Explore PETRAS's research knowledge base of peer reviewed, multidisciplinary publications.
201. Leyva, Roberto; Sanchez, Victor; Li, Chang-Tsun: Fast Detection of Abnormal Events in Videos with Binary Features. In: 2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), IEEE, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-leyva_fast_2018,
title = {Fast Detection of Abnormal Events in Videos with Binary Features},
author = {Roberto Leyva and Victor Sanchez and Chang-Tsun Li},
url = {https://doi.org/10.1109%2Ficassp.2018.8461759},
doi = {10.1109/icassp.2018.8461759},
year = {2018},
date = {2018-04-15},
booktitle = {2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)},
publisher = {IEEE},
abstract = {Millions of surveillance cameras are currently installed in public places around the world, making it necessary to intelligently analyse the acquired data to detect the occurrence of abnormal events. A vast number of methods to detect such events have been recently proposed; unfortunately, there is a lack of methods capable of detecting these events as frames are acquired, also known as online processing. In this paper, we present an online framework for video anomaly detection that employs binary features to encode motion information, and low-complexity probabilistic models for detection. Evaluation results on the popular UCSD dataset and on a recently introduced real-event video surveillance dataset show that our framework outperforms non-online and online methods.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
202. Veale, Michael; Binns, Reuben Daniel; Ausloos, Jef: When data protection by design and data subject rights clash. In: vol. 8, no. 2, pp. 105–123, 2018. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric) @article{art-veale_when_2018,
title = {When data protection by design and data subject rights clash},
author = {Michael Veale and Reuben Daniel Binns and Jef Ausloos},
url = {https://doi.org/10.1093%2Fidpl%2Fipy002},
doi = {10.1093/idpl/ipy002},
year = {2018},
date = {2018-04-04},
volume = {8},
number = {2},
pages = {105--123},
publisher = {Oxford University Press (OUP)},
abstract = {Data protection by design (DPbD), a holistic approach to embedding principles in technical and organizational measures undertaken by data controllers, building on the notion of Privacy by Design, is now a qualified duty in the GDPR.
Practitioners have seen DPbD less holistically, instead framing it through the confidentiality-focussed lens of privacy enhancing technologies (PETs).
We show that some confidentiality-focussed DPbD strategies used by large data controllers leave data reidentifiable by capable adversaries while heavily limiting controllers' ability to provide data subject rights, such as access, erasure and objection, to manage this risk.
Informed by case studies of Apple's Siri voice assistant and Transport for London's Wi-Fi analytics, we suggest three main ways to make deployed DPbD more accountable and data subject-centric: building parallel systems to fulfil rights, including dealing with volunteered data; making inevitable trade-offs more explicit and transparent through Data Protection Impact Assessments; and through ex ante and ex post information rights (Articles 13-15), which we argue may require the provision of information concerning DPbD trade-offs.
Despite steep technical hurdles, we call both for researchers in PETs to develop rigorous techniques to balance privacy-as-control with privacy-as-confidentiality, and for DPAs to consider tailoring guidance and future frameworks to better oversee the trade-offs being made by primarily well-intentioned data controllers employing DPbD.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Practitioners have seen DPbD less holistically, instead framing it through the confidentiality-focussed lens of privacy enhancing technologies (PETs).
We show that some confidentiality-focussed DPbD strategies used by large data controllers leave data reidentifiable by capable adversaries while heavily limiting controllers' ability to provide data subject rights, such as access, erasure and objection, to manage this risk.
Informed by case studies of Apple's Siri voice assistant and Transport for London's Wi-Fi analytics, we suggest three main ways to make deployed DPbD more accountable and data subject-centric: building parallel systems to fulfil rights, including dealing with volunteered data; making inevitable trade-offs more explicit and transparent through Data Protection Impact Assessments; and through ex ante and ex post information rights (Articles 13-15), which we argue may require the provision of information concerning DPbD trade-offs.
Despite steep technical hurdles, we call both for researchers in PETs to develop rigorous techniques to balance privacy-as-control with privacy-as-confidentiality, and for DPAs to consider tailoring guidance and future frameworks to better oversee the trade-offs being made by primarily well-intentioned data controllers employing DPbD.203. Turner, Henry C. M.; Chizari, Hassan; Lupu, Emil C.: Step Intervals and Arterial Pressure in PVS Schemes. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-turner_step_2018,
title = {Step Intervals and Arterial Pressure in PVS Schemes},
author = {Henry C. M. Turner and Hassan Chizari and Emil C. Lupu},
url = {https://doi.org/10.1049%2Fcp.2018.0036},
doi = {10.1049/cp.2018.0036},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {We build upon the idea of Physiological Value Based Security schemes as a means of securing body sensor networks (BSN). Such schemes provide a secure means for sensors in a BSN to communicate with one another, as long as they can measure the same underlying physiological signal. This avoids the use of pre-distributed keys and allows re-keying to be done easily. Such techniques require identifying signals and encoding methods that can be used in the scheme. Hence we first evaluate step interval as our physiological signal, using existing modular encoding method and our proposed learned partitioning function as the encoding methods. We show that both of these are usable with the scheme and identify a suitable parametrisation. We then go on to evaluate arterial blood pressure using our proposed learned mean FFT coefficients method. We demonstrate that with the correct parameters this could also be used in the scheme. This further improves the usability of PVS schemes, by identify two more signals that could be used, as well as two encoding methods that may also be useful for other signals.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
204. Lombardi, Federico; Aniello, Leonardo; Angelis, Stefano De; Margheri, Andrea; Sassone, Vladimiro: A Blockchain-based Infrastructure for Reliable and Cost-effective IoT-aided Smart Grids. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-lombardi_blockchain_2018,
title = {A Blockchain-based Infrastructure for Reliable and Cost-effective IoT-aided Smart Grids},
author = {Federico Lombardi and Leonardo Aniello and Stefano De Angelis and Andrea Margheri and Vladimiro Sassone},
url = {https://doi.org/10.1049%2Fcp.2018.0042},
doi = {10.1049/cp.2018.0042},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {One of the main trends in the evolution of smart grids is transactive energy, where distributed energy resources, e.g. smart meters, develop towards Internet-of-Things (IoT) devices enabling prosumers to trade energy directly among each other, without the need of involving any centralised third party. The expected advantages in terms of cost-effectiveness would be significant, indeed technical solutions are being investigated and large-scale deployment are planned by major utilities companies. However, introducing transactive energy in the smart grid entails new security threats, such as forging energy transactions. This paper introduces an infrastructure to support reliable and cost-effective transactive energy, based on blockchain and smart contracts, where functionalities are implemented as fully decentralised applications. Energy transactions are stored in the blockchain, whose high replication level ensures stronger guarantees against tampering. Energy auctions are carried out according to transparent rules implemented as smart contracts, hence visible to all involved actors. Threats deriving from known vulnerabilities of smart meters are mitigated by temporarily keeping out exposed prosumers and updating their devices as soon as security patches become available.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
205. Latinopoulos, Charilaos; Daina, Nicolò; Polak, John W.: Trust in IoT-enabled mobility services: predictive analytics and the impact of prediction errors on the quality of service in bike sharing. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-latinopoulos_trust_2018,
title = {Trust in IoT-enabled mobility services: predictive analytics and the impact of prediction errors on the quality of service in bike sharing},
author = {Charilaos Latinopoulos and Nicol\`{o} Daina and John W. Polak},
url = {https://doi.org/10.1049%2Fcp.2018.0044},
doi = {10.1049/cp.2018.0044},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {Real-time communication and information flows among vehicles, infrastructure, travelers' smartphones and service providers' backend systems constitute the everyday experience of the Internet of Things (IoT) in the transport sector. Prediction Errors (PEs), either as outcomes of imperfect model performance or as exploitation of model vulnerabilities to compromise the security of the system, can affect the Quality of Service (QoS) of transport systems. This paper contributes to the research literature in trust in IoT for transport. It does so by developing a methodological framework to quantify the users' impacts of prediction reliability in IoT-enabled mobility services. We apply such framework to London's bike sharing scheme. Two predictive algorithms are used to forecast bike availabilities at different docking stations. Prediction errors affect the reliability of information provided in real time to bike users, and hence the utility accrued by users from the information provided. The variation in consumer surplus for increased reliability and the dissatisfaction of the users are analyzed through simulation. The results demonstrate the impact of predictive algorithms on the QoS of transport services and highlight the value of data collection for empirical estimations.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
206. Ghirardello, Kevin; Maple, Carsten; Ng, D.; Kearney, P.: Cyber security of smart homes: development of a reference architecture for attack surface analysis. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-ghirardello_cyber_2018,
title = {Cyber security of smart homes: development of a reference architecture for attack surface analysis},
author = {Kevin Ghirardello and Carsten Maple and D. Ng and P. Kearney},
url = {https://doi.org/10.1049%2Fcp.2018.0045},
doi = {10.1049/cp.2018.0045},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {Recent advances in pervasive computing have caused a rapid growth of the Smart Home market, where a number of otherwise mundane pieces of technology are capable of connecting to the Internet and interacting with other similar devices. However, with the lack of a commonly adopted set of guidelines, several IT companies are producing smart devices with their own proprietary standards, leading to highly heterogeneous Smart Home systems in which the interoperability of the present elements is not always implemented in the most straightforward manner. As such, understanding the cyber risk of these cyber-physical systems beyond the individual devices has become an almost intractable problem. This paper tackles this issue by introducing a Smart Home reference architecture which facilitates security analysis. Being composed by three viewpoints, it gives a high-level description of the various functions and components needed in a domestic IoT device and network. Furthermore, this document demonstrates how the architecture can be used to determine the various attack surfaces of a home automation system from which its key vulnerabilities can be determined.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
