pages?. In: vol. 5, no. 1, 2019. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric)
Close
@article{art-blythe_what_2019,

title = {What security features and crime prevention advice is communicated in consumer IoT device manuals and support pages?},

author = {John M. Blythe and Nissy Sombatruang and Shane D. Johnson},

url = {https://doi.org/10.1093%2Fcybsec%2Ftyz005},

doi = {10.1093/cybsec/tyz005},

year  = {2019},

date = {2019-06-15},

volume = {5},

number = {1},

publisher = {Oxford University Press (OUP)},

abstract = {Through the enhanced connectivity of physical devices, the Internet of Things (IoT) brings improved efficiency to the lives of consumers when on-the-go and in the home. However, it also introduces new potential security threats and risks. These include threats that range from the direct hacking of devices that could undermine the security, privacy and safety of its users, to the enslaving of IoT devices to commit cybercrime at scale, such as Denial of Service attacks. The IoT is recognized as being widely insecure, in large part, due to the lack of security features built into devices. Additionally, consumers do not always actively use security features when available. More disconcerting is that we lack market surveillance on whether manufacturers ship products with good security features or how the importance of user-controlled security features is explained to IoT users. Our study seeks to address this gap. To do this, we compiled a database of 270 consumer IoT devices produced by 220 different manufacturers on sale at the time of the study. The user manuals and associated support pages for these devices were then analysed to provide a 'consumer eye' view of the security features they provide and the cyber hygiene advice that is communicated to users. The security features identified were then mapped to the UK Government's Secure by Design Code of Practice for IoT devices to examine the extent to which devices currently on the market appear to conform to it. Our findings suggest that manufacturers provide too little publicly available information about the security features of their devices, which makes market surveillance challenging and provides consumers with little information about the security of devices prior to their purchase. On average, there was discussion of around four security features, with account management and software updates being the most frequently mentioned. Advice to consumers on cyber hygiene was rarely provided. Finally, we found a lack of standardization in the communication of security-related information for IoT devices among our sample. We argue for government intervention in this space to provide assurances around device security, whether this is provided in a centralized or decentralized manner.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
Through the enhanced connectivity of physical devices, the Internet of Things (IoT) brings improved efficiency to the lives of consumers when on-the-go and in the home. However, it also introduces new potential security threats and risks. These include threats that range from the direct hacking of devices that could undermine the security, privacy and safety of its users, to the enslaving of IoT devices to commit cybercrime at scale, such as Denial of Service attacks. The IoT is recognized as being widely insecure, in large part, due to the lack of security features built into devices. Additionally, consumers do not always actively use security features when available. More disconcerting is that we lack market surveillance on whether manufacturers ship products with good security features or how the importance of user-controlled security features is explained to IoT users. Our study seeks to address this gap. To do this, we compiled a database of 270 consumer IoT devices produced by 220 different manufacturers on sale at the time of the study. The user manuals and associated support pages for these devices were then analysed to provide a 'consumer eye' view of the security features they provide and the cyber hygiene advice that is communicated to users. The security features identified were then mapped to the UK Government's Secure by Design Code of Practice for IoT devices to examine the extent to which devices currently on the market appear to conform to it. Our findings suggest that manufacturers provide too little publicly available information about the security features of their devices, which makes market surveillance challenging and provides consumers with little information about the security of devices prior to their purchase. On average, there was discussion of around four security features, with account management and software updates being the most frequently mentioned. Advice to consumers on cyber hygiene was rarely provided. Finally, we found a lack of standardization in the communication of security-related information for IoT devices among our sample. We argue for government intervention in this space to provide assurances around device security, whether this is provided in a centralized or decentralized manner.
Close
https://doi.org/10.1093%2Fcybsec%2Ftyz005
doi:10.1093/cybsec/tyz005
Close
103.  Bao, Shihan;  Cao, Yue;  Lei, Ao;  Asuquo, Philip;  Cruickshank, Haitham;  Sun, Zhili;  Huth, Michael: Pseudonym Management Through Blockchain: Cost-Efficient Privacy Preservation on Intelligent Transportation Systems. In: vol. 7, pp. 80390–80403, 2019, ISSN: 2169-3536. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric)
Close
@article{art-bao_pseudonym_2019,

title = {Pseudonym Management Through Blockchain: Cost-Efficient Privacy Preservation on Intelligent Transportation Systems},

author = {Shihan Bao and Yue Cao and Ao Lei and Philip Asuquo and Haitham Cruickshank and Zhili Sun and Michael Huth},

url = {https://doi.org/10.1109%2Faccess.2019.2921605},

doi = {10.1109/access.2019.2921605},

issn = {2169-3536},

year  = {2019},

date = {2019-06-07},

volume = {7},

pages = {80390--80403},

publisher = {Institute of Electrical and Electronics Engineers (IEEE)},

abstract = {Research into the established area of the intelligent transportation system is evolving into the Internet of Vehicles, a fast-moving research area, fuelled in part by rapid changes based on cyber-physical systems. It needs to be recognized that existing vehicular communication systems are susceptible to privacy vulnerabilities which require addressing. A practical challenge is that many vehicular communication applications and services make use of basic safety messages that contain the identity of the vehicle, location, and other personal data. A popular way of dealing with this privacy issue is to utilize a pseudonym change scheme to protect the vehicle's identity and location. However, many such schemes suffer that the cost grows and the certificate management difficulty raises with the number of pseudonyms generated and stored, casting doubt of the economic feasibility of that approach. We propose a decentralized blockchain-based solution for pseudonym management that overcomes these limitations. This scheme consists of pseudonym distribution and a shuffle operation, allowing the reuse of existing pseudonyms to different vehicles. The results reported here, including those from our simulations, demonstrate that the proposed scheme can reuse existing pseudonyms and achieve a better degree of anonymity at a lower cost than existing schemes.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
Research into the established area of the intelligent transportation system is evolving into the Internet of Vehicles, a fast-moving research area, fuelled in part by rapid changes based on cyber-physical systems. It needs to be recognized that existing vehicular communication systems are susceptible to privacy vulnerabilities which require addressing. A practical challenge is that many vehicular communication applications and services make use of basic safety messages that contain the identity of the vehicle, location, and other personal data. A popular way of dealing with this privacy issue is to utilize a pseudonym change scheme to protect the vehicle's identity and location. However, many such schemes suffer that the cost grows and the certificate management difficulty raises with the number of pseudonyms generated and stored, casting doubt of the economic feasibility of that approach. We propose a decentralized blockchain-based solution for pseudonym management that overcomes these limitations. This scheme consists of pseudonym distribution and a shuffle operation, allowing the reuse of existing pseudonyms to different vehicles. The results reported here, including those from our simulations, demonstrate that the proposed scheme can reuse existing pseudonyms and achieve a better degree of anonymity at a lower cost than existing schemes.
Close
https://doi.org/10.1109%2Faccess.2019.2921605
doi:10.1109/access.2019.2921605
Close
104.  Almutairi, Asma;  Mikusz, Mateusz;  Niaz, Hassam;  Trotter, Ludwig;  Davies, Nigel: Why Simple Is Best: Lessons from Designing an Emergency System for Public Displays. In: Proceedings of the 8th ACM International Symposium on Pervasive Displays, pp. 1–7, ACM, 2019. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric)
Close
@inproceedings{proc-in-almutairi_why_2019,

title = {Why Simple Is Best: Lessons from Designing an Emergency System for Public Displays},

author = {Asma Almutairi and Mateusz Mikusz and Hassam Niaz and Ludwig Trotter and Nigel Davies},

doi = {10.1145/3321335.3324949},

year  = {2019},

date = {2019-06-01},

booktitle = {Proceedings of the 8th ACM International Symposium on Pervasive Displays},

pages = {1--7},

publisher = {ACM},

abstract = {Public displays play an important role in information dissemination - market reports highlight the increasing number of displays deployed. Due to the often prominent placement of public displays in the physical environment, displays can play an important role in the dissemination of trusted content, particularly during emergency situations. In order to leverage displays in emergency situations however, appropriate content creation and dissemination technology is key to allow display and space owners to efficiently distribute important information and target affected user groups. In this paper, we present our lessons learned from designing and developing an emergency alerts system in the context of a large public display testbed. We provide insights into two design probes and feedback captured through focus groups with stakeholders of the display network. Based on the feedback, we provide insights into requirements captured and provide a discussion on lessons and design considerations.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
Public displays play an important role in information dissemination - market reports highlight the increasing number of displays deployed. Due to the often prominent placement of public displays in the physical environment, displays can play an important role in the dissemination of trusted content, particularly during emergency situations. In order to leverage displays in emergency situations however, appropriate content creation and dissemination technology is key to allow display and space owners to efficiently distribute important information and target affected user groups. In this paper, we present our lessons learned from designing and developing an emergency alerts system in the context of a large public display testbed. We provide insights into two design probes and feedback captured through focus groups with stakeholders of the display network. Based on the feedback, we provide insights into requirements captured and provide a discussion on lessons and design considerations.
Close
doi:10.1145/3321335.3324949
Close
105.  Craggs, Barnaby: A Just Culture Is Fundamental: Extending Security Ergonomics by Design. In: 2019 IEEE/ACM 5th International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS), IEEE, 2019. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric)
Close
@inproceedings{proc-in-craggs_just_2019,

title = {A Just Culture Is Fundamental: Extending Security Ergonomics by Design},

author = {Barnaby Craggs},

url = {https://doi.org/10.1109%2Fsescps.2019.00015},

doi = {10.1109/sescps.2019.00015},

year  = {2019},

date = {2019-05-28},

booktitle = {2019 IEEE/ACM 5th International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS)},

publisher = {IEEE},

abstract = {Human error when developing and using smart cyber physical systems is inevitable. Earlier work has set out Security Ergonomics by Design-principles by which developers of systems can ensure that the active user error cannot occur when latent system failures introduced in development are in play. This paper underpins these principles by showing there is a fundamental need to adopt a Just Culture within which i) user error is captured for improvement in the development cycle, and ii) to provide software engineers assurance that their own mistakes are not automatically punished but rather treated as learnings that can be fed back into building safer and more secure practice.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
Human error when developing and using smart cyber physical systems is inevitable. Earlier work has set out Security Ergonomics by Design-principles by which developers of systems can ensure that the active user error cannot occur when latent system failures introduced in development are in play. This paper underpins these principles by showing there is a fundamental need to adopt a Just Culture within which i) user error is captured for improvement in the development cycle, and ii) to provide software engineers assurance that their own mistakes are not automatically punished but rather treated as learnings that can be fed back into building safer and more secure practice.
Close
https://doi.org/10.1109%2Fsescps.2019.00015
doi:10.1109/sescps.2019.00015
Close
106.  Carr, Madeline;  Shaikh, Siraj Ahmed;  Hussain, Atif;  Watson, Jeremy Daniel McKendrick;  Brass, Irina;  Pothong, Kruakae;  Lesniewska, Feja;  Ani, Uchenna P. Daniel;  Chung, Alex: Bridging the sociotechnical divide from a policy perspective. 2019. (Type: Miscellaneous | Abstract | Links | BibTeX | Altmetric)
Close
@misc{misc-carr_bridging_2019,

title = {Bridging the sociotechnical divide from a policy perspective},

author = {Madeline Carr and Siraj Ahmed Shaikh and Atif Hussain and Jeremy Daniel McKendrick Watson and Irina Brass and Kruakae Pothong and Feja Lesniewska and Uchenna P. Daniel Ani and Alex Chung},

doi = {10.5281/zenodo.2792617},

year  = {2019},

date = {2019-05-13},

abstract = {There is growing recognition that technical solutions alone cannot effectively address public concerns in a digital society. As the drive toward the adoption of networked technologies intensifies, the public and private spheres are now incorporating social issue considerations into policy and regulatory strategies. On the one hand, given the private sector's dominance over critical national infrastructures of developed countries and as the main digital service providers, collaboration with the public sector has never been more vital to sustaining national security and public wellbeing online. On the other hand, data has become an incredibly valuable asset in the race to revolutionise the digital landscape with a myriad of emerging technologies, and the way in which it is curated will only increase in importance. 

 

Yet, from a policy perspective, it remains unclear just how the public and private sectors' quest to acquire vast amounts of information can be reconciled with the public interest of obtaining digital trust. Furthermore, current mechanisms for public-private knowledge sharing within policy processes aimed at enhancing cybersecurity are suboptimal. Therefore, it is crucial to understand the state of play with regards to the role of policy in the governance and operation of sociotechnical systems. This will not least lead to best practice to be established in data management and cyber policy which, in turn, helps to build capacity and trust in digital societies at national and international levels. 

 

Against this backdrop, our talks aim to cross the sociotechnical divide to examine how public and private sectors can be better equipped for the 21st century. Our panellists specialise in such disciplines as international law, digital technology and policy, computer science, criminology, and public policy, and our diverse interdisciplinary backgrounds are illustrated in the paper abstracts. 

 

Our panel will address four topics on digital society and cybersecurity in the context of policymaking. On a national level, we examine whether the coordination of knowledge sharing centrally in the UK can enhance cyber policymaking and capacity building; and investigate how policies that promote public, private, and academic collaborations on open source simulation can improve UK critical national infrastructure security. On an international level, we scrutinise, from a human-centric perspective, whether the efficacy of GDPR can be increased in an IoT environment vis-\`{a}-vis the privacy, security, and protection of data; and explore how polycentric governance approaches, such as that used by the UN Paris Agreement on climate change, could drive better data management to help 'cope' with the new wicked problem IoT presents for cybersecurity. 

 

Our session will contribute to current scholarly debates relevant to the conference themes: Policy for Data \& Management; Privacy, Security, Ethics \& Law; Data, Government \& Policy; Systems \& Infrastructure; and Data Processing \& Knowledge Generation. The audience will gain fresh insights into some of the most pressing concerns the UK policy community and international community are facing in the digital and cyber realms. While we aim to offer perspectives from across multiple disciplines, we will also highlight the common thread of using a sociotechnical approach to researching and understanding policy issues. The first-hand data and novel methodological approaches from our studies will stimulate discussions around useful ways in which research can engage with policy on a practical level. The actionable recommendations from our talks will be profitable to both research and policy communities.},

keywords = {},

pubstate = {published},

tppubtype = {misc}

}

Close
There is growing recognition that technical solutions alone cannot effectively address public concerns in a digital society. As the drive toward the adoption of networked technologies intensifies, the public and private spheres are now incorporating social issue considerations into policy and regulatory strategies. On the one hand, given the private sector's dominance over critical national infrastructures of developed countries and as the main digital service providers, collaboration with the public sector has never been more vital to sustaining national security and public wellbeing online. On the other hand, data has become an incredibly valuable asset in the race to revolutionise the digital landscape with a myriad of emerging technologies, and the way in which it is curated will only increase in importance. 

 

Yet, from a policy perspective, it remains unclear just how the public and private sectors' quest to acquire vast amounts of information can be reconciled with the public interest of obtaining digital trust. Furthermore, current mechanisms for public-private knowledge sharing within policy processes aimed at enhancing cybersecurity are suboptimal. Therefore, it is crucial to understand the state of play with regards to the role of policy in the governance and operation of sociotechnical systems. This will not least lead to best practice to be established in data management and cyber policy which, in turn, helps to build capacity and trust in digital societies at national and international levels. 

