PETRAS Publications

@inproceedings{proc-in-leyva_fast_2018,

title = {Fast Detection of Abnormal Events in Videos with Binary Features},

author = {Roberto Leyva and Victor Sanchez and Chang-Tsun Li},

url = {https://doi.org/10.1109%2Ficassp.2018.8461759},

doi = {10.1109/icassp.2018.8461759},

year  = {2018},

date = {2018-04-15},

booktitle = {2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)},

publisher = {IEEE},

abstract = {Millions of surveillance cameras are currently installed in public places around the world, making it necessary to intelligently analyse the acquired data to detect the occurrence of abnormal events. A vast number of methods to detect such events have been recently proposed; unfortunately, there is a lack of methods capable of detecting these events as frames are acquired, also known as online processing. In this paper, we present an online framework for video anomaly detection that employs binary features to encode motion information, and low-complexity probabilistic models for detection. Evaluation results on the popular UCSD dataset and on a recently introduced real-event video surveillance dataset show that our framework outperforms non-online and online methods.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-turner_step_2018,

title = {Step Intervals and Arterial Pressure in PVS Schemes},

author = {Henry C. M. Turner and Hassan Chizari and Emil C. Lupu},

url = {https://doi.org/10.1049%2Fcp.2018.0036},

doi = {10.1049/cp.2018.0036},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {We build upon the idea of Physiological Value Based Security schemes as a means of securing body sensor networks (BSN). Such schemes provide a secure means for sensors in a BSN to communicate with one another, as long as they can measure the same underlying physiological signal. This avoids the use of pre-distributed keys and allows re-keying to be done easily. Such techniques require identifying signals and encoding methods that can be used in the scheme. Hence we first evaluate step interval as our physiological signal, using existing modular encoding method and our proposed learned partitioning function as the encoding methods. We show that both of these are usable with the scheme and identify a suitable parametrisation. We then go on to evaluate arterial blood pressure using our proposed learned mean FFT coefficients method. We demonstrate that with the correct parameters this could also be used in the scheme. This further improves the usability of PVS schemes, by identify two more signals that could be used, as well as two encoding methods that may also be useful for other signals.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-lombardi_blockchain_2018,

title = {A Blockchain-based Infrastructure for Reliable and Cost-effective IoT-aided Smart Grids},

author = {Federico Lombardi and Leonardo Aniello and Stefano De Angelis and Andrea Margheri and Vladimiro Sassone},

url = {https://doi.org/10.1049%2Fcp.2018.0042},

doi = {10.1049/cp.2018.0042},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {One of the main trends in the evolution of smart grids is transactive energy, where distributed energy resources, e.g. smart meters, develop towards Internet-of-Things (IoT) devices enabling prosumers to trade energy directly among each other, without the need of involving any centralised third party. The expected advantages in terms of cost-effectiveness would be significant, indeed technical solutions are being investigated and large-scale deployment are planned by major utilities companies. However, introducing transactive energy in the smart grid entails new security threats, such as forging energy transactions. This paper introduces an infrastructure to support reliable and cost-effective transactive energy, based on blockchain and smart contracts, where functionalities are implemented as fully decentralised applications. Energy transactions are stored in the blockchain, whose high replication level ensures stronger guarantees against tampering. Energy auctions are carried out according to transparent rules implemented as smart contracts, hence visible to all involved actors. Threats deriving from known vulnerabilities of smart meters are mitigated by temporarily keeping out exposed prosumers and updating their devices as soon as security patches become available.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-latinopoulos_trust_2018,

title = {Trust in IoT-enabled mobility services: predictive analytics and the impact of prediction errors on the quality of service in bike sharing},

author = {Charilaos Latinopoulos and Nicol\`{o} Daina and John W. Polak},

url = {https://doi.org/10.1049%2Fcp.2018.0044},

doi = {10.1049/cp.2018.0044},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {Real-time communication and information flows among vehicles, infrastructure, travelers' smartphones and service providers' backend systems constitute the everyday experience of the Internet of Things (IoT) in the transport sector. Prediction Errors (PEs), either as outcomes of imperfect model performance or as exploitation of model vulnerabilities to compromise the security of the system, can affect the Quality of Service (QoS) of transport systems. This paper contributes to the research literature in trust in IoT for transport. It does so by developing a methodological framework to quantify the users' impacts of prediction reliability in IoT-enabled mobility services. We apply such framework to London's bike sharing scheme. Two predictive algorithms are used to forecast bike availabilities at different docking stations. Prediction errors affect the reliability of information provided in real time to bike users, and hence the utility accrued by users from the information provided. The variation in consumer surplus for increased reliability and the dissatisfaction of the users are analyzed through simulation. The results demonstrate the impact of predictive algorithms on the QoS of transport services and highlight the value of data collection for empirical estimations.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-ghirardello_cyber_2018,

title = {Cyber security of smart homes: development of a reference architecture for attack surface analysis},

