UPRISE-IoT: User-centric PRIvacy & Security in IoT
Lead Research Organisation:
University College London
Department Name: Geography
Abstract
The goal of this project is to allow users to gain control over data generated and collected by the Internet of Things (IoT) devices surrounding them. Since the IoT will be omnipresent in our day-to-day activities, our privacy is potentially at risk. At the same time, the deployment of IoT technologies might be stopped or slowed-down if privacy is not considered from the beginning as a fundamental design objective. In general, for these reasons, we believe that it is essential to adopt a privacy-by-design approach for the IoT.
This project will take a fresh look at the IoT privacy space by considering a user-centric approach. It will be user-centric by considering user's behaviour and context in order to improve security and privacy in a privacy-preserving manner. The approach will also increase data transparency and control. Users will be informed about the data that is being collected in a user-friendly manner, and will have the option to oppose to its collection. We plan to develop a solution that will offer tools for controlling data privacy in the IoT world. Therefore, we believe that the project will raise a new awareness in the users, so that users' behaviour will not compromise their security, favouring also the creation of a new market based on the monetization of IoT data.
The expected result is the creation of a new secure space centred around the user where security solutions are either integrated within IoT devices directly (creating smart secure objects) or made available to the user by powerful user-friendly mobile applications for: (i) "smartifying" the IoT devices that are not intrinsically secure, (ii) fine-tuning the level of privacy; (iii) getting awareness of their behaviour for being protected from security and privacy threats, (iv) getting awareness of the value of their information.
We will validate our results with experimental work involving users. We plan to adopt a mixed quantitative/qualitative approach to the problem: we will both survey users' perception of security, as well as measure the real level of protection of users' data.
This project will take a fresh look at the IoT privacy space by considering a user-centric approach. It will be user-centric by considering user's behaviour and context in order to improve security and privacy in a privacy-preserving manner. The approach will also increase data transparency and control. Users will be informed about the data that is being collected in a user-friendly manner, and will have the option to oppose to its collection. We plan to develop a solution that will offer tools for controlling data privacy in the IoT world. Therefore, we believe that the project will raise a new awareness in the users, so that users' behaviour will not compromise their security, favouring also the creation of a new market based on the monetization of IoT data.
The expected result is the creation of a new secure space centred around the user where security solutions are either integrated within IoT devices directly (creating smart secure objects) or made available to the user by powerful user-friendly mobile applications for: (i) "smartifying" the IoT devices that are not intrinsically secure, (ii) fine-tuning the level of privacy; (iii) getting awareness of their behaviour for being protected from security and privacy threats, (iv) getting awareness of the value of their information.
We will validate our results with experimental work involving users. We plan to adopt a mixed quantitative/qualitative approach to the problem: we will both survey users' perception of security, as well as measure the real level of protection of users' data.
Planned Impact
We believe that, given its goals, UPRISE-IOT will have a significant impact in academia, industry and governmental and non-governmental organisations. IoT will be part of our everyday life and therefore usable solutions for IoT are also of paramount importance for citizens, communities, profit and non-profit organisations.
The project will design, implement and evaluate the required modelling, primitives and tools to manage the increased data generation and the emerging unlimited interconnection of devices characterising the new wave of IoT technologies. By doing so, UPRISE-IoT aims to help citizens to gain awareness of IoT data. Moreover, by securing the development of new user-centric IoT applications, the project expects to foster the required short-term impact on the development of IoT algorithms, tools and prototypes. In addition to the technological impact, UPRISE-IoT will have a significant impact in terms of competence building in this emerging key technological area.
The project will put strong effort on dissemination activities to promote the UPRISE-IoT solutions and foster its understanding among relevant stakeholders in the field, including individuals, industry and, in the case the project's results will call for it, standardisation bodies. The UPRISE-IoT consortium agrees that is extremely important to make public (including individuals, academics and industries) the outcome of the project. This will increase the chance for acceptance and further exploitation of experimental results by end-users. The dissemination strategy will have to i) reach out to a broad audience to optimise the general impact of the project, and ii) to target accurately specific industry and research clusters to increase the scientific impact of UPRISE-IoT on the R&D community.
UPRISE-IoT will exploit multiple channels for disseminating its scientific results, such as articles in journals, papers at conferences and demonstrations at fairs, as well as make use of new ways to disseminate results (e.g., YouTube to reach broad public). In addition UPRISE-IoT will develop a storytelling to showcase the technology in dedicated events and conferences, as well as in teaching and public events to make users aware of potential risks.