207. Ivanov, I.; Maple, Carsten; Watson, Tim; Lee, Sang-Woo: Cyber Security Standards and Issues in V2X Communications for Internet of Vehicles. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-ivanov_cyber_2018,
title = {Cyber Security Standards and Issues in V2X Communications for Internet of Vehicles},
author = {I. Ivanov and Carsten Maple and Tim Watson and Sang-Woo Lee},
url = {https://doi.org/10.1049%2Fcp.2018.0046},
doi = {10.1049/cp.2018.0046},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {Significant developments have taken place over the past few years in the area of vehicular communication systems in the ITS environment. It is vital that, in these environments, security is considered in design and implementation since compromised vulnerabilities in one vehicle can be propagated to other vehicles, especially given that V2X communication is through an ad-hoc type network. Recently, many standardisation organisations have been working on creating international standards related to vehicular communication security and the so-called Internet of Vehicles (IoV). This paper presents a discussion of current V2X communications cyber security issues and standardisation approaches being considered by standardisation bodies such as the ISO, the ITU, the IEEE, and the ETSI.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
208. Nurse, Jason R. C.; Radanliev, Petar; Creese, Sadie; Roure, David Charles De: If you can't understand it, you can't properly assess it! The reality of assessing security risks in Internet of Things systems. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-nurse_if_2018,
title = {If you can't understand it, you can't properly assess it! The reality of assessing security risks in Internet of Things systems},
author = {Jason R. C. Nurse and Petar Radanliev and Sadie Creese and David Charles De Roure},
url = {https://doi.org/10.1049%2Fcp.2018.0001},
doi = {10.1049/cp.2018.0001},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {Security risk assessment methods have served us well over the last two decades. As the complexity, pervasiveness and automation of technology systems increases, particularly with the Internet of Things (IoT), there is a convincing argument that we will need new approaches to assess risk and build system trust. In this article, we report on a series of scoping workshops and interviews with industry professionals (experts in enterprise systems, IoT and risk) conducted to investigate the validity of this argument. Additionally, our research aims to consult with these professionals to understand two crucial aspects. Firstly, we seek to identify the wider concerns in adopting IoT systems into a corporate environment, be it a smart manufacturing shop floor or a smart office. Secondly, we investigate the key challenges for approaches in industry that attempt to effectively and efficiently assess cyber-risk in the IoT.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
209. Radanliev, Petar; Roure, David Charles De; Cannady, Stacy; Montalvo, Rafael Mantilla; Nicolescu, Razvan; Huth, Michael: Economic impact of IoT cyber risk - analysing past and present to predict the future developments in IoT risk analysis and IoT cyber insurance. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-radanliev_economic_2018,
title = {Economic impact of IoT cyber risk - analysing past and present to predict the future developments in IoT risk analysis and IoT cyber insurance},
author = {Petar Radanliev and David Charles De Roure and Stacy Cannady and Rafael Mantilla Montalvo and Razvan Nicolescu and Michael Huth},
url = {https://doi.org/10.1049%2Fcp.2018.0003},
doi = {10.1049/cp.2018.0003},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {This paper is focused on mapping the current evolution of Internet of Things (IoT) and its associated cyber risks for the Industry 4.0 (I4.0) sector. We report the results of a qualitative empirical study that correlates academic literature with 14 - I4.0 frameworks and initiatives. We apply the grounded theory approach to synthesise the findings from our literature review, to compare the cyber security frameworks and cyber security quantitative impact assessment models, with the world leading I4.0 technological trends. From the findings, we build a new impact assessment model of IoT cyber risk in Industry 4.0. We therefore advance the efforts of integrating standards and governance into Industry 4.0 and offer a better understanding of economics impact assessment models for I4.0.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
210. Blythe, John M.; Johnson, Shane D.: The Consumer Security Index for IoT: A protocol for developing an index to improve consumer decision making and to incentivize greater security provision in IoT devices. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-blythe_consumer_2018,
title = {The Consumer Security Index for IoT: A protocol for developing an index to improve consumer decision making and to incentivize greater security provision in IoT devices},
author = {John M. Blythe and Shane D. Johnson},
url = {https://doi.org/10.1049%2Fcp.2018.0004},
doi = {10.1049/cp.2018.0004},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {Consumer IoT devices often lack adequate in-built security, giving rise to newer forms of threats and crime risks. Security should be designed into devices but at present there is little incentive for manufacturers to do so consistently. Additionally, consumers are not given simple information at the point of purchase, in user manuals or other materials to help them assess the security of devices. Consumers are therefore not afforded the opportunity to understand the level of security devices offer. Consumer rating indices (e.g. food traffic light labels) can provide this opportunity to aid consumer choice. This research aims to co-develop a consumer security index (CSI), with consumers and security experts, to aid consumer decision making and incentivise greater security provision in the manufacture of IoT devices. In this paper, we focus on the methodology for the development of the index. Through a focus group with IoT security experts, Study 1 will identify security features that consumer IoT devices should provide. Study 2 will employ an online survey to identify consumer preferences concerning the disclosure of security and privacy features that devices provide, and focus groups will help to co-design the CSI by discussing the information value, appeal and likely engagement of a security index label. To better understand the current situation, Study 3 will develop a matrix of different classes of IoT devices manually coded according to the CSI for a sample of devices. Study 4 will explore the use of natural language processing to extract data from device user manuals to identify what information is communicated about the security features, as well as, what crime prevention messaging is provided by manufacturers. The project will use a formal methodology to develop a CSI that is co-designed with experts and consumers. The ultimate aims are to encourage the use of the index to help inform consumer choice, and to lever market action so that IoT devices are shipped with security features in-built.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
211. Kleek, Max Goodwin Van; Seymour, William; Binns, Reuben Daniel; Shadbolt, Nigel R.: Respectful things: adding social intelligence to 'smart' devices. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-kleek_respectful_2018,
title = {Respectful things: adding social intelligence to 'smart' devices},
author = {Max Goodwin Van Kleek and William Seymour and Reuben Daniel Binns and Nigel R. Shadbolt},
url = {https://doi.org/10.1049%2Fcp.2018.0006},
doi = {10.1049/cp.2018.0006},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {In this paper, we propose that the idea of devices respecting their end-users may serve as a strong design goal for highly personal and intimate smart devices. We ask what respect is, how it shapes interaction, and how good-faith simulation of respect might inform user-friendly smart device design. Respect is a natural and integral part of natural human relationships that is seen to shape work and personal relations. In a basic sense, this is the core purpose of smart things: we expect them to be ready and willing to help us. In this vein, we distill the characteristics of more complex respectful behaviours into 4 main types relevant to smart devices, drawing from philosophical analyses of the conceptual dimensions of respect: directive respect, obstacle respect, recognition respect, and care respect. We discuss the implications of each of these kinds of respect for the future of smart personal devices.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
212. Mikusz, Mateusz; Houben, Steven; Davies, Nigel; Moessner, K.; Langheinrich, Marc: Raising Awareness of IoT Sensor Deployments. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-mikusz_raising_2018,
title = {Raising Awareness of IoT Sensor Deployments},
author = {Mateusz Mikusz and Steven Houben and Nigel Davies and K. Moessner and Marc Langheinrich},
url = {https://doi.org/10.1049%2Fcp.2018.0009},
doi = {10.1049/cp.2018.0009},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {The IoT is increasingly being used to support smart spaces and physical analytics and yet much of this smartness is made deliberately invisible to the user - echoing Weiser's vision of calm computing and technology that fades into the background. However, this means that users may not be aware or may not understand how the IoT is being deployed in their area. In other domains we know that a lack of awareness and a lack of understanding can lead to poor user experience and frustration, mistrust, suspicion, inability to capitalise on benefits and security vulnerabilities. In this paper, we present preliminary work that explores the issue of user awareness of IoT-based data collection.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
213. Wachter, Sandra: Ethical and normative challenges of identification in the Internet of Things. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-wachter_ethical_2018,
title = {Ethical and normative challenges of identification in the Internet of Things},
author = {Sandra Wachter},
url = {https://doi.org/10.1049%2Fcp.2018.0013},