author = {Kevin Ghirardello and Carsten Maple and D. Ng and P. Kearney},

url = {https://doi.org/10.1049%2Fcp.2018.0045},

doi = {10.1049/cp.2018.0045},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {Recent advances in pervasive computing have caused a rapid growth of the Smart Home market, where a number of otherwise mundane pieces of technology are capable of connecting to the Internet and interacting with other similar devices. However, with the lack of a commonly adopted set of guidelines, several IT companies are producing smart devices with their own proprietary standards, leading to highly heterogeneous Smart Home systems in which the interoperability of the present elements is not always implemented in the most straightforward manner. As such, understanding the cyber risk of these cyber-physical systems beyond the individual devices has become an almost intractable problem. This paper tackles this issue by introducing a Smart Home reference architecture which facilitates security analysis. Being composed by three viewpoints, it gives a high-level description of the various functions and components needed in a domestic IoT device and network. Furthermore, this document demonstrates how the architecture can be used to determine the various attack surfaces of a home automation system from which its key vulnerabilities can be determined.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-ivanov_cyber_2018,

title = {Cyber Security Standards and Issues in V2X Communications for Internet of Vehicles},

author = {I. Ivanov and Carsten Maple and Tim Watson and Sang-Woo Lee},

url = {https://doi.org/10.1049%2Fcp.2018.0046},

doi = {10.1049/cp.2018.0046},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {Significant developments have taken place over the past few years in the area of vehicular communication systems in the ITS environment. It is vital that, in these environments, security is considered in design and implementation since compromised vulnerabilities in one vehicle can be propagated to other vehicles, especially given that V2X communication is through an ad-hoc type network. Recently, many standardisation organisations have been working on creating international standards related to vehicular communication security and the so-called Internet of Vehicles (IoV). This paper presents a discussion of current V2X communications cyber security issues and standardisation approaches being considered by standardisation bodies such as the ISO, the ITU, the IEEE, and the ETSI.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-nurse_if_2018,

title = {If you can't understand it, you can't properly assess it! The reality of assessing security risks in Internet of Things systems},

author = {Jason R. C. Nurse and Petar Radanliev and Sadie Creese and David Charles De Roure},

url = {https://doi.org/10.1049%2Fcp.2018.0001},

doi = {10.1049/cp.2018.0001},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {Security risk assessment methods have served us well over the last two decades. As the complexity, pervasiveness and automation of technology systems increases, particularly with the Internet of Things (IoT), there is a convincing argument that we will need new approaches to assess risk and build system trust. In this article, we report on a series of scoping workshops and interviews with industry professionals (experts in enterprise systems, IoT and risk) conducted to investigate the validity of this argument. Additionally, our research aims to consult with these professionals to understand two crucial aspects. Firstly, we seek to identify the wider concerns in adopting IoT systems into a corporate environment, be it a smart manufacturing shop floor or a smart office. Secondly, we investigate the key challenges for approaches in industry that attempt to effectively and efficiently assess cyber-risk in the IoT.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-radanliev_economic_2018,

title = {Economic impact of IoT cyber risk - analysing past and present to predict the future developments in IoT risk analysis and IoT cyber insurance},

author = {Petar Radanliev and David Charles De Roure and Stacy Cannady and Rafael Mantilla Montalvo and Razvan Nicolescu and Michael Huth},

url = {https://doi.org/10.1049%2Fcp.2018.0003},

doi = {10.1049/cp.2018.0003},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {This paper is focused on mapping the current evolution of Internet of Things (IoT) and its associated cyber risks for the Industry 4.0 (I4.0) sector. We report the results of a qualitative empirical study that correlates academic literature with 14 - I4.0 frameworks and initiatives. We apply the grounded theory approach to synthesise the findings from our literature review, to compare the cyber security frameworks and cyber security quantitative impact assessment models, with the world leading I4.0 technological trends. From the findings, we build a new impact assessment model of IoT cyber risk in Industry 4.0. We therefore advance the efforts of integrating standards and governance into Industry 4.0 and offer a better understanding of economics impact assessment models for I4.0.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-blythe_consumer_2018,

title = {The Consumer Security Index for IoT: A protocol for developing an index to improve consumer decision making and to incentivize greater security provision in IoT devices},

author = {John M. Blythe and Shane D. Johnson},

url = {https://doi.org/10.1049%2Fcp.2018.0004},

doi = {10.1049/cp.2018.0004},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {Consumer IoT devices often lack adequate in-built security, giving rise to newer forms of threats and crime risks. Security should be designed into devices but at present there is little incentive for manufacturers to do so consistently. Additionally, consumers are not given simple information at the point of purchase, in user manuals or other materials to help them assess the security of devices. Consumers are therefore not afforded the opportunity to understand the level of security devices offer. Consumer rating indices (e.g. food traffic light labels) can provide this opportunity to aid consumer choice. This research aims to co-develop a consumer security index (CSI), with consumers and security experts, to aid consumer decision making and incentivise greater security provision in the manufacture of IoT devices. In this paper, we focus on the methodology for the development of the index. Through a focus group with IoT security experts, Study 1 will identify security features that consumer IoT devices should provide. Study 2 will employ an online survey to identify consumer preferences concerning the disclosure of security and privacy features that devices provide, and focus groups will help to co-design the CSI by discussing the information value, appeal and likely engagement of a security index label. To better understand the current situation, Study 3 will develop a matrix of different classes of IoT devices manually coded according to the CSI for a sample of devices. Study 4 will explore the use of natural language processing to extract data from device user manuals to identify what information is communicated about the security features, as well as, what crime prevention messaging is provided by manufacturers. The project will use a formal methodology to develop a CSI that is co-designed with experts and consumers. The ultimate aims are to encourage the use of the index to help inform consumer choice, and to lever market action so that IoT devices are shipped with security features in-built.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-kleek_respectful_2018,