The dissemination of project results will take place at national and international level through a number of activities. These will include participation in national and international conferences, other scientific events, and commercial exhibitions.
The project will design, implement and evaluate the required modelling, primitives and tools to manage the increased data generation and the emerging unlimited interconnection of devices characterising the new wave of IoT technologies. By doing so, UPRISE-IoT aims to help citizens to gain awareness of IoT data. Moreover, by securing the development of new user-centric IoT applications, the project expects to foster the required short-term impact on the development of IoT algorithms, tools and prototypes. In addition to the technological impact, UPRISE-IoT will have a significant impact in terms of competence building in this emerging key technological area.
The project will put strong effort on dissemination activities to promote the UPRISE-IoT solutions and foster its understanding among relevant stakeholders in the field, including individuals, industry and, in the case the project's results will call for it, standardisation bodies. The UPRISE-IoT consortium agrees that is extremely important to make public (including individuals, academics and industries) the outcome of the project. This will increase the chance for acceptance and further exploitation of experimental results by end-users. The dissemination strategy will have to i) reach out to a broad audience to optimise the general impact of the project, and ii) to target accurately specific industry and research clusters to increase the scientific impact of UPRISE-IoT on the R&D community.
UPRISE-IoT will exploit multiple channels for disseminating its scientific results, such as articles in journals, papers at conferences and demonstrations at fairs, as well as make use of new ways to disseminate results (e.g., YouTube to reach broad public). In addition UPRISE-IoT will develop a storytelling to showcase the technology in dedicated events and conferences, as well as in teaching and public events to make users aware of potential risks.
The dissemination of project results will take place at national and international level through a number of activities. These will include participation in national and international conferences, other scientific events, and commercial exhibitions.
Organisations
People |
ORCID iD |
| Mirco Musolesi (Principal Investigator) |
Publications
Baron B
(2020)
Where You Go Matters A Study on the Privacy Implications of Continuous Location Tracking
in Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
Bermudez Villalva D
(2018)
Under and over the surface: a comparison of the use of leaked account credentials in the Dark and Surface Web
in Crime Science
Bermudez-Villalva A
(2020)
A Measurement Study on the Advertisements Displayed to Web Users Coming from the Regular Web and from Tor
Cavdar S
(2020)
A Multi-perspective Analysis of Social Context and Personal Factors in Office Settings for the Design of an Effective Mobile Notification System
in Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
Darvariu V
(2020)
Quantifying the Relationships between Everyday Objects and Emotional States through Deep Learning Based Image Analysis Using Smartphones
in Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
Kucukozer-Cavdar S
(2021)
Designing Robust Models for Behaviour Prediction Using Sparse Data from Mobile Sensing A Case Study of Office Workers' Availability for Well-being Interventions
in ACM Transactions on Computing for Healthcare
Mehrotra A
(2021)
FutureWare: Designing a Middleware for Anticipatory Mobile Computing
in IEEE Transactions on Software Engineering
Mehrotra A
(2018)
Comprehensive Geographic Information Systems
Mehrotra A
(2018)
Using Autoencoders to Automatically Extract Mobility Features for Predicting Depressive States
in Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
Pagani A
(2019)
Graph input representations for machine learning applications in urban network analysis
in Environment and Planning B: Urban Analytics and City Science
Perez B
(2019)
Fatal attraction
| Description | We have been exploring the development of techniques for privacy-preserving IoT systems with a focus on explainability. We are in particular focussing on the aspects related to the applications of artificial intelligence/machine learning techniques to IoT data. These recent developments raise concerns about the privacy of the data of individuals not only in terms of the actual personal information itself (e.g., location) but also with respect to the information extracted through machine learning algorithms. Indeed, machine learning algorithms are seen as black boxes and in order to ensure acceptability of these new technologies, it is of paramount importance to design systems that are able to "explain" the inferences that are extracted from the data themselves. It is worth noting that this project is funded through a CHIST-ERA call and it involves University of Applied Sciences and Arts of Southern Switzerland (Switzerland), INRIA (France) and EURECOM (France). There have been several constructive interactions with the other members of the project in the past months. In particular, UCL has designed a machine learning explanation framework for inference algorithms based on data collected through pervasive and IoT systems. The prototype focuses on the interpretation of identification algorithms from location and presence information in different use-case scenarios. The proposed explanation framework provides a starting point to enable users to understand how the traces they generate could expose their privacy, while allowing for usable and personalized services at the same time. Moreover, UCL has also conducted an extensive in-the-wild research study to