Cyber Security of the Internet of Things

Lead Research Organisation: University of Southampton
Department Name: Sch of of Electronics and Computer Sci

Abstract

Today we use many objects not normally associated with computers or the internet. These include gas meters and lights in our homes, healthcare devices, water distribution systems and cars. Increasingly, such objects are digitally connected and some are transitioning from cellular network connections (M2M) to using the internet: e.g. smart meters and cars - ultimately self-driving cars may revolutionise transport. This trend is driven by numerous forces. The connection of objects and use of their data can cut costs (e.g. allowing remote control of processes) creates new business opportunities (e.g. tailored consumer offerings), and can lead to new services (e.g. keeping older people safe in their homes).

This vision of interconnected physical objects is commonly referred to as the Internet of Things. The examples above not only illustrate the vast potential of such technology for economic and societal benefit, they also hint that such a vision comes with serious challenges and threats. For example, information from a smart meter can be used to infer when people are at home, and an autonomous car must make quick decisions of moral dimensions when faced with a child running across on a busy road. This means the Internet of Things needs to evolve in a trustworthy manner that individuals can understand and be comfortable with. It also suggests that the Internet of Things needs to be resilient against active attacks from organised crime, terror organisations or state-sponsored aggressors.

Therefore, this project creates a Hub for research, development, and translation for the Internet of Things, focussing on privacy, ethics, trust, reliability, acceptability, and security/safety: PETRAS, (also suggesting rock-solid foundations) for the Internet of Things. The Hub will be designed and run as a 'social and technological platform'. It will bring together UK academic institutions that are recognised international research leaders in this area, with users and partners from various industrial sectors, government agencies, and NGOs such as charities, to get a thorough understanding of these issues in terms of the potentially conflicting interests of private individuals, companies, and political institutions; and to become a world-leading centre for research, development, and innovation in this problem space.

Central to the Hub approach is the flexibility during the research programme to create projects that explore issues through impactful co-design with technical and social science experts and stakeholders, and to engage more widely with centres of excellence in the UK and overseas. Research themes will cut across all projects: Privacy and Trust; Safety and Security; Adoption and Acceptability; Standards, Governance, and Policy; and Harnessing Economic Value. Properly understanding the interaction of these themes is vital, and a great social, moral, and economic responsibility of the Hub in influencing tomorrow's Internet of Things. For example, a secure system that does not adequately respect privacy, or where there is the mere hint of such inadequacy, is unlikely to prove acceptable. Demonstrators, like wearable sensors in health care, will be used to explore and evaluate these research themes and their tension. New solutions are expected to come out of the majority of projects and demonstrators, many solutions will be generalisable to problems in other sectors, and all projects will produce valuable insights. A robust governance and management structure will ensure good management of the research portfolio, excellent user engagement and focussed coordination of impact from deliverables.

The Hub will further draw on the expertise, networks, and on-going projects of its members to create a cross-disciplinary language for sharing problems and solutions across research domains, industrial sectors, and government departments. This common language will enhance the outreach, development, and training activities of the Hub.

Publications

10 25 50
 
Description The IoT Observatory is being developed as a core platform and set of technologies to support observation, analysis, and visualization of different IoT applications/devices within integrated IoT ecosystems such as smart cities, critical infrastructure support. Drawing on emerging standards for metadata such as HyperCat, big data technologies (such as storm), IoT data stream protocol formats such as MQTT, CoAP are some of the core features of the observatory platform. At the core of the IoT Observatory ecosystem is a platform that orchestrates device discovery, data integration across sensor streams, data aggregation, statistical analyses and sharing among different stakeholders. A critical feature provided by the IoT Observatory fine-grained access control to ensure data authentication and authorization policies to address the concerns of sensitive information. For this, we are in process of enriching the metadata associated with datasets, streams, data statistics, visualizations and applications to enable user consent for sharing the sensitive sensor data to certain degree. An authentication service for legitimate sharing and re-use of resources on the observatory is being developed to address the concerns of localized authorization decision making in IoT applications.
Exploitation Route Informed the specification development for PEDASI IoT Observatory project under PETRAS Programme.
Sectors Agriculture, Food and Drink,Communities and Social Services/Policy,Creative Economy,Digital/Communication/Information Technologies (including Software),Education,Energy,Environment,Financial Services, and Management Consultancy,Healthcare,Government, Democracy and Justice,Manufacturing, including Industrial Biotechology,Culture, Heritage, Museums and Collections,Retail,Transport