title = {Respectful things: adding social intelligence to 'smart' devices},

author = {Max Goodwin Van Kleek and William Seymour and Reuben Daniel Binns and Nigel R. Shadbolt},

url = {https://doi.org/10.1049%2Fcp.2018.0006},

doi = {10.1049/cp.2018.0006},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {In this paper, we propose that the idea of devices respecting their end-users may serve as a strong design goal for highly personal and intimate smart devices. We ask what respect is, how it shapes interaction, and how good-faith simulation of respect might inform user-friendly smart device design. Respect is a natural and integral part of natural human relationships that is seen to shape work and personal relations. In a basic sense, this is the core purpose of smart things: we expect them to be ready and willing to help us. In this vein, we distill the characteristics of more complex respectful behaviours into 4 main types relevant to smart devices, drawing from philosophical analyses of the conceptual dimensions of respect: directive respect, obstacle respect, recognition respect, and care respect. We discuss the implications of each of these kinds of respect for the future of smart personal devices.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-mikusz_raising_2018,

title = {Raising Awareness of IoT Sensor Deployments},

author = {Mateusz Mikusz and Steven Houben and Nigel Davies and K. Moessner and Marc Langheinrich},

url = {https://doi.org/10.1049%2Fcp.2018.0009},

doi = {10.1049/cp.2018.0009},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {The IoT is increasingly being used to support smart spaces and physical analytics and yet much of this smartness is made deliberately invisible to the user - echoing Weiser's vision of calm computing and technology that fades into the background. However, this means that users may not be aware or may not understand how the IoT is being deployed in their area. In other domains we know that a lack of awareness and a lack of understanding can lead to poor user experience and frustration, mistrust, suspicion, inability to capitalise on benefits and security vulnerabilities. In this paper, we present preliminary work that explores the issue of user awareness of IoT-based data collection.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-wachter_ethical_2018,

title = {Ethical and normative challenges of identification in the Internet of Things},

author = {Sandra Wachter},

url = {https://doi.org/10.1049%2Fcp.2018.0013},

doi = {10.1049/cp.2018.0013},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {A defining characteristic of the Internet of Things (IoT) is pervasive collection and linkage of user data to provide personalised experiences. To enable this functionality, IoT devices and services must be connected and share data about users' interactions with multiple nodes in the network. Consistent identification of users and devices across the network is likewise necessary. These aspects of the IoT can pose risks to user privacy. Potentially invasive inferences can be drawn from linked datasets, including data generated through usage of connected devices and services. The forthcoming General Data Protection Regulation (GDPR) contains numerous provisions relevant to the risks posed by identification technologies. However, the strict legal requirements defined in the Articles of the GDPR may be insufficient to ensure a fair balance is struck between user's interests in privacy and the interests of IoT developers and data controllers. To address this gap, this paper proposes a three-step transparency model based on known privacy risks of the IoT, weaknesses in relevant legally binding provisions in the GDPR, and the GDPR's governing principles. Eleven guidelines aimed at IoT developers and data controllers are described addressing how information about the functionality of IoT devices and services should be shared with users. The guidelines describe ethically desirable standards to be adhered to in addition to the GDPR's legally binding requirements. To demonstrate how the guidelines could apply in practice and alter the design choices and practices of IoT developers and data controllers, connected cars are considered as a use case.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-wakenshaw_mechanisms_2018,

title = {Mechanisms for Meaningful Consent in Internet of Things},

author = {Susan Y. L. Wakenshaw and Carsten Maple and M. C. Schraefel and Richard Gomer and Kevin Ghirardello},

url = {https://doi.org/10.1049%2Fcp.2018.0014},

doi = {10.1049/cp.2018.0014},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {Consent is a key measure for privacy protection and needs to be `meaningful' to give people informational power. It is increasingly important that individuals are provided with real choices and are empowered to negotiate for meaningful consent. Meaningful consent is an important area for consideration in IoT systems since privacy is a significant factor impacting on adoption of IoT. Obtaining meaningful consent is becoming increasingly challenging in IoT environments. It is proposed that an "apparency, pragmatic/semantic transparency model" adopted for data management could make consent more meaningful, that is, visible, controllable and understandable. The model has illustrated the why and what issues regarding data management for potential meaningful consent [1]. In this paper, we focus on the `how' issue, i.e. how to implement the model in IoT systems. We discuss apparency by focusing on the interactions and data actions in the IoT system; pragmatic transparency by centring on the privacy risks, threats of data actions; and semantic transparency by focusing on the terms and language used by individuals and the experts. We believe that our discussion would elicit more research on the apparency model' in IoT for meaningful consent.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-knowles_what_2018,

