Conference PaperPDF Available

Analysis of Human Awareness of Security and Privacy Threats in Smart Environments

Authors:

Abstract and Figures

Smart environments integrate Information and Communica-tion Technologies (ICT) into devices, vehicles, buildings and cities to offer an increased quality of life, energy efficiency and economical sus-tainability. In this perspective, the individual has a core role and so has networking, which enables such entities to cooperate. However, the huge amount of sensitive data, social aspects and the mixed set of protocols offer many opportunities to inject hazards, exfiltrate information, mass profiling of citizens, or produce a new wave of attacks. This work re-views the major risks arising from the usage of ICT-techniques for smart environments, with emphasis on networking. Its main contribution is to explain the role of different stakeholders for causing a lack of security and to envision future threats by considering human aspects.
Content may be subject to copyright.
A preview of the PDF is not available
... The lack of consideration for measures that ensure sufficient privacy protection are discussed in studies such as Chaturvedi and Bandyopadhyay (2021) and Caviglione et al. (2015). In Chaturvedi and Bandyopadhyay (2021), the authors attributed the lack of privacy protection measures to the architecture of Internet of Things (IoT) devices, which are often designed with limited computing resources. ...
... In Chaturvedi and Bandyopadhyay (2021), the authors attributed the lack of privacy protection measures to the architecture of Internet of Things (IoT) devices, which are often designed with limited computing resources. Similarly, by conducting a literature review as well as conversations with various stakeholders, Caviglione et al. (2015) found that vendors and manufacturers of building automation systems typically focus on engineering and product quality aspects instead of privacy and security considerations. ...
... In addition to the technical aspects that contribute to security vulnerabilities, a number of social factors have been found to be relevant to the security challenges associated with smart HVAC control systems. For example, according to Caviglione et al. (2015) and Wang et al. (2017b), vendors and developers of these systems tend to prioritise product quality and functionality over security concerns. Customers have been shown to have limited security awareness as well as perceive security features as being costly to implement and hence, do not demand such features. ...
Article
Full-text available
Purpose The environmental and economic benefits of applying smart approaches for the control of heating, ventilation and air conditioning (HVAC) systems in buildings have been extensively investigated and documented in the literature. However, considering the paradigm shift from environmental and economic concerns towards broader sustainability considerations, as well as the lack of studies covering the social pillar, this study presents a scoping review to identify the social impacts attributed to the use phase of smart HVAC control systems in commercial buildings. Methods The relevant literature, originating from both academic and grey literature sources, were identified and reviewed through a meticulous search, data charting and analysis process, in accordance with the Joanna Briggs Institute (JBI)’s Manual for Evidence Synthesis. The inclusion criteria, categorised into ‘participants’, ‘concept’, ‘context’ and ‘types of evidence sources’, were first determined. A search strategy and a three-stage screening process were then applied to locate and analyse the relevant records. Results and discussions In total, 133 records were included in this study. From this review, five main social themes were identified, namely, thermal comfort, indoor air quality (IAQ), privacy, security and employment. Both consumers and workers emerged as the stakeholder groups that were related to the use of smart HVAC control systems. The social impacts related to thermal comfort were measured by means of a wide range of indicators, but only a limited number of suitable indicators have been identified for other social themes. In general, the deployment of smart HVAC control systems resulted in positive outcomes for thermal comfort, IAQ and employment. Conversely, for both privacy and security, the users of buildings were reported to be negatively impacted. Conclusions Measures to alleviate negative social repercussions, as well as potential indicators to measure the use phase social impacts related to smart HVAC control systems, have been proposed and discussed. Further research is needed to evaluate how existing and prospective indicators can be used for assessing these use phase social impacts of smart HVAC control systems in a manner that is consistent with the social life cycle assessment methodology.
... Our investigation hints at malware increasingly specializing to assault devices, assets and smart scenarios, which are becoming popular and profitable. To give a possible idea of the trends that we expect, we borrow from [185] the following taxonomy highlighting exploitable security risks. In more detail: ...
... Gaming consoles, set-top-boxes, actuators for cyber-physical systems and household appliances can be both weak points exploited by ransomware and weaponized assets to bridge attacks or implement air-gapped covert channels for spreading an infection, even when network connectivity is absent [186]. • smartphones: since they are equipped with a variety of sensors that can be used to gather information, smartphones are prime targets for malware, especially if endowed with steganographic capabilities [41], [185], [187]. Nevertheless, smartphones are centralizing an unprecedented amount of personal data, thus they are prone to mass profiling campaigns or a candidate for becoming the prime source for developing social engineering-based scams, like phishing. ...