 

Against this backdrop, our talks aim to cross the sociotechnical divide to examine how public and private sectors can be better equipped for the 21st century. Our panellists specialise in such disciplines as international law, digital technology and policy, computer science, criminology, and public policy, and our diverse interdisciplinary backgrounds are illustrated in the paper abstracts. 

 

Our panel will address four topics on digital society and cybersecurity in the context of policymaking. On a national level, we examine whether the coordination of knowledge sharing centrally in the UK can enhance cyber policymaking and capacity building; and investigate how policies that promote public, private, and academic collaborations on open source simulation can improve UK critical national infrastructure security. On an international level, we scrutinise, from a human-centric perspective, whether the efficacy of GDPR can be increased in an IoT environment vis-à-vis the privacy, security, and protection of data; and explore how polycentric governance approaches, such as that used by the UN Paris Agreement on climate change, could drive better data management to help 'cope' with the new wicked problem IoT presents for cybersecurity. 

 

Our session will contribute to current scholarly debates relevant to the conference themes: Policy for Data & Management; Privacy, Security, Ethics & Law; Data, Government & Policy; Systems & Infrastructure; and Data Processing & Knowledge Generation. The audience will gain fresh insights into some of the most pressing concerns the UK policy community and international community are facing in the digital and cyber realms. While we aim to offer perspectives from across multiple disciplines, we will also highlight the common thread of using a sociotechnical approach to researching and understanding policy issues. The first-hand data and novel methodological approaches from our studies will stimulate discussions around useful ways in which research can engage with policy on a practical level. The actionable recommendations from our talks will be profitable to both research and policy communities.
Close
doi:10.5281/zenodo.2792617
Close
107.  Knowles, Brandin Hanson;  Newmarch, Georgia;  Devine, James;  Beck, Sophie;  Finney, Joe: IoT4Kids: Strategies for MitigatingAgainst Risks of IoT for Children. In: CHI EA '19: Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems, 2019. (Type: Proceedings Article | Abstract | Links | BibTeX)@inproceedings{proc-in-knowles_iot4kids_2019,

title = {IoT4Kids: Strategies for MitigatingAgainst Risks of IoT for Children},

author = {Brandin Hanson Knowles and Georgia Newmarch and James Devine and Sophie Beck and Joe Finney},

url = {https://iotdirections.files.wordpress.com/2019/03/chi19_w35_62.pdf},

year  = {2019},

date = {2019-05-04},

booktitle = {CHI EA '19: Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems},

abstract = {This paper describes the key outputs of IoT4Kids, a project exploring the privacy, security and safety implications of children programming the Internet of Things. We present our Risk Mitigation Checklist in order to illustrate the need for a multi-pronged approach for attending to risks to children from emergent IoT devices, and we discuss what this may mean in terms of industry practice, policymaking and education.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
This paper describes the key outputs of IoT4Kids, a project exploring the privacy, security and safety implications of children programming the Internet of Things. We present our Risk Mitigation Checklist in order to illustrate the need for a multi-pronged approach for attending to risks to children from emergent IoT devices, and we discuss what this may mean in terms of industry practice, policymaking and education.
Close
https://iotdirections.files.wordpress.com/2019/03/chi19_w35_62.pdf
Close
108.  Zhao, Jun;  Wang, Ge;  Dally, Carys;  Slovák, Petr;  Edbrooke-Childs, Julian;  Kleek, Max Goodwin Van;  Shadbolt, Nigel R.: `I make up a silly name': Understanding Children's Perception of Privacy Risks Online. In: CHI '19: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, ACM, 2019. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric)
Close
@inproceedings{proc-in-zhao_i_2019,

title = {`I make up a silly name': Understanding Children's Perception of Privacy Risks Online},

author = {Jun Zhao and Ge Wang and Carys Dally and Petr Slov\'{a}k and Julian Edbrooke-Childs and Max Goodwin Van Kleek and Nigel R. Shadbolt},

url = {https://doi.org/10.1145%2F3290605.3300336},

doi = {10.1145/3290605.3300336},

year  = {2019},

date = {2019-05-02},

booktitle = {CHI '19: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems},

publisher = {ACM},

abstract = {Children under 11 are often regarded as too young to comprehend the implications of online privacy. Perhaps as a result, little research has focused on younger kids' risk recognition and coping. Such knowledge is, however, critical for designing efficient safeguarding mechanisms for this age group. Through 12 focus group studies with 29 children aged 6-10 from UK schools, we examined how children described privacy risks related to their use of tablet computers and what information was used by them to identify threats. We found that children could identify and articulate certain privacy risks well, such as information oversharing or revealing real identities online; however, they had less awareness with respect to other risks, such as online tracking or game promotions. Our findings offer promising directions for supporting children's awareness of cyber risks and the ability to protect themselves online.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
Children under 11 are often regarded as too young to comprehend the implications of online privacy. Perhaps as a result, little research has focused on younger kids' risk recognition and coping. Such knowledge is, however, critical for designing efficient safeguarding mechanisms for this age group. Through 12 focus group studies with 29 children aged 6-10 from UK schools, we examined how children described privacy risks related to their use of tablet computers and what information was used by them to identify threats. We found that children could identify and articulate certain privacy risks well, such as information oversharing or revealing real identities online; however, they had less awareness with respect to other risks, such as online tracking or game promotions. Our findings offer promising directions for supporting children's awareness of cyber risks and the ability to protect themselves online.
Close
https://doi.org/10.1145%2F3290605.3300336
doi:10.1145/3290605.3300336
Close
109.  Pschetz, Larissa;  Pothong, Kruakae;  Speed, Chris: Autonomous Distributed Energy Systems: Problematising the Invisible through Design, Drama and Deliberation. In: CHI '19: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, ACM, 2019. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric)
Close
@inproceedings{proc-in-pschetz_autonomous_2019,

title = {Autonomous Distributed Energy Systems: Problematising the Invisible through Design, Drama and Deliberation},

author = {Larissa Pschetz and Kruakae Pothong and Chris Speed},

url = {https://doi.org/10.1145%2F3290605.3300617},

doi = {10.1145/3290605.3300617},

year  = {2019},

date = {2019-05-02},

booktitle = {CHI '19: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems},

publisher = {ACM},

abstract = {Technologies such as blockchains, smart contracts and programmable batteries facilitate emerging models of energy distribution, trade and consumption, and generate a considerable number of opportunities for energy markets. However, these developments complicate relationships between stakeholders, disrupting traditional notions of value, control and ownership. Discussing these issues with the public is particularly challenging as energy consumption habits often obscure the competing values and interests that shape stakeholders' relationships. To make such difficult discussions more approachable and examine the missing relational aspect of autonomous energy systems, we combined the design of speculative hairdryers with performance and deliberation. This integrated method of inquiry makes visible the competing values and interests, eliciting people's wishes to negotiate these terms. We argue that the complexity of mediated energy distribution and its convoluted stakeholder relationships requires more sophisticated methods of inquiry to engage people in debates concerning distributed energy systems.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
Technologies such as blockchains, smart contracts and programmable batteries facilitate emerging models of energy distribution, trade and consumption, and generate a considerable number of opportunities for energy markets. However, these developments complicate relationships between stakeholders, disrupting traditional notions of value, control and ownership. Discussing these issues with the public is particularly challenging as energy consumption habits often obscure the competing values and interests that shape stakeholders' relationships. To make such difficult discussions more approachable and examine the missing relational aspect of autonomous energy systems, we combined the design of speculative hairdryers with performance and deliberation. This integrated method of inquiry makes visible the competing values and interests, eliciting people's wishes to negotiate these terms. We argue that the complexity of mediated energy distribution and its convoluted stakeholder relationships requires more sophisticated methods of inquiry to engage people in debates concerning distributed energy systems.
Close
https://doi.org/10.1145%2F3290605.3300617
doi:10.1145/3290605.3300617
Close
110.  Maple, Carsten;  Bradbury, Matthew: IoT Transport and Mobility Demonstrator. 2019. (Type: report | Abstract | BibTeX)@report{maple_iot_2019,

title = {IoT Transport and Mobility Demonstrator},

author = {Carsten Maple and Matthew Bradbury},

year  = {2019},

date = {2019-05-01},

institution = {The University of Warwick},

abstract = {With the intent for Connected Autonomous Vehicles (CAVs) to be deployed on UK roads in the near future it is vital that they are rigorously tested. Part of this testing will involve the cyber security aspects of these vehicles. This report covers the technical aspects of the IoT-TRaM project, which deployed four cyber security and privacy innovations developed within PETRAS in real world environments. This report describes (i) the four academic innovations, (ii) the requirements and experiences of CAV testbed users and (iii) testbed sites and the protocols for researchers to perform cyber security testing there. Throughout the report recommendations are made to reduce the barriers of entry and ways to improve the experience of performing cyber security testing in real world environments.},

keywords = {},

pubstate = {published},

tppubtype = {report}

}

Close
With the intent for Connected Autonomous Vehicles (CAVs) to be deployed on UK roads in the near future it is vital that they are rigorously tested. Part of this testing will involve the cyber security aspects of these vehicles. This report covers the technical aspects of the IoT-TRaM project, which deployed four cyber security and privacy innovations developed within PETRAS in real world environments. This report describes (i) the four academic innovations, (ii) the requirements and experiences of CAV testbed users and (iii) testbed sites and the protocols for researchers to perform cyber security testing there. Throughout the report recommendations are made to reduce the barriers of entry and ways to improve the experience of performing cyber security testing in real world environments.
Close
111.  Elsden, Miles;  Maple, Carsten;  Bradbury, Matthew: IoT Transport and Mobility Demonstrator. 2019. (Type: report | Abstract | Links | BibTeX)@report{elsden_iot_2019,

title = {IoT Transport and Mobility Demonstrator},

author = {Miles Elsden and Carsten Maple and Matthew Bradbury},

url = {https://files.warwick.ac.uk/mbradbury1/files/WMG Policy Recommendations_v1.pdf},

year  = {2019},

date = {2019-05-01},

institution = {The University of Warwick},

abstract = {As part of the PETRAS project demonstration phase IoT-TRaM project1 a range of cutting edge IoT cyber security approaches where tested on a number of UK CAV testbeds currently under development as part of the DfT/UKRI/Zenzic funded CAV testbed programme. The UK ambition is, as well as providing individual test capabilities, to develop a coherent UK CAV testing offer. 

 This would support the testing of sub-systems, vehicles and system level applications across the full range of testing scenarios from lab-based to real-world deployment. 

 The current generation of test sites are at various levels of maturity though they were mostly at the design or early deployment stages during the PETRAS demonstration programme. The PETRAS `Moving in the Internet of Things' demonstrators provided an early opportunity to learn lessons around some of the key challenges to developing and deploying viable testing environments. 

 A number of common lessons were identified for both users and test site operators that have application across all sites. Specific lessons for users and operators are presented elsewhere. This report looks at issues where intervention at a strategic level would be valuable to support the vision of a clear, coherent UK CAV testing eco-system. These fall into three broad categories: Modification of hardware/software, Communications and Digital Twins, as well as a small number of more general recommendations.},

keywords = {},

pubstate = {published},

tppubtype = {report}

}

Close
As part of the PETRAS project demonstration phase IoT-TRaM project1 a range of cutting edge IoT cyber security approaches where tested on a number of UK CAV testbeds currently under development as part of the DfT/UKRI/Zenzic funded CAV testbed programme. The UK ambition is, as well as providing individual test capabilities, to develop a coherent UK CAV testing offer. 

 This would support the testing of sub-systems, vehicles and system level applications across the full range of testing scenarios from lab-based to real-world deployment. 

 The current generation of test sites are at various levels of maturity though they were mostly at the design or early deployment stages during the PETRAS demonstration programme. The PETRAS `Moving in the Internet of Things' demonstrators provided an early opportunity to learn lessons around some of the key challenges to developing and deploying viable testing environments. 

 A number of common lessons were identified for both users and test site operators that have application across all sites. Specific lessons for users and operators are presented elsewhere. This report looks at issues where intervention at a strategic level would be valuable to support the vision of a clear, coherent UK CAV testing eco-system. These fall into three broad categories: Modification of hardware/software, Communications and Digital Twins, as well as a small number of more general recommendations.
Close
https://files.warwick.ac.uk/mbradbury1/files/WMG Policy Recommendations_v1.pdf
Close
112.  Burnap, Peter;  Branson, David T.;  Murray-Rust, Dave;  Preston, J.;  Richards, Daniel;  Burnett, D.;  Edwards, N.;  Firth, R.;  Gorkovenko, K.;  Khanesar, M. Ahmadieh;  Lakoju, Mike;  Smith, T.;  Thorp, J.: Chatty factories: a vision for the future of product design and manufacture with IoT. In: Living in the Internet of Things (IoT 2019), Institution of Engineering and Technology, 2019. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric)
Close
@inproceedings{proc-in-burnap_chatty_2019,

title = {Chatty factories: a vision for the future of product design and manufacture with IoT},

author = {Peter Burnap and David T. Branson and Dave Murray-Rust and J. Preston and Daniel Richards and D. Burnett and N. Edwards and R. Firth and K. Gorkovenko and M. Ahmadieh Khanesar and Mike Lakoju and T. Smith and J. Thorp},

url = {https://doi.org/10.1049%2Fcp.2019.0129},

doi = {10.1049/cp.2019.0129},

year  = {2019},

date = {2019-05-01},

booktitle = {Living in the Internet of Things (IoT 2019)},

publisher = {Institution of Engineering and Technology},

abstract = {Chatty Factories is a three-year investment by the Engineering and Physical Sciences Research Council (EPSRC) through its programme for New Industrial Systems. The project explores the transformative potential of placing IoT-enabled data driven systems at the core of design and manufacturing processes. The research focuses on the opportunity to collect data from IoT-enabled sensors embedded in products during real-time use by consumers, explores how that data might be immediately transferred into usable information to inform design, and considers what characteristics of the manufacturing environment might optimise the response to such data. The project also considers implications arising for skills development in the education sector as well as ethics in manufacturing. In this paper we provide a vision for future "Chatty Factories".},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
Chatty Factories is a three-year investment by the Engineering and Physical Sciences Research Council (EPSRC) through its programme for New Industrial Systems. The project explores the transformative potential of placing IoT-enabled data driven systems at the core of design and manufacturing processes. The research focuses on the opportunity to collect data from IoT-enabled sensors embedded in products during real-time use by consumers, explores how that data might be immediately transferred into usable information to inform design, and considers what characteristics of the manufacturing environment might optimise the response to such data. The project also considers implications arising for skills development in the education sector as well as ethics in manufacturing. In this paper we provide a vision for future "Chatty Factories".
Close
https://doi.org/10.1049%2Fcp.2019.0129
doi:10.1049/cp.2019.0129
Close
113.  Ani, Uchenna P. Daniel;  Watson, Jeremy Daniel McKendrick;  Nurse, Jason R. C.;  Cook, Al;  Maple, Carsten: A review of critical infrastructure protection approaches: improving security through responsiveness to the dynamic modelling landscape. In: Living in the Internet of Things (IoT 2019), Institution of Engineering and Technology, 2019, ISBN: 978-1-83953-089-0. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric)
Close
@inproceedings{proc-in-ani_review_2019,