 
Description The IoT Observatory is envisaged as a core platform for both the academic and user-partners at the PETRAS hub for IoT data-sharing and re-use across different themes of research. The capabilities of the observatory to support sharing of both historical and real-time sensor data streams complaint with the HyperCat metadata vocabulary can direct impact the standardization, and building IoT data-ecosystems critical for IoT research. We expect to run user-engagement workshops, analyzing user's privacy and trust concerns and understanding their interactions with other stakeholders for a variety of data processing and analytic applications. This is critical for real-world implementation of the platform for sharing and re-using IoT resources. We expect a widespread impact in terms of providing an infrastructural support for secure and legitimate sharing of IoT resources across different research themes and application areas within the PETRAS community and the IoT community at large.
First Year Of Impact 2016
Impact Types Cultural,Societal,Economic,Policy & public services

 
Title IoT Observatory 
Description The development of the IoT Observatory is key towards a core platform and a set of associated technologies in order to support the observation, analysis, and visualisation of interactions and activities in IoT ecosystems. Integration with existing IoT Metadata standards such as the HyperCat make the observatory a robust tool for inter-domain research analyses. Inspired by the Web Observatory platform the IoT Observatory provides infrastructure support for sharing of IoT datasets and analytical applications contributed by various academic and user-partners of the PETRAS for critical research and implementation analyses. The IoT Observatory platform orchestrates several components for data ingestion, integration, storage, and streaming to support data re-use and sharing critical for IoT application domains such as smart cities. To address the privacy concerns of the stakeholders in any IoT ecosystems the observatory platform provides legal and ethical frameworks along with technological support for authentication and authorization. 
Type Of Material Improvements to research infrastructure 
Provided To Others? No  
Impact The IoT Observatory infrastructure is expected to provide critical support for the PETRAS academic and user-partners for sharing research outputs, datasets, and statistics for larger challenges such as tools for detecting data authenticity, verification, and engagement with the IoT user communities in a variety of application domains including Smart cities and healthcare among others. 
URL https://iotobservatory.io/
 
Description DietLens 
Organisation National University of Singapore
Country Singapore 
Sector Academic/University 
PI Contribution Outputs from the Health-I project will further inform Policy frameworks for the use of web/mobile applications used in crowd-sourcing data. This collaboration has provided the DietLens team with the opportunity to capture dietary data outside the current Singapore themed food in the apps database.
Collaborator Contribution The DietLens mobile application allows users to simply take a photo of the food and the app will be able to recognise and identify it through image recognition technology. Nutritional information such as carbohydrate, protein and fat content of the identified food is then provided with an option to adjust for serving sizes, ingredients and preparation methods based on that specific meal. This information is automatically recorded and logged in food diary for an easy way to track dietary consumption that can be shared with clinicians. This collaboration enabled the Health-I project to undertake research to assess if people would be willing to use DietLens (a mobile app for crowdsourcing data), how they might use it, and their thoughts regarding data privacy of DietLens. To this end a survey of 10 questions was conducted and distributed to the University of Southampton's students to establish user feedback informing user perceptions of sharing crowd-sourced data and data privacy.
Impact This project explored privacy concerns when using IoT technology such as DietLens. Focusing on the application of IoT in healthcare, we used crowdsourcing to further understand contextual elements that influence the privacy concerns when sharing identifiable and sensitive data. These elements have been used to build a trust and privacy framework that supports sharing data in various context. We also developed a crowd-based privacy mechanism that builds context-aware privacy profiles. As we further analyse the outputs it is hoped we can share this feedback with the National University of Singapore to help advance the use of DietLens.
Start Year 2018
 
Description HEALTH-I CityVerve 
Organisation CISCO Systems
Country United States 
Sector Private 
PI Contribution We are working on design of health based use case to illustrate the common concerns of Manchester and Southampton City and how it can be addressed within the scope of the HEALTH-I project
Collaborator Contribution A set of 35use cases have been shared that are key to the Manchester city
Impact - The Asthma use case from the list of use-cases has been identified that can feed the HEALTH-I project with a good use case.
Start Year 2017
 
Description Hybrid Engagement Architecture Layer for Trusted Human-centric IoT 
Organisation Southampton City Council
Country United Kingdom 
Sector Public 
PI Contribution We are engaging with the Southampton City Council as user partner to collaborate on the behavioural and data sharing components of our proposed research work on modeling human factors in IoT and for cybersecurity over distributed stores. It will especially focus on developing distributed personal data stores and crowdsourcing methods and human computation methods to enable the local citizens to actively participate in the smart city IoT ecosystem to improve trust, privacy, security, and data sharing within critical IoT infrastructure.
Collaborator Contribution At the initial stage, the Southampton city council is expected to facilitate the research by providing research datasets on citizen behavior and data sharing activities within different agencies in a smart city. It would also provide the user test beds for testing the human computation models developed as part of research work by the project
Impact -With the initial support of the Southampton City council as user-partners, funding has been requested through the PETRAS internal strategic funds call. With the support from the PETRAS hub we expect to do a comparative study on user behavior and adoption of smart devices and technologies across different cities in the UK
Start Year 2017
 