doi = {10.1049/cp.2018.0013},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {A defining characteristic of the Internet of Things (IoT) is pervasive collection and linkage of user data to provide personalised experiences. To enable this functionality, IoT devices and services must be connected and share data about users' interactions with multiple nodes in the network. Consistent identification of users and devices across the network is likewise necessary. These aspects of the IoT can pose risks to user privacy. Potentially invasive inferences can be drawn from linked datasets, including data generated through usage of connected devices and services. The forthcoming General Data Protection Regulation (GDPR) contains numerous provisions relevant to the risks posed by identification technologies. However, the strict legal requirements defined in the Articles of the GDPR may be insufficient to ensure a fair balance is struck between user's interests in privacy and the interests of IoT developers and data controllers. To address this gap, this paper proposes a three-step transparency model based on known privacy risks of the IoT, weaknesses in relevant legally binding provisions in the GDPR, and the GDPR's governing principles. Eleven guidelines aimed at IoT developers and data controllers are described addressing how information about the functionality of IoT devices and services should be shared with users. The guidelines describe ethically desirable standards to be adhered to in addition to the GDPR's legally binding requirements. To demonstrate how the guidelines could apply in practice and alter the design choices and practices of IoT developers and data controllers, connected cars are considered as a use case.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
214. Wakenshaw, Susan Y. L.; Maple, Carsten; Schraefel, M. C.; Gomer, Richard; Ghirardello, Kevin: Mechanisms for Meaningful Consent in Internet of Things. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-wakenshaw_mechanisms_2018,
title = {Mechanisms for Meaningful Consent in Internet of Things},
author = {Susan Y. L. Wakenshaw and Carsten Maple and M. C. Schraefel and Richard Gomer and Kevin Ghirardello},
url = {https://doi.org/10.1049%2Fcp.2018.0014},
doi = {10.1049/cp.2018.0014},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {Consent is a key measure for privacy protection and needs to be `meaningful' to give people informational power. It is increasingly important that individuals are provided with real choices and are empowered to negotiate for meaningful consent. Meaningful consent is an important area for consideration in IoT systems since privacy is a significant factor impacting on adoption of IoT. Obtaining meaningful consent is becoming increasingly challenging in IoT environments. It is proposed that an "apparency, pragmatic/semantic transparency model" adopted for data management could make consent more meaningful, that is, visible, controllable and understandable. The model has illustrated the why and what issues regarding data management for potential meaningful consent [1]. In this paper, we focus on the `how' issue, i.e. how to implement the model in IoT systems. We discuss apparency by focusing on the interactions and data actions in the IoT system; pragmatic transparency by centring on the privacy risks, threats of data actions; and semantic transparency by focusing on the terms and language used by individuals and the experts. We believe that our discussion would elicit more research on the apparency model' in IoT for meaningful consent.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
215. Knowles, Brandin Hanson; Finney, Joe; Beck, Sophie; Devine, James: What Children's Imagined Uses of the BBC micro:bit Tells Us About Designing for their IoT Privacy, Security and Safety. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-knowles_what_2018,
title = {What Children's Imagined Uses of the BBC micro:bit Tells Us About Designing for their IoT Privacy, Security and Safety},
author = {Brandin Hanson Knowles and Joe Finney and Sophie Beck and James Devine},
url = {https://doi.org/10.1049%2Fcp.2018.0015},
doi = {10.1049/cp.2018.0015},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {Ensuring that young people reap the benefits of the Internet of Things requires proactively attending to the risks they may encounter in entering the world this new technology affords. The e-safety guidelines currently taught in UK schools may not sufficiently prepare children for navigating the risks that come with connected devices. In this paper we describe initial results from the PETRAS project IoT4Kids, exploring the privacy and security implications of children programming the BBC micro:bit, an IoT-ready device designed for children. We report on children's (ages 9-10) likely uses of the micro:bit and discuss their implications, highlighting shortcomings of e-safety education and policy guidelines for such uses.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
216. Milton, Richard; Hay, Duncan; Gray, Steven; Buyuklieva, Boyana; Hudson-Smith, Andrew: Smart IoT and Soft AI. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-milton_smart_2018,
title = {Smart IoT and Soft AI},
author = {Richard Milton and Duncan Hay and Steven Gray and Boyana Buyuklieva and Andrew Hudson-Smith},
url = {https://doi.org/10.1049%2Fcp.2018.0016},
doi = {10.1049/cp.2018.0016},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {Soft artificial intelligence (AI) is defined as non-sentient AI designed to perform close to human level in one specific domain. This is in contrast to "Artificial General Intelligence" (AGI) which solves the problem for human level intelligence across all domains. Soft AI is a reality now in the new generation of smart Internet of Things devices like Amazon's Alexa, Apple's Siri or Microsoft's Cortana, giving rise to concerns about privacy and how the technology is being used. This research is based around an experiment in "AI as a service" where fifteen chatbot agents using Google's "Dialogflow" are deployed around the Queen Elizabeth Olympic Park in London for the general public to interact with. The physical devices are 3D printed representations of creatures living in the park, designed to fit with the park's biodiversity remit. Park visitors interact with the creatures via their mobile phones, engaging in a conversation where the creature offers to tell them a memory in exchange for one of their own, while warning them that anything they say might be repeated to others. The scope of the work presented here is as follows. After explaining the details of the deployment and three month study, the conversational data collected from visitors is then analysed. Following a review of the current literature, techniques for working with the unstructured natural language data are developed, leading to recommendations for the design of future conversational "chatbot" agents. The results show distinct patterns of conversation, from simple and direct "verb plus noun" commands to complex sentence structure. How users interact with the agents, given that they are conversing with a mechanism, is discussed and contrasted with the memories that they have agreed to share. The conclusion drawn from this work is that, while the current generation of devices only listen for commands from users, there is a danger that smart IoT devices in the future can be used as active information probes unless properly understood and regulated. We finish with observations on privacy and security based on our experiences here.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
217. Hay, Duncan; Buyuklieva, Boyana; Daothong, J.; Edmonds, B.; Hudson-Smith, Andrew; Milton, Richard; Wood, J.: IoT in the wild: what negotiating public deployments can tell us about the state of the Internet of Things. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-hay_iot_2018,
title = {IoT in the wild: what negotiating public deployments can tell us about the state of the Internet of Things},
author = {Duncan Hay and Boyana Buyuklieva and J. Daothong and B. Edmonds and Andrew Hudson-Smith and Richard Milton and J. Wood},
url = {https://doi.org/10.1049%2Fcp.2018.0017},
doi = {10.1049/cp.2018.0017},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {The promise of IoT technologies is such that they represent as big a social and economic change as the invention of the Internet itself. From the way people consume media in their homes to structural changes in global employment through improved automation, IoT has the potential to touch all aspects of peoples everyday lives at domestic, national, and international scales. The size of this change and the unpredictability of the potential social effects of these technologies is precisely what makes research into them urgent, yet at the same time it is this scale and unpredictability that makes this research challenging to conduct. In the field of Human Computer Interaction, methodologies such as `in-the-wild' research, in which the emergent properties of a technology are discovered through the design and deployment of a device or system outside of the laboratory and in collaboration with the people with whom it is envisioned to be used by, have emerged to deal with some of these issues. Yet beyond the findings garnered through direct user engagement, negotiating an in-the-wild study is itself a challenging proposition: the needs of researchers, technology hosts, and potential user groups must be balanced, and the potential affordances of a technology are limited by their acceptability with these stakeholders. With reference to `Tales of the Park', a publicfacing IoT deployment developed in partnership with Queen Elizabeth Olympic Park, this paper outlines some of the key points of negotiation that made the deployment possible, and contends that these indicate broader social anxieties about the future direction of the Internet of Things.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
218. Lindley, Joseph Galen; Coulton, Paul; Cooper, Rachel: Informed by Design. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-lindley_informed_2018,
title = {Informed by Design},
author = {Joseph Galen Lindley and Paul Coulton and Rachel Cooper},
url = {https://doi.org/10.1049%2Fcp.2018.0022},
doi = {10.1049/cp.2018.0022},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {The current (and future) adoption of the IoT has, for some time, stimulated debate about the broader implications for privacy, ethics, trust and security that the IoT. Given the IoT's penchant for generating and utilising various (oftentimes somewhat personal) data, the European Union's (EU) forthcoming General Data Protection Regulations (GDPR) will have a significant impact on how the IoT is regulated. As with the term IoT the interpretation of GDPR is generating its own discourses particularly around how wording within the regulation is turned into implementation. The paper begins by critiquing the term Privacy by Design (PbD), and an alternate form which appears in article 25 of the GDPR Data protection by design and default. We note that these two phrases are in fact part of a broader group which inexhaustively includes: Security by Design, Privacy by Default, Security by Default, Data Protection by Design, Data Protection by Default. Our critique does not concern the sentiments or intentions represented by these phrases, or PbD per se, but highlights ambiguities and potentially misleading interpretations that their invocation promotes. After exploring these potential pitfalls, we go on to discuss design-led research that positions Informed by Design as a more fruitful approach to creating IoT devices and services which can more meaningfully respond to concerns about privacy, ethics, trust and security.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
219. Brass, Irina; Tanczer, Leonie Maria; Carr, Madeline; Elsden, Miles; Blackstock, Jason J.: Standardising a Moving Target: The Development and Evolution of IoT Security Standards. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-brass_standardising_2018,
title = {Standardising a Moving Target: The Development and Evolution of IoT Security Standards},
author = {Irina Brass and Leonie Maria Tanczer and Madeline Carr and Miles Elsden and Jason J. Blackstock},
url = {https://doi.org/10.1049%2Fcp.2018.0024},
doi = {10.1049/cp.2018.0024},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {The standards landscape for IoT security is currently developing in a fragmented manner. This paper provides a review of the main IoT security standards and guidelines that have been developed by formal standardisation organisations and transnational industry associations and interest alliances to date. The review makes three main contributions to the study of current IoT standards-development processes. First, governments and regulatory agencies in the EU and the US are increasingly considering the promotion of baseline IoT security requirements, achieved through public procurement obligations and cybersecurity certification schemes. Second, the analysis reveals that the IoT security standards landscape is dominated by de facto standards initiated by a diverse range of industry associations across the IoT ecosystem. Third, the paper identifies a number of key challenges for IoT security standardisation, most notably: a) the difficulty of setting a baseline for IoT security across all IoT applications and domains; and b) the difficulty of monitoring the adoption, implementation and effectiveness of IoT security standards and best practices. The paper consequently contributes to a better understanding of the evolution of IoT security standards and proposes a more coherent standards development and deployment approach.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
220. Chizari, Hassan; Lupu, Emil C.; Thomas, Paula: Randomness of physiological signals in generation cryptographic key for secure communication between implantable medical devices inside the body and the outside world. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-chizari_randomness_2018,
title = {Randomness of physiological signals in generation cryptographic key for secure communication between implantable medical devices inside the body and the outside world},
author = {Hassan Chizari and Emil C. Lupu and Paula Thomas},
url = {https://doi.org/10.1049%2Fcp.2018.0027},
doi = {10.1049/cp.2018.0027},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {A physiological signal must have a certain level of randomness inside it to be a good source of randomness for generating cryptographic key. Dependency to the history is one of the measures to examine the strength of a randomness source. In dependency to the history, the adversary has infinite access to the history of generated random bits from the source and wants to predict the next random number based on that. Although many physiological signals have been proposed in literature as good source of randomness, no dependency to history analysis has been carried out to examine this fact. In this paper, using a large dataset of physiological signals collected from PhysioNet, the dependency to history of Interpuls Interval (IPI), QRS Complex, and EEG signals (including Alpha, Beta, Delta, Gamma and Theta waves) were examined. The results showed that despite the general assumption that the physiological signals are random, all of them are weak sources of randomness with high dependency to their history. Among them, Alpha wave of EEG signal shows a much better randomness and is a good candidate for post-processing and randomness extraction algorithm.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
221. Sun, Yingnan; Lo, Benny P. L.: Random Number Generation Using Inertial Measurement Unit Signals for On-Body IoT Devices. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-sun_random_2018,
title = {Random Number Generation Using Inertial Measurement Unit Signals for On-Body IoT Devices},
author = {Yingnan Sun and Benny P. L. Lo},
url = {https://doi.org/10.1049%2Fcp.2018.0028},
doi = {10.1049/cp.2018.0028},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {With increasing popularity of wearable and implantable technologies for medical applications, there is a growing concern on the security and data protection of the on-body Internet-ofThings (IoT) devices. As a solution, cryptographic system is often adopted to encrypt the data, and Random Number Generator (RNG) is of vital importance to such system. This paper proposes a new random number generation method for securing on-body IoT devices based on temporal signal variations of the outputs of the Inertial Measurement Units (IMU) worn by the users while walking. As most new wearable and implantable devices have built-in IMUs and walking gait signals can be extracted from these body sensors, this method can be applied and integrated into the cryptographic systems of these new devices. To generate the random numbers, this method divides IMU signals into gait cycles and generates bits by comparing energy differences between the sensor signals in a gait cycle and the averaged IMU signals in multiple gait cycles. The generated bits are then re-indexed in descending order by the absolute values of the associated energy differences to further randomise the data and generate high-entropy random numbers. Two datasets were used in the studies to generate random numbers, where were rigorously tested and passed four well-known randomness test suites, namely NIST-STS, ENT, Dieharder, and RaBiGeTe.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
222. Mace, John C.; Morisset, Charles; Pierce, K.; Gamble, C.; Maple, Carsten; Fitzgerald, J.: A multi-modelling based approach to assessing the security of smart buildings. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-mace_multi_2018,
title = {A multi-modelling based approach to assessing the security of smart buildings},
author = {John C. Mace and Charles Morisset and K. Pierce and C. Gamble and Carsten Maple and J. Fitzgerald},
url = {https://doi.org/10.1049%2Fcp.2018.0031},
doi = {10.1049/cp.2018.0031},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {Smart buildings are controlled by multiple cyber-physical systems that provide critical services such as heating, ventilation, lighting and access control. These building systems are becoming increasingly vulnerable to both cyber and physical attacks. We introduce a multi-model methodology for assessing the security of these systems, which utilises INTO-CPS, a suite of modelling, simulation, and analysis tools for designing cyber-physical systems. Using a fan coil unit case study we show how its security can be systematically assessed when subjected to Man-in-the-Middle attacks on the data connections between system components. We suggest our methodology would enable building managers and security engineers to design attack countermeasures and refine their effectiveness.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
223. Madaan, Aastha; Wang, Xin; Hall, Wendy; Tiropanis, Thanassis: Observing Data in IoT Worlds: What and How to Observe?. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-madaan_observing_2018,
title = {Observing Data in IoT Worlds: What and How to Observe?},
author = {Aastha Madaan and Xin Wang and Wendy Hall and Thanassis Tiropanis},
url = {https://doi.org/10.1049%2Fcp.2018.0032},
doi = {10.1049/cp.2018.0032},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {The widespread adoption of "smart devices' and sensors in various domains such as, transport, home, critical infrastructure, and wellbeing has given rise to highly dynamic data ecosystems. The data in these ecosystems is a goldmine for data-driven decision making for a variety of stakeholders. These stakeholders exploit multiple device capabilities, re-purpose and re-contextualize data collected by the devices for a number of applications. Such IoT ecosystem(s) mandate data sharing at both small and large scale. However, sensitive nature of IoT data, lack of prior knowledge of purpose of data-use, regulations and standards make data sharing a non-trivial problem. It also raises concerns of data trust, ownership, and accountability. In this paper, we scope the "IoT Observatory" infrastructure to enable various stakeholders to observe and analyse the data and methodologies in IoT enabled ecosystems. It details the architectural components of IoT observatory and describe how its socio-technical lens can identify technical and ethical challenges for sharing IoT data. The paper further explains applicability of the observatory infrastructure in a smart city ecosystem. The main contributions of the paper are: (i) the definition of trust, accountability, transparency in context of IoT observatory; (ii) identification of variables that can be observed through IoT observatory for establishing trust and transparency in data sharing; and (iii) use of data access traces on IoT observatory to explain ownership and accountability.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
224. Tanczer, Leonie Maria; Steenmans, Ine; Elsden, Miles; Blackstock, Jason J.; Carr, Madeline: Emerging risks in the IoT ecosystem: Who's afraid of the big bad smart fridge?. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-tanczer_emerging_2018,
title = {Emerging risks in the IoT ecosystem: Who's afraid of the big bad smart fridge?},
author = {Leonie Maria Tanczer and Ine Steenmans and Miles Elsden and Jason J. Blackstock and Madeline Carr},
url = {https://doi.org/10.1049%2Fcp.2018.0033},
doi = {10.1049/cp.2018.0033},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {Rapid technological innovations, including the emergence of the Internet of Things (IoT), introduce a range of uncertainties, opportunities, and risks. While it is not possible to accurately foresee IoT's myriad ramifications, futures and foresight methodologies allow for the exploration of plausible futures and their desirability. Drawing on the futures and foresight literature, the current paper employs a standardised expert elicitation approach to study emerging risk patterns in descriptions of IoT risk scenarios. We surveyed 19 IoT experts between January and February 2018 using an online questionnaire. The submitted scenarios provided expert's perception of evolving IoT risk trajectories and were evaluated using thematic analysis, a method used to identify and report patterns within data. Four common themes were extracted: physical safety; crime and exploitation; loss of control; and social norms and structures. These themes provide suitable analytical tools to contextualise emerging risks and help detecting gaps about security and privacy challenges in the IoT.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
225. Anthi, Eirini; Williams, Lowri; Burnap, Peter: Pulse: an adaptive intrusion detection for the internet of things. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, Institution of Engineering and Technology, 2018, ISBN: 978-1-78561-843-7. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-anthi_pulse_2018,
title = {Pulse: an adaptive intrusion detection for the internet of things},
author = {Eirini Anthi and Lowri Williams and Peter Burnap},
url = {https://doi.org/10.1049%2Fcp.2018.0035},
doi = {10.1049/cp.2018.0035},
isbn = {978-1-78561-843-7},
year = {2018},
date = {2018-03-28},
booktitle = {Living in the Internet of Things: Cybersecurity of the IoT - 2018},
publisher = {Institution of Engineering and Technology},