title = {A review of critical infrastructure protection approaches: improving security through responsiveness to the dynamic modelling landscape},

author = {Uchenna P. Daniel Ani and Jeremy Daniel McKendrick Watson and Jason R. C. Nurse and Al Cook and Carsten Maple},

url = {https://doi.org/10.1049%2Fcp.2019.0131},

doi = {10.1049/cp.2019.0131},

isbn = {978-1-83953-089-0},

year  = {2019},

date = {2019-05-01},

booktitle = {Living in the Internet of Things (IoT 2019)},

publisher = {Institution of Engineering and Technology},

abstract = {As new technologies such as the Internet of Things (IoT) are integrated into Critical National Infrastructures (CNI), new cybersecurity threats emerge that require specific security solutions. Approaches used for analysis include the modelling and simulation of critical infrastructure systems using attributes, functionalities, operations, and behaviours to support various security analysis viewpoints, recognising and appropriately managing associated security risks. With several critical infrastructure protection approaches available, the question of how to effectively model the complex behaviour of interconnected CNI elements and to configure their protection as a system-of-systems remains a challenge. Using a systematic review approach, existing critical infrastructure protection approaches (tools and techniques) are examined to determine their suitability given trends like IoT, and effective security modelling and analysis issues. It is found that empirical-based, agent-based, system dynamics-based, and network-based modelling are more commonly applied than economic-based and equation-based techniques, and empirical-based modelling is the most widely used. The energy and transportation critical infrastructure sectors reflect the most responsive sectors, and no one Critical Infrastructure Protection (CIP) approach \textemdash tool, technique, methodology or framework \textemdash provides a fit-for-all' capacity for all-round attribute modelling and simulation of security risks. Typically, deciding factors for CIP choices to adopt are often dominated by trade-offs between 'complexity of use' and 'popularity of approach', as well as between 'specificity' and 'generality' of application in sectors. Improved security modelling is feasible via; appropriate tweaking of CIP approaches to include a wider scope of security risk management, functional responsiveness to interdependency, resilience and policy formulation requirements, and collaborative information sharing between public and private sectors.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
As new technologies such as the Internet of Things (IoT) are integrated into Critical National Infrastructures (CNI), new cybersecurity threats emerge that require specific security solutions. Approaches used for analysis include the modelling and simulation of critical infrastructure systems using attributes, functionalities, operations, and behaviours to support various security analysis viewpoints, recognising and appropriately managing associated security risks. With several critical infrastructure protection approaches available, the question of how to effectively model the complex behaviour of interconnected CNI elements and to configure their protection as a system-of-systems remains a challenge. Using a systematic review approach, existing critical infrastructure protection approaches (tools and techniques) are examined to determine their suitability given trends like IoT, and effective security modelling and analysis issues. It is found that empirical-based, agent-based, system dynamics-based, and network-based modelling are more commonly applied than economic-based and equation-based techniques, and empirical-based modelling is the most widely used. The energy and transportation critical infrastructure sectors reflect the most responsive sectors, and no one Critical Infrastructure Protection (CIP) approach — tool, technique, methodology or framework — provides a fit-for-all' capacity for all-round attribute modelling and simulation of security risks. Typically, deciding factors for CIP choices to adopt are often dominated by trade-offs between 'complexity of use' and 'popularity of approach', as well as between 'specificity' and 'generality' of application in sectors. Improved security modelling is feasible via; appropriate tweaking of CIP approaches to include a wider scope of security risk management, functional responsiveness to interdependency, resilience and policy formulation requirements, and collaborative information sharing between public and private sectors.
Close
https://doi.org/10.1049%2Fcp.2019.0131
doi:10.1049/cp.2019.0131
Close
114.  Kleek, Max Goodwin Van;  Seymour, William;  Binns, Reuben Daniel;  Zhao, Jun;  Karandikar, Daniel;  Shadbolt, Nigel R.: IoT Refine: Making Smart Home Devices Accountable for Their Data Harvesting Practices. In: Living in the Internet of Things (IoT 2019), Institution of Engineering and Technology, 2019. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric)
Close
@inproceedings{proc-in-kleek_iot_2019,

title = {IoT Refine: Making Smart Home Devices Accountable for Their Data Harvesting Practices},

author = {Max Goodwin Van Kleek and William Seymour and Reuben Daniel Binns and Jun Zhao and Daniel Karandikar and Nigel R. Shadbolt},

url = {https://doi.org/10.1049%2Fcp.2019.0134},

doi = {10.1049/cp.2019.0134},

year  = {2019},

date = {2019-05-01},

booktitle = {Living in the Internet of Things (IoT 2019)},

publisher = {Institution of Engineering and Technology},

abstract = {While smart home devices have the potential to improve people's lives by providing increased safety, security, and comfort, they also pose unprecedented privacy risks by having access to highly privileged aspects of people's lives. Already a complex concept, privacy is made more challenging in the smart home because devices are often designed to channel data to ad networks and other third parties unbeknownst to their users. In this paper, we propose a way to start to make smart home IoT devices accountable for their data collection, disclosure, and use practices by introducing the concept of a privacy-empowering network disaggregator. This disaggregator actively monitors and analyses all network traffic passing into and out of the home, helping to build a visual atlas that helps end-users understand such practices. We then describe the design and implementation of the first such privacy disaggregator, IoT Refine, demonstrating the feasibility and the potential for this approach towards addressing the privacy problem.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
While smart home devices have the potential to improve people's lives by providing increased safety, security, and comfort, they also pose unprecedented privacy risks by having access to highly privileged aspects of people's lives. Already a complex concept, privacy is made more challenging in the smart home because devices are often designed to channel data to ad networks and other third parties unbeknownst to their users. In this paper, we propose a way to start to make smart home IoT devices accountable for their data collection, disclosure, and use practices by introducing the concept of a privacy-empowering network disaggregator. This disaggregator actively monitors and analyses all network traffic passing into and out of the home, helping to build a visual atlas that helps end-users understand such practices. We then describe the design and implementation of the first such privacy disaggregator, IoT Refine, demonstrating the feasibility and the potential for this approach towards addressing the privacy problem.
Close
https://doi.org/10.1049%2Fcp.2019.0134
doi:10.1049/cp.2019.0134
Close
115.  Roure, David Charles De;  Page, Kevin R.;  Radanliev, Petar;  Kleek, Max Goodwin Van: Complex coupling in cyber-physical systems and the threats of fake data. In: Living in the Internet of Things (IoT 2019), Institution of Engineering and Technology, 2019. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric)
Close
@inproceedings{proc-in-roure_complex_2019,

title = {Complex coupling in cyber-physical systems and the threats of fake data},

author = {David Charles De Roure and Kevin R. Page and Petar Radanliev and Max Goodwin Van Kleek},

url = {https://doi.org/10.1049%2Fcp.2019.0136},

doi = {10.1049/cp.2019.0136},

year  = {2019},

date = {2019-05-01},

booktitle = {Living in the Internet of Things (IoT 2019)},

publisher = {Institution of Engineering and Technology},

abstract = {While people may think of an individual device as an independent product, the reality is that, in operation, it will be part of a complex and dynamic cyber-physical and socio-technical system. It follows that to design IoT devices, and to be confident about their reliability and safety in use, they must be considered in this context of complex coupling\textemdashwhich may be dynamic and ad hoc, and include accidental assembly of systems. This paper aims to facilitate this by describing different kinds of coupling that may occur in and between IoT systems, including some which often appear to be neglected. We also suggest different ways of looking at these coupled systems, including the notion of Social Machines. Finally, we suggest that behaviours evident in social media might give insight into phenomena in IoT systems, for example 'fake data' by analogy with 'fake news'.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
While people may think of an individual device as an independent product, the reality is that, in operation, it will be part of a complex and dynamic cyber-physical and socio-technical system. It follows that to design IoT devices, and to be confident about their reliability and safety in use, they must be considered in this context of complex coupling—which may be dynamic and ad hoc, and include accidental assembly of systems. This paper aims to facilitate this by describing different kinds of coupling that may occur in and between IoT systems, including some which often appear to be neglected. We also suggest different ways of looking at these coupled systems, including the notion of Social Machines. Finally, we suggest that behaviours evident in social media might give insight into phenomena in IoT systems, for example 'fake data' by analogy with 'fake news'.
Close
https://doi.org/10.1049%2Fcp.2019.0136
doi:10.1049/cp.2019.0136
Close
116.  Fadhel, Nawfal;  Lombardi, Federico;  Aniello, Leonardo;  Margheri, Andrea;  Sassone, Vladimiro: Towards a semantic modelling for threat analysis of IoT applications: a case study on transactive energy. In: Living in the Internet of Things (IoT 2019), Institution of Engineering and Technology, 2019. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric)
Close
@inproceedings{proc-in-fadhel_towards_2019,

title = {Towards a semantic modelling for threat analysis of IoT applications: a case study on transactive energy},

author = {Nawfal Fadhel and Federico Lombardi and Leonardo Aniello and Andrea Margheri and Vladimiro Sassone},

url = {https://doi.org/10.1049%2Fcp.2019.0147},

doi = {10.1049/cp.2019.0147},

year  = {2019},

date = {2019-05-01},

booktitle = {Living in the Internet of Things (IoT 2019)},

publisher = {Institution of Engineering and Technology},

abstract = {The evolution of Internet-of-Things (IoT) is leading to an increasing number of new security issues. This is due to the nature of IoT devices which use lighter protocols and which may be either hacked or physically tampered with. Thus, common approaches for threat modelling are insufficient on IoT environments, since they hardly catch all possible threats related to physical and protocols vulnerabilities. Furthermore, in IoT scenarios multiple parties can be involved, like in a transactive energy scenario, where nodes of the network can trade energy each other. So, it is important to catch risks that an attack may lead to each involved party. In this work, we propose a novel approach to model (i) the process list of a system and (ii) attacks towards it. Specifically, we extended the PROV-N semantic notation by including rules for modelling the attacks. We apply such modelling to ETSE [12], the architecture we proposed in the context of the PETRAS BlockIT project to enable energy trading among prosumers. ETSE manages the trading through a smart contract deployed on top of a blockchain distributed on the grid. Since in this context multiple parties are involved, we discuss possible issues that each attack may bring to the entire smart grid or to a specific prosumer.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
The evolution of Internet-of-Things (IoT) is leading to an increasing number of new security issues. This is due to the nature of IoT devices which use lighter protocols and which may be either hacked or physically tampered with. Thus, common approaches for threat modelling are insufficient on IoT environments, since they hardly catch all possible threats related to physical and protocols vulnerabilities. Furthermore, in IoT scenarios multiple parties can be involved, like in a transactive energy scenario, where nodes of the network can trade energy each other. So, it is important to catch risks that an attack may lead to each involved party. In this work, we propose a novel approach to model (i) the process list of a system and (ii) attacks towards it. Specifically, we extended the PROV-N semantic notation by including rules for modelling the attacks. We apply such modelling to ETSE [12], the architecture we proposed in the context of the PETRAS BlockIT project to enable energy trading among prosumers. ETSE manages the trading through a smart contract deployed on top of a blockchain distributed on the grid. Since in this context multiple parties are involved, we discuss possible issues that each attack may bring to the entire smart grid or to a specific prosumer.
Close
https://doi.org/10.1049%2Fcp.2019.0147
doi:10.1049/cp.2019.0147
Close
117.  Beck, Sophie;  Knowles, Brandin Hanson;  Finney, Joe: Exploring the Risks of Children Engaging with Programmable Iot. In: Living in the Internet of Things (IoT 2019), Institution of Engineering and Technology, 2019. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric)
Close
@inproceedings{proc-in-beck_exploring_2019,

title = {Exploring the Risks of Children Engaging with Programmable Iot},

author = {Sophie Beck and Brandin Hanson Knowles and Joe Finney},

url = {https://doi.org/10.1049%2Fcp.2019.0152},

doi = {10.1049/cp.2019.0152},

year  = {2019},

date = {2019-05-01},

booktitle = {Living in the Internet of Things (IoT 2019)},

publisher = {Institution of Engineering and Technology},

abstract = {This paper reports on IoT4Kids, a study exploring the privacy, security and safety implications of children programming the Internet of Things. The study focuses on the BBC micro:bit as one device that allows children to create rudimentary IoT devices. Prior publications have described the first stage of this study, which involved workshops with child participants. This paper instead focuses on the second stage of the project, which involved conducting key informant interviews with representatives from our project partners in order to understand the risks children face with interacting with programmable IoT devices. We describe themes that emerged from these interviews, along with implications for the study and for future work in this area.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
This paper reports on IoT4Kids, a study exploring the privacy, security and safety implications of children programming the Internet of Things. The study focuses on the BBC micro:bit as one device that allows children to create rudimentary IoT devices. Prior publications have described the first stage of this study, which involved workshops with child participants. This paper instead focuses on the second stage of the project, which involved conducting key informant interviews with representatives from our project partners in order to understand the risks children face with interacting with programmable IoT devices. We describe themes that emerged from these interviews, along with implications for the study and for future work in this area.
Close
https://doi.org/10.1049%2Fcp.2019.0152
doi:10.1049/cp.2019.0152
Close
118.  Seymour, William;  Kleek, Max Goodwin Van;  Binns, Reuben Daniel;  Shadbolt, Nigel R.: Aretha: A Respectful Voice Assistant for the Smart Home. In: Living in the Internet of Things (IoT 2019), Institution of Engineering and Technology, 2019. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric)
Close
@inproceedings{proc-in-seymour_aretha_2019,

title = {Aretha: A Respectful Voice Assistant for the Smart Home},

author = {William Seymour and Max Goodwin Van Kleek and Reuben Daniel Binns and Nigel R. Shadbolt},

url = {https://doi.org/10.1049%2Fcp.2019.0154},

doi = {10.1049/cp.2019.0154},

year  = {2019},

date = {2019-05-01},

booktitle = {Living in the Internet of Things (IoT 2019)},

publisher = {Institution of Engineering and Technology},

abstract = {Despite being novel and convenient, voice assistants have brought with them a myriad of privacy and security related concerns. Previous research has shown how the ubiquitous nature of data collection combined with the lack of controls available to users can lead to apathy and dejected acceptance of the status quo. In this paper we present the design of Aretha, a speculative voice assistant that radically shifts the power balance in the smart home. Aretha is able to have conversations about privacy and security with users, helping them to change and adapt their preferences over time. These preferences can then be enforced using network-level controls, effectively retrofitting good behaviour to existing devices.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
Despite being novel and convenient, voice assistants have brought with them a myriad of privacy and security related concerns. Previous research has shown how the ubiquitous nature of data collection combined with the lack of controls available to users can lead to apathy and dejected acceptance of the status quo. In this paper we present the design of Aretha, a speculative voice assistant that radically shifts the power balance in the smart home. Aretha is able to have conversations about privacy and security with users, helping them to change and adapt their preferences over time. These preferences can then be enforced using network-level controls, effectively retrofitting good behaviour to existing devices.
Close
https://doi.org/10.1049%2Fcp.2019.0154
doi:10.1049/cp.2019.0154
Close
119.  Pothong, Kruakae;  Pschetz, Larissa;  Watson, Jeremy Daniel McKendrick;  Gbadamosi, James;  Asaturyan, Andre: Making Iot Security Policies Relevant, Inclusive and Practical for People: A Multi-Dimensional Method. In: Living in the Internet of Things (IoT 2019), Institution of Engineering and Technology, 2019. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric)
Close
@inproceedings{proc-in-pothong_making_2019,

title = {Making Iot Security Policies Relevant, Inclusive and Practical for People: A Multi-Dimensional Method},

author = {Kruakae Pothong and Larissa Pschetz and Jeremy Daniel McKendrick Watson and James Gbadamosi and Andre Asaturyan},

url = {https://doi.org/10.1049%2Fcp.2019.0157},

doi = {10.1049/cp.2019.0157},

year  = {2019},

date = {2019-05-01},

booktitle = {Living in the Internet of Things (IoT 2019)},

publisher = {Institution of Engineering and Technology},

abstract = {Growing amounts of research on IoT and its implications for security, privacy, economy and society has been carried out to inform policies and design. However, ordinary people who are citizens and users of these emerging technologies have rarely been involved in the processes that inform these policies, governance mechanisms and design due to the institutionalised processes that prioritise objective knowledge over subjective ones. People's subjective experiences are often discarded. This priority is likely to further widen the gap between people, technology policies and design as technologies advance towards delegated human agencies, which decreases human interfaces in technology-mediated relationships with objects, systems, services, trade and other (often) unknown third-party beneficiaries. Such a disconnection can have serious implications for policy implementation, especially when it involves human limitations. To address this disconnection, we argue that a space for people to meaningfully contribute their subjective knowledge \textemdash experience- to complex technology policies that, in turn, shape their experience and well-being needs to be constructed. To this end, our paper contributes the design and pilot implementation of a method to reconnect and involve people in IoT security policymaking and development.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
Growing amounts of research on IoT and its implications for security, privacy, economy and society has been carried out to inform policies and design. However, ordinary people who are citizens and users of these emerging technologies have rarely been involved in the processes that inform these policies, governance mechanisms and design due to the institutionalised processes that prioritise objective knowledge over subjective ones. People's subjective experiences are often discarded. This priority is likely to further widen the gap between people, technology policies and design as technologies advance towards delegated human agencies, which decreases human interfaces in technology-mediated relationships with objects, systems, services, trade and other (often) unknown third-party beneficiaries. Such a disconnection can have serious implications for policy implementation, especially when it involves human limitations. To address this disconnection, we argue that a space for people to meaningfully contribute their subjective knowledge — experience- to complex technology policies that, in turn, shape their experience and well-being needs to be constructed. To this end, our paper contributes the design and pilot implementation of a method to reconnect and involve people in IoT security policymaking and development.
Close
https://doi.org/10.1049%2Fcp.2019.0157
doi:10.1049/cp.2019.0157
Close
120.  Lesniewska, Feja;  Ani, Uchenna P. Daniel;  Carr, Madeline;  Watson, Jeremy Daniel McKendrick: In the Eye of a Storm: Governance of Emerging Technologies in UK Ports Post Brexit. In: Living in the Internet of Things (IoT 2019), Institution of Engineering and Technology, 2019. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric)
Close
@inproceedings{proc-in-lesniewska_eye_2019,

title = {In the Eye of a Storm: Governance of Emerging Technologies in UK Ports Post Brexit},

author = {Feja Lesniewska and Uchenna P. Daniel Ani and Madeline Carr and Jeremy Daniel McKendrick Watson},

url = {https://doi.org/10.1049%2Fcp.2019.0165},

doi = {10.1049/cp.2019.0165},

year  = {2019},

date = {2019-05-01},

booktitle = {Living in the Internet of Things (IoT 2019)},

publisher = {Institution of Engineering and Technology},

abstract = {As the UK looks to a future of changing relations with its trading partners there is a clear need to invest in its port infrastructure. As part of its strategic response the UK is looking to follow other countries, especially in the EU and Asia, in investing in developing smart ports which incorporate advanced digital technologies. However, the UK is faced with the challenge of resolving many decisions regarding where to invest, what to invest in, the consequence(s) of those decisions, and how to regulate a future sector that is increasingly becoming dependent on digital information and communication technology (ICT) infrastructure. Smart ports can bring benefits locally, nationally and globally from reducing greenhouse gas emissions, improving air quality, creating efficient supply chains, and secure and safer working environments. Yet, embedding emerging technologies, like the Internet of Things (IoT) into critical infrastructure like ports introduces new security risks and vulnerabilities that existing governance mechanisms are often unable to address. This paper firstly examines the growth in digitalisation of seaports drawing on initiatives in Rotterdam and Singapore. Potential security risks and vulnerabilities emerging are then discussed using some case studies before turning to review existing cybersecurity governance measures for ports. The lessons the UK can learn from smart port leaders like Rotterdam and Singapore as it looks to implement the innovation and digitalisation element of its new Maritime Strategy are then highlighted with recommendations on ways forward.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
As the UK looks to a future of changing relations with its trading partners there is a clear need to invest in its port infrastructure. As part of its strategic response the UK is looking to follow other countries, especially in the EU and Asia, in investing in developing smart ports which incorporate advanced digital technologies. However, the UK is faced with the challenge of resolving many decisions regarding where to invest, what to invest in, the consequence(s) of those decisions, and how to regulate a future sector that is increasingly becoming dependent on digital information and communication technology (ICT) infrastructure. Smart ports can bring benefits locally, nationally and globally from reducing greenhouse gas emissions, improving air quality, creating efficient supply chains, and secure and safer working environments. Yet, embedding emerging technologies, like the Internet of Things (IoT) into critical infrastructure like ports introduces new security risks and vulnerabilities that existing governance mechanisms are often unable to address. This paper firstly examines the growth in digitalisation of seaports drawing on initiatives in Rotterdam and Singapore. Potential security risks and vulnerabilities emerging are then discussed using some case studies before turning to review existing cybersecurity governance measures for ports. The lessons the UK can learn from smart port leaders like Rotterdam and Singapore as it looks to implement the innovation and digitalisation element of its new Maritime Strategy are then highlighted with recommendations on ways forward.
Close
https://doi.org/10.1049%2Fcp.2019.0165
doi:10.1049/cp.2019.0165
Close
121.  Craggs, Barnaby;  Rashid, Awais;  Hankin, C.;  Antrobus, R.;  Şerban, O.;  Thapen, N.: A Reference Architecture for IIoT and Industrial Control Systems Testbeds. In: Living in the Internet of Things (IoT 2019), Institution of Engineering and Technology, 2019. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric)
Close
@inproceedings{proc-in-craggs_reference_2019,

title = {A Reference Architecture for IIoT and Industrial Control Systems Testbeds},

author = {Barnaby Craggs and Awais Rashid and C. Hankin and R. Antrobus and O. \c{S}erban and N. Thapen},

url = {https://doi.org/10.1049%2Fcp.2019.0169},

doi = {10.1049/cp.2019.0169},

year  = {2019},

date = {2019-05-01},

booktitle = {Living in the Internet of Things (IoT 2019)},

publisher = {Institution of Engineering and Technology},

abstract = {Conducting cyber security research within live operational technology and industrial Internet of Things environments is, understandably, not practical and as such research needs to be undertaken within non-live mimics or testbeds. However, testbeds and especially those which are built using real-world infrastructure are expensive to develop and maintain. Moreover, such testbeds tend to be representative of a single industry vertical (often based upon the skill set or research focus) and built in isolation. In this paper we present a reference architecture, developed whilst designing and building the Bristol Cyber Security Group ICS/IIoT testbed for critical national infrastructure security research.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
Conducting cyber security research within live operational technology and industrial Internet of Things environments is, understandably, not practical and as such research needs to be undertaken within non-live mimics or testbeds. However, testbeds and especially those which are built using real-world infrastructure are expensive to develop and maintain. Moreover, such testbeds tend to be representative of a single industry vertical (often based upon the skill set or research focus) and built in isolation. In this paper we present a reference architecture, developed whilst designing and building the Bristol Cyber Security Group ICS/IIoT testbed for critical national infrastructure security research.
Close
https://doi.org/10.1049%2Fcp.2019.0169
doi:10.1049/cp.2019.0169
Close
122.  Sun, Yingnan;  Lo, Benny P. L.: An Artificial Neural Network Framework for Gait-Based Biometrics. In: vol. 23, no. 3, pp. 987–998, 2019. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric)
Close
@article{art-sun_artificial_2019,

title = {An Artificial Neural Network Framework for Gait-Based Biometrics},

author = {Yingnan Sun and Benny P. L. Lo},

doi = {10.1109/jbhi.2018.2860780},

year  = {2019},

date = {2019-05-01},

volume = {23},

number = {3},

pages = {987--998},

publisher = {Institute of Electrical and Electronics Engineers (IEEE)},

abstract = {As the popularity of wearable and the implantable body sensor network (BSN) devices increases, there is a growing concern regarding the data security of such power-constrained miniaturized medical devices. With limited computational power, BSN devices are often not able to provide strong security mechanisms to protect sensitive personal and health information, such as one's physiological data. Consequently, many new methods of securing wireless body area networks have been proposed recently. One effective solution is the biometric cryptosystem (BCS) approach. BCS exploits physiological and behavioral biometric traits, including face, iris, fingerprints, electrocardiogram, and photoplethysmography. In this paper, we propose a new BCS approach for securing wireless communications for wearable and implantable healthcare devices using gait signal energy variations and an artificial neural network framework. By simultaneously extracting similar features from BSN sensors using our approach, binary keys can be generated on demand without user intervention. Through an extensive analysis on our BCS approach using a gait dataset, the results have shown that the binary keys generated using our approach have high entropy for all subjects. The keys can pass both National Institute of Standards and Technology and Dieharder statistical tests with high efficiency. The experimental results also show the robustness of the proposed approach in terms of the similarity of intraclass keys and the discriminability of the interclass keys.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
As the popularity of wearable and the implantable body sensor network (BSN) devices increases, there is a growing concern regarding the data security of such power-constrained miniaturized medical devices. With limited computational power, BSN devices are often not able to provide strong security mechanisms to protect sensitive personal and health information, such as one's physiological data. Consequently, many new methods of securing wireless body area networks have been proposed recently. One effective solution is the biometric cryptosystem (BCS) approach. BCS exploits physiological and behavioral biometric traits, including face, iris, fingerprints, electrocardiogram, and photoplethysmography. In this paper, we propose a new BCS approach for securing wireless communications for wearable and implantable healthcare devices using gait signal energy variations and an artificial neural network framework. By simultaneously extracting similar features from BSN sensors using our approach, binary keys can be generated on demand without user intervention. Through an extensive analysis on our BCS approach using a gait dataset, the results have shown that the binary keys generated using our approach have high entropy for all subjects. The keys can pass both National Institute of Standards and Technology and Dieharder statistical tests with high efficiency. The experimental results also show the robustness of the proposed approach in terms of the similarity of intraclass keys and the discriminability of the interclass keys.
Close
doi:10.1109/jbhi.2018.2860780
Close
123.  Shaw, Peter;  Mikusz, Mateusz;  Trotter, Ludwig;  Harding, Mike;  Davies, Nigel: Towards an Understanding of Emerging Cyber Security Threats in Mapping the IoT. In: Living in the Internet of Things (IoT 2019), Institution of Engineering and Technology, 2019. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric)
Close
@inproceedings{proc-in-shaw_towards_2019,

title = {Towards an Understanding of Emerging Cyber Security Threats in Mapping the IoT},

author = {Peter Shaw and Mateusz Mikusz and Ludwig Trotter and Mike Harding and Nigel Davies},

doi = {10.1049/cp.2019.0158},

year  = {2019},

date = {2019-05-01},

booktitle = {Living in the Internet of Things (IoT 2019)},

publisher = {Institution of Engineering and Technology},

abstract = {The increase in IoT sensing and actuating devices that are seamlessly integrated into the environment is often leading to a mistrust of users as it becomes impossible to spot deployed IoT devices and understand their purposes and capabilities. One approach is to provide an appropriate mechanism of mapping the IoT and address stakeholder requirements. However, providing comprehensive maps of the IoT may expose a number of vulnerabilities that need to be addressed. We conducted a comprehensive literature survey outlining the limitations of the existing body of work regarding the mapping of the IoT and conducting an appropriate threat analysis. We subsequently applied the STRIDE model to two case studies (smart campus and urban environment) to identify a set of potential vulnerabilities and approaches at addressing these issues in the context of IoT maps.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
The increase in IoT sensing and actuating devices that are seamlessly integrated into the environment is often leading to a mistrust of users as it becomes impossible to spot deployed IoT devices and understand their purposes and capabilities. One approach is to provide an appropriate mechanism of mapping the IoT and address stakeholder requirements. However, providing comprehensive maps of the IoT may expose a number of vulnerabilities that need to be addressed. We conducted a comprehensive literature survey outlining the limitations of the existing body of work regarding the mapping of the IoT and conducting an appropriate threat analysis. We subsequently applied the STRIDE model to two case studies (smart campus and urban environment) to identify a set of potential vulnerabilities and approaches at addressing these issues in the context of IoT maps.
Close
doi:10.1049/cp.2019.0158
Close
124.  Georghiou, Angelos;  Tsoukalas, Angelos;  Wiesemann, Wolfram: Robust Dual Dynamic Programming. In: vol. 67, no. 3, pp. 813–830, 2019. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric)
Close
@article{art-georghiou_robust_2019,

title = {Robust Dual Dynamic Programming},

author = {Angelos Georghiou and Angelos Tsoukalas and Wolfram Wiesemann},

url = {https://doi.org/10.1287%2Fopre.2018.1835},

doi = {10.1287/opre.2018.1835},

year  = {2019},

date = {2019-04-03},

volume = {67},

number = {3},

pages = {813--830},

publisher = {Institute for Operations Research and the Management Sciences (INFORMS)},