Description Microsoft Azure and IoT Observatory 
Organisation Microsoft Research
Country Global 
Sector Private 
PI Contribution The IoT Observatory spans across the PETRAS themes of privacy, security, policy, trust, adoptability and acceptability. It aims to provide artefacts and tools for sharing IoT datasets on a large distributed scale to support innovation within and beyond the PETRAS academic and user-partners. The IoT Observatory project aims to identify and address infrastructural, technological and legal issues to that end, and will initiate the deployment of an infrastructure that will enable individuals or organisations to share IoT datasets. This activity work in synergy with existing initiatives within the Web Science and Internet Science communities. The project will build on the learnings from the Web Observatory project (supported by Microsoft Azure) and improvise on the challenges of real-time requirements of data analytics along with ensuring privacy and security of end-users, organizations and other stakeholders. The project will also initiate a number of activities for community engagement for the development of analytics and visualisations on those datasets across the PETRAS community.
Collaborator Contribution Through the engagement with Microsoft Azure team and using the 12 month trial period of Azure and IoT suite, the IoT observatory will explore mutual collaborations over analytics and sharing of IoT datasets (and streams) within the PETRAS community and install multiple instances of the IoT observatory within the hub describing a global network of IoT observatories for IoT research. This will have a number of domain specific applications including, healthcare, smart cities, risk analysis in critical infrastructures. IoT Observatory project will build on learnings of Web Observatory infrastructure which aimed at sharing Web data (also backed by MS Azure).
Impact The IoT Observatory team will identify a number of research (ethical, legal and technical) challenges in large scale data sharing and share these with the Azure team and the Azure team would engage continuously through use of IoT suite functionalities with the observatory team.This would lead to establishing various test nodes of Azure backed IoT Observatory nodes within and beyond PETRAS.
Start Year 2018
 
Description SOLIT: Solidifying IoT 
Organisation Ordnance Survey
Country United Kingdom 
Sector Public 
PI Contribution Integrating inputs and research datasets obtained from the Ordnance Survey, the project will support the user-partners with agency/application specific datastores. These datastores will be made available through a data-sharing and mapping framework capable of mapping and integrating the sensor and spatio-temporal in a secure way while addressing the privacy concerns. Secure services will be delivered for data mapping and sharing that will be directly implementable in real-world settings of Ordnance Survey and its partners.
Collaborator Contribution Partnering with Ordnance Survey we expect to obtain rich topographic datasets for a variety of contexts such as critical infrastructure design, urban planning, insurance risk and environment management. This is dataset will be critical to our project implementation and testing phase for making services ready for real-world settings.
Impact With the support and engagement of through initial discussions with the Ordnance Survey a research proposal for first internal strategic funds call with the PETRAS hub has been submitted. Obtaining the same we wish to support engagement activities between PETRAS hub partners and the Ordnance survey at large.
Start Year 2017
 
Description Understanding Emergence of Cyber Physical Social Machines 
Organisation University of Oxford
Country United Kingdom 
Sector Academic/University 
PI Contribution The concept of "social machines" is increasingly being used to characterize and describe various socio-cognitive spaces on the Web. Social machines imitate real-life processes and activities including human communication, opinion formation, interactions, and knowledge creation. Social machines continuously emerge and fade on the Web. The relationship between humans and machines has become further complicated by the scale of adoption of Internet of Things (IoT) sensors and devices. Scale, automation, continuous sensing, and actuation capabilities of these devices has added a third dimension to the relationship between humans and machines. As a result, new concerns of privacy and security are emerging. The divergent nature of these new socio-technical systems which we call Cyber Physical Social Machines (CPSMs) makes the problem non-trivial both at a systemic and conceptual level. In this study, we attempt to describe different exemplars of Cyber Physical Social Machines enabled and created by IoT devices. We describe the as-sociated challenges of security and privacy threats and emphasize the need for further studies in the proposed area of Cyber Physical Social Machines.
Collaborator Contribution Exchange of research ideas and joint discussions
Impact A joint research paper on Cyberphysical social machines has been submitted the 10th ACM WebSci Conference 2018.
Start Year 2018
 
Title IoT Observatory 
Description A datasets and analytic apps metadata catalogue that is built on top of multiple standards and widely adopted technologies such as Schema.org, DCAT, OAuth2.0 and OpenID Connect. 
Type Of Technology Webtool/Application 
Year Produced 2016 
Impact Hosting multiple IoT related datasets/streams. 
URL http://iotobservatory.io/
 
Title Porter Proxy for securly exposing database interfaces on the Web 
Description With a large number of datasets now available through the Web, data-sharing ecosystems such as the IoT Observatory have emerged. The IoT Observatory provides an active decentralised ecosystem for datasets and applications based on a number IoT Observatory sites, each of which can run in a different administrative domain. On a IoT Observatory, users can publish and securely access datasets across domains via a harmonised API and reverse proxies for access control. However, that API provides an interface that is different from the underlying databases', and consequently, existing applications built on top of those database interfaces require major modification to work with the Web Observatory ecosystem. We propose a lightweight architecture called Porter Proxy to address these issues. Porter Proxy exposes the same interfaces as databases as requested by the users while enforcing access control. 
Type Of Technology New/Improved Technique/Technology 
Year Produced 2017 
Impact Enable applications to communicate with datasets shared in the IoT Observatory. 
 