abstract = {The number of diverse interconnected Internet of Things (IoT) devices keeps increasing exponentially, introducing new security and privacy challenges. These devices tend to become more pervasive than mobile phones and already have access to very sensitive personal information such as usernames, passwords, etc., making them a target for cyber-attacks. Given that smart devices are vulnerable to a variety of attacks, they can be considered to be the weakest link for breaking into a secure infrastructure. For instance, IoT devices have recently been employed as part of botnets, such as Mirai, and have launched several of the largest Distributed Denial of Service (DDoS) and spam attacks in history. As a result, there is a need to develop an Intrusion Detection System (IDS) dedicated to monitor IoT ecosystems, which will be able to adapt to this heterogeneous environment and detect malicious activity on the network. In this paper, we describe the initial stages of developing Pulse; a novel IDS for the IoT, which employs Machine Learning (ML) methodologies and is capable of successfully identifying network scanning probing and simple forms of Denial of Service (DoS) attacks.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
226. Asuquo, Philip; Cruickshank, Haitham; Morley, Jeremy; Ogah, Chibueze P. Anyigor; Lei, Ao; Hathal, Waleed; Bao, Shihan; Sun, Zhili: Security and Privacy in Location-Based Services for Vehicular and Mobile Communications: An Overview, Challenges, and Countermeasures. In: vol. 5, no. 6, pp. 4778–4802, 2018. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric) @article{art-asuquo_security_2018,
title = {Security and Privacy in Location-Based Services for Vehicular and Mobile Communications: An Overview, Challenges, and Countermeasures},
author = {Philip Asuquo and Haitham Cruickshank and Jeremy Morley and Chibueze P. Anyigor Ogah and Ao Lei and Waleed Hathal and Shihan Bao and Zhili Sun},
url = {https://doi.org/10.1109%2Fjiot.2018.2820039},
doi = {10.1109/jiot.2018.2820039},
year = {2018},
date = {2018-03-27},
volume = {5},
number = {6},
pages = {4778--4802},
publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
abstract = {Location-based services (LBSs) have gained popularity as a result of the advances in mobile and communication technologies. LBS provide users with relevant information based on their location. In spite of the desirable features provided by LBS, the geographic locations of users are not adequately protected. Location privacy is one of the major challenges in vehicular and mobile networks. In this paper, we analyze the security and privacy requirements for LBS in vehicular and mobile networks. Specifically, this paper covers privacy enhancing technologies and cryptographic approaches that provide location privacy in vehicular and mobile networks. The different approaches proposed in literature are compared and open research areas are identified.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
227. Carr, Madeline; Lesniewska, Feja; Brass, Irina; Tanczer, Leonie Maria: Governance and Policy Cooperation on the Cyber Security of the Internet of Things. 2018. (Type: report | Abstract | Links | BibTeX) @report{rep-carr_governance_2018,
title = {Governance and Policy Cooperation on the Cyber Security of the Internet of Things},
author = {Madeline Carr and Feja Lesniewska and Irina Brass and Leonie Maria Tanczer},
url = {https://www.researchgate.net/publication/332379987_Governance_and_Policy_Cooperation_on_the_Cyber_Security_of_the_Internet_of_Things},
year = {2018},
date = {2018-03-27},
institution = {Institution of Engineering and Technology, London, UK},
abstract = {This report was based on a workshop. The impetus for this workshop was the recognition that international policy cooperation on the cybersecurity aspects of the IoT has made little progress. This is due in part to a failure to establish a functioning community of technicians and policymakers who are jointly focusing on these issues. From a technical perspective, the IoT will significantly increase opportunities to breach security via new attack surfaces. For policymakers, the heightened insecurity created by the rapid expansion of the IoT marks a significant governance challenge. Addressing these security deficiencies will require an increase in the capacity to share threat information as well as a range of innovative technical and policy solutions. The workshop marked a starting point in building a global community of security practitioners and policymakers who are interested in these issues and who are working on similar topics.},
keywords = {},
pubstate = {published},
tppubtype = {report}
}
228. Seymour, William: Detecting Bias: Does an Algorithm Have to Be Transparent in Order to Be Fair?. In: BIAS --- Bias in Information, Algorithms, and Systems iConference 2018, Sheffield, UK, 2018, ISBN: 1613-0073. (Type: Proceedings Article | Abstract | Links | BibTeX) @inproceedings{proc-in-seymour_detecting_2018,
title = {Detecting Bias: Does an Algorithm Have to Be Transparent in Order to Be Fair?},
author = {William Seymour},
url = {http://ceur-ws.org/Vol-2103/},
isbn = {1613-0073},
year = {2018},
date = {2018-03-25},
booktitle = {BIAS --- Bias in Information, Algorithms, and Systems iConference 2018},
address = {Sheffield, UK},
abstract = {The most commonly cited solution to problems surrounding algorithmic fairness is increased transparency. But how do we reconcile this point of view with the state of the art? Many of the most effective modern machine learning methods (such as neural networks) can have millions of variables, defying human understanding. This paper decomposes the quest for transparency and examines two of the options available using technical examples. By considering some of the current uses of machine learning and using human decision making as a null hypothesis, I suggest that pursuing transparent outcomes is the way forward, with the quest for transparent algorithms being a lost cause.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
229. Veale, Michael; Binns, Reuben Daniel; Kleek, Max Goodwin Van: Some HCI Priorities for GDPR-Compliant Machine Learning. In: arxiv:1803.06174, 2018. (Type: Journal Article | Abstract | Links | BibTeX) @article{art-veale_some_2018,
title = {Some HCI Priorities for GDPR-Compliant Machine Learning},
author = {Michael Veale and Reuben Daniel Binns and Max Goodwin Van Kleek},
url = {http://arxiv.org/abs/1803.06174v1},
year = {2018},
date = {2018-03-16},
journal = {arxiv:1803.06174},
abstract = {In this short paper, we consider the roles of HCI in enabling the better governance of consequential machine learning systems using the rights and obligations laid out in the recent 2016 EU General Data Protection Regulation (GDPR)---a law which involves heavy interaction with people and systems. Focussing on those areas that relate to algorithmic systems in society, we propose roles for HCI in legal contexts in relation to fairness, bias and discrimination; data protection by design; data protection impact assessments; transparency and explanations; the mitigation and understanding of automation bias; and the communication of envisaged consequences of processing.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
230. DCMS,: Secure by Design: Improving the cyber security of consumer Internet of Things. 2018. (Type: report | Abstract | Links | BibTeX) @report{dcms_secure_2018,
title = {Secure by Design: Improving the cyber security of consumer Internet of Things},
author = {DCMS},
url = {https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/973926/Secure_by_Design_Report__V2.pdf},
year = {2018},
date = {2018-03-07},
institution = {UK Department for Digital, Culture Media \& Sport},
abstract = {In March 2018 the Government published the Secure by Design report which advocated a fundamental shift in approach to securing IoT devices, by moving the burden away from consumers and ensuring that security is built into products by design. Central to the report was a draft Code of Practice primarily for manufacturers of consumer IoT devices and associated services. An informal consultation on the report and its proposed policy interventions was undertaken.},
keywords = {},
pubstate = {published},
tppubtype = {report}
}
231. Berthelot, Melissa; Yang, Guang-Zhong; Lo, Benny P. L.: Tomographic probe for perfusion analysis in deep layer tissue. In: 2018 IEEE 15th International Conference on Wearable and Implantable Body Sensor Networks (BSN), IEEE, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-berthelot_tomographic_2018,
title = {Tomographic probe for perfusion analysis in deep layer tissue},
author = {Melissa Berthelot and Guang-Zhong Yang and Benny P. L. Lo},
url = {https://doi.org/10.1109%2Fbsn.2018.8329665},
doi = {10.1109/bsn.2018.8329665},
year = {2018},
date = {2018-03-04},
booktitle = {2018 IEEE 15th International Conference on Wearable and Implantable Body Sensor Networks (BSN)},
publisher = {IEEE},
abstract = {Continuous buried soft tissue free flap postoperative monitoring is crucial to detect flap failure and enable early intervention. In this case, clinical assessment is challenging as the flap is buried and only implantable or hand held devices can be used for regular monitoring. These devices have limitations in their price, usability and specificity. Near-infrared spectroscopy (NIRS) has shown promising results for superficial free flap postoperative monitoring, but it has not been considered for buried free flap, mainly due to the limited penetration depth of conventional approaches. A wearable wireless tomographic probe has been developed for continuous monitoring of tissue perfusion at different depths. Using the NIRS method, blood flow can be continuously measured at different tissue depths. This device has been designed following conclusions of extensive computerised simulations and it has been validated using a vascular phantom.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
232. Sun, Yingnan; Yang, Guang-Zhong; Lo, Benny P. L.: An artificial neural network framework for lower limb motion signal estimation with foot-mounted inertial sensors. In: 2018 IEEE 15th International Conference on Wearable and Implantable Body Sensor Networks (BSN), IEEE, 2018. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-sun_artificial_2018,
title = {An artificial neural network framework for lower limb motion signal estimation with foot-mounted inertial sensors},
author = {Yingnan Sun and Guang-Zhong Yang and Benny P. L. Lo},
url = {https://doi.org/10.1109%2Fbsn.2018.8329676},
doi = {10.1109/bsn.2018.8329676},
year = {2018},
date = {2018-03-04},
booktitle = {2018 IEEE 15th International Conference on Wearable and Implantable Body Sensor Networks (BSN)},
publisher = {IEEE},
abstract = {This paper proposes a novel artificial neural network based method for real-time gait analysis with minimal number of Inertial Measurement Units (IMUs). Accurate lower limb attitude estimation has great potential for clinical gait diagnosis for orthopaedic patients and patients with neurological diseases. However, the use of multiple wearable sensors hinder the ubiquitous use of inertial sensors for detailed gait analysis. This paper proposes the use of two IMUs mounted on the shoes to estimate the IMU signals at the shin, thigh and waist for accurate attitude estimation of the lower limbs. By using the artificial neural network framework, the gait parameters, such as angle, velocity and displacements of the IMUs can be estimated. The experimental results have shown that the proposed method can accurately estimate the IMUs signals on the lower limbs based only on the IMU signals on the shoes, which demonstrates its potential for lower limb motion tracking and real-time gait analysis.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
233. Floridi, Luciano: Soft Ethics and the Governance of the Digital. In: vol. 31, no. 1, pp. 1–8, 2018. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric) @article{art-floridi_soft_2018,
title = {Soft Ethics and the Governance of the Digital},
author = {Luciano Floridi},
url = {https://doi.org/10.1007%2Fs13347-018-0303-9},
doi = {10.1007/s13347-018-0303-9},
year = {2018},
date = {2018-02-17},
volume = {31},