abstract = {Multistage robust optimization problems, where the decision maker can dynamically react to consecutively observed realizations of the uncertain problem parameters, pose formidable theoretical and computational challenges. As a result, the existing solution approaches for this problem class typically determine suboptimal solutions under restrictive assumptions. In this paper, we propose a robust dual dynamic programming (RDDP) scheme for multistage robust optimization problems. The RDDP scheme takes advantage of the decomposable nature of these problems by bounding the costs arising in the future stages through lower and upper cost-to-go functions. For problems with uncertain technology matrices and/or constraint right-hand sides, our RDDP scheme determines an optimal solution in finite time. Also, if the objective function and/or the recourse matrices are uncertain, our method converges asymptotically (but deterministically) to an optimal solution. Our RDDP scheme does not require a relatively complete recourse, and it offers deterministic upper and lower bounds throughout the execution of the algorithm. We show the promising performance of our algorithm in a stylized inventory management problem.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
Multistage robust optimization problems, where the decision maker can dynamically react to consecutively observed realizations of the uncertain problem parameters, pose formidable theoretical and computational challenges. As a result, the existing solution approaches for this problem class typically determine suboptimal solutions under restrictive assumptions. In this paper, we propose a robust dual dynamic programming (RDDP) scheme for multistage robust optimization problems. The RDDP scheme takes advantage of the decomposable nature of these problems by bounding the costs arising in the future stages through lower and upper cost-to-go functions. For problems with uncertain technology matrices and/or constraint right-hand sides, our RDDP scheme determines an optimal solution in finite time. Also, if the objective function and/or the recourse matrices are uncertain, our method converges asymptotically (but deterministically) to an optimal solution. Our RDDP scheme does not require a relatively complete recourse, and it offers deterministic upper and lower bounds throughout the execution of the algorithm. We show the promising performance of our algorithm in a stylized inventory management problem.
Close
https://doi.org/10.1287%2Fopre.2018.1835
doi:10.1287/opre.2018.1835
Close
125.  Lopez-Neira, Isabel;  Patel, Trupti;  Parkin, Simon;  Danezis, George;  Tanczer, Leonie Maria: `Internet of Things': How Abuse is Getting Smarter. In: 2019. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric)
Close
@article{art-lopez-neira_internet_2019,

title = {`Internet of Things': How Abuse is Getting Smarter},

author = {Isabel Lopez-Neira and Trupti Patel and Simon Parkin and George Danezis and Leonie Maria Tanczer},

url = {https://doi.org/10.2139%2Fssrn.3350615},

doi = {10.2139/ssrn.3350615},

year  = {2019},

date = {2019-04-03},

publisher = {Elsevier BV},

abstract = {From home thermostats you can control from your car, to home assistants ready to organise your diary at a spoken word, technology is playing a more central role in our daily lives. However, while networked home devices provide many advantages, they also offer abusers an abundance of opportunities to control, harass and stalk their victims. The Gender and Internet of Things project at University College London has been investigating how these devices are being misused, and what support survivors and services need to navigate these emerging risks.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
From home thermostats you can control from your car, to home assistants ready to organise your diary at a spoken word, technology is playing a more central role in our daily lives. However, while networked home devices provide many advantages, they also offer abusers an abundance of opportunities to control, harass and stalk their victims. The Gender and Internet of Things project at University College London has been investigating how these devices are being misused, and what support survivors and services need to navigate these emerging risks.
Close
https://doi.org/10.2139%2Fssrn.3350615
doi:10.2139/ssrn.3350615
Close
126.  Aldmour, Rakan;  Burnap, Peter;  Lakoju, Mike: Risk assessment methods for converged IoT and SCADA systems: review and recommendations. In: Living in the Internet of Things (IoT 2019), Institution of Engineering and Technology, 2019. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric)
Close
@inproceedings{proc-in-aldmour_risk_2019,

title = {Risk assessment methods for converged IoT and SCADA systems: review and recommendations},

author = {Rakan Aldmour and Peter Burnap and Mike Lakoju},

doi = {10.1049/cp.2019.0130},

year  = {2019},

date = {2019-03-19},

booktitle = {Living in the Internet of Things (IoT 2019)},

publisher = {Institution of Engineering and Technology},

abstract = {Risk assessment is used to identify, estimate and prioritise risks that could impact organisations. Existing risk assessment methods are not particularly adapted to include dynamic systems such as the Internet of Things (IoT). Recently, IoT has been used to develop a natural extension of Supervisory Control and Data Acquisition (SCADA) systems that support industrial control in various sectors such as transportation, energy, and manufacturing. However, incorporating IoT systems without due attention to new risks posed could enable attacks, increase the cybersecurity concerns, and impact operations and safety. In this paper, special considerations for risk assessment methods in the context of converged IoT and SCADA systems are identified, and we present recommendations for the inclusion of the special considerations alongside standard methods for managing risks.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
Risk assessment is used to identify, estimate and prioritise risks that could impact organisations. Existing risk assessment methods are not particularly adapted to include dynamic systems such as the Internet of Things (IoT). Recently, IoT has been used to develop a natural extension of Supervisory Control and Data Acquisition (SCADA) systems that support industrial control in various sectors such as transportation, energy, and manufacturing. However, incorporating IoT systems without due attention to new risks posed could enable attacks, increase the cybersecurity concerns, and impact operations and safety. In this paper, special considerations for risk assessment methods in the context of converged IoT and SCADA systems are identified, and we present recommendations for the inclusion of the special considerations alongside standard methods for managing risks.
Close
doi:10.1049/cp.2019.0130
Close
127.  Boyes, H.;  Watson, T.: Towards a Secure and Resilient IoT Architecture for Smart Home Energy Management. In: Living in the Internet of Things (IoT 2019), Institution of Engineering and Technology, 2019. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric)
Close
@inproceedings{proc-in-boyes_towards_2019,

title = {Towards a Secure and Resilient IoT Architecture for Smart Home Energy Management},

author = {H. Boyes and T. Watson},

doi = {10.1049/cp.2019.0161},

year  = {2019},

date = {2019-03-19},

booktitle = {Living in the Internet of Things (IoT 2019)},

publisher = {Institution of Engineering and Technology},

abstract = {This paper examines the development of consumer IoT solutions for the control of electrical energy in the home. Use of smart appliances is at the centre of the UK Government's strategy for managing CO2 emissions and domestic electricity demand. The current market for IoT-enabled products that control domestic lighting and heating is rapidly evolving with a range of devices already available. Development of demand side response solutions will see these devices and smart appliances being integrated into consumer energy management solutions. The paper examines the architecture and security implications of these developments, explores some of the security risks and identifies a number of mitigation measures. It concludes by identifying future work that is required to address the security threats, both in the home and to the electricity supply system.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
This paper examines the development of consumer IoT solutions for the control of electrical energy in the home. Use of smart appliances is at the centre of the UK Government's strategy for managing CO2 emissions and domestic electricity demand. The current market for IoT-enabled products that control domestic lighting and heating is rapidly evolving with a range of devices already available. Development of demand side response solutions will see these devices and smart appliances being integrated into consumer energy management solutions. The paper examines the architecture and security implications of these developments, explores some of the security risks and identifies a number of mitigation measures. It concludes by identifying future work that is required to address the security threats, both in the home and to the electricity supply system.
Close
doi:10.1049/cp.2019.0161
Close
128.  Radanliev, Petar;  Roure, David Charles De;  Maple, Carsten;  Nurse, Jason R. C.;  Nicolescu, Razvan;  Ani, Uchenna P. Daniel: Cyber Risk in IoT Systems. In: 2019. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric)
Close
@article{art-radanliev_cyber_2019,

title = {Cyber Risk in IoT Systems},

author = {Petar Radanliev and David Charles De Roure and Carsten Maple and Jason R. C. Nurse and Razvan Nicolescu and Uchenna P. Daniel Ani},

doi = {10.20944/preprints201903.0104.v1},

year  = {2019},

date = {2019-03-08},

abstract = {In this paper we present an understanding of cyber risks in the Internet of Things (IoT), we explain why it is important to understand what IoT cyber risks are and how we can use risk assessment and risk management approaches to deal with these challenges. We introduce the most effective ways of doing Risk assessment and Risk Management of IoT risk. As part of our research, we also developed methodologies to assess and manage risk in this emerging environment. This paper will take you through our research and we will explain: what we mean by the IoT; what we mean by risk and risk in the IoT; why risk assessment and risk management are important; the IoT risk management for incident response and recovery; what open questions on IoT risk assessment and risk management remain.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
In this paper we present an understanding of cyber risks in the Internet of Things (IoT), we explain why it is important to understand what IoT cyber risks are and how we can use risk assessment and risk management approaches to deal with these challenges. We introduce the most effective ways of doing Risk assessment and Risk Management of IoT risk. As part of our research, we also developed methodologies to assess and manage risk in this emerging environment. This paper will take you through our research and we will explain: what we mean by the IoT; what we mean by risk and risk in the IoT; why risk assessment and risk management are important; the IoT risk management for incident response and recovery; what open questions on IoT risk assessment and risk management remain.
Close
doi:10.20944/preprints201903.0104.v1
Close
129.  Nicolescu, Razvan;  Huth, Michael;  Radanliev, Petar;  Roure, David Charles De: Mapping the Values of IoT. In: vol. 33, no. 4, pp. 345–360, 2019. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric)
Close
@article{art-nicolescu_mapping_2018,

title = {Mapping the Values of IoT},

author = {Razvan Nicolescu and Michael Huth and Petar Radanliev and David Charles De Roure},

url = {https://doi.org/10.1057%2Fs41265-018-0054-1},

doi = {10.1057/s41265-018-0054-1},

year  = {2019},

date = {2019-03-07},

volume = {33},

number = {4},

pages = {345--360},

publisher = {SAGE Publications},

abstract = {We investigate the emerging meanings of "value" associated with the Internet of Things. Given the current political economy, we argue that the multiple meanings of "value" cannot be reduced to a single domain or discipline, but rather they are invariably articulated at the juxtaposition of three domains: social, economic, and technical. We analyse each of these domains and present domain challenges and cross-domain implications - drawing from an interdisciplinary literature review and gap analysis across sources from academia, business, and governments. We propose a functional model that aggregates these findings into a value-driven logic of the emerging global political economy enabled by digital technology in general and IoT in particular. These conceptual contributions highlight the critical need for an interdisciplinary understanding of the meaning of "value", so that IoT services and products will create and sustain such concurrent meanings during their entire lifecycle, from design to consumption and retirement or recycling.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
We investigate the emerging meanings of "value" associated with the Internet of Things. Given the current political economy, we argue that the multiple meanings of "value" cannot be reduced to a single domain or discipline, but rather they are invariably articulated at the juxtaposition of three domains: social, economic, and technical. We analyse each of these domains and present domain challenges and cross-domain implications - drawing from an interdisciplinary literature review and gap analysis across sources from academia, business, and governments. We propose a functional model that aggregates these findings into a value-driven logic of the emerging global political economy enabled by digital technology in general and IoT in particular. These conceptual contributions highlight the critical need for an interdisciplinary understanding of the meaning of "value", so that IoT services and products will create and sustain such concurrent meanings during their entire lifecycle, from design to consumption and retirement or recycling.
Close
https://doi.org/10.1057%2Fs41265-018-0054-1
doi:10.1057/s41265-018-0054-1
Close
130.  Radanliev, Petar;  Roure, David Charles De;  Nurse, Jason R. C.;  Burnap, Peter;  Anthi, Eirini;  Ani, Uchenna P. Daniel;  Maddox, La'Treall;  Santos, Omar;  Montalvo, Rafael Mantilla: Definition of Internet of Things (IoT) Cyber Risk - Discussion on a Transformation Roadmap for Standardisation of Regulations, Risk Maturity, Strategy Design and Impact Assessment. In: 2019. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric)
Close
@article{art-radanliev_definition_2019,

title = {Definition of Internet of Things (IoT) Cyber Risk - Discussion on a Transformation Roadmap for Standardisation of Regulations, Risk Maturity, Strategy Design and Impact Assessment},

author = {Petar Radanliev and David Charles De Roure and Jason R. C. Nurse and Peter Burnap and Eirini Anthi and Uchenna P. Daniel Ani and La'Treall Maddox and Omar Santos and Rafael Mantilla Montalvo},

doi = {10.20944/preprints201903.0080.v1},

year  = {2019},

date = {2019-03-06},

abstract = {The Internet-of-Things (IoT) enables enterprises to obtain profits from data but triggers data protection questions and new types of cyber risk. Cyber risk regulations for the IoT however do not exist. The IoT risk is not included in the cyber security assessment standards, hence, often not visible to cyber security experts. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. The outcome of such self-assessment needs to define a current and target state, prior to creating a transformation roadmap outlining tasks to achieve the stated target state. In this article, a comparative empirical analysis is performed of multiple cyber risk assessment approaches, to define a high-level potential target state for company integrating IoT devices and/or services. Defining a high-level potential target state represent is followed by a high-level transformation roadmap, describing how company can achieve their target state, based on their current state. The transformation roadmap is used to adapt IoT risk impact assessment with a Goal-Oriented Approach and the Internet of Things Micro Mart model.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
The Internet-of-Things (IoT) enables enterprises to obtain profits from data but triggers data protection questions and new types of cyber risk. Cyber risk regulations for the IoT however do not exist. The IoT risk is not included in the cyber security assessment standards, hence, often not visible to cyber security experts. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. The outcome of such self-assessment needs to define a current and target state, prior to creating a transformation roadmap outlining tasks to achieve the stated target state. In this article, a comparative empirical analysis is performed of multiple cyber risk assessment approaches, to define a high-level potential target state for company integrating IoT devices and/or services. Defining a high-level potential target state represent is followed by a high-level transformation roadmap, describing how company can achieve their target state, based on their current state. The transformation roadmap is used to adapt IoT risk impact assessment with a Goal-Oriented Approach and the Internet of Things Micro Mart model.
Close
doi:10.20944/preprints201903.0080.v1
Close
131.  Radanliev, Petar;  Roure, David Charles De;  Nurse, Jason R. C.;  Montalvo, Rafael Mantilla;  Burnap, Peter: Supply Chain Design for the Industrial Internet of Things and the Industry 4.0. 2019. (Type: Miscellaneous | Abstract | Links | BibTeX | Altmetric)
Close
@misc{misc-radanliev_supply_2019,

title = {Supply Chain Design for the Industrial Internet of Things and the Industry 4.0},

author = {Petar Radanliev and David Charles De Roure and Jason R. C. Nurse and Rafael Mantilla Montalvo and Peter Burnap},

doi = {10.13140/RG.2.2.36311.32160},

year  = {2019},

date = {2019-03-01},

publisher = {Unpublished},

abstract = {Digital technologies have changed the way supply chain operations are structured. In this article, we develop design principles to show determining factors for an Internet-of-Things approach within Supply Chain Management. From the design principles, the article derives a new model for the Industrial Internet of Things supply chains. The focus is on Small and Medium Enterprises (SMEs). This research design results in a new process of compounding knowledge from existing supply chain models and adapting the cumulative findings to the concept of supply chains in the Industrial Internet of Things. The paper outlines the design principles for developing cognition in the process of integrating SME's digital supply chains in the Industrial Internet of Things (IIoT) and the Industry 4.0 (I4.0).},

keywords = {},

pubstate = {published},

tppubtype = {misc}

}

Close
Digital technologies have changed the way supply chain operations are structured. In this article, we develop design principles to show determining factors for an Internet-of-Things approach within Supply Chain Management. From the design principles, the article derives a new model for the Industrial Internet of Things supply chains. The focus is on Small and Medium Enterprises (SMEs). This research design results in a new process of compounding knowledge from existing supply chain models and adapting the cumulative findings to the concept of supply chains in the Industrial Internet of Things. The paper outlines the design principles for developing cognition in the process of integrating SME's digital supply chains in the Industrial Internet of Things (IIoT) and the Industry 4.0 (I4.0).
Close
doi:10.13140/RG.2.2.36311.32160
Close
132.  Zhang, Bingsheng;  Oliynykov, Roman;  Balogun, Hamed: A Treasury System for Cryptocurrencies: Enabling Better Collaborative Intelligence. In: Network and Distributed Systems Security (NDSS) Symposium, Internet Society, 2019. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric)
Close
@inproceedings{proc-in-zhang_treasury_2019,