Article
Full-text available
Cyber attacks are currently blooming, as the attackers reap significant profits from them and face a limited risk when compared to committing the “classical” crimes. One of the major components that leads to the successful compromising of the targeted system is malicious software. It allows using the victim’s machine for various nefarious purposes, e.g., making it a part of the botnet, mining cryptocurrencies, or holding hostage the data stored there. At present, the complexity, proliferation, and variety of malware pose a real challenge for the existing countermeasures and require their constant improvements. That is why, in this paper we first perform a detailed meta-review of the existing surveys related to malware and its detection techniques. On this basis, we review the evolution of modern threats in the communication networks and we present the bird’s eye view portraying the main development trends in detection methods with a special emphasis on the machine learning techniques.
... PET adoption is not a one-off simple A-or-B decision; such adoption is a process [30], similar to other kinds of adoption in this domain [31]. Consider that, for a PET to be adopted, the adopter needs to proceed through a number of stages, as shown in Figure 1: Stage 1. Awareness of privacy threats [32,33]. Stage 2. Wanting to preserve privacy [34]. ...
Article
Full-text available
Citizens face online privacy threats from social media, online service providers and governments. Privacy-enhancing tools (PETs) can prevent privacy invasion, but the uptake of these is limited. We developed a novel conceptual framework for privacy self-protection, consisting of a classification framework of four distinct privacy threats and our own novel staged model of PET adoption requisites. Through an expert survey (N = 12) and a lay user survey (N = 500), we identified suitable PETs for non-expert users and identified potential barriers to PET adoption. Based on the studies and our theoretical framework, we then developed and implemented a PET decision support tool called PEDRO, and conducted expert evaluations (N = 10) to confirm the validity of its recommendations.
... Awareness of privacy threats [32,33]. Stage 2. ...
Preprint
Full-text available
Citizens face online privacy threats from social media, organisations and governments. Privacy-enhancing tools (PETs) can help people to preserve their privacy, but the uptake of these is limited. We developed a conceptual framework for privacy self-protection, using a classification framework of four distinct privacy threats and our own novel staged model of PET adoption requisites. Through an expert survey (N = 12) and a lay user survey (N = 500), we identified suitable PETs for non-expert users and identified potential barriers to PET adoption. Based on the studies and our theoretical framework, we then developed and implemented a PET decision support tool called PEDRO, and conducted expert evaluations (N = 10).
... Cyber security The work in (Caviglione et al., 2015) suggested a cyber-security model of smart buildings and the adjacent communication protocols. While Santos et al., (Dahmen et al., 2017) presented a cyber-security model for the smart home environments. ...
Article
Full-text available
With the maturity of information and communication technology (ICT), numerous innovative applications are proposed in different arenas including smart living environments. Technology-enabled smart living has transformed the traditional living system to an enhanced user satisfaction model by providing a balanced environment, thus, securing the residents from disruptions and risks. Besides these magnified advantages, it is found almost full of faints in emergency situations. The researchers and architects put their full potential towards the development of new applications, but no significant attention is paid to analyze the existing designs to identify flaws and suggest enhanced solutions accordingly. To bridge this gap in the literature, this paper presents a comprehensive review to evaluate the capabilities of available smart home designs to counter any emergency situations. Along with highlighting safety, healthcare, and many other unwanted challenges, we also discussed the key problems that obfuscate the trustworthiness of smart homes for its residents. Moreover, the design limitations to present an early alarming and automatic evacuation mechanism especially for deaf, blind, and other visually impaired people is another big challenge to tackle. Finally, we elaborate on the limitations of available smart home solutions and suggest various open research problems that require further development.
... The concept of smart building is totally dependent on Internet of Things (IoTs) and their efficient applications. Many researches already explained the ill effects of these devices in past (Brihadastumala, 2023;Caviglione et al., 2015;Cha et al., 2009;DOE, 2009;Energy Efficiency Administration, 2023;Glasmeier & Christopherson, 2015;Horban, 2016;IoT for Smart Buildings, 2016;Kaveh & Khalegi, 2000;Larik et al., 2016;Lopez et al., 2009;Roman et al., 2013). Kaveh et al. used modern soft computing techniques for different application in infrastructure design and construction such as strength prediction of concrete (Kaveh & Khalegi, 2000), double layer grid (Kaveh & Servati, 2001), optimal design of transmission towers (Kaveh et al., 2008), structural analysis (Kaveh & Iranmanesh, 1998), optimization of composite floor system (Kaveh & Behnam, 2012), and design of slab formwork (Kaveh & Shakouri August, 2010). ...