title = {What Children's Imagined Uses of the BBC micro:bit Tells Us About Designing for their IoT Privacy, Security and Safety},

author = {Brandin Hanson Knowles and Joe Finney and Sophie Beck and James Devine},

url = {https://doi.org/10.1049%2Fcp.2018.0015},

doi = {10.1049/cp.2018.0015},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {Ensuring that young people reap the benefits of the Internet of Things requires proactively attending to the risks they may encounter in entering the world this new technology affords. The e-safety guidelines currently taught in UK schools may not sufficiently prepare children for navigating the risks that come with connected devices. In this paper we describe initial results from the PETRAS project IoT4Kids, exploring the privacy and security implications of children programming the BBC micro:bit, an IoT-ready device designed for children. We report on children's (ages 9-10) likely uses of the micro:bit and discuss their implications, highlighting shortcomings of e-safety education and policy guidelines for such uses.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-milton_smart_2018,

title = {Smart IoT and Soft AI},

author = {Richard Milton and Duncan Hay and Steven Gray and Boyana Buyuklieva and Andrew Hudson-Smith},

url = {https://doi.org/10.1049%2Fcp.2018.0016},

doi = {10.1049/cp.2018.0016},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {Soft artificial intelligence (AI) is defined as non-sentient AI designed to perform close to human level in one specific domain. This is in contrast to "Artificial General Intelligence" (AGI) which solves the problem for human level intelligence across all domains. Soft AI is a reality now in the new generation of smart Internet of Things devices like Amazon's Alexa, Apple's Siri or Microsoft's Cortana, giving rise to concerns about privacy and how the technology is being used. This research is based around an experiment in "AI as a service" where fifteen chatbot agents using Google's "Dialogflow" are deployed around the Queen Elizabeth Olympic Park in London for the general public to interact with. The physical devices are 3D printed representations of creatures living in the park, designed to fit with the park's biodiversity remit. Park visitors interact with the creatures via their mobile phones, engaging in a conversation where the creature offers to tell them a memory in exchange for one of their own, while warning them that anything they say might be repeated to others. The scope of the work presented here is as follows. After explaining the details of the deployment and three month study, the conversational data collected from visitors is then analysed. Following a review of the current literature, techniques for working with the unstructured natural language data are developed, leading to recommendations for the design of future conversational "chatbot" agents. The results show distinct patterns of conversation, from simple and direct "verb plus noun" commands to complex sentence structure. How users interact with the agents, given that they are conversing with a mechanism, is discussed and contrasted with the memories that they have agreed to share. The conclusion drawn from this work is that, while the current generation of devices only listen for commands from users, there is a danger that smart IoT devices in the future can be used as active information probes unless properly understood and regulated. We finish with observations on privacy and security based on our experiences here.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-hay_iot_2018,

title = {IoT in the wild: what negotiating public deployments can tell us about the state of the Internet of Things},

author = {Duncan Hay and Boyana Buyuklieva and J. Daothong and B. Edmonds and Andrew Hudson-Smith and Richard Milton and J. Wood},

url = {https://doi.org/10.1049%2Fcp.2018.0017},

doi = {10.1049/cp.2018.0017},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {The promise of IoT technologies is such that they represent as big a social and economic change as the invention of the Internet itself. From the way people consume media in their homes to structural changes in global employment through improved automation, IoT has the potential to touch all aspects of peoples everyday lives at domestic, national, and international scales. The size of this change and the unpredictability of the potential social effects of these technologies is precisely what makes research into them urgent, yet at the same time it is this scale and unpredictability that makes this research challenging to conduct. In the field of Human Computer Interaction, methodologies such as `in-the-wild' research, in which the emergent properties of a technology are discovered through the design and deployment of a device or system outside of the laboratory and in collaboration with the people with whom it is envisioned to be used by, have emerged to deal with some of these issues. Yet beyond the findings garnered through direct user engagement, negotiating an in-the-wild study is itself a challenging proposition: the needs of researchers, technology hosts, and potential user groups must be balanced, and the potential affordances of a technology are limited by their acceptability with these stakeholders. With reference to `Tales of the Park', a publicfacing IoT deployment developed in partnership with Queen Elizabeth Olympic Park, this paper outlines some of the key points of negotiation that made the deployment possible, and contends that these indicate broader social anxieties about the future direction of the Internet of Things.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-lindley_informed_2018,

title = {Informed by Design},

author = {Joseph Galen Lindley and Paul Coulton and Rachel Cooper},

url = {https://doi.org/10.1049%2Fcp.2018.0022},

doi = {10.1049/cp.2018.0022},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {The current (and future) adoption of the IoT has, for some time, stimulated debate about the broader implications for privacy, ethics, trust and security that the IoT. Given the IoT's penchant for generating and utilising various (oftentimes somewhat personal) data, the European Union's (EU) forthcoming General Data Protection Regulations (GDPR) will have a significant impact on how the IoT is regulated. As with the term IoT the interpretation of GDPR is generating its own discourses particularly around how wording within the regulation is turned into implementation. The paper begins by critiquing the term Privacy by Design (PbD), and an alternate form which appears in article 25 of the GDPR Data protection by design and default. We note that these two phrases are in fact part of a broader group which inexhaustively includes: Security by Design, Privacy by Default, Security by Default, Data Protection by Design, Data Protection by Default. Our critique does not concern the sentiments or intentions represented by these phrases, or PbD per se, but highlights ambiguities and potentially misleading interpretations that their invocation promotes. After exploring these potential pitfalls, we go on to discuss design-led research that positions Informed by Design as a more fruitful approach to creating IoT devices and services which can more meaningfully respond to concerns about privacy, ethics, trust and security.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-brass_standardising_2018,

title = {Standardising a Moving Target: The Development and Evolution of IoT Security Standards},

author = {Irina Brass and Leonie Maria Tanczer and Madeline Carr and Miles Elsden and Jason J. Blackstock},

url = {https://doi.org/10.1049%2Fcp.2018.0024},

doi = {10.1049/cp.2018.0024},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {The standards landscape for IoT security is currently developing in a fragmented manner. This paper provides a review of the main IoT security standards and guidelines that have been developed by formal standardisation organisations and transnational industry associations and interest alliances to date. The review makes three main contributions to the study of current IoT standards-development processes. First, governments and regulatory agencies in the EU and the US are increasingly considering the promotion of baseline IoT security requirements, achieved through public procurement obligations and cybersecurity certification schemes. Second, the analysis reveals that the IoT security standards landscape is dominated by de facto standards initiated by a diverse range of industry associations across the IoT ecosystem. Third, the paper identifies a number of key challenges for IoT security standardisation, most notably: a) the difficulty of setting a baseline for IoT security across all IoT applications and domains; and b) the difficulty of monitoring the adoption, implementation and effectiveness of IoT security standards and best practices. The paper consequently contributes to a better understanding of the evolution of IoT security standards and proposes a more coherent standards development and deployment approach.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-chizari_randomness_2018,

title = {Randomness of physiological signals in generation cryptographic key for secure communication between implantable medical devices inside the body and the outside world},

author = {Hassan Chizari and Emil C. Lupu and Paula Thomas},

url = {https://doi.org/10.1049%2Fcp.2018.0027},

doi = {10.1049/cp.2018.0027},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {A physiological signal must have a certain level of randomness inside it to be a good source of randomness for generating cryptographic key. Dependency to the history is one of the measures to examine the strength of a randomness source. In dependency to the history, the adversary has infinite access to the history of generated random bits from the source and wants to predict the next random number based on that. Although many physiological signals have been proposed in literature as good source of randomness, no dependency to history analysis has been carried out to examine this fact. In this paper, using a large dataset of physiological signals collected from PhysioNet, the dependency to history of Interpuls Interval (IPI), QRS Complex, and EEG signals (including Alpha, Beta, Delta, Gamma and Theta waves) were examined. The results showed that despite the general assumption that the physiological signals are random, all of them are weak sources of randomness with high dependency to their history. Among them, Alpha wave of EEG signal shows a much better randomness and is a good candidate for post-processing and randomness extraction algorithm.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-sun_random_2018,

title = {Random Number Generation Using Inertial Measurement Unit Signals for On-Body IoT Devices},

author = {Yingnan Sun and Benny P. L. Lo},

url = {https://doi.org/10.1049%2Fcp.2018.0028},

doi = {10.1049/cp.2018.0028},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {With increasing popularity of wearable and implantable technologies for medical applications, there is a growing concern on the security and data protection of the on-body Internet-ofThings (IoT) devices. As a solution, cryptographic system is often adopted to encrypt the data, and Random Number Generator (RNG) is of vital importance to such system. This paper proposes a new random number generation method for securing on-body IoT devices based on temporal signal variations of the outputs of the Inertial Measurement Units (IMU) worn by the users while walking. As most new wearable and implantable devices have built-in IMUs and walking gait signals can be extracted from these body sensors, this method can be applied and integrated into the cryptographic systems of these new devices. To generate the random numbers, this method divides IMU signals into gait cycles and generates bits by comparing energy differences between the sensor signals in a gait cycle and the averaged IMU signals in multiple gait cycles. The generated bits are then re-indexed in descending order by the absolute values of the associated energy differences to further randomise the data and generate high-entropy random numbers. Two datasets were used in the studies to generate random numbers, where were rigorously tested and passed four well-known randomness test suites, namely NIST-STS, ENT, Dieharder, and RaBiGeTe.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-mace_multi_2018,

title = {A multi-modelling based approach to assessing the security of smart buildings},

author = {John C. Mace and Charles Morisset and K. Pierce and C. Gamble and Carsten Maple and J. Fitzgerald},