title = {A Treasury System for Cryptocurrencies: Enabling Better Collaborative Intelligence},

author = {Bingsheng Zhang and Roman Oliynykov and Hamed Balogun},

url = {https://doi.org/10.14722%2Fndss.2019.23024},

doi = {10.14722/ndss.2019.23024},

year  = {2019},

date = {2019-02-24},

booktitle = {Network and Distributed Systems Security (NDSS) Symposium},

publisher = {Internet Society},

abstract = {A treasury system is a community-controlled and decentralized collaborative decision-making mechanism for sustainable funding of blockchain development and maintenance. During each treasury period, project proposals are submitted, discussed, and voted for; top-ranked projects are funded from the treasury. The Dash governance system is a real-world example of such kind of systems. In this work, we, for the first time, provide a rigorous study of the treasury system. We modelled, designed, and implemented a provably secure treasury system that is compatible with most existing blockchain infrastructures, such as Bitcoin, Ethereum, etc. More specifically, the proposed treasury system supports liquid democracy/delegative voting for better collaborative intelligence. Namely, the stake holders can either vote directly on the proposed projects or delegate their votes to experts. Its core component is a distributed universally composable secure end-to-end verifiable voting protocol. The integrity of the treasury voting decisions is guaranteed even when all the voting committee members are corrupted. To further improve efficiency, we proposed the world's first honest verifier zero-knowledge proof for unit vector encryption with logarithmic size communication. This partial result may be of independent interest to other cryptographic protocols. A pilot system is implemented in Scala over the Scorex 2.0 framework, and its benchmark results indicate that the proposed system can support tens of thousands of treasury participants with high efficiency.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
A treasury system is a community-controlled and decentralized collaborative decision-making mechanism for sustainable funding of blockchain development and maintenance. During each treasury period, project proposals are submitted, discussed, and voted for; top-ranked projects are funded from the treasury. The Dash governance system is a real-world example of such kind of systems. In this work, we, for the first time, provide a rigorous study of the treasury system. We modelled, designed, and implemented a provably secure treasury system that is compatible with most existing blockchain infrastructures, such as Bitcoin, Ethereum, etc. More specifically, the proposed treasury system supports liquid democracy/delegative voting for better collaborative intelligence. Namely, the stake holders can either vote directly on the proposed projects or delegate their votes to experts. Its core component is a distributed universally composable secure end-to-end verifiable voting protocol. The integrity of the treasury voting decisions is guaranteed even when all the voting committee members are corrupted. To further improve efficiency, we proposed the world's first honest verifier zero-knowledge proof for unit vector encryption with logarithmic size communication. This partial result may be of independent interest to other cryptographic protocols. A pilot system is implemented in Scala over the Scorex 2.0 framework, and its benchmark results indicate that the proposed system can support tens of thousands of treasury participants with high efficiency.
Close
https://doi.org/10.14722%2Fndss.2019.23024
doi:10.14722/ndss.2019.23024
Close
133.  Shaw, Peter;  Mikusz, Mateusz;  Nurmi, Petteri;  Davies, Nigel: IoT Maps: Charting the Internet of Things. In: HotMobile '19: Proceedings of the 20th International Workshop on Mobile Computing Systems and Applications, ACM, 2019. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric)
Close
@inproceedings{proc-in-shaw_iot_2019,

title = {IoT Maps: Charting the Internet of Things},

author = {Peter Shaw and Mateusz Mikusz and Petteri Nurmi and Nigel Davies},

url = {https://doi.org/10.1145%2F3301293.3302375},

doi = {10.1145/3301293.3302375},

year  = {2019},

date = {2019-02-22},

booktitle = {HotMobile '19: Proceedings of the 20th International Workshop on Mobile Computing Systems and Applications},

publisher = {ACM},

abstract = {Internet of Things (IoT) devices are becoming increasingly ubiquitous in our everyday environments. While the number of devices and the degree of connectivity is growing, it is striking that as a society we are increasingly unaware of the locations and purposes of such devices. Indeed, much of the IoT technology being deployed is invisible and does not communicate its presence or purpose to the inhabitants of the spaces within which it is deployed. In this paper, we explore the potential benefits and challenges of constructing IoT maps that record the location of IoT devices. To illustrate the need for such maps, we draw on our experiences from multiple deployments of IoT systems.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
Internet of Things (IoT) devices are becoming increasingly ubiquitous in our everyday environments. While the number of devices and the degree of connectivity is growing, it is striking that as a society we are increasingly unaware of the locations and purposes of such devices. Indeed, much of the IoT technology being deployed is invisible and does not communicate its presence or purpose to the inhabitants of the spaces within which it is deployed. In this paper, we explore the potential benefits and challenges of constructing IoT maps that record the location of IoT devices. To illustrate the need for such maps, we draw on our experiences from multiple deployments of IoT systems.
Close
https://doi.org/10.1145%2F3301293.3302375
doi:10.1145/3301293.3302375
Close
134.  Jiang, Peng;  He, Ligang;  Ren, Shenyuan;  Chen, Zhiyan;  Mao, Rui: vChecker: an application-level demand-based co-scheduler for improving the performance of parallel jobs in Xen. In: 2019. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric)
Close
@article{art-jiang_vchecker_2019,

title = {vChecker: an application-level demand-based co-scheduler for improving the performance of parallel jobs in Xen},

author = {Peng Jiang and Ligang He and Shenyuan Ren and Zhiyan Chen and Rui Mao},

url = {https://doi.org/10.1007%2Fs11276-018-01914-3},

doi = {10.1007/s11276-018-01914-3},

year  = {2019},

date = {2019-02-15},

publisher = {Springer Science and Business Media LLC},

abstract = {Big data analysis requires the speedup of parallel computing. However, in the virtualized systems, the power of parallel computing is not fully exploited due to the limit of current VMM schedulers. Xen, one of the most popular virtualization platforms, has been widely used by industry to host parallel job. In practice, the virtualized systems are expected to accommodate both parallel jobs and serial jobs, and resource contention between virtual machines results in severe performance degradation of the parallel jobs. Moreover, the physical resource is vastly wasted during the communication process due to the ineffective scheduling of parallel jobs. Unfortunately, the existing schedulers of Xen are initially targeting at serial jobs, which are not capable of correctly scheduling the parallel jobs. This paper presents vChecker, an application-level co-scheduler which mitigates the performance degradation of the parallel job and optimizes the utilization of the hardware resource. Our co-scheduler takes number of available CPU cores in one hand, and satisfies need of the parallel jobs in other hand, which helps the credit scheduler of Xen to appropriately schedule the parallel job. As our co-scheduler is implemented at application level, no modifications on the hypervisor is required. The experimental result shows that the vChecker optimizes the performance of the parallel job in Xen and enhances the utilization of the system.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
Big data analysis requires the speedup of parallel computing. However, in the virtualized systems, the power of parallel computing is not fully exploited due to the limit of current VMM schedulers. Xen, one of the most popular virtualization platforms, has been widely used by industry to host parallel job. In practice, the virtualized systems are expected to accommodate both parallel jobs and serial jobs, and resource contention between virtual machines results in severe performance degradation of the parallel jobs. Moreover, the physical resource is vastly wasted during the communication process due to the ineffective scheduling of parallel jobs. Unfortunately, the existing schedulers of Xen are initially targeting at serial jobs, which are not capable of correctly scheduling the parallel jobs. This paper presents vChecker, an application-level co-scheduler which mitigates the performance degradation of the parallel job and optimizes the utilization of the hardware resource. Our co-scheduler takes number of available CPU cores in one hand, and satisfies need of the parallel jobs in other hand, which helps the credit scheduler of Xen to appropriately schedule the parallel job. As our co-scheduler is implemented at application level, no modifications on the hypervisor is required. The experimental result shows that the vChecker optimizes the performance of the parallel job in Xen and enhances the utilization of the system.
Close
https://doi.org/10.1007%2Fs11276-018-01914-3
doi:10.1007/s11276-018-01914-3
Close
135.  Al-Jarrah, Omar Y.;  Maple, Carsten;  Dianati, Mehrdad;  Oxtoby, David;  Mouzakitis, Alexandros: Intrusion Detection Systems for Intra-Vehicle Networks: A Review. In: vol. 7, pp. 21266–21289, 2019, ISSN: 2169-3536. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric)
Close
@article{art-al-jarrah_intrusion_2019,

title = {Intrusion Detection Systems for Intra-Vehicle Networks: A Review},

author = {Omar Y. Al-Jarrah and Carsten Maple and Mehrdad Dianati and David Oxtoby and Alexandros Mouzakitis},

url = {https://doi.org/10.1109%2Faccess.2019.2894183},

doi = {10.1109/access.2019.2894183},

issn = {2169-3536},

year  = {2019},

date = {2019-02-14},

volume = {7},

pages = {21266--21289},

publisher = {Institute of Electrical and Electronics Engineers (IEEE)},

abstract = {A modern vehicle is a complex system of sensors, electronic control units, and actuators connected through different types of intra-vehicle networks to control and monitor the state of the vehicle. In addition, modern vehicles are becoming increasingly connected to the outside world through V2X technologies. However, these provide new attack surfaces that increase the cybersecurity risk to modern vehicles. To this end, there are two distinct and key challenges that need to be addressed to ensure safety and consumer trust. While modern vehicles must be equipped with the best countermeasures against cybersecurity threats, a reliable mechanism shall be also in place to detect the potential intrusions of the system while in operation, which is termed as intrusion detection. This paper provides a structured and comprehensive review of the state of the art of the intra-vehicle intrusion detection systems (IDSs) for passenger vehicles. We first provide an overview of intra-vehicle networks before reviewing contemporary research in intra-vehicle IDSs. The approach employed is to categorize the reviewed works based on their detection technique and to examine the used feature and feature selection methods, evaluation dataset, attack type, performance metrics, and benchmark models. This paper also presents outstanding research challenges and gaps in intra-vehicle IDS research.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
A modern vehicle is a complex system of sensors, electronic control units, and actuators connected through different types of intra-vehicle networks to control and monitor the state of the vehicle. In addition, modern vehicles are becoming increasingly connected to the outside world through V2X technologies. However, these provide new attack surfaces that increase the cybersecurity risk to modern vehicles. To this end, there are two distinct and key challenges that need to be addressed to ensure safety and consumer trust. While modern vehicles must be equipped with the best countermeasures against cybersecurity threats, a reliable mechanism shall be also in place to detect the potential intrusions of the system while in operation, which is termed as intrusion detection. This paper provides a structured and comprehensive review of the state of the art of the intra-vehicle intrusion detection systems (IDSs) for passenger vehicles. We first provide an overview of intra-vehicle networks before reviewing contemporary research in intra-vehicle IDSs. The approach employed is to categorize the reviewed works based on their detection technique and to examine the used feature and feature selection methods, evaluation dataset, attack type, performance metrics, and benchmark models. This paper also presents outstanding research challenges and gaps in intra-vehicle IDS research.
Close
https://doi.org/10.1109%2Faccess.2019.2894183
doi:10.1109/access.2019.2894183
Close
136.  King, Thomas C.;  Aggarwal, Nikita;  Taddeo, Mariarosaria;  Floridi, Luciano: Artificial Intelligence Crime: An Interdisciplinary Analysis of Foreseeable Threats and Solutions. In: vol. 26, no. 1, pp. 89–120, 2019. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric)
Close
@article{art-king_artificial_2019,

title = {Artificial Intelligence Crime: An Interdisciplinary Analysis of Foreseeable Threats and Solutions},

author = {Thomas C. King and Nikita Aggarwal and Mariarosaria Taddeo and Luciano Floridi},

url = {https://doi.org/10.1007%2Fs11948-018-00081-0},

doi = {10.1007/s11948-018-00081-0},

year  = {2019},

date = {2019-02-14},

volume = {26},

number = {1},

pages = {89--120},

publisher = {Springer Science and Business Media LLC},

abstract = {Artificial intelligence (AI) research and regulation seek to balance the benefits of innovation against any potential harms and disruption. However, one unintended consequence of the recent surge in AI research is the potential re-orientation of AI technologies to facilitate criminal acts, term in this article AI-Crime (AIC). AIC is theoretically feasible thanks to published experiments in automating fraud targeted at social media users, as well as demonstrations of AI-driven manipulation of simulated markets. However, because AIC is still a relatively young and inherently interdisciplinary area\textemdashspanning socio-legal studies to formal science\textemdashthere is little certainty of what an AIC future might look like. This article offers the first systematic, interdisciplinary literature analysis of the foreseeable threats of AIC, providing ethicists, policy-makers, and law enforcement organisations with a synthesis of the current problems, and a possible solution space.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
Artificial intelligence (AI) research and regulation seek to balance the benefits of innovation against any potential harms and disruption. However, one unintended consequence of the recent surge in AI research is the potential re-orientation of AI technologies to facilitate criminal acts, term in this article AI-Crime (AIC). AIC is theoretically feasible thanks to published experiments in automating fraud targeted at social media users, as well as demonstrations of AI-driven manipulation of simulated markets. However, because AIC is still a relatively young and inherently interdisciplinary area—spanning socio-legal studies to formal science—there is little certainty of what an AIC future might look like. This article offers the first systematic, interdisciplinary literature analysis of the foreseeable threats of AIC, providing ethicists, policy-makers, and law enforcement organisations with a synthesis of the current problems, and a possible solution space.
Close
https://doi.org/10.1007%2Fs11948-018-00081-0
doi:10.1007/s11948-018-00081-0
Close
137.  Ren, Shenyuan;  He, Ligang;  Li, Junyu;  Chen, Zhiyan;  Jiang, Peng;  Li, Chang-Tsun: Contention-aware prediction for performance impact of task co-running in multicore computers. In: 2019. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric)
Close
@article{art-ren_contention_2019,

title = {Contention-aware prediction for performance impact of task co-running in multicore computers},

author = {Shenyuan Ren and Ligang He and Junyu Li and Zhiyan Chen and Peng Jiang and Chang-Tsun Li},