Article
Full-text available
Net-zero sustainable buildings are needed to protect the environment. The architects and building owners are trying to focus on utilizing sustainable and energy efficient methods to design the space of the future which in turn would contribute to the global net-zero effort. To achieve the above objective, the western thinking is facilitated with the ancient Eastern architectural perspectives such as Vaastu Shastra to build a sustainable and eco-friendly habitat. In this paper, a neural approach is used to predict the optimal layout for a particular design of a residential house followed by a fuzzy system to determine the Vaastu compliance score of the proposed design.
Chapter
There are technologies that support intercultural collaboration by allowing people to communicate more easily across the barriers of culture and language. However, sometimes user-sensitive information needs to be accessed. In best-balanced machine translation, a method that recommends the languages and machine translation services that should be used to assist multilingual group communication, user test scores must be disclosed to generate the language recommendations. There are various methods that can protect the data (test scores) and methods that allow simple statistic calculations, however, no existing method supports the complex calculations needed by the best-balanced machine translation method. This paper emphasizes the importance of user privacy in intercultural collaboration. We provide the initial idea and show how user test scores can be protected while supporting the recommendation system. We introduce a detailed example to discuss the design of a suitable user interface.
Chapter
The appearance of the smart houses, buildings, and cities has defined new attack scenarios targeting industrial information systems. The paper suggests a visualization-driven approach to the analysis of the data from heating, ventilating and conditioning system (HVAC). The key element of the approach is the RadViz visualization that is used to form daily operation patterns and can detect suspicious deviations that could be the signs of fraudulent activity in the system. It is supplemented by a matrix-based representation of the HVAC parameters that is constructed in the way that allows highlighting changes in values of parameters being analyzed. The distinctive feature of the proposed visualization models is the ability to display data from different data sources. To demonstrate and evaluate the efficiency of the proposed approach we used the VAST MiniChallenge-2 2016 data set that contains logs from the HVAC system and the access control system.
Article
Software systems intelligence and complexity have been continuously increasing to deliver more and more features to support business critical and mission critical processes in numerous domains such as defense, health-care, and smart cities. Contemporary software-based solutions are composed of several software systems, that form System-of-Systems (SoS). SoS differentiating characteristics, such as emergent behavior, introduce specific issues that render their security modeling, simulation and analysis a critical challenge. The aim of this work is to investigate how Software Engineering (SE) approaches can be leveraged to model and analyze secure SoS solutions for predicting high impact (cascading) attacks at the architecture stage. In order to achieve this objective, we propose a Model Driven Engineering method, Systems-of-Systems Security (SoSSec), that comprises: (1) a modeling language (SoSSecML) for secure SoS modeling and (2) Multi-Agent Systems (MAS) for security analysis of SoS architectures. To illustrate our proposed approach in terms of modeling, simulating, and discovering attacks, we have conducted a case study on a real-life smart building SoS, the Adelaide University Health and Medical School (AHMS). The results from this case study demonstrate that our proposed method discovers cascading attacks comprising of a number of individual attacks, such as a Denial of Service, that arise from a succession of exploited vulnerabilities through interactions among the constituent systems of SoS. In future work, we intend to extend SoSSec to address diverse unknown emergent behaviors and non-functional properties such as safety and trust.
Article
Full-text available
The Apple operating system has so far proved resistant to information-hiding techniques, which help attackers communicate covertly. However, Siri-an iOS service that controls iPhones and iPads via voice commands-could change this trend.
Article
Full-text available
By offering sophisticated services and centralizing a huge volume of personal data, modern smartphones changed the way we socialize, entertain and work. To this aim, they rely upon complex hardware/software frameworks leading to a number of vulnerabilities, attacks and hazards to profile individuals or gather sensitive information. However, the majority of works evaluating the security degree of smartphones neglects steganog-raphy, which can be mainly used to: i) exfiltrate confidential data via camouflage methods, and ii) conceal valuable or personal information into innocent looking carriers. Therefore, this paper surveys the state of the art of stegano-graphic techniques for smartphones, with emphasis on methods developed over the period 2005 to the second quarter of 2014. The different approaches are grouped according to the portion of the device used to hide information, leading to three different covert channels, i.e., local, object and network. Also, it reviews the relevant approaches used to detect and mitigate steganographic attacks or threats. Lastly, it showcases the most popular software applications to embed secret data into carriers, as well as possible future directions.