url = {https://doi.org/10.1049%2Fcp.2018.0031},

doi = {10.1049/cp.2018.0031},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {Smart buildings are controlled by multiple cyber-physical systems that provide critical services such as heating, ventilation, lighting and access control. These building systems are becoming increasingly vulnerable to both cyber and physical attacks. We introduce a multi-model methodology for assessing the security of these systems, which utilises INTO-CPS, a suite of modelling, simulation, and analysis tools for designing cyber-physical systems. Using a fan coil unit case study we show how its security can be systematically assessed when subjected to Man-in-the-Middle attacks on the data connections between system components. We suggest our methodology would enable building managers and security engineers to design attack countermeasures and refine their effectiveness.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-madaan_observing_2018,

title = {Observing Data in IoT Worlds: What and How to Observe?},

author = {Aastha Madaan and Xin Wang and Wendy Hall and Thanassis Tiropanis},

url = {https://doi.org/10.1049%2Fcp.2018.0032},

doi = {10.1049/cp.2018.0032},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {The widespread adoption of "smart devices' and sensors in various domains such as, transport, home, critical infrastructure, and wellbeing has given rise to highly dynamic data ecosystems. The data in these ecosystems is a goldmine for data-driven decision making for a variety of stakeholders. These stakeholders exploit multiple device capabilities, re-purpose and re-contextualize data collected by the devices for a number of applications. Such IoT ecosystem(s) mandate data sharing at both small and large scale. However, sensitive nature of IoT data, lack of prior knowledge of purpose of data-use, regulations and standards make data sharing a non-trivial problem. It also raises concerns of data trust, ownership, and accountability. In this paper, we scope the "IoT Observatory" infrastructure to enable various stakeholders to observe and analyse the data and methodologies in IoT enabled ecosystems. It details the architectural components of IoT observatory and describe how its socio-technical lens can identify technical and ethical challenges for sharing IoT data. The paper further explains applicability of the observatory infrastructure in a smart city ecosystem. The main contributions of the paper are: (i) the definition of trust, accountability, transparency in context of IoT observatory; (ii) identification of variables that can be observed through IoT observatory for establishing trust and transparency in data sharing; and (iii) use of data access traces on IoT observatory to explain ownership and accountability.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-tanczer_emerging_2018,

title = {Emerging risks in the IoT ecosystem: Who's afraid of the big bad smart fridge?},

author = {Leonie Maria Tanczer and Ine Steenmans and Miles Elsden and Jason J. Blackstock and Madeline Carr},

url = {https://doi.org/10.1049%2Fcp.2018.0033},

doi = {10.1049/cp.2018.0033},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {Rapid technological innovations, including the emergence of the Internet of Things (IoT), introduce a range of uncertainties, opportunities, and risks. While it is not possible to accurately foresee IoT's myriad ramifications, futures and foresight methodologies allow for the exploration of plausible futures and their desirability. Drawing on the futures and foresight literature, the current paper employs a standardised expert elicitation approach to study emerging risk patterns in descriptions of IoT risk scenarios. We surveyed 19 IoT experts between January and February 2018 using an online questionnaire. The submitted scenarios provided expert's perception of evolving IoT risk trajectories and were evaluated using thematic analysis, a method used to identify and report patterns within data. Four common themes were extracted: physical safety; crime and exploitation; loss of control; and social norms and structures. These themes provide suitable analytical tools to contextualise emerging risks and help detecting gaps about security and privacy challenges in the IoT.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-anthi_pulse_2018,

title = {Pulse: an adaptive intrusion detection for the internet of things},

author = {Eirini Anthi and Lowri Williams and Peter Burnap},

url = {https://doi.org/10.1049%2Fcp.2018.0035},

doi = {10.1049/cp.2018.0035},

isbn = {978-1-78561-843-7},

year  = {2018},

date = {2018-03-28},

booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},

publisher = {Institution of Engineering and Technology},

abstract = {The number of diverse interconnected Internet of Things (IoT) devices keeps increasing exponentially, introducing new security and privacy challenges. These devices tend to become more pervasive than mobile phones and already have access to very sensitive personal information such as usernames, passwords, etc., making them a target for cyber-attacks. Given that smart devices are vulnerable to a variety of attacks, they can be considered to be the weakest link for breaking into a secure infrastructure. For instance, IoT devices have recently been employed as part of botnets, such as Mirai, and have launched several of the largest Distributed Denial of Service (DDoS) and spam attacks in history. As a result, there is a need to develop an Intrusion Detection System (IDS) dedicated to monitor IoT ecosystems, which will be able to adapt to this heterogeneous environment and detect malicious activity on the network. In this paper, we describe the initial stages of developing Pulse; a novel IDS for the IoT, which employs Machine Learning (ML) methodologies and is capable of successfully identifying network scanning probing and simple forms of Denial of Service (DoS) attacks.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-seymour_detecting_2018,

title = {Detecting Bias: Does an Algorithm Have to Be Transparent in Order to Be Fair?},

author = {William Seymour},

url = {http://ceur-ws.org/Vol-2103/},

isbn = {1613-0073},

year  = {2018},

date = {2018-03-25},

booktitle = {BIAS --- Bias in Information, Algorithms, and Systems iConference 2018},