url = {https://doi.org/10.1007%2Fs11276-018-01902-7},

doi = {10.1007/s11276-018-01902-7},

year  = {2019},

date = {2019-02-13},

publisher = {Springer Science and Business Media LLC},

abstract = {In this paper, we investigate the influential factors that impact on the performance when the tasks are co-running on a multicore computers. Further, we propose the machine learning-based prediction framework to predict the performance of the co-running tasks. In particular, two prediction frameworks are developed for two types of task in our model: repetitive tasks (i.e., the tasks that arrive at the system repetitively) and new tasks (i.e., the task that are submitted to the system the first time). The difference between which is that we have the historical running information of the repetitive tasks while we do not have the prior knowledge about new tasks. Given the limited information of the new tasks, an online prediction framework is developed to predict the performance of co-running new tasks by sampling the performance events on the fly for a short period and then feeding the sampled results to the prediction framework. We conducted extensive experiments with the SPEC2006 benchmark suite to compare the effectiveness of different machine learning methods considered in this paper. The results show that our prediction model can achieve the accuracy of 99.38% and 87.18% for repetitive tasks and new tasks, respectively.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
In this paper, we investigate the influential factors that impact on the performance when the tasks are co-running on a multicore computers. Further, we propose the machine learning-based prediction framework to predict the performance of the co-running tasks. In particular, two prediction frameworks are developed for two types of task in our model: repetitive tasks (i.e., the tasks that arrive at the system repetitively) and new tasks (i.e., the task that are submitted to the system the first time). The difference between which is that we have the historical running information of the repetitive tasks while we do not have the prior knowledge about new tasks. Given the limited information of the new tasks, an online prediction framework is developed to predict the performance of co-running new tasks by sampling the performance events on the fly for a short period and then feeding the sampled results to the prediction framework. We conducted extensive experiments with the SPEC2006 benchmark suite to compare the effectiveness of different machine learning methods considered in this paper. The results show that our prediction model can achieve the accuracy of 99.38% and 87.18% for repetitive tasks and new tasks, respectively.
Close
https://doi.org/10.1007%2Fs11276-018-01902-7
doi:10.1007/s11276-018-01902-7
Close
138.  Kamarudin, Muhammad Hilmi;  Maple, Carsten;  Watson, Tim: Hybrid feature selection technique for intrusion detection system. In: vol. 13, no. 2, pp. 232, 2019. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric)
Close
@article{art-kamarudin_hybrid_2019,

title = {Hybrid feature selection technique for intrusion detection system},

author = {Muhammad Hilmi Kamarudin and Carsten Maple and Tim Watson},

url = {https://doi.org/10.1504%2Fijhpcn.2019.097503},

doi = {10.1504/ijhpcn.2019.097503},

year  = {2019},

date = {2019-01-25},

volume = {13},

number = {2},

pages = {232},

publisher = {Inderscience Publishers},

abstract = {High dimensionality's problems have make feature selection as one of the most important criteria in determining the efficiency of intrusion detection systems. In this study we have selected a hybrid feature selection model that potentially combines the strengths of both the filter and the wrapper selection procedure. The potential hybrid solution is expected to effectively select the optimal set of features in detecting intrusion. The proposed hybrid model was carried out using correlation feature selection (CFS) together with three different search techniques known as best-first, greedy stepwise and genetic algorithm. The wrapper-based subset evaluation uses a random forest (RF) classifier to evaluate each of the features that were first selected by the filter method. The reduced feature selection on both KDD99 and DARPA 1999 dataset was tested using RF algorithm with ten-fold cross-validation in a supervised environment. The experimental result shows that the hybrid feature selections had produced satisfactory outcome.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
High dimensionality's problems have make feature selection as one of the most important criteria in determining the efficiency of intrusion detection systems. In this study we have selected a hybrid feature selection model that potentially combines the strengths of both the filter and the wrapper selection procedure. The potential hybrid solution is expected to effectively select the optimal set of features in detecting intrusion. The proposed hybrid model was carried out using correlation feature selection (CFS) together with three different search techniques known as best-first, greedy stepwise and genetic algorithm. The wrapper-based subset evaluation uses a random forest (RF) classifier to evaluate each of the features that were first selected by the filter method. The reduced feature selection on both KDD99 and DARPA 1999 dataset was tested using RF algorithm with ten-fold cross-validation in a supervised environment. The experimental result shows that the hybrid feature selections had produced satisfactory outcome.
Close
https://doi.org/10.1504%2Fijhpcn.2019.097503
doi:10.1504/ijhpcn.2019.097503
Close
139.  Whitty, Monica T.: Predicting susceptibility to cyber-fraud victimhood. In: vol. 26, no. 1, pp. 277–292, 2019. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric)
Close
@article{art-whitty_predicting_2019,

title = {Predicting susceptibility to cyber-fraud victimhood},

author = {Monica T. Whitty},

url = {https://doi.org/10.1108%2Fjfc-10-2017-0095},

doi = {10.1108/jfc-10-2017-0095},

year  = {2019},

date = {2019-01-07},

volume = {26},

number = {1},

pages = {277--292},

publisher = {Emerald},

abstract = {Purpose 

 This paper aims to develop a theoretical framework to predict susceptibility to cyber-fraud victimhood. 

 Design/methodology/approach A survey was constructed to examine whether personality, socio-demographic characteristics and online routine activities predicted one-off and repeat victimhood of cyber-fraud. Overall, 11,780 participants completed a survey (one-off victims},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
Purpose 

 This paper aims to develop a theoretical framework to predict susceptibility to cyber-fraud victimhood. 

 Design/methodology/approach A survey was constructed to examine whether personality, socio-demographic characteristics and online routine activities predicted one-off and repeat victimhood of cyber-fraud. Overall, 11,780 participants completed a survey (one-off victims
Close
https://doi.org/10.1108%2Fjfc-10-2017-0095
doi:10.1108/jfc-10-2017-0095
Close
140.  Huth, Michael;  Vishik, Claire;  Masucci, Riccardo: Risk Engineering and Blockchain: Anticipating and Mitigating Risks. In: BIS 2018: Business Information Systems Workshops, pp. 381–392, Springer International Publishing, 2019. (Type: Book Section | Abstract | Links | BibTeX | Altmetric)
Close
@incollection{col-in-huth_risk_2019,

title = {Risk Engineering and Blockchain: Anticipating and Mitigating Risks},

author = {Michael Huth and Claire Vishik and Riccardo Masucci},

url = {https://doi.org/10.1007%2F978-3-030-04849-5_34},

doi = {10.1007/978-3-030-04849-5_34},

year  = {2019},

date = {2019-01-03},

booktitle = {BIS 2018: Business Information Systems Workshops},

pages = {381--392},

publisher = {Springer International Publishing},

abstract = {Complex systems require an integrated approach to risks. In this paper, we describe risk engineering, a methodology to incorporate risks at the planning and design stage for complex systems, and introduce some of its components. We examine, at a high level, how risk engineering can help improve the risk picture for blockchain technologies and their applications and outline challenges and benefits of this approach.},

keywords = {},

pubstate = {published},

tppubtype = {incollection}

}

Close
Complex systems require an integrated approach to risks. In this paper, we describe risk engineering, a methodology to incorporate risks at the planning and design stage for complex systems, and introduce some of its components. We examine, at a high level, how risk engineering can help improve the risk picture for blockchain technologies and their applications and outline challenges and benefits of this approach.
Close
https://doi.org/10.1007%2F978-3-030-04849-5_34
doi:10.1007/978-3-030-04849-5_34
Close
141.  Khamis, Mohamed;  Trotter, Ludwig;  Mäkelä, Ville;  Zezschwitz, Emanuel;  Le, Jens;  Bulling, Andreas;  Alt, Florian: CueAuth: Comparing Touch, Mid-Air Gestures, and Gaze for Cue-based Authentication on Situated Displays. In: vol. 2, no. 4, pp. 1–22, 2018. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric)
Close
@article{art-khamis_cueauth_2018,

title = {CueAuth: Comparing Touch, Mid-Air Gestures, and Gaze for Cue-based Authentication on Situated Displays},

author = {Mohamed Khamis and Ludwig Trotter and Ville M\"{a}kel\"{a} and Emanuel Zezschwitz and Jens Le and Andreas Bulling and Florian Alt},

url = {https://doi.org/10.1145%2F3287052},

doi = {10.1145/3287052},

year  = {2018},

date = {2018-12-27},

volume = {2},

number = {4},

pages = {1--22},

publisher = {Association for Computing Machinery (ACM)},

abstract = {Secure authentication on situated displays (e.g., to access sensitive information or to make purchases) is becoming increasingly important. A promising approach to resist shoulder surfing attacks is to employ cues that users respond to while authenticating; this overwhelms observers by requiring them to observe both the cue itself as well as users' response to the cue. Although previous work proposed a variety of modalities, such as gaze and mid-air gestures, to further improve security, an understanding of how they compare with regard to usability and security is still missing as of today. In this paper, we rigorously compare modalities for cue-based authentication on situated displays. In particular, we provide the first comparison between touch, mid-air gestures, and calibration-free gaze using a state-of-the-art authentication concept. In two in-depth user studies (N=20},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
Secure authentication on situated displays (e.g., to access sensitive information or to make purchases) is becoming increasingly important. A promising approach to resist shoulder surfing attacks is to employ cues that users respond to while authenticating; this overwhelms observers by requiring them to observe both the cue itself as well as users' response to the cue. Although previous work proposed a variety of modalities, such as gaze and mid-air gestures, to further improve security, an understanding of how they compare with regard to usability and security is still missing as of today. In this paper, we rigorously compare modalities for cue-based authentication on situated displays. In particular, we provide the first comparison between touch, mid-air gestures, and calibration-free gaze using a state-of-the-art authentication concept. In two in-depth user studies (N=20
Close
https://doi.org/10.1145%2F3287052
doi:10.1145/3287052
Close
142.  Zubiaga, Arkaitz;  Procter, Rob;  Maple, Carsten: A longitudinal analysis of the public perception of the opportunities and challenges of the Internet of Things. In: vol. 13, no. 12, pp. e0209472, 2018. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric)
Close
@article{art-zubiaga_longitudinal_2018,

title = {A longitudinal analysis of the public perception of the opportunities and challenges of the Internet of Things},

author = {Arkaitz Zubiaga and Rob Procter and Carsten Maple},

editor = {Pablo Dorta-Gonz\'{a}lez},

url = {https://doi.org/10.1371%2Fjournal.pone.0209472},

doi = {10.1371/journal.pone.0209472},

year  = {2018},

date = {2018-12-20},

volume = {13},

number = {12},

pages = {e0209472},

publisher = {Public Library of Science (PLoS)},

abstract = {The Internet of Things (or IoT), which enables the networked interconnection of everyday objects, is becoming increasingly popular in many aspects of our lives ranging from entertainment to health care. While the IoT brings a set of invaluable advantages and opportunities with it, there is also evidence of numerous challenges that are yet to be resolved. This is certainly the case with regard to ensuring the cyber security of the IoT, and there are various examples of devices being hacked. Despite this evidence, little is known about the public perceptions of the opportunities and challenges presented by the IoT. To advance research in this direction, we mined the social media platform Twitter to learn about public opinion about the IoT. Analysing a longitudinal dataset of more than 6.7 million tweets, we reveal insights into public perceptions of the IoT, identifying big data analytics as the most positive aspect, whereas security issues are the main public concern on the negative side. Our study serves to highlight the importance of keeping IoT devices secure, and remind manufacturers that it is a concern that remains unresolved, at least insofar as the public believes.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
The Internet of Things (or IoT), which enables the networked interconnection of everyday objects, is becoming increasingly popular in many aspects of our lives ranging from entertainment to health care. While the IoT brings a set of invaluable advantages and opportunities with it, there is also evidence of numerous challenges that are yet to be resolved. This is certainly the case with regard to ensuring the cyber security of the IoT, and there are various examples of devices being hacked. Despite this evidence, little is known about the public perceptions of the opportunities and challenges presented by the IoT. To advance research in this direction, we mined the social media platform Twitter to learn about public opinion about the IoT. Analysing a longitudinal dataset of more than 6.7 million tweets, we reveal insights into public perceptions of the IoT, identifying big data analytics as the most positive aspect, whereas security issues are the main public concern on the negative side. Our study serves to highlight the importance of keeping IoT devices secure, and remind manufacturers that it is a concern that remains unresolved, at least insofar as the public believes.
Close
https://doi.org/10.1371%2Fjournal.pone.0209472
doi:10.1371/journal.pone.0209472
Close
143.  Blin, Louis;  Awan, Ahsan Javed;  Heinis, Thomas: Using Neuromorphic Hardware for the Scalable Execution of Massively Parallel, Communication-Intensive Algorithms. In: 2018 IEEE/ACM International Conference on Utility and Cloud Computing Companion (UCC Companion), IEEE, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric)
Close
@inproceedings{proc-in-blin_using_2018,

title = {Using Neuromorphic Hardware for the Scalable Execution of Massively Parallel, Communication-Intensive Algorithms},

author = {Louis Blin and Ahsan Javed Awan and Thomas Heinis},

url = {https://doi.org/10.1109%2Fucc-companion.2018.00040},

doi = {10.1109/ucc-companion.2018.00040},

year  = {2018},

date = {2018-12-17},

booktitle = {2018 IEEE/ACM International Conference on Utility and Cloud Computing Companion (UCC Companion)},

publisher = {IEEE},

abstract = {Neuromorphic hardware like SpiNNaker offers massive parallelism and efficient communication of small payloads to accelerate the simulation of spiking neurons in neural networks. In this paper, we demonstrate that this hardware is also beneficial for other for applications which require massive parallelism and the large-scale exchange of small messages. More specifically, we study the scalability of PageRank on SpiNNaker and compare it to an implementation on traditional hardware. In our experiments, we show that PageRank on SpiNNaker scales better than on traditional multicore architectures.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
Neuromorphic hardware like SpiNNaker offers massive parallelism and efficient communication of small payloads to accelerate the simulation of spiking neurons in neural networks. In this paper, we demonstrate that this hardware is also beneficial for other for applications which require massive parallelism and the large-scale exchange of small messages. More specifically, we study the scalability of PageRank on SpiNNaker and compare it to an implementation on traditional hardware. In our experiments, we show that PageRank on SpiNNaker scales better than on traditional multicore architectures.
Close
https://doi.org/10.1109%2Fucc-companion.2018.00040
doi:10.1109/ucc-companion.2018.00040
Close
144.  Ah-Fat, Patrick;  Huth, Michael: Optimal Accuracy-Privacy Trade-Off for Secure Computations. In: vol. 65, no. 5, pp. 3165–3182, 2018, ISSN: 1557-9654. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric)
Close
@article{art-ah-fat_optimal_2019,

title = {Optimal Accuracy-Privacy Trade-Off for Secure Computations},

author = {Patrick Ah-Fat and Michael Huth},

url = {https://doi.org/10.1109%2Ftit.2018.2886458},

doi = {10.1109/tit.2018.2886458},

issn = {1557-9654},

year  = {2018},

date = {2018-12-12},

volume = {65},

number = {5},

pages = {3165--3182},

publisher = {Institute of Electrical and Electronics Engineers (IEEE)},

abstract = {The purpose of secure multi-party computation is to enable protocol participants to compute a public function of their private inputs while keeping their inputs secret, without resorting to any trusted third party. However, opening the public output of such computations inevitably reveals some information about the private inputs. We propose a measure generalizing both R\'{e}nyi entropy and g -entropy so as to quantify this information leakage. In order to control and restrain such information flows, we introduce the notion of function substitution, which replaces the computation of a function that reveals sensitive information with that of an approximate function. We exhibit theoretical bounds for the privacy gains that this approach provides and experimentally show that this enhances the confidentiality of the inputs while controlling the distortion of computed output values. Finally, we investigate the inherent compromise between accuracy of computation and privacy of inputs and we demonstrate how to realize such optimal trade-offs.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
The purpose of secure multi-party computation is to enable protocol participants to compute a public function of their private inputs while keeping their inputs secret, without resorting to any trusted third party. However, opening the public output of such computations inevitably reveals some information about the private inputs. We propose a measure generalizing both Rényi entropy and g -entropy so as to quantify this information leakage. In order to control and restrain such information flows, we introduce the notion of function substitution, which replaces the computation of a function that reveals sensitive information with that of an approximate function. We exhibit theoretical bounds for the privacy gains that this approach provides and experimentally show that this enhances the confidentiality of the inputs while controlling the distortion of computed output values. Finally, we investigate the inherent compromise between accuracy of computation and privacy of inputs and we demonstrate how to realize such optimal trade-offs.
Close
https://doi.org/10.1109%2Ftit.2018.2886458
doi:10.1109/tit.2018.2886458
Close
145.  Carr, Madeline;  Tanczer, Leonie Maria: UK cybersecurity industrial policy: an analysis of drivers, market failures and interventions. In: vol. 3, no. 3, pp. 430–444, 2018. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric)
Close
@article{art-carr_uk_2018,