Conference Paper
Full-text available
Network steganography is the art of hiding secret information within innocent network transmissions. Recent findings indicate that novel malware is increasingly using network steganography. Similarly, other malicious activities can profit from network steganography, such as data leakage or the exchange of pedophile data. This paper provides an introduction to network steganography and highlights its potential application for harmful purposes. We discuss the issues related to countering network steganography in practice and provide an outlook on further research directions and problems.
Conference Paper
Full-text available
A building automation system (BAS) is the IT equipment within a building that monitors and controls the building (e.g., measuring temperature in a room to configure the heating level within the same room). We discuss the potential and the use of botnets in the context of BAS. Our botnet concept and scenario is novel in the sense that it takes advantage of the phyiscal capabilities of a building and as it has to adapt to a specialized environment being highly deterministic, predictable, simplistic and conservative. These properties make anomalies easy to detect. Smart building botnets allow the monitoring and remote control of (critical) building automation infrastructure in public and private facilities, such as airports or hospitals. We discuss why building automation botnets could thus enable attackers to cause various critical damage on whole regions and economies. Hiding the command and control communication is a highly beneficial step to adapt botnets to the BAS environment. We show that this is not necessarily a big hurdle and can be solved using existing covert channel techniques.
Conference Paper
Smartphones are now handling personal and extremely important data and applications. This increases mobile environment threats and makes smartphones one of attackers' preferred targets. To mitigate threats, many proposals and counter-measures have been proposed. In this paper, we focus on one of them, the Trusted Execution Environment (TEE) which is a new family of architecture having its own hardware and software environment completely isolated from the mobile ones. It intends to offer better security than the one provided by mobile platforms. It proposes for example secure storage to applications running on top of the mobile Operating System. We give a complete overview of standardization activities on TEE. We first detail the software and hardware architecture of the TEE as introduced by GlobalPlatform specifications. Then, we describe the different available TEE solutions. Finally, we compare these solutions according to key performance parameters with a special interest to security aspects.
Conference Paper
Engineering of building structures is characterized by a standardized process flow which includes feasibility studies, draft and detailed design, construction, operation, conversion and demolition. The main goals are a sufficient quality, economic efficiency and sustainability of the building. However, the process flow is commonly interrupted by individual issues, alterations in use, function and ownership as well as technical developments over the referenced lifetime of 50-100 years. This contribution focusses on the integration of Resilience Engineering (RE) in the building lifecycle process using trans-disciplinary product lifecycle management (PLM) in Building Information Modeling (BIM). Those methods provide the techniques to solve the current deficiencies in the engineering process flow if they are continuously applied over the whole lifecycle. An example for critical built infrastructures is presented to point out how multi-hazard risk assessment strategies, scenario definition, design strategies and a performance based design are coped with in BIM-based resilience engineering.
Article
There is a well-known issue facing the industry today of cyber-criminals targeting business websites. This impacts organisations of all sizes and is a growing concern. While there are a number of ways to address this issue, the ‘security as a process’ approach forms the ideal basis for any strategy. Security as a process should be accepted as the norm within every business. It allows operation within areas that previously would have been seen as hostile – for example, running websites on the Internet. While there are a number of ways to address the issue of cybercrime, the ‘security as a process’ approach forms the ideal basis for any strategy. Processes such as system hardening, security patching, security testing, log analysis, and so on can all be iterative, feeding back into the security process to improve security in the future, explains Mark Lowe of Portcullis Computer Security.
Article
Cyber situational awareness is attracting much attention. It features prominently in the national cyber strategies of many countries, and there is a considerable body of research dealing with it. However, until now, there has been no systematic and up-to-date review of the scientific literature on cyber situational awareness. This article presents a review of cyber situational awareness, based on systematic queries in four leading scientific databases. 102 articles were read, clustered, and are succinctly described in the paper. The findings are discussed from the perspective of both national cyber strategies and science, and some directions for future research are examined.