address = {Sheffield, UK},

abstract = {The most commonly cited solution to problems surrounding algorithmic fairness is increased transparency. But how do we reconcile this point of view with the state of the art? Many of the most effective modern machine learning methods (such as neural networks) can have millions of variables, defying human understanding. This paper decomposes the quest for transparency and examines two of the options available using technical examples. By considering some of the current uses of machine learning and using human decision making as a null hypothesis, I suggest that pursuing transparent outcomes is the way forward, with the quest for transparent algorithms being a lost cause.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-berthelot_tomographic_2018,

title = {Tomographic probe for perfusion analysis in deep layer tissue},

author = {Melissa Berthelot and Guang-Zhong Yang and Benny P. L. Lo},

url = {https://doi.org/10.1109%2Fbsn.2018.8329665},

doi = {10.1109/bsn.2018.8329665},

year  = {2018},

date = {2018-03-04},

booktitle = {2018 IEEE 15th International Conference on Wearable and Implantable Body Sensor Networks (BSN)},

publisher = {IEEE},

abstract = {Continuous buried soft tissue free flap postoperative monitoring is crucial to detect flap failure and enable early intervention. In this case, clinical assessment is challenging as the flap is buried and only implantable or hand held devices can be used for regular monitoring. These devices have limitations in their price, usability and specificity. Near-infrared spectroscopy (NIRS) has shown promising results for superficial free flap postoperative monitoring, but it has not been considered for buried free flap, mainly due to the limited penetration depth of conventional approaches. A wearable wireless tomographic probe has been developed for continuous monitoring of tissue perfusion at different depths. Using the NIRS method, blood flow can be continuously measured at different tissue depths. This device has been designed following conclusions of extensive computerised simulations and it has been validated using a vascular phantom.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-sun_artificial_2018,

title = {An artificial neural network framework for lower limb motion signal estimation with foot-mounted inertial sensors},

author = {Yingnan Sun and Guang-Zhong Yang and Benny P. L. Lo},

url = {https://doi.org/10.1109%2Fbsn.2018.8329676},

doi = {10.1109/bsn.2018.8329676},

year  = {2018},

date = {2018-03-04},

booktitle = {2018 IEEE 15th International Conference on Wearable and Implantable Body Sensor Networks (BSN)},

publisher = {IEEE},

abstract = {This paper proposes a novel artificial neural network based method for real-time gait analysis with minimal number of Inertial Measurement Units (IMUs). Accurate lower limb attitude estimation has great potential for clinical gait diagnosis for orthopaedic patients and patients with neurological diseases. However, the use of multiple wearable sensors hinder the ubiquitous use of inertial sensors for detailed gait analysis. This paper proposes the use of two IMUs mounted on the shoes to estimate the IMU signals at the shin, thigh and waist for accurate attitude estimation of the lower limbs. By using the artificial neural network framework, the gait parameters, such as angle, velocity and displacements of the IMUs can be estimated. The experimental results have shown that the proposed method can accurately estimate the IMUs signals on the lower limbs based only on the IMU signals on the shoes, which demonstrates its potential for lower limb motion tracking and real-time gait analysis.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-oehmichen_etriks_2017,

title = {eTRIKS analytical environment: A modular high performance framework for medical data analysis},

author = {Axel Oehmichen and Florian Guitton and Kai Sun and Jean Grizet and Thomas Heinis and Yike Guo},

url = {https://doi.org/10.1109%2Fbigdata.2017.8257945},

doi = {10.1109/bigdata.2017.8257945},

year  = {2017},

date = {2017-12-11},

booktitle = {2017 IEEE International Conference on Big Data (Big Data)},

publisher = {IEEE},

abstract = {Translational research is quickly becoming a science driven by big data. Improving patient care, developing personalized therapies and new drugs depend increasingly on an organization's ability to rapidly and intelligently leverage complex molecular and clinical data from a variety of large-scale partner and public sources. As analysing these large-scale datasets becomes computationally increasingly expensive, traditional analytical engines are struggling to provide a timely answer to the questions that biomedical scientists are asking. Designing such a framework is developing for a moving target as the very nature of biomedical research based on big data requires an environment capable of adapting quickly and efficiently in response to evolving questions. The resulting framework consequently must be scalable in face of large amounts of data, flexible, efficient and resilient to failure. In this paper we design the eTRIKS Analytical Environment (eAE), a scalable and modular framework for the efficient management and analysis of large scale medical data, in particular the massive amounts of data produced by high-throughput technologies. We particularly discuss how we design the eAE as a modular and efficient framework enabling us to add new components or replace old ones easily. We further elaborate on its use for a set of challenging big data use cases in medicine and drug discovery.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-chang_secure_2017,

