On Privacy and Security in Smart Connected Homes

10.24834/isbn.9789178771646 ◽

2021 ◽

Author(s):

◽

Joseph Bugeja

Keyword(s):

Risk Analysis ◽

Smart Home ◽

Security Analysis ◽

Technical Specification ◽

Personal Data ◽

Critical Issue ◽

Scientific Models ◽

Data Types ◽

Management Scenarios ◽

Privacy And Security

The growth and presence of heterogeneous sensor-equipped Internet-connected devices inside the home can increase efficiency and quality of life for the residents. Simultaneously, these devices continuously collect, process, and transmit data about the residents and their daily lifestyle activities to unknown parties outside the home. Such data can be sensitive and personal, leading to increasingly intimate insights into private lives. This data allows for the implementation of services, personalization support, and benefits offered by smart home technologies. Alas, there has been a surge of cyberattacks on connected home devices that essentially compromise privacy and security of the residents. Providing privacy and security is a critical issue in smart connected homes. Many residents are concerned about unauthorized access into their homes and about the privacy of their data. However, it is typically challenging to implement privacy and security in a smart connected home because of its heterogeneity of devices, the dynamic nature of the home network, and the fact that it is always connected to the Internet, amongst other things. As the numbers and types of smart home devices are increasing rapidly, so are the risks with these devices. Concurrently, it is also becoming increasingly challenging to gain a deeper understand- ing of the smart home. Such understanding is necessary to build a more privacy-preserving and secure smart connected home. Likewise, it is needed as a precursor to perform a comprehensive privacy and security analysis of the smart home. In this dissertation, we render a comprehensive description and account of the smart connected home that can be used for conducting risk analysis. In doing so, we organize the underlying smart home devices ac- cording to their functionality, identify their data-collecting capabilities, and survey the data types being collected by them. Such is done using the technical specification of commercial devices, including their privacy policies. This description is then leveraged for identifying threats and for analyzing risks present in smart connected homes. Such is done by analyzing both scholarly literature and examples from the industry, and leveraging formal modeling. Additionally, we identify malicious threat agents and mitigations that are relevant to smart connected homes. This is performed without limiting the research and results to a particular configuration and type of smart home. This research led to three main findings. First, the majority of the surveyed commercial devices are collecting instances of sensitive and personal data but are prone to critical vulnerabilities. Second, there is a shortage of scientific models that capture the complexity and heterogeneity of real-world smart home deployments, especially those intended for privacy risk analysis. Finally, despite the increasing regulations and attention to privacy and security, there is a lack of proactive and integrative approaches intended to safeguard privacy and security of the residents. We contributed to addressing these three findings by developing a framework and models that enable early identification of threats, better planning for risk management scenarios, and mitigation of potential impacts caused by attacks before they reach the homes and compromise the lives of the residents. Overall, the scientific contributions presented in this dissertation help deepen the understanding and reasoning about privacy and security concerns affecting smart connected homes, and contributes to advancing the research in the area of risk analysis as applied to such systems.

Download Full-text

Assessing Users’ Privacy and Security Concerns of Smart Home Technologies

i-com ◽

10.1515/icom-2019-0015 ◽

2019 ◽

Vol 18 (3) ◽

pp. 197-216 ◽

Cited By ~ 1

Author(s):

Verena Zimmermann ◽

Paul Gerber ◽

Karola Marky ◽

Leon Böck ◽

Florian Kirchbuchner

Keyword(s):

Smart Home ◽

Elderly Care ◽

Security And Privacy ◽

Structured Interviews ◽

Privacy And Security ◽

Privacy Concerns ◽

Private Lives ◽

Societal Level ◽

Home Users

AbstractSmart Home technologies have the potential to increase the quality of life, home security and facilitate elderly care. Therefore, they require access to a plethora of data about the users’ homes and private lives. Resulting security and privacy concerns form a relevant barrier to adopting this promising technology. Aiming to support end users’ informed decision-making through addressing the concerns we first conducted semi-structured interviews with 42 potential and little-experienced Smart Home users. Their diverse concerns were clustered into four themes that center around attacks on Smart Home data and devices, the perceived loss of control, the trade-off between functionality and security, and user-centric concerns as compared to concerns on a societal level. Second, we discuss measures to address the four themes from an interdisciplinary perspective. The paper concludes with recommendations for addressing user concerns and for supporting developers in designing user-centered Smart Home technologies.