number = {1},
pages = {1--8},
publisher = {Springer Science and Business Media LLC},
abstract = {Today, in any mature information society (Floridi 2016), we no longer live online or offline but onlife, that is, we increasingly live in that special space, or infosphere, that is seamlessly analogue and digital, offline and online. If this seems confusing, perhaps an analogy may help to convey the point. Imagine someone asks whether the water is sweet or salty in the estuary where the river meets the sea. Clearly, that someone has not understood the special nature of the place. Our mature information societies are growing in such a new, liminal place, like mangroves flourishing in brackish water. And in these 'mangrove societies', machine-readable data, new forms of smart agency and onlife interactions are constantly evolving, because our technologies are perfectly fit to take advantage of such a new environment, often as the only real natives. As a result, the pace of their evolution can be mind-blowing. And this in turn justifies some apprehension. However, we should not be distracted by the scope, depth and pace of technological innovation. True, it does disrupt some deeply ingrained assumptions of the old, exclusively analogue society, e.g. about production, logistics, customization, competition, education, work, health, entertainment, politics and security, just to mention some crucial topics. Yet that is not the most consequential challenge we are facing. It is rather how we are going to design the infosphere and the mature information societies developing within it that matters most. Because the digital revolution transforms our views about values and their priorities, good behaviour, and what sort of innovation is socially preferable\textemdashand this is the fundamental issue, let me explain.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
234. Muñoz-González, Luis; Lupu, Emil C.: The Secret of Machine Learning. In: vol. 60, no. 1, pp. 38–39, 2018. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric) @article{art-munoz-gonzalez_secret_2018,
title = {The Secret of Machine Learning},
author = {Luis Mu\~{n}oz-Gonz\'{a}lez and Emil C. Lupu},
url = {https://doi.org/10.1093%2Fitnow%2Fbwy018},
doi = {10.1093/itnow/bwy018},
year = {2018},
date = {2018-02-14},
volume = {60},
number = {1},
pages = {38--39},
publisher = {Oxford University Press (OUP)},
abstract = {Luis Mu\~{n}oz-Gonz\'{a}lez and Emil C. Lupu, from Imperial College London, explore the vulnerabilities of machine learning algorithms.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
235. Asuquo, Philip; Cruickshank, Haitham; Ogah, Chibueze P. Anyigor; Lei, Ao; Sun, Zhili: A Distributed Trust Management Scheme for Data Forwarding in Satellite DTN Emergency Communications. In: vol. 36, no. 2, pp. 246–256, 2018, ISSN: 1558-0008. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric) @article{art-asuquo_distributed_2018,
title = {A Distributed Trust Management Scheme for Data Forwarding in Satellite DTN Emergency Communications},
author = {Philip Asuquo and Haitham Cruickshank and Chibueze P. Anyigor Ogah and Ao Lei and Zhili Sun},
url = {https://doi.org/10.1109%2Fjsac.2018.2804098},
doi = {10.1109/jsac.2018.2804098},
issn = {1558-0008},
year = {2018},
date = {2018-02-08},
volume = {36},
number = {2},
pages = {246--256},
publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
abstract = {Satellite communications can be used when other communication systems are either destroyed or overloaded. Observation satellites and delay/disruption tolerant networks (DTNs) are technologies that can be interconnected to provide emergency communication for disaster recovery operations. DTNs use a store-carry-forward mechanism to forward messages through intermediary nodes to the destination node. The reliability of relaying messages through multi-hop nodes poses a significant problem in DTNs due to lack of consistent connectivity. These network characteristics make DTNs to heavily rely on the cooperation of neighboring nodes for the successful delivery of packets. However, the presence of malicious or selfish nodes will have a great impact on the network performance. In this paper, we design a decentralized trust management scheme (DTMS) to filter out malicious nodes in DTNs. First, the number of forwarding evidence is combined with the energy consumption rate of the nodes to formulate direct trust. Then, a recommendation trust is computed from the indirect trust, recommendation credibility, and recommendation familiarity. Recommendation credibility and familiarity improve the overall recommendation trust by filtering out dishonest recommendations. A comparative analysis of DTMS is performed against a cooperative watchdog scheme, recommendation based trust model, and spray and wait protocol. The results show that DTMS can effectively deal with malicious behaviors in DTNs including trust related attacks.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
236. Liu, Jia; Jager, Tibor; Kakvi, Saqib A.; Warinschi, Bogdan: How to build time-lock encryption. In: vol. 86, no. 11, pp. 2549–2586, 2018. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric) @article{art-liu_how_2018,
title = {How to build time-lock encryption},
author = {Jia Liu and Tibor Jager and Saqib A. Kakvi and Bogdan Warinschi},
url = {https://doi.org/10.1007%2Fs10623-018-0461-x},
doi = {10.1007/s10623-018-0461-x},
year = {2018},
date = {2018-02-03},
volume = {86},
number = {11},
pages = {2549--2586},
publisher = {Springer Science and Business Media LLC},
abstract = {Time-lock encryption is a method to encrypt a message such that it can only be decrypted after a certain deadline has passed. We propose a novel time-lock encryption scheme, whose main advantage over prior constructions is that even receivers with relatively weak computational resources should immediately be able to decrypt after the deadline, without any interaction with the sender, other receivers, or a trusted third party. We build our time-lock encryption on top of the new concept of computational reference clocks and an extractable witness encryption scheme. We explain how to construct a computational reference clock based on Bitcoin. We show how to achieve constant level of multilinearity for witness encryption by using SNARKs. We propose a new construction of a witness encryption scheme which is of independent interest: our scheme, based on Subset-Sum, achieves extractable security without relying on obfuscation. The scheme employs multilinear maps of arbitrary order and is independent of the implementations of multilinear maps.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
237. Whitty, Monica T.: Do You Love Me? Psychological Characteristics of Romance Scam Victims. In: vol. 21, no. 2, pp. 105–109, 2018. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric) @article{art-whitty_do_2018,
title = {Do You Love Me? Psychological Characteristics of Romance Scam Victims},
author = {Monica T. Whitty},
url = {https://doi.org/10.1089%2Fcyber.2016.0729},
doi = {10.1089/cyber.2016.0729},
year = {2018},
date = {2018-02-01},
volume = {21},
number = {2},
pages = {105--109},
publisher = {Mary Ann Liebert Inc},
abstract = {The online dating romance scam is an Advance Fee Fraud, typically conducted by international criminal groups via online dating sites and social networking sites. This type of mass-marketing fraud (MMF) is the most frequently reported type of MMF in most Western countries. This study examined the psychological characteristics of romance scam victims by comparing romance scam victims with those who had never been scammed by MMFs. Romance scam victims tend to be middle-aged, well-educated women. Moreover, they tend to be more impulsive (scoring high on urgency and sensation seeking), less kind, more trustworthy, and have an addictive disposition. It is argued here that these findings might be useful for those developing prevention programs and awareness campaigns.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
238. Illiano, Vittorio P.; Paudice, Andrea; Muñoz-González, Luis; Lupu, Emil C.: Determining Resilience Gains From Anomaly Detection for Event Integrity in Wireless Sensor Networks. In: vol. 14, no. 1, pp. 1–35, 2018. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric) @article{art-illiano_determining_2018,
title = {Determining Resilience Gains From Anomaly Detection for Event Integrity in Wireless Sensor Networks},
author = {Vittorio P. Illiano and Andrea Paudice and Luis Mu\~{n}oz-Gonz\'{a}lez and Emil C. Lupu},
url = {https://doi.org/10.1145%2F3176621},
doi = {10.1145/3176621},
year = {2018},
date = {2018-02-01},
volume = {14},
number = {1},
pages = {1--35},
publisher = {Association for Computing Machinery (ACM)},
abstract = {Measurements collected in a wireless sensor network (WSN) can be maliciously compromised through several attacks, but anomaly detection algorithms may provide resilience by detecting inconsistencies in the data. Anomaly detection can identify severe threats to WSN applications, provided that there is a sufficient amount of genuine information. This article presents a novel method to calculate an assurance measure for the network by estimating the maximum number of malicious measurements that can be tolerated. In previous work, the resilience of anomaly detection to malicious measurements has been tested only against arbitrary attacks, which are not necessarily sophisticated. The novel method presented here is based on an optimization algorithm, which maximizes the attack's chance of staying undetected while causing damage to the application, thus seeking the worst-case scenario for the anomaly detection algorithm. The algorithm is tested on a wildfire monitoring WSN to estimate the benefits of anomaly detection on the system's resilience. The algorithm also returns the measurements that the attacker needs to synthesize, which are studied to highlight the weak spots of anomaly detection. Finally, this article presents a novel methodology that takes in input the degree of resilience required and automatically designs the deployment that satisfies such a requirement.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
239. Yang, Guang-Zhong; Bellingham, Jim; Dupont, Pierre E.; Fischer, Peer; Floridi, Luciano; Full, Robert; Jacobstein, Neil; Kumar, Vijay; McNutt, Marcia; Merrifield, Robert; Nelson, Bradley J.; Scassellati, Brian; Taddeo, Mariarosaria; Taylor, Russell; Veloso, Manuela; Wang, Zhong Lin; Wood, Robert: The grand challenges of Science Robotics. In: vol. 3, no. 14, 2018. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric) @article{art-yang_grand_2018,
title = {The grand challenges of Science Robotics},
author = {Guang-Zhong Yang and Jim Bellingham and Pierre E. Dupont and Peer Fischer and Luciano Floridi and Robert Full and Neil Jacobstein and Vijay Kumar and Marcia McNutt and Robert Merrifield and Bradley J. Nelson and Brian Scassellati and Mariarosaria Taddeo and Russell Taylor and Manuela Veloso and Zhong Lin Wang and Robert Wood},
url = {https://doi.org/10.1126%2Fscirobotics.aar7650},
doi = {10.1126/scirobotics.aar7650},
year = {2018},
date = {2018-01-31},
volume = {3},
number = {14},
publisher = {American Association for the Advancement of Science (AAAS)},
abstract = {One of the ambitions of Science Robotics is to deeply root robotics research in science while developing novel robotic platforms that will enable new scientific discoveries. Of our 10 grand challenges, the first 7 represent underpinning technologies that have a wider impact on all application areas of robotics. For the next two challenges, we have included social robotics and medical robotics as application-specific areas of development to highlight the substantial societal and health impacts that they will bring. Finally, the last challenge is related to responsible innovation and how ethics and security should be carefully considered as we develop the technology further.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