shed light on the range of personal information that can be inferred from the places visited by users, as well as user privacy expectations with respect to this information. To this end, UCL has developed FollowMe, a mobile application that continuously collects user location and extracts personal information from it. The app also provides an interface to give feedback about the relevance of the personal information inferred from location data and its corresponding privacy sensitivity. The findings of the analysis performed at UCL show that, while some personal information such as social activities is not considered private, other information such as health, religious belief, ethnicity, political opinions, and socio-economic status is considered private by the participants of the study. This study paves the way to the design of privacy-preserving systems that provide contextual recommendations and explanations to help users further protect their privacy by making them aware of the consequences of sharing their personal data. With respect to usability and privacy, we focus primarily on the problem of identification. We have been considering a wide range of sensor information for classification, with a main focus on two sensor modalities: location and magnetometer data from mobile phones and IoT devices. However, at the same time, the general aim has been the development of a general framework for identification and obfuscation of mobile data, which can be applied to a variety of datasets. Another aspect that has been considered has been the usability of systems in terms of user acceptance and risks. It is also worth noting that one of the emerging areas in the recent years that has not been envisaged at the beginning of the project is machine learning interpretability. In particular, UCL has been focused on the aspects related to the explanation of identification algorithms from mobile and sensing data. We have also worked on the problem of sensitivity of information extracted from visit to locations. We have explored which information can be extracted from visits to places and their privacy sensitivity to users. This has been performed through a large-scale user study involving a large number of participants. Our findings show that, while some personal information such as social activities is not considered private, other information such as health, religious belief, ethnicity, political opinions, and socio-economic status is considered private by the participants of the study. This study paves the way to the design of privacy-preserving systems that provide contextual recommendations and explanations to help users further protect their privacy by making them aware of the consequences of sharing their personal data. |
| Exploitation Route | We are keeping exploring potential collaborations with companies about commercial exploitation of the findings and/or direct commercialisation of the ideas. We believe that the results of our user studies that we are currently conducting will be extremely valuable for the research community (in academia and industry). This work has led to a series of publications including some in high profile venues such as ACM WiSec, which is a top venue for research in security?ivacy for mobile and IoT systems, and an overview article on IEEE Pervasive Computing on the problem of interpretability of machine learning techniques applied to mobile data. We have developed an app for inferring personal information from location and sensor data called TrackingAdvisor (https://iss-lab.geog.ucl.ac.uk/trackingadvisor/index.html). Through the app we have collected a very valuable dataset linking people and location data (and their privacy perception associated to this information). We have also published a major paper that appeared on the Proceedings of the ACM on Interactive, Wearable, Mobile, Ubiquitous Technologies about this work. The paper was presented at UbiComp 2021. |
| Sectors | Digital/Communication/Information Technologies (including Software),Healthcare,Security and Diplomacy |
| URL | http://uprise-iot.supsi.ch |
| Description | A parallel thread that has been explored is the analysis of ethical implications of these identification techniques. Mirco Musolesi, the PI at UCL, has organized an event on the ethics of mobile data mining, in collaboration with the UK Information Commissioner's Office. The workshop has attracted a large interest also from other communities. Indeed, the applications developed in UPRISE-IoT might be misused, especially in non-democratic contexts. An analysis of socio-technical aspects related to these technologies is indeed essential. UCL plans to explore these aspects in the years to come, also in collaboration with the other project partners. |
| First Year Of Impact | 2020 |
| Sector | Creative Economy,Digital/Communication/Information Technologies (including Software),Government, Democracy and Justice,Security and Diplomacy |
| Impact Types | Societal,Policy & public services |
| Title | TrackingAdvisor |
| Description | TrackingAdvisor is an automatic diary of your life. The timeline shows the places you have visited for every day you have participated in the study. |
| Type Of Technology | Webtool/Application |
| Year Produced | 2018 |
| Impact | The application is currently deployed for a user study. |
| URL | https://iss-lab.geog.ucl.ac.uk/trackingadvisor/ |
| Description | Keynote talk at the German-French Workshop on Secure Big Data. Orscholz, Germany. Title: Identification (and Obfuscation) in the Smartphone Era. |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Postgraduate students |
| Results and Impact | Lecture for PhD students from France and Germany covering the area of data mining of personal data. The lecture leads to further discussions around our research work. |
| Year(s) Of Engagement Activity | 2018 |