title = {UK cybersecurity industrial policy: an analysis of drivers, market failures and interventions},

author = {Madeline Carr and Leonie Maria Tanczer},

url = {https://doi.org/10.1080%2F23738871.2018.1550523},

doi = {10.1080/23738871.2018.1550523},

year  = {2018},

date = {2018-12-10},

volume = {3},

number = {3},

pages = {430--444},

publisher = {Informa UK Limited},

abstract = {The United Kingdom (UK) forms the largest internet economy in the G20 and has the stated ambition of being the 'safest place in the world to live and work online'. Cybersecurity is, thus, regarded as both a challenge as much as an opportunity. Since the publication of UK's first National Cyber Security Strategy (NCSS) in November 2011, the government has implemented many proactive as well as reactive measures to enhance both its cybersecurity capabilities as well as its market power in this space. This article provides an analysis of the shift away from a reliance on market forces that dominated Western approaches to cybersecurity over the recent years. Specifically, it highlights three 'market failures' that have prompted UK's industrial policy responses: ongoing data breaches; inadequate private cybersecurity investments; and a continuous digital skills gap. An analysis of these drivers as well as UK government's responses demonstrates that the UK's cybersecurity strategy has evolved from an initial heavy reliance on market forces towards a more state-driven public-private partnership.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
The United Kingdom (UK) forms the largest internet economy in the G20 and has the stated ambition of being the 'safest place in the world to live and work online'. Cybersecurity is, thus, regarded as both a challenge as much as an opportunity. Since the publication of UK's first National Cyber Security Strategy (NCSS) in November 2011, the government has implemented many proactive as well as reactive measures to enhance both its cybersecurity capabilities as well as its market power in this space. This article provides an analysis of the shift away from a reliance on market forces that dominated Western approaches to cybersecurity over the recent years. Specifically, it highlights three 'market failures' that have prompted UK's industrial policy responses: ongoing data breaches; inadequate private cybersecurity investments; and a continuous digital skills gap. An analysis of these drivers as well as UK government's responses demonstrates that the UK's cybersecurity strategy has evolved from an initial heavy reliance on market forces towards a more state-driven public-private partnership.
Close
https://doi.org/10.1080%2F23738871.2018.1550523
doi:10.1080/23738871.2018.1550523
Close
146.  Heinis, Thomas;  Chapman, Adriane: Provenance Storage. In: Encyclopedia of Database Systems, pp. 2923–2926, Springer New York, 2018. (Type: Book Section | Abstract | Links | BibTeX | Altmetric)
Close
@incollection{col-in-heinis_provenance_2018,

title = {Provenance Storage},

author = {Thomas Heinis and Adriane Chapman},

url = {https://doi.org/10.1007%2F978-1-4614-8265-9_80746},

doi = {10.1007/978-1-4614-8265-9_80746},

year  = {2018},

date = {2018-12-07},

booktitle = {Encyclopedia of Database Systems},

pages = {2923--2926},

publisher = {Springer New York},

abstract = {Given the provenance of data processing or manipulation (e.g., through ad hoc manipulations, workflows, or database operators), provenance storage defines how the provenance information is stored on disk. Provenance information essentially captures all information describing the history, creation, and modification of a data product. In the context of workflows, for example, relevant information includes but is not limited to the parameters used in each step of the workflow recursively, software versions used, etc. Provenance storage defines where and how this information is stored and organized on disk.},

keywords = {},

pubstate = {published},

tppubtype = {incollection}

}

Close
Given the provenance of data processing or manipulation (e.g., through ad hoc manipulations, workflows, or database operators), provenance storage defines how the provenance information is stored on disk. Provenance information essentially captures all information describing the history, creation, and modification of a data product. In the context of workflows, for example, relevant information includes but is not limited to the parameters used in each step of the workflow recursively, software versions used, etc. Provenance storage defines where and how this information is stored and organized on disk.
Close
https://doi.org/10.1007%2F978-1-4614-8265-9_80746
doi:10.1007/978-1-4614-8265-9_80746
Close
147.  Yang, Mu;  Margheri, Andrea;  Hu, Runshan;  Sassone, Vladimiro: Differentially Private Data Sharing in a Cloud Federation with Blockchain. In: vol. 5, no. 6, pp. 69–79, 2018. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric)
Close
@article{art-yang_differentially_2018,

title = {Differentially Private Data Sharing in a Cloud Federation with Blockchain},

author = {Mu Yang and Andrea Margheri and Runshan Hu and Vladimiro Sassone},

url = {https://doi.org/10.1109%2Fmcc.2018.064181122},

doi = {10.1109/mcc.2018.064181122},

year  = {2018},

date = {2018-11-29},

volume = {5},

number = {6},

pages = {69--79},

publisher = {Institute of Electrical and Electronics Engineers (IEEE)},

abstract = {Cloud federation is an emergent cloud-computing paradigm that allows services from different cloud systems to be aggregated in a single pool. To support secure data sharing in a cloud federation, anonymization services that obfuscate sensitive datasets under differential privacy have been recently proposed. However, by outsourcing data protection to the cloud, data owners lose control over their data, raising privacy concerns. This is even more compelling in multi-query scenarios in which maintaining privacy amounts to controlling the allocation of the so-called privacy budget. In this paper, we propose a blockchain-based approach that enables data owners to control the anonymization process and that enhances the security of the services. Our approach relies on blockchain to validate the usage of the privacy budget and adaptively change its allocation through smart contracts, depending on the privacy requirements provided by data owners. Prototype implementation with the Hyperledger permissioned blockchain validates our approach with respect to privacy guarantee and practicality.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
Cloud federation is an emergent cloud-computing paradigm that allows services from different cloud systems to be aggregated in a single pool. To support secure data sharing in a cloud federation, anonymization services that obfuscate sensitive datasets under differential privacy have been recently proposed. However, by outsourcing data protection to the cloud, data owners lose control over their data, raising privacy concerns. This is even more compelling in multi-query scenarios in which maintaining privacy amounts to controlling the allocation of the so-called privacy budget. In this paper, we propose a blockchain-based approach that enables data owners to control the anonymization process and that enhances the security of the services. Our approach relies on blockchain to validate the usage of the privacy budget and adaptively change its allocation through smart contracts, depending on the privacy requirements provided by data owners. Prototype implementation with the Hyperledger permissioned blockchain validates our approach with respect to privacy guarantee and practicality.
Close
https://doi.org/10.1109%2Fmcc.2018.064181122
doi:10.1109/mcc.2018.064181122
Close
148.  Tanczer, Leonie Maria;  Brass, Irina;  Carr, Madeline: CSIRTs and Global Cybersecurity: How Technical Experts Support Science Diplomacy. In: vol. 9, pp. 60–66, 2018. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric)
Close
@article{art-tanczer_csirts_2018,

title = {CSIRTs and Global Cybersecurity: How Technical Experts Support Science Diplomacy},

author = {Leonie Maria Tanczer and Irina Brass and Madeline Carr},

url = {https://doi.org/10.1111%2F1758-5899.12625},

doi = {10.1111/1758-5899.12625},

year  = {2018},

date = {2018-11-29},

volume = {9},

pages = {60--66},

publisher = {Wiley},

abstract = {Ongoing efforts by state actors to collaborate on addressing the challenges of global cybersecurity have been slow to yield results. Technical expert communities such as Computer Security and Incident Response Teams (CSIRTs) have played a fundamental role in maintaining the Internet's functional structure through transnational collaboration. Responsible for security incident management and located in diverse constituencies, these coordination centres engage in joint responses and solve day-to-day cybersecurity problems through diverse national, regional and international networks. This article argues that CSIRTs form an epistemic community that engages in science diplomacy, at times navigating geopolitical tensions in a way that political actors are not able to. Through interviews with CSIRT representatives, we explain how their collaborative actions, rooted in shared technical knowledge, norms and best practices, contribute to the advancement of international cooperation on cybersecurity.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close
Ongoing efforts by state actors to collaborate on addressing the challenges of global cybersecurity have been slow to yield results. Technical expert communities such as Computer Security and Incident Response Teams (CSIRTs) have played a fundamental role in maintaining the Internet's functional structure through transnational collaboration. Responsible for security incident management and located in diverse constituencies, these coordination centres engage in joint responses and solve day-to-day cybersecurity problems through diverse national, regional and international networks. This article argues that CSIRTs form an epistemic community that engages in science diplomacy, at times navigating geopolitical tensions in a way that political actors are not able to. Through interviews with CSIRT representatives, we explain how their collaborative actions, rooted in shared technical knowledge, norms and best practices, contribute to the advancement of international cooperation on cybersecurity.
Close
https://doi.org/10.1111%2F1758-5899.12625
doi:10.1111/1758-5899.12625
Close
149.  Trotter, Ludwig;  Prange, Sarah;  Khamis, Mohamed;  Davies, Nigel;  Alt, Florian: Design Considerations for Secure andUsable Authentication on SituatedDisplays. In: 17th International Conference on Mobile and Ubiquitous Multimedia (MUM 2018), 2018. (Type: Proceedings Article | Abstract | Links | BibTeX)@inproceedings{proc-in-trotter_design_2018,

title = {Design Considerations for Secure andUsable Authentication on SituatedDisplays},

author = {Ludwig Trotter and Sarah Prange and Mohamed Khamis and Nigel Davies and Florian Alt},

url = {https://www.unibw.de/usable-security-and-privacy/publikationen/pdf/trotter2018mumadj.pdf},

year  = {2018},

date = {2018-11-25},

booktitle = {17th International Conference on Mobile and Ubiquitous Multimedia (MUM 2018)},

abstract = {Users often need to authenticate at situated displays in order to, for example, make purchases, access sensitive information, or confirm an identity. However, the exposure of interactions in public spaces introduces a large attack surface (e.g., observation, smudge or thermal attacks). 

 A plethora of authentication models and input modalities that aim at disguising users' input has been presented in the past. However, a comprehensive analysis on the requirements for secure and usable authentication on public displays is still missing. This work presents 13 design consideration suitable to inform practitioners and researchers during the development process of authentication systems for situated displays in public spaces. It draws on a comprehensive analysis of prior literature and subsequent discussion with five experts in the field of pervasive displays, human-computer-interaction and usable security.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
Users often need to authenticate at situated displays in order to, for example, make purchases, access sensitive information, or confirm an identity. However, the exposure of interactions in public spaces introduces a large attack surface (e.g., observation, smudge or thermal attacks). 

 A plethora of authentication models and input modalities that aim at disguising users' input has been presented in the past. However, a comprehensive analysis on the requirements for secure and usable authentication on public displays is still missing. This work presents 13 design consideration suitable to inform practitioners and researchers during the development process of authentication systems for situated displays in public spaces. It draws on a comprehensive analysis of prior literature and subsequent discussion with five experts in the field of pervasive displays, human-computer-interaction and usable security.
Close
https://www.unibw.de/usable-security-and-privacy/publikationen/pdf/trotter2018mu[...]
Close
150.  Karafili, Erisa;  Sgandurra, Daniele;  Lupu, Emil C.: A Logic-Based Reasoner for Discovering Authentication Vulnerabilities Between Interconnected Accounts. In: ETAA 2018: Emerging Technologies for Authorization and Authentication, pp. 73–87, Springer International Publishing, 2018. (Type: Book Section | Abstract | Links | BibTeX | Altmetric)
Close
@incollection{col-in-karafili_logic_2018,

title = {A Logic-Based Reasoner for Discovering Authentication Vulnerabilities Between Interconnected Accounts},

author = {Erisa Karafili and Daniele Sgandurra and Emil C. Lupu},

url = {https://doi.org/10.1007%2F978-3-030-04372-8_7},

doi = {10.1007/978-3-030-04372-8_7},

year  = {2018},

date = {2018-11-24},

booktitle = {ETAA 2018: Emerging Technologies for Authorization and Authentication},

pages = {73--87},

publisher = {Springer International Publishing},

abstract = {With users being more reliant on online services for their daily activities, there is an increasing risk for them to be threatened by cyber-attacks harvesting their personal information or banking details. These attacks are often facilitated by the strong interconnectivity that exists between online accounts, in particular due to the presence of shared (e.g., replicated) pieces of user information across different accounts. In addition, a significant proportion of users employs pieces of information, e.g. used to recover access to an account, that are easily obtainable from their social networks accounts, and hence are vulnerable to correlation attacks, where a malicious attacker is either able to perform password reset attacks or take full control of user accounts. 

 This paper proposes the use of verification techniques to analyse the possible vulnerabilities that arises from shared pieces of information among interconnected online accounts. Our primary contributions include a logic-based reasoner that is able to discover vulnerable online accounts, and a corresponding tool that provides modelling of user accounts, their interconnections, and vulnerabilities. Finally, the tool allows users to perform security checks of their online accounts and suggests possible countermeasures to reduce the risk of compromise.},

keywords = {},

pubstate = {published},

tppubtype = {incollection}

}

Close
With users being more reliant on online services for their daily activities, there is an increasing risk for them to be threatened by cyber-attacks harvesting their personal information or banking details. These attacks are often facilitated by the strong interconnectivity that exists between online accounts, in particular due to the presence of shared (e.g., replicated) pieces of user information across different accounts. In addition, a significant proportion of users employs pieces of information, e.g. used to recover access to an account, that are easily obtainable from their social networks accounts, and hence are vulnerable to correlation attacks, where a malicious attacker is either able to perform password reset attacks or take full control of user accounts. 

 This paper proposes the use of verification techniques to analyse the possible vulnerabilities that arises from shared pieces of information among interconnected online accounts. Our primary contributions include a logic-based reasoner that is able to discover vulnerable online accounts, and a corresponding tool that provides modelling of user accounts, their interconnections, and vulnerabilities. Finally, the tool allows users to perform security checks of their online accounts and suggests possible countermeasures to reduce the risk of compromise.
Close
https://doi.org/10.1007%2F978-3-030-04372-8_7
doi:10.1007/978-3-030-04372-8_7
Close
476 entries « ‹ 3 of 10 › »
Newsletter

PETRAS Publications