Download Full-text

Towards Better Performance for Protected Iris Biometric System with Confidence Matrix

Symmetry ◽

10.3390/sym13050910 ◽

2021 ◽

Vol 13 (5) ◽

pp. 910

Author(s):

Tong-Yuen Chai ◽

Bok-Min Goi ◽

Wun-She Yap

Keyword(s):

Data Privacy ◽

Recognition Performance ◽

Generalized Solution ◽

Performance Degradation ◽

Public Confidence ◽

Data Types ◽

Privacy And Security ◽

Biometric Data ◽

Biometric Template ◽

Template Protection

Biometric template protection (BTP) schemes are implemented to increase public confidence in biometric systems regarding data privacy and security in recent years. The introduction of BTP has naturally incurred loss of information for security, which leads to performance degradation at the matching stage. Although efforts are shown in the extended work of some iris BTP schemes to improve their recognition performance, there is still a lack of a generalized solution for this problem. In this paper, a trainable approach that requires no further modification on the protected iris biometric templates has been proposed. This approach consists of two strategies to generate a confidence matrix to reduce the performance degradation of iris BTP schemes. The proposed binary confidence matrix showed better performance in noisy iris data, whereas the probability confidence matrix showed better performance in iris databases with better image quality. In addition, our proposed scheme has also taken into consideration the potential effects in recognition performance, which are caused by the database-associated noise masks and the variation in biometric data types produced by different iris BTP schemes. The proposed scheme has reported remarkable improvement in our experiments with various publicly available iris research databases being tested.

Download Full-text

Threats Analysis and Security Analysis for Critical Infrastructures: Risk Analysis Vs. Game Theory

2018 International Carnahan Conference on Security Technology (ICCST) ◽

10.1109/ccst.2018.8585725 ◽

2018 ◽

Cited By ~ 1

Author(s):

Pierpaolo Napolitano ◽

Giuliano Rossi ◽

Mara Lombardi ◽

Fabio Garzia ◽

Massimo Ilariucci ◽

...

Keyword(s):

Game Theory ◽

Risk Analysis ◽

Security Analysis ◽

Critical Infrastructures

Download Full-text

Solutions to Big Data Privacy and Security Challenges Associated With COVID-19 Surveillance Systems

Frontiers in Big Data ◽

10.3389/fdata.2021.645204 ◽

2021 ◽

Vol 4 ◽

Author(s):

Vibhushinie Bentotahewa ◽

Chaminda Hewage ◽

Jason Williams

Keyword(s):

Big Data ◽

Data Privacy ◽

Personal Data ◽

Surveillance Systems ◽

Privacy Rights ◽

Personal Privacy ◽

Privacy And Security ◽

Digital Surveillance ◽

Feasible Solutions ◽

The Impact

The growing dependency on digital technologies is becoming a way of life, and at the same time, the collection of data using them for surveillance operations has raised concerns. Notably, some countries use digital surveillance technologies for tracking and monitoring individuals and populations to prevent the transmission of the new coronavirus. The technology has the capacity to contribute towards tackling the pandemic effectively, but the success also comes at the expense of privacy rights. The crucial point to make is regardless of who uses and which mechanism, in one way another will infringe personal privacy. Therefore, when considering the use of technologies to combat the pandemic, the focus should also be on the impact of facial recognition cameras, police surveillance drones, and other digital surveillance devices on the privacy rights of those under surveillance. The GDPR was established to ensure that information could be shared without causing any infringement on personal data and businesses; therefore, in generating Big Data, it is important to ensure that the information is securely collected, processed, transmitted, stored, and accessed in accordance with established rules. This paper focuses on Big Data challenges associated with surveillance methods used within the COVID-19 parameters. The aim of this research is to propose practical solutions to Big Data challenges associated with COVID-19 pandemic surveillance approaches. To that end, the researcher will identify the surveillance measures being used by countries in different regions, the sensitivity of generated data, and the issues associated with the collection of large volumes of data and finally propose feasible solutions to protect the privacy rights of the people, during the post-COVID-19 era.

Download Full-text

General Public Views on Uses and Users of Administrative Health Data

International Journal for Population Data Science ◽

10.23889/ijpds.v1i1.47 ◽

2017 ◽

Vol 1 (1) ◽

Author(s):

P. Alison Paprica ◽

Michael Schull

Keyword(s):

Private Sector ◽

General Public ◽

Personal Data ◽

Health Data ◽

General Information ◽

Privacy And Security ◽

Administrative Health Data ◽

Potential Benefits ◽

Public Views ◽

Linked Administrative Health Data

ABSTRACTObjectivesHigh profile initiatives and reports highlight the potential benefits that could be realized by increasing access to health data, but do members of the general public share this view? The objective was to gain insight into the general public’s attitudes toward users and uses of administrative health data. ApproachIn fall 2015, four professionally-moderated focus groups with a total of 31 Ontario participants were conducted; two in Thunder Bay, two in Toronto. Participants were asked to review and comment on: general information about research based on linked administrative health data, a case study and models through which various users might use administrative health data. ResultsSupport for research based on linked administrative health data was strongest when people agreed with the purposes for which studies were conducted. The main concerns related to the security of personal data generally (e.g., Canada Revenue Agency hacking incidents were noted) and potentially inappropriate uses of health data, particularly by the private sector (e.g., strong reservations about studies done solely or primarily with a profit motive). Participants were reassured when provided with information about the process for removing or coding identifying information from health data, and about the oversight provided by the Information and Privacy Commissioner of Ontario. However, even when fully informed of privacy and security safeguards, participants still felt that risks unavoidably increase when there are more people and organizations accessing data. ConclusionsMembers of general public were generally supportive of research based on linked administrative health data but with conditions, particularly when the possibility of private sector research was discussed. Notably, and citing security concerns, focus group participants preferred models that had a limited number of individuals or organizations accessing data.

Download Full-text

Internet of Things (IoT) of Smart Home: Privacy and Security

International Journal of Computer Applications ◽

10.5120/ijca2019918450 ◽

2019 ◽

Vol 182 (39) ◽

pp. 3-8 ◽

Cited By ~ 6

Author(s):

Zaied Shouran ◽

Ahmad Ashari ◽

Tri Kuntoro

Keyword(s):

Internet Of Things ◽

Smart Home ◽

Privacy And Security

Download Full-text

Adataink biztonságban - adatainkban a biztonság?

Információs Társadalom ◽

10.22503/inftars.xvii.2017.1.3 ◽

2017 ◽

Vol 17 (1) ◽

pp. 45

Author(s):

Endre Győző Szabó ◽

Balázs Révész

Keyword(s):

European Union ◽

Data Security ◽

Personal Information ◽

Personal Data ◽

The Other ◽

Legal Regulations ◽

The European Union ◽

Privacy And Security ◽

Personal Data Protection ◽

Common Field

A magánélet és a biztonság népszerű ellentétpárként tűnhet fel az adatvédelmi gondolkodásban. Leegyszerűsítve olvashatjuk sokszor, hogy ha bizonyos feltételek hiányoznak, aránytalanul nagy áldozatot hozhatunk a személyes magánszféra, a privacy oldalán a biztonság érdekében, és magánszféránk túlzott feláldozása a biztonság oltárán visszafordíthatatlan folyamathoz és orwelli világhoz vezet. Más, a biztonság szempontjait mindenek felettinek hirdető érvelésben viszont a személyes adatok védelmére való hivatkozást alkotmányjogi bűvészkedésnek csúfolják és igyekeznek kisebbíteni a magánszféra-védelem egyébként méltányolandó értékeit. A magánélet és a személyes adatok védelmének pedig nagy a tétje, az adatok illetéktelenek részére való kiszolgáltatása, rosszhiszemű felhasználása egzisztenciákat, családokat tehet tönkre, boldogulási lehetőségeket hiúsíthat meg, ha a védelem alacsony szintre süllyed. Másrészről pedig az információszerzés, illetve előzetes adatgyűjtés a különböző bűnelkövetések, terrorcselekmények előkészületi cselekményei is egyben. Azzal, ha a személyes adataink, magánszféránk védelmében ésszerű lépéseket teszünk, élünk a jog és a technológia adta védelmi lehetőségekkel, adatainkat nemcsak az államtól és a piaci szereplőktől, de a bűnözőktől is elzárjuk, és ezzel mindannyiunk biztonságát szolgáljuk. Egy terület tehát biztosan létezik, ahol a biztonság és magánszféra mezsgyéje összeér: az adatbiztonságé és ezzel összefüggésben a tudatos, felelős felhasználói attitűdé, aminek azonban sokszor az emberi tényező a gátja. Jelen tanulmányban a magánszféra és biztonság kérdéskörének komplexitásáról szólunk, és közös nevezőt keresünk az adatkezelések nézőpontjából, kitérve az új adatvédelmi rendelet (GDPR) magánszféránkat és biztonságunkat egyaránt szolgáló leendő jogintézményeinek bemutatására is. --- Data in security – security in our data? Privacy and security may be deemed as a popular dichotomy. It is often argued that even if security is vital, we might sacrifice too much of our privacy in return. This may be irreversible when it comes to the intrusiveness of surveillance. On the other hand, it is also sometimes argued that the importance of personal data protection deserves less attention than security. There is much at stake when it comes to privacy and the protection of personal data. Misuse of personal information may damage families’ lives and ruin people’s livelihoods, thus this may all have significant repercussions for society as a whole – this is the price to be paid if protection is at a low level. Using sophisticated measures that technology and legal regulations can provide, privacy can be protected. Data security is a common field for the protection of privacy and security – crucial for both endeavours to make people’s lives better. This essay describes the complexity of issues related to privacy and security, while also taking new legislation of the European Union into account.