240. Aldrich, Richard J.; Richterova, Daniela: Ambient accountability: intelligence services in Europe and the decline of state secrecy. In: vol. 41, no. 4, pp. 1003–1024, 2018. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric) @article{art-aldrich_ambient_2018,
title = {Ambient accountability: intelligence services in Europe and the decline of state secrecy},
author = {Richard J. Aldrich and Daniela Richterova},
url = {https://doi.org/10.1080%2F01402382.2017.1415780},
doi = {10.1080/01402382.2017.1415780},
year = {2018},
date = {2018-01-15},
volume = {41},
number = {4},
pages = {1003--1024},
publisher = {Informa UK Limited},
abstract = {In the 1990s, judgments in the European Court of Human Rights concerning state surveillance forced many West European countries to introduce new parliamentary bodies and formal systems for accountability. Promising both greater transparency and lawful intelligence, these frameworks were then energetically rolled out to Central and Eastern Europe. Although officials boasted about their effectiveness, these formal accountability mechanisms have failed to identify serious abuses over the last decade. Moreover, the security regime in much of Central Europe still remains largely unreconstructed. The article argues that a robust culture of accountability cannot be conjured into existence merely by introducing new laws and regulations, or indeed by the increasing tide of media revelations about intelligence. However, it suggests that we are now seeing the rise of a more complex pattern of 'ambient accountability' which is at last challenging the secret state across Europe.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
241. Liu, Xiaobo; Lai, Lijuan; Kong, You; Vine, Scott Le: Protected Turning Movements of Noncooperative Automated Vehicles: Geometrics, Trajectories, and Saturation Flow. In: vol. 2018, pp. 1–12, 2018. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric) @article{art-liu_protected_2018,
title = {Protected Turning Movements of Noncooperative Automated Vehicles: Geometrics, Trajectories, and Saturation Flow},
author = {Xiaobo Liu and Lijuan Lai and You Kong and Scott Le Vine},
url = {https://doi.org/10.1155%2F2018%2F1879518},
doi = {10.1155/2018/1879518},
year = {2018},
date = {2018-01-10},
volume = {2018},
pages = {1--12},
publisher = {Hindawi Limited},
abstract = {This study is the first to quantify throughput (saturation flow) of noncooperative automated vehicles when performing turning maneuvers, which are critical bottlenecks in arterial road networks. We first develop a constrained optimization problem based on AVs' kinematic behavior during a protected signal phase which considers both ABS-enabled and wheels-locked braking, as well as avoiding encroaching into oncoming traffic or past the edge-of-receiving-lane. We analyze noncooperative ("defensive") behavior, in keeping with the Assured Clear Distance Ahead legal standard to which human drivers are held and AVs will likely also be for the foreseeable future. We demonstrate that, under plausible behavioral parameters, AVs appear likely to have positive impacts on throughput of turning traffic streams at intersections, in the range of +0.2% (under the most conservative circumstances) to +43% for a typical turning maneuver. We demonstrate that the primary mechanism of impact of turning radius is its effect on speed, which is likely to be constrained by passenger comfort. We show heterogeneous per-lane throughput in the case of "double turn lanes." Finally, we demonstrate limited sensitivity to crash-risk criterion, with a 4% difference arising from a change from 1 in 10,000 to 1 in 100,000,000. The paper concludes with a brief discussion of policy implications and future research needs.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
242. Friedl, K. E.; Hixson, John D.; Buller, Mark J.; Lo, Benny P. L.: Guest Editorial - 13th Body Sensor Networks Symposium. In: vol. 22, no. 1, pp. 3–4, 2018. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric) @article{art-friedl_guest_2018,
title = {Guest Editorial - 13th Body Sensor Networks Symposium},
author = {K. E. Friedl and John D. Hixson and Mark J. Buller and Benny P. L. Lo},
url = {https://doi.org/10.1109%2Fjbhi.2017.2779898},
doi = {10.1109/jbhi.2017.2779898},
year = {2018},
date = {2018-01-03},
volume = {22},
number = {1},
pages = {3--4},
publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
abstract = {Tthe BSN 2016 meeting in the University of California at San Francisco (UCSF) Mission Bay conference center focused on neuroscience applications including stress and behavior monitoring and chronic disease management. Keynote presentations highlighted the use of pattern analysis and "smart shoes" to manage Parkinson's disease, and bioengineering advances in detecting electrodermal activity at the wrist associated with epilepsy and psychologically stressful events. The themes of the conference are described. A workshop sponsored and organized by Friedrich Alexander University, Erlangen, previewed this theme of automated sensor-based mobility analysis for chronic disease management.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
243. Shi, Xuanhua; Zheng, Zhigao; Zhou, Yongluan; Jin, Hai; He, Ligang; Liu, Bo; Hua, Qiang-Sheng: Graph Processing on GPUs. In: vol. 50, no. 6, pp. 1–35, 2018. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric) @article{art-shi_graph_2018,
title = {Graph Processing on GPUs},
author = {Xuanhua Shi and Zhigao Zheng and Yongluan Zhou and Hai Jin and Ligang He and Bo Liu and Qiang-Sheng Hua},
url = {https://doi.org/10.1145%2F3128571},
doi = {10.1145/3128571},
year = {2018},
date = {2018-01-03},
volume = {50},
number = {6},
pages = {1--35},
publisher = {Association for Computing Machinery (ACM)},
abstract = {In the big data era, much real-world data can be naturally represented as graphs. Consequently, many application domains can be modeled as graph processing. Graph processing, especially the processing of the large-scale graphs with the number of vertices and edges in the order of billions or even hundreds of billions, has attracted much attention in both industry and academia. It still remains a great challenge to process such large-scale graphs. Researchers have been seeking for new possible solutions. Because of the massive degree of parallelism and the high memory access bandwidth in GPU, utilizing GPU to accelerate graph processing proves to be a promising solution. This article surveys the key issues of graph processing on GPUs, including data layout, memory access pattern, workload mapping, and specific GPU programming. In this article, we summarize the state-of-the-art research on GPU-based graph processing, analyze the existing challenges in detail, and explore the research opportunities for the future.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
244. Ullah, Faheem; Edwards, Matthew John; Ramdhany, Rajiv; Chitchyan, Ruzanna; Babar, M. Ali; Rashid, Awais: Data exfiltration: A review of external attack vectors and countermeasures. In: vol. 101, pp. 18–54, 2018. (Type: Journal Article | Abstract | Links | BibTeX | Altmetric) @article{art-ullah_data_2018,
title = {Data exfiltration: A review of external attack vectors and countermeasures},
author = {Faheem Ullah and Matthew John Edwards and Rajiv Ramdhany and Ruzanna Chitchyan and M. Ali Babar and Awais Rashid},
url = {https://doi.org/10.1016%2Fj.jnca.2017.10.016},
doi = {10.1016/j.jnca.2017.10.016},
year = {2018},
date = {2018-01-01},
volume = {101},
pages = {18--54},
publisher = {Elsevier BV},
abstract = {Context
One of the main targets of cyber-attacks is data exfiltration, which is the leakage of sensitive or private data to an unauthorized entity. Data exfiltration can be perpetrated by an outsider or an insider of an organization. Given the increasing number of data exfiltration incidents, a large number of data exfiltration countermeasures have been developed. These countermeasures aim to detect, prevent, or investigate exfiltration of sensitive or private data. With the growing interest in data exfiltration, it is important to review data exfiltration attack vectors and countermeasures to support future research in this field.
Objective
This paper is aimed at identifying and critically analysing data exfiltration attack vectors and countermeasures for reporting the status of the art and determining gaps for future research.
Method
We have followed a structured process for selecting 108 papers from seven publication databases. Thematic analysis method has been applied to analyse the extracted data from the reviewed papers.
Results
We have developed a classification of (1) data exfiltration attack vectors used by external attackers and (2) the countermeasures in the face of external attacks. We have mapped the countermeasures to attack vectors. Furthermore, we have explored the applicability of various countermeasures for different states of data (i.e., in use, in transit, or at rest).
Conclusion
This review has revealed that (a) most of the state of the art is focussed on preventive and detective countermeasures and significant research is required on developing investigative countermeasures that are equally important; (b) Several data exfiltration countermeasures are not able to respond in real-time, which specifies that research efforts need to be invested to enable them to respond in real-time (c) A number of data exfiltration countermeasures do not take privacy and ethical concerns into consideration, which may become an obstacle in their full adoption (d) Existing research is primarily focussed on protecting data in 'in use' state, therefore, future research needs to be directed towards securing data in 'in rest' and 'in transit' states (e) There is no standard or framework for evaluation of data exfiltration countermeasures. We assert the need for developing such an evaluation framework.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
One of the main targets of cyber-attacks is data exfiltration, which is the leakage of sensitive or private data to an unauthorized entity. Data exfiltration can be perpetrated by an outsider or an insider of an organization. Given the increasing number of data exfiltration incidents, a large number of data exfiltration countermeasures have been developed. These countermeasures aim to detect, prevent, or investigate exfiltration of sensitive or private data. With the growing interest in data exfiltration, it is important to review data exfiltration attack vectors and countermeasures to support future research in this field.
Objective
This paper is aimed at identifying and critically analysing data exfiltration attack vectors and countermeasures for reporting the status of the art and determining gaps for future research.
Method
We have followed a structured process for selecting 108 papers from seven publication databases. Thematic analysis method has been applied to analyse the extracted data from the reviewed papers.
Results
We have developed a classification of (1) data exfiltration attack vectors used by external attackers and (2) the countermeasures in the face of external attacks. We have mapped the countermeasures to attack vectors. Furthermore, we have explored the applicability of various countermeasures for different states of data (i.e., in use, in transit, or at rest).