Description Data Sharing in IoT Worlds: Concerns for Privacy and Security 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Postgraduate students
Results and Impact A research talk was given about data sharing in IoT worlds and how an observatory approach can support it. The talk explained the information linkage as a privacy threat and how observatory can handle this at a prototype level my estimating the probability of data linkage.
Year(s) Of Engagement Activity 2017
 
Description Data Sharing in IoT Worlds: Concerns for Privacy and Security 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Postgraduate students
Results and Impact The talk was given as part of UK Web and Data Science Mission to Taiwan from 11-13 December. It was attended by 50-100 students, faculty members from various universities in Taiwan at Academia Sinica.
Year(s) Of Engagement Activity 2017
 
Description From Observatory to Laboratory: A Pathway to Data Evolution 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Presentation delivered as part of the 2019 Living in the Internet of Things conference, organized by the UK Institution of Engineering and Technology.
Year(s) Of Engagement Activity 2019
URL https://tv.theiet.org/?videoid=12998
 
Description IoT Observatory Workshop 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Industry/Business
Results and Impact On July 24, 2017, IoT Observatory based at University of Southampton and the CRACS project based at Oxford e-Research Centre hosted a day long workshop at the Oxford e-
Research Centre. The workshop was part of the series of workshops planned as part of the IoT Observatory project for dissemination of learnings on open research challenges for data sharing and reuse and integrating the outcomes of other PETRAS projects to build a data ecosystem for PETRAS infrastructure. The purpose of the workshop was to bring together and understand perspectives of PETRAS user-partners, policy, standards and governance stream, privacy and trust stream on technical, ethical and policy challenges for data sharing and re-use in the IoT ecosystems. The workshop participants represented both academic and user-partners including UCL, University of Oxford, University of
Southampton, Telefonica (O2) and DigitalCatapult. The workshop was chaired by Prof. David de Roure, OERC and Alisdair Ritchie. University of Warwick represented the PETRAS hub in the workshop. The agenda began with an overview of scoping IoT Observatory in the world of IoT data sharing and re-use. The IoT Observatory platform is capable to foster an ecosystem for data upcycling, facilitating interactions between stakeholders and engage communities. A detailed "show and tell" of the existing features of the IoT Observatory by the team. The IoT observatory team also shared their experiences of philosophical and technical challenges faced during development and design of the architecture. Some
of these include:
• Enabling sharing of heterogeneous databases through the observatory.
• Reverse proxy implementation to support end-users' metadata on the IoT observatory without having to give out their actual datasets in contrast to existing catalogues such as, CKAN.
• Facilitate real-time of IoT data sharing.
• Querying and analysing time-series IoT data and enabling personal IoT observatory implementation on light weight computers.
• Access control model for accessing data on the IoT Observatory based on usage and purpose.
The second session focused on discussing the open research challenges that can support technical capabilities of the IoT observatory. And the final session discussed ethical and policy frameworks that can be integrated with the IoT Observatory infrastructure and methods to assess trustworthiness of users decision making on the IoT Observatory.Key Messages "Why IoT Observatory matters"
• It is a piece of infrastructure that can bring together the research outputs of projects within the PETRAS to describe the philosophical, technical, ethical and legal challenges for IoT
data innovation.
• In addition to data and analytics sharing and re-use, a significant contribution of observatory can be to foster innovation by enabling sharing of methods and tools different projects use for analytics and applications on datasets, including software and user-studies.
• Test the standardization of terminologies and vocabulary using the datasets available on the observatory.
Year(s) Of Engagement Activity 2017
URL https://www.petrashub.org/iot-observatory-workshop-on-technical-and-ethical-challenges-of-secure-dat...
 
Description IoT Observatory: Data Sharing and It's Challenges 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact A talk on the IoT Observatory project was given as part of the event based on the The Impact of Internet of Things on our Lives highlighting four important areas: developments and IoT technologies, applications, connected society and finally data and security. The event took on the 24th of March 2017 at IBM.
Year(s) Of Engagement Activity 2017
URL https://nmi.org.uk/event/impactech-event-the-impact-of-internet-of-things-on-our-lives/