Download Full-text

A Framework for Privacy Assurance and Ubiquitous Knowledge Discovery in Health 2.0 Data Mashups

Cyber Crime ◽

10.4018/978-1-61350-323-2.ch204 ◽

2013 ◽

pp. 263-283 ◽

Cited By ~ 1

Author(s):

Jun Hu ◽

Liam Peyton

Keyword(s):

Health Care ◽

Knowledge Discovery ◽

Prescription Drugs ◽

Personal Information ◽

Personal Data ◽

Regulatory Compliance ◽

The Internet ◽

Privacy And Security ◽

Health 2.0 ◽

Share Data

Knowledge discovery is a critical component in improving health care. Health 2.0 leverages Web 2.0 technologies to integrate and share data from a wide variety of sources on the Internet. There are a number of issues which must be addressed before knowledge discovery can be leveraged effectively and ubiquitously in Health 2.0. Health care data is very sensitive in nature so privacy and security of personal data must be protected. Regulatory compliance must also be addressed if cooperative sharing of data is to be facilitated to ensure that relevant legislation and policies of individual health care organizations are respected. Finally, interoperability and data quality must be addressed in any framework for knowledge discovery on the Internet. In this chapter, we lay out a framework for ubiquitous knowledge discovery in Health 2.0 based on a combination of architecture and process. Emerging Internet standards and specifications for defining a Circle of Trust, in which data is shared but identity and personal information protected, are used to define an enabling architecture for knowledge discovery. Within that context, a step-by-step process for knowledge discovery is defined and illustrated using a scenario related to analyzing the correlation between emergency room visits and adverse effects of prescription drugs. The process we define is arrived at by reviewing an existing standards-based process, CRISP-DM, and extending it to address the new context of Health 2.0.

Download Full-text

The Effectiveness of Privacy Policy Statements

Digital Business Security Development ◽

10.4018/978-1-60566-806-2.ch004 ◽

2011 ◽

pp. 84-111

Author(s):

Roger Clarke

Keyword(s):

Web Sites ◽

Personal Data ◽

Research Literature ◽

Consumer Trust ◽

Privacy Policy ◽

Internet Commerce ◽

Privacy And Security ◽

Security Practices ◽

Policy Statements ◽

Business To Consumer

An expectation exists in the U.S.A. that operators of business-to-consumer (B2C) Web sites will provide public notice of their privacy and security practices in relation to the personal data that they hold. Such documents are referred to in this paper as Privacy Policy Statements (PPS). The use of PPS has become mainstream in many other countries as well. Privacy and security of personal data are important elements in consumer trust, and hence in a consumer‘s decision to make purchases using Internet commerce services. PPS could therefore be expected to play an important role in overcoming the impediments to consumer purchases online. This paper adds to the growing research literature on PPS by developing a research design involving comparison of an organisation’s PPS against a normative template developed on the basis of professional practice and laws, policies, practices, and public expectations around the world. A study of six B2C sites was undertaken, in order to assess the practicability of the design, and provide some initial substantive insight into the contributions that PPS currently make to consumer trust. It appears that many organisations’ PPS may be seriously inadequate, and hence may be more of an impediment to trust than an enabler of Web-commerce adoption.

Download Full-text