title = {Secure Secret Sharing in the Cloud},

author = {Ching-Chun Chang and Chang-Tsun Li},

url = {https://doi.org/10.1109%2Fism.2017.67},

doi = {10.1109/ism.2017.67},

year  = {2017},

date = {2017-12-11},

booktitle = {2017 IEEE International Symposium on Multimedia (ISM)},

publisher = {IEEE},

abstract = {In this paper, we show how a dealer with limited resources is possible to share the secrets to players via an untrusted cloud server without compromising the privacy of the secrets. This scheme permits a batch of two secret messages to be shared to two players in such a way that the secrets are reconstructable if and only if two of them collaborate. An individual share reveals absolutely no information about the secrets to the player. The secret messages are obfuscated by encryption and thus give no information to the cloud server. Furthermore, the scheme is compatible with the Paillier cryptosystem and other cryptosystems of the same type. In light of the recent developments in privacy-preserving watermarking technology, we further model the proposed scheme as a variant of reversible watermarking in the encrypted domain.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-stringhini_marmite_2017,

title = {Marmite: Spreading Malicious File Reputation Through Download Graphs},

author = {Gianluca Stringhini and Yun Shen and Yufei Han and Xiangliang Zhang},

url = {https://doi.org/10.1145%2F3134600.3134604},

doi = {10.1145/3134600.3134604},

year  = {2017},

date = {2017-12-04},

booktitle = {ACSAC 2017: Proceedings of the 33rd Annual Computer Security Applications Conference},

publisher = {ACM},

abstract = {Effective malware detection approaches need not only high accuracy, but also need to be robust to changes in the modus operandi of criminals. In this paper, we propose Marmite, a feature-agnostic system that aims at propagating known malicious reputation of certain files to unknown ones with the goal of detecting malware. Marmite does this by looking at a graph that encapsulates a comprehensive view of how files are downloaded (by which hosts and from which servers) on a global scale. The reputation of files is then propagated across the graph using semi-supervised label propagation with Bayesian confidence. We show that Marmite is able to reach high accuracy (0.94 G-mean on average) over a 10-day dataset of 200 million download events. We also demonstrate that Marmite's detection capabilities do not significantly degrade over time, by testing our system on a 30-day dataset of 660 million download events collected six months after the system was tuned and validated. Marmite still maintains a similar accuracy after this period of time.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-weissbacher_ex_2017,

title = {Ex-Ray: Detection of History-Leaking Browser Extensions},

author = {Michael Weissbacher and Enrico Mariconti and Guillermo Suarez-Tangil and Gianluca Stringhini and William Robertson and Engin Kirda},

url = {https://doi.org/10.1145%2F3134600.3134632},

doi = {10.1145/3134600.3134632},

year  = {2017},

date = {2017-12-04},

booktitle = {ACSAC 2017: Proceedings of the 33rd Annual Computer Security Applications Conference},

publisher = {ACM},

abstract = {Web browsers have become the predominant means for developing and deploying applications, and thus they often handle sensitive data such as social interactions or financial credentials and information. As a consequence, defensive measures such as TLS, the Same-Origin Policy (SOP), and Content Security Policy (CSP) are critical for ensuring that sensitive data remains in trusted hands. 

 Browser extensions, while a useful mechanism for allowing third-party extensions to core browser functionality, pose a security risk in this regard since they have access to privileged browser APIs that are not necessarily restricted by the SOP or CSP. Because of this, they have become a major vector for introducing malicious code into the browser. Prior work has led to improved security models for isolating and sandboxing extensions, as well as techniques for identifying potentially malicious extensions. The area of privacy-violating browser extensions has so far been covered by manual analysis and systems performing search on specific text on network traffic. However, comprehensive content-agnostic systems for identifying tracking behavior at the network level are an area that has not yet received significant attention. 

 In this paper, we present a dynamic technique for identifying privacy-violating extensions in Web browsers that relies solely on observations of the network traffic patterns generated by browser extensions. We then present Ex-Ray, a prototype implementation of this technique for the Chrome Web browser, and use it to evaluate all extensions from the Chrome store with more than 1,000 installations (10,691 in total). Our evaluation finds new types of tracking behavior not covered by state of the art systems. Finally, we discuss potential browser improvements to prevent abuse by future user-tracking extensions.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}

@inproceedings{proc-in-lin_end_2017,

title = {End-to-End Correspondence and Relationship Learning of Mid-Level Deep Features for Person Re-Identification},

author = {Shan Lin and Chang-Tsun Li},

url = {https://doi.org/10.1109%2Fdicta.2017.8227426},

doi = {10.1109/dicta.2017.8227426},

year  = {2017},

date = {2017-11-29},

booktitle = {2017 International Conference on Digital Image Computing: Techniques and Applications (DICTA)},

publisher = {IEEE},

abstract = {In this paper, a unified deep convolutional architecture is proposed to address the problems in the person re-identification task. The proposed method adaptively learns the discriminative deep mid-level features of a person and constructs the correspondence features between an image pair in a data-driven manner. The previous Siamese structure deep learning approaches focus only on pair-wise matching between features. In our method, we consider the latent relationship between mid-level features and propose a network structure to automatically construct the correspondence features from all input features without a pre-defined matching function. The experimental results on three benchmarks VIPeR, CUHK01 and CUHK03 show that our unified approach improves over the previous state-of-the-art methods.},

keywords = {},

pubstate = {published},

tppubtype = {inproceedings}

}