Conclusion
This review has revealed that (a) most of the state of the art is focussed on preventive and detective countermeasures and significant research is required on developing investigative countermeasures that are equally important; (b) Several data exfiltration countermeasures are not able to respond in real-time, which specifies that research efforts need to be invested to enable them to respond in real-time (c) A number of data exfiltration countermeasures do not take privacy and ethical concerns into consideration, which may become an obstacle in their full adoption (d) Existing research is primarily focussed on protecting data in 'in use' state, therefore, future research needs to be directed towards securing data in 'in rest' and 'in transit' states (e) There is no standard or framework for evaluation of data exfiltration countermeasures. We assert the need for developing such an evaluation framework.245. Oehmichen, Axel; Guitton, Florian; Sun, Kai; Grizet, Jean; Heinis, Thomas; Guo, Yike: eTRIKS analytical environment: A modular high performance framework for medical data analysis. In: 2017 IEEE International Conference on Big Data (Big Data), IEEE, 2017. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-oehmichen_etriks_2017,
title = {eTRIKS analytical environment: A modular high performance framework for medical data analysis},
author = {Axel Oehmichen and Florian Guitton and Kai Sun and Jean Grizet and Thomas Heinis and Yike Guo},
url = {https://doi.org/10.1109%2Fbigdata.2017.8257945},
doi = {10.1109/bigdata.2017.8257945},
year = {2017},
date = {2017-12-11},
booktitle = {2017 IEEE International Conference on Big Data (Big Data)},
publisher = {IEEE},
abstract = {Translational research is quickly becoming a science driven by big data. Improving patient care, developing personalized therapies and new drugs depend increasingly on an organization's ability to rapidly and intelligently leverage complex molecular and clinical data from a variety of large-scale partner and public sources. As analysing these large-scale datasets becomes computationally increasingly expensive, traditional analytical engines are struggling to provide a timely answer to the questions that biomedical scientists are asking. Designing such a framework is developing for a moving target as the very nature of biomedical research based on big data requires an environment capable of adapting quickly and efficiently in response to evolving questions. The resulting framework consequently must be scalable in face of large amounts of data, flexible, efficient and resilient to failure. In this paper we design the eTRIKS Analytical Environment (eAE), a scalable and modular framework for the efficient management and analysis of large scale medical data, in particular the massive amounts of data produced by high-throughput technologies. We particularly discuss how we design the eAE as a modular and efficient framework enabling us to add new components or replace old ones easily. We further elaborate on its use for a set of challenging big data use cases in medicine and drug discovery.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
246. Chang, Ching-Chun; Li, Chang-Tsun: Secure Secret Sharing in the Cloud. In: 2017 IEEE International Symposium on Multimedia (ISM), IEEE, 2017. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-chang_secure_2017,
title = {Secure Secret Sharing in the Cloud},
author = {Ching-Chun Chang and Chang-Tsun Li},
url = {https://doi.org/10.1109%2Fism.2017.67},
doi = {10.1109/ism.2017.67},
year = {2017},
date = {2017-12-11},
booktitle = {2017 IEEE International Symposium on Multimedia (ISM)},
publisher = {IEEE},
abstract = {In this paper, we show how a dealer with limited resources is possible to share the secrets to players via an untrusted cloud server without compromising the privacy of the secrets. This scheme permits a batch of two secret messages to be shared to two players in such a way that the secrets are reconstructable if and only if two of them collaborate. An individual share reveals absolutely no information about the secrets to the player. The secret messages are obfuscated by encryption and thus give no information to the cloud server. Furthermore, the scheme is compatible with the Paillier cryptosystem and other cryptosystems of the same type. In light of the recent developments in privacy-preserving watermarking technology, we further model the proposed scheme as a variant of reversible watermarking in the encrypted domain.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
247. Carr, Madeline: International Cooperation Is Vital for Internet of Things Security. DCMS Blog 2017. (Type: Online | Abstract | Links | BibTeX) @online{carr_international_2017,
title = {International Cooperation Is Vital for Internet of Things Security},
author = {Madeline Carr},
url = {https://dcmsblog.uk/2017/12/international-cooperation-vital-internet-things-security/},
year = {2017},
date = {2017-12-10},
organization = {DCMS Blog},
abstract = {One of the big challenges of our time is how to manage technological innovation so it makes our lives better without eroding things we care about --- like security and privacy. The extraordinary benefits developments in fields like the IoT offer are exciting and promising, but only if devices and services are adequately secure. Otherwise, problems with data privacy, interoperability and breaches of IoT security threaten to undermine the social and economic benefits which can be derived from the IoT. Gauging where governments should intervene in innovation and where this can be left to the market has always been a difficult balance, but there is now a general consensus forming that market forces alone will not deliver a secure Internet of Things.},
keywords = {},
pubstate = {published},
tppubtype = {online}
}
248. Stringhini, Gianluca; Shen, Yun; Han, Yufei; Zhang, Xiangliang: Marmite: Spreading Malicious File Reputation Through Download Graphs. In: ACSAC 2017: Proceedings of the 33rd Annual Computer Security Applications Conference, ACM, 2017. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-stringhini_marmite_2017,
title = {Marmite: Spreading Malicious File Reputation Through Download Graphs},
author = {Gianluca Stringhini and Yun Shen and Yufei Han and Xiangliang Zhang},
url = {https://doi.org/10.1145%2F3134600.3134604},
doi = {10.1145/3134600.3134604},
year = {2017},
date = {2017-12-04},
booktitle = {ACSAC 2017: Proceedings of the 33rd Annual Computer Security Applications Conference},
publisher = {ACM},
abstract = {Effective malware detection approaches need not only high accuracy, but also need to be robust to changes in the modus operandi of criminals. In this paper, we propose Marmite, a feature-agnostic system that aims at propagating known malicious reputation of certain files to unknown ones with the goal of detecting malware. Marmite does this by looking at a graph that encapsulates a comprehensive view of how files are downloaded (by which hosts and from which servers) on a global scale. The reputation of files is then propagated across the graph using semi-supervised label propagation with Bayesian confidence. We show that Marmite is able to reach high accuracy (0.94 G-mean on average) over a 10-day dataset of 200 million download events. We also demonstrate that Marmite's detection capabilities do not significantly degrade over time, by testing our system on a 30-day dataset of 660 million download events collected six months after the system was tuned and validated. Marmite still maintains a similar accuracy after this period of time.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
249. Weissbacher, Michael; Mariconti, Enrico; Suarez-Tangil, Guillermo; Stringhini, Gianluca; Robertson, William; Kirda, Engin: Ex-Ray: Detection of History-Leaking Browser Extensions. In: ACSAC 2017: Proceedings of the 33rd Annual Computer Security Applications Conference, ACM, 2017. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-weissbacher_ex_2017,
title = {Ex-Ray: Detection of History-Leaking Browser Extensions},
author = {Michael Weissbacher and Enrico Mariconti and Guillermo Suarez-Tangil and Gianluca Stringhini and William Robertson and Engin Kirda},
url = {https://doi.org/10.1145%2F3134600.3134632},
doi = {10.1145/3134600.3134632},
year = {2017},
date = {2017-12-04},
booktitle = {ACSAC 2017: Proceedings of the 33rd Annual Computer Security Applications Conference},
publisher = {ACM},
abstract = {Web browsers have become the predominant means for developing and deploying applications, and thus they often handle sensitive data such as social interactions or financial credentials and information. As a consequence, defensive measures such as TLS, the Same-Origin Policy (SOP), and Content Security Policy (CSP) are critical for ensuring that sensitive data remains in trusted hands.
Browser extensions, while a useful mechanism for allowing third-party extensions to core browser functionality, pose a security risk in this regard since they have access to privileged browser APIs that are not necessarily restricted by the SOP or CSP. Because of this, they have become a major vector for introducing malicious code into the browser. Prior work has led to improved security models for isolating and sandboxing extensions, as well as techniques for identifying potentially malicious extensions. The area of privacy-violating browser extensions has so far been covered by manual analysis and systems performing search on specific text on network traffic. However, comprehensive content-agnostic systems for identifying tracking behavior at the network level are an area that has not yet received significant attention.
In this paper, we present a dynamic technique for identifying privacy-violating extensions in Web browsers that relies solely on observations of the network traffic patterns generated by browser extensions. We then present Ex-Ray, a prototype implementation of this technique for the Chrome Web browser, and use it to evaluate all extensions from the Chrome store with more than 1,000 installations (10,691 in total). Our evaluation finds new types of tracking behavior not covered by state of the art systems. Finally, we discuss potential browser improvements to prevent abuse by future user-tracking extensions.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Browser extensions, while a useful mechanism for allowing third-party extensions to core browser functionality, pose a security risk in this regard since they have access to privileged browser APIs that are not necessarily restricted by the SOP or CSP. Because of this, they have become a major vector for introducing malicious code into the browser. Prior work has led to improved security models for isolating and sandboxing extensions, as well as techniques for identifying potentially malicious extensions. The area of privacy-violating browser extensions has so far been covered by manual analysis and systems performing search on specific text on network traffic. However, comprehensive content-agnostic systems for identifying tracking behavior at the network level are an area that has not yet received significant attention.
In this paper, we present a dynamic technique for identifying privacy-violating extensions in Web browsers that relies solely on observations of the network traffic patterns generated by browser extensions. We then present Ex-Ray, a prototype implementation of this technique for the Chrome Web browser, and use it to evaluate all extensions from the Chrome store with more than 1,000 installations (10,691 in total). Our evaluation finds new types of tracking behavior not covered by state of the art systems. Finally, we discuss potential browser improvements to prevent abuse by future user-tracking extensions.250. Lin, Shan; Li, Chang-Tsun: End-to-End Correspondence and Relationship Learning of Mid-Level Deep Features for Person Re-Identification. In: 2017 International Conference on Digital Image Computing: Techniques and Applications (DICTA), IEEE, 2017. (Type: Proceedings Article | Abstract | Links | BibTeX | Altmetric) @inproceedings{proc-in-lin_end_2017,
title = {End-to-End Correspondence and Relationship Learning of Mid-Level Deep Features for Person Re-Identification},
author = {Shan Lin and Chang-Tsun Li},
url = {https://doi.org/10.1109%2Fdicta.2017.8227426},
doi = {10.1109/dicta.2017.8227426},
year = {2017},
date = {2017-11-29},
booktitle = {2017 International Conference on Digital Image Computing: Techniques and Applications (DICTA)},
publisher = {IEEE},
abstract = {In this paper, a unified deep convolutional architecture is proposed to address the problems in the person re-identification task. The proposed method adaptively learns the discriminative deep mid-level features of a person and constructs the correspondence features between an image pair in a data-driven manner. The previous Siamese structure deep learning approaches focus only on pair-wise matching between features. In our method, we consider the latent relationship between mid-level features and propose a network structure to automatically construct the correspondence features from all input features without a pre-defined matching function. The experimental results on three benchmarks VIPeR, CUHK01 and CUHK03 show that our unified approach improves over the previous state-of-the-art methods.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}