Michele Grisafi, M. Ammar, Marco Roveri, Bruno Crispo
Run-time attacks are a rising threat to both low- and high-end systems, with the spread of techniques like Return Oriented Programming (ROP) that aim at hijacking the control flow of vulnerable applications. Although several control flow integrity schemes have been proposed by both academia and the industry, the vast majority of them are not compatible with low-end embedded devices, especially the ones that lack hardware security features. In this paper, we propose FLAShadow , a secure shadow stack design and implementation for low-end embedded systems, relying on zero hardware security features. The key idea is to leverage a software-based memory isolation mechanism to establish an integrity-protected memory area on the Flash of the target device, where FLAShadow can be securely maintained. FLAShadow exclusively reserves a register for maintaining the integrity of the stack pointer and also depends on a minimal trusted run-time component to avoid trusting the compiler toolchain. We evaluate an open-source implementation of FLAShadow for the MSP430 architecture, showing an average performance and memory overhead of 168.58% and 25.91% respectively. While the average performance overhead is considered high, we show that it is application-dependent and incurs less than 5% for some applications.
{"title":"FLAShadow: A Flash-based Shadow Stack for Low-end Embedded Systems","authors":"Michele Grisafi, M. Ammar, Marco Roveri, Bruno Crispo","doi":"10.1145/3670413","DOIUrl":"https://doi.org/10.1145/3670413","url":null,"abstract":"Run-time attacks are a rising threat to both low- and high-end systems, with the spread of techniques like Return Oriented Programming (ROP) that aim at hijacking the control flow of vulnerable applications. Although several control flow integrity schemes have been proposed by both academia and the industry, the vast majority of them are not compatible with low-end embedded devices, especially the ones that lack hardware security features.\u0000 \u0000 In this paper, we propose\u0000 FLAShadow\u0000 , a secure shadow stack design and implementation for low-end embedded systems, relying on zero hardware security features. The key idea is to leverage a software-based memory isolation mechanism to establish an integrity-protected memory area on the Flash of the target device, where\u0000 FLAShadow\u0000 can be securely maintained.\u0000 FLAShadow\u0000 exclusively reserves a register for maintaining the integrity of the stack pointer and also depends on a minimal trusted run-time component to avoid trusting the compiler toolchain. We evaluate an open-source implementation of\u0000 FLAShadow\u0000 for the MSP430 architecture, showing an average performance and memory overhead of 168.58% and 25.91% respectively. While the average performance overhead is considered high, we show that it is application-dependent and incurs less than 5% for some applications.\u0000","PeriodicalId":29764,"journal":{"name":"ACM Transactions on Internet of Things","volume":null,"pages":null},"PeriodicalIF":3.5,"publicationDate":"2024-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141660247","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present CoSense, a system that enables coexistence of networking and sensing on next-generation millimeter-wave (mmWave) picocells for traffic monitoring and pedestrian safety at intersections in all weather conditions. Although existing wireless signal-based object detection systems are available, they suffer from limited resolution, and their outputs may not provide sufficient discriminatory information in complex scenes, such as traffic intersections. CoSense proposes using 5G picocells, which operate at mmWave frequency bands and provide higher data rates and higher sensing resolution than traditional wireless technology. However, it is difficult to run sensing applications and data transfer simultaneously on mmWave devices due to potential interference, and using special-purpose sensing hardware can prohibit deployment of sensing applications to a large number of existing and future inexpensive mmWave devices. Additionally, mmWave devices are vulnerable to weak reflectivity and specularity challenges which may result in loss of information about objects and pedestrians. To overcome these challenges, CoSense design customized deep learning models that not only can recover missing information about the target scene but also enable coexistence of networking and sensing. We evaluate CoSense on diverse data samples captured at traffic intersections and demonstrate that it can detect and locate pedestrians and vehicles, both qualitatively and quantitatively, without significantly affecting the networking throughput.
{"title":"CoSense: Deep Learning Augmented Sensing for Coexistence with Networking in Millimeter-Wave Picocells","authors":"Hem Regmi, Sanjib Sur","doi":"10.1145/3670415","DOIUrl":"https://doi.org/10.1145/3670415","url":null,"abstract":"We present CoSense, a system that enables coexistence of networking and sensing on next-generation millimeter-wave (mmWave) picocells for traffic monitoring and pedestrian safety at intersections in all weather conditions. Although existing wireless signal-based object detection systems are available, they suffer from limited resolution, and their outputs may not provide sufficient discriminatory information in complex scenes, such as traffic intersections. CoSense proposes using 5G picocells, which operate at mmWave frequency bands and provide higher data rates and higher sensing resolution than traditional wireless technology. However, it is difficult to run sensing applications and data transfer simultaneously on mmWave devices due to potential interference, and using special-purpose sensing hardware can prohibit deployment of sensing applications to a large number of existing and future inexpensive mmWave devices. Additionally, mmWave devices are vulnerable to weak reflectivity and specularity challenges which may result in loss of information about objects and pedestrians. To overcome these challenges, CoSense design customized deep learning models that not only can recover missing information about the target scene but also enable coexistence of networking and sensing. We evaluate CoSense on diverse data samples captured at traffic intersections and demonstrate that it can detect and locate pedestrians and vehicles, both qualitatively and quantitatively, without significantly affecting the networking throughput.","PeriodicalId":29764,"journal":{"name":"ACM Transactions on Internet of Things","volume":null,"pages":null},"PeriodicalIF":2.7,"publicationDate":"2024-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141385000","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Hakan Kayan, Ryan Heartfield, Omer F. Rana, Pete Burnap, Charith Perera
Industrial cyber-physical systems (ICPS) are widely employed in supervising and controlling critical infrastructures (CIs), with manufacturing systems that incorporate industrial robotic arms being a prominent example. The increasing adoption of ubiquitous computing technologies in these systems has led to benefits such as real-time monitoring, reduced maintenance costs, and high interconnectivity. This adoption has also brought cybersecurity vulnerabilities exploited by adversaries disrupting manufacturing processes via manipulating actuator behaviors. Previous incidents in the industrial cyber domain prove that adversaries launch sophisticated attacks rendering network-based anomaly detection mechanisms insufficient as the ”physics” involved in the process is overlooked. To address this issue, we propose an IoT-based cyber-physical anomaly detection system that can detect motion-based behavioral changes in an industrial robotic arm. We apply both statistical and state-of-the-art machine learning (ML) methods to real-time Inertial Measurement Unit (IMU) data collected from an edge development board attached to an arm doing a pick-and-place operation. To generate anomalies, we modify the joint velocity of the arm. Our goal is to create an air-gapped secondary protection layer to detect ”physical” anomalies without depending on the integrity of network data, thus augmenting overall anomaly detection capability. Our empirical results show that the proposed system, which utilizes 1D-CNNs, can successfully detect motion-based anomalies on a real-world industrial robotic arm. The significance of our work lies in its contribution to developing a comprehensive solution for ICPS security, which goes beyond conventional network-based methods.
{"title":"CASPER: Context-Aware IoT Anomaly Detection System for Industrial Robotic Arms","authors":"Hakan Kayan, Ryan Heartfield, Omer F. Rana, Pete Burnap, Charith Perera","doi":"10.1145/3670414","DOIUrl":"https://doi.org/10.1145/3670414","url":null,"abstract":"Industrial cyber-physical systems (ICPS) are widely employed in supervising and controlling critical infrastructures (CIs), with manufacturing systems that incorporate industrial robotic arms being a prominent example. The increasing adoption of ubiquitous computing technologies in these systems has led to benefits such as real-time monitoring, reduced maintenance costs, and high interconnectivity. This adoption has also brought cybersecurity vulnerabilities exploited by adversaries disrupting manufacturing processes via manipulating actuator behaviors. Previous incidents in the industrial cyber domain prove that adversaries launch sophisticated attacks rendering network-based anomaly detection mechanisms insufficient as the ”physics” involved in the process is overlooked. To address this issue, we propose an IoT-based cyber-physical anomaly detection system that can detect motion-based behavioral changes in an industrial robotic arm. We apply both statistical and state-of-the-art machine learning (ML) methods to real-time Inertial Measurement Unit (IMU) data collected from an edge development board attached to an arm doing a pick-and-place operation. To generate anomalies, we modify the joint velocity of the arm. Our goal is to create an air-gapped secondary protection layer to detect ”physical” anomalies without depending on the integrity of network data, thus augmenting overall anomaly detection capability. Our empirical results show that the proposed system, which utilizes 1D-CNNs, can successfully detect motion-based anomalies on a real-world industrial robotic arm. The significance of our work lies in its contribution to developing a comprehensive solution for ICPS security, which goes beyond conventional network-based methods.","PeriodicalId":29764,"journal":{"name":"ACM Transactions on Internet of Things","volume":null,"pages":null},"PeriodicalIF":2.7,"publicationDate":"2024-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141279009","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the enormous growth in mobile data traffic over the 5G environment, Adaptive BitRate (ABR) video streaming has become a challenging problem. Recent advances in Mobile Edge Computing (MEC) technology make it feasible to use Base Stations (BSs) intelligently by network caching, popularity-based video streaming, etc. Additional computing resources on the edge node offer an opportunity to reduce network traffic on the backhaul links during peak traffic hours. More recently, it has been found in the literature that collaborative caching strategies between neighbouring BSs (i.e., MEC servers) make it more efficient to reduce backhaul traffic and network congestion and thus improve the viewer experience substantially. In this work, we propose a Reinforcement Learning (RL) based collaborative caching mechanism where the edge servers cooperate to serve the requested content from the end-users. Specifically, this research aims to improve the overall cache hit rate at the MEC, where the edge servers are clustered based on their geographic locations. The said task is modelled as a multi-objective optimization problem and solved using an RL framework. In addition, a novel cache admission and eviction policy is defined by calculating the priority score of video segments in the clustered MEC mesh network.
{"title":"Collaborative Video Caching in the Edge Network using Deep Reinforcement Learning","authors":"Anirban Lekharu, Pranav Gupta, Arijit Sur, Moumita Patra","doi":"10.1145/3664613","DOIUrl":"https://doi.org/10.1145/3664613","url":null,"abstract":"With the enormous growth in mobile data traffic over the 5G environment, Adaptive BitRate (ABR) video streaming has become a challenging problem. Recent advances in Mobile Edge Computing (MEC) technology make it feasible to use Base Stations (BSs) intelligently by network caching, popularity-based video streaming, etc. Additional computing resources on the edge node offer an opportunity to reduce network traffic on the backhaul links during peak traffic hours. More recently, it has been found in the literature that collaborative caching strategies between neighbouring BSs (i.e., MEC servers) make it more efficient to reduce backhaul traffic and network congestion and thus improve the viewer experience substantially. In this work, we propose a Reinforcement Learning (RL) based collaborative caching mechanism where the edge servers cooperate to serve the requested content from the end-users. Specifically, this research aims to improve the overall cache hit rate at the MEC, where the edge servers are clustered based on their geographic locations. The said task is modelled as a multi-objective optimization problem and solved using an RL framework. In addition, a novel cache admission and eviction policy is defined by calculating the priority score of video segments in the clustered MEC mesh network.","PeriodicalId":29764,"journal":{"name":"ACM Transactions on Internet of Things","volume":null,"pages":null},"PeriodicalIF":2.7,"publicationDate":"2024-05-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140989895","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
IoT cyber threats, exemplified by jackware and crypto mining, underscore the vulnerability of IoT devices. Due to the multi-step nature of many attacks, early detection is vital for a swift response and preventing malware propagation. However, accurately detecting early-stage attacks is challenging, as attackers employ stealthy, zero-day, or adversarial machine learning to evade detection. To enhance security, we propose ARIoTEDef, an A dversarially R obust IoT E arly Def ense system, which identifies early-stage infections and evolves autonomously. It models multi-stage attacks based on a cyber kill chain and maintains stage-specific detectors. When anomalies in the later action stage emerge, the system retroactively analyzes event logs using an attention-based Seq2Seq model to identify early infections. Then, the infection detector is updated with information about the identified infections. We have evaluated ARIoTEDef against multi-stage attacks, such as the Mirai botnet. Results show that the infection detector’s average F1 score increases from 0.31 to 0.87 after one evolution round. We have also conducted an extensive analysis of ARIoTEDef against adversarial evasion attacks. Our results show that ARIoTEDef is robust and benefits from multiple rounds of evolution.
{"title":"ARIoTEDef: Adversarially Robust IoT Early Defense System Based on Self-Evolution against Multi-step Attacks","authors":"Mengdie Huang, Hyunwoo Lee, Ashish Kundu, Xiaofeng Chen, Anand Mudgerikar, Ninghui Li, Elisa Bertino","doi":"10.1145/3660646","DOIUrl":"https://doi.org/10.1145/3660646","url":null,"abstract":"\u0000 IoT cyber threats, exemplified by jackware and crypto mining, underscore the vulnerability of IoT devices. Due to the multi-step nature of many attacks, early detection is vital for a swift response and preventing malware propagation. However, accurately detecting early-stage attacks is challenging, as attackers employ stealthy, zero-day, or adversarial machine learning to evade detection. To enhance security, we propose ARIoTEDef, an\u0000 A\u0000 dversarially\u0000 R\u0000 obust\u0000 IoT\u0000 E\u0000 arly\u0000 Def\u0000 ense system, which identifies early-stage infections and evolves autonomously. It models multi-stage attacks based on a cyber kill chain and maintains stage-specific detectors. When anomalies in the later action stage emerge, the system retroactively analyzes event logs using an attention-based Seq2Seq model to identify early infections. Then, the infection detector is updated with information about the identified infections. We have evaluated ARIoTEDef against multi-stage attacks, such as the Mirai botnet. Results show that the infection detector’s average F1 score increases from 0.31 to 0.87 after one evolution round. We have also conducted an extensive analysis of ARIoTEDef against adversarial evasion attacks. Our results show that ARIoTEDef is robust and benefits from multiple rounds of evolution.\u0000","PeriodicalId":29764,"journal":{"name":"ACM Transactions on Internet of Things","volume":null,"pages":null},"PeriodicalIF":2.7,"publicationDate":"2024-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140679634","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Low-cost sensors have enabled a wide array of data-driven applications and insights. As a result, encountering spaces with pervasive sensing has become all but unavoidable. This creates a fundamental tension: the success of smart environments will become increasingly dependent on equity of access to data-driven insights and consideration of the privacy expectations of sensed individuals. These concerns highlight the need to bring equity to all stakeholders of smart environments, which in turn would preserve public trust in these smart spaces. In this work, we explored several approaches to identity-obscuring visual representations through a progressive series of experiments. We designed and validated a series of visual representations through stakeholder interactions and tested the ability of these visual representations to limit identification via a crowdsourced study. An evaluation across three months of data gathered within our organization also showed that the identity-obscured data could still be leveraged to accurately count group size. Our contributions lay the groundwork for sensing frameworks that bring utility to all stakeholders of shared spaces while being cognizant of their diverse privacy expectations.
{"title":"Getting it just right: towards balanced utility, privacy, and equity in shared space sensing","authors":"Andrew Xu, Jacob Biehl, Adam Lee","doi":"10.1145/3648479","DOIUrl":"https://doi.org/10.1145/3648479","url":null,"abstract":"Low-cost sensors have enabled a wide array of data-driven applications and insights. As a result, encountering spaces with pervasive sensing has become all but unavoidable. This creates a fundamental tension: the success of smart environments will become increasingly dependent on equity of access to data-driven insights and consideration of the privacy expectations of sensed individuals. These concerns highlight the need to bring equity to all stakeholders of smart environments, which in turn would preserve public trust in these smart spaces. In this work, we explored several approaches to identity-obscuring visual representations through a progressive series of experiments. We designed and validated a series of visual representations through stakeholder interactions and tested the ability of these visual representations to limit identification via a crowdsourced study. An evaluation across three months of data gathered within our organization also showed that the identity-obscured data could still be leveraged to accurately count group size. Our contributions lay the groundwork for sensing frameworks that bring utility to all stakeholders of shared spaces while being cognizant of their diverse privacy expectations.","PeriodicalId":29764,"journal":{"name":"ACM Transactions on Internet of Things","volume":null,"pages":null},"PeriodicalIF":2.7,"publicationDate":"2024-02-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140409482","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Shakthi Weerasinghe, A. Zaslavsky, S. W. Loke, A. Medvedev, A. Abken, Alireza Hassani, Guang-Li Huang
Real-time applications increasingly rely on context information to provide relevant and dependable features. Context queries require large-scale retrieval, inferencing, aggregation, and delivery of context using only limited computing resources, especially in a distributed environment. If this is slow, inconsistent, and too expensive to access context information, the dependability and relevancy of real-time applications may fail to exist. This paper argues, transiency of context (i.e., the limited validity period), variations in the features of context query loads (e.g., the request rate, different Quality of Service (QoS), and Quality of Context (QoC) requirements), and lack of prior knowledge about context to make near real-time adaptations as fundamental challenges that need to be addressed to overcome these shortcomings. Hence, we propose a performance metric driven reinforcement learning based adaptive context caching approach aiming to maximize both cost- and performance-efficiency for middleware-based Context Management Systems (CMSs). Although context-aware caching has been thoroughly investigated in the literature, our approach is novel because existing techniques are not fully applicable to caching context due to (i) the underlying fundamental challenges and (ii) not addressing the limitations hindering dependability and consistency of context. Unlike previously tested modes of CMS operations and traditional data caching techniques, our approach can provide real-time pervasive applications with lower cost, faster, and fresher high quality context information. Compared to existing context-aware data caching algorithms, our technique is bespoken for caching context information, which is different from traditional data. We also show that our full-cycle context lifecycle-based approach can maximize both cost- and performance-efficiency while maintaining adequate QoC solely based on real-time performance metrics and our heuristic techniques without depending on any previous knowledge about the context, variations in query features, or quality demands, unlike any previous work. We demonstrate using a real world inspired scenario and a prototype middleware based CMS integrated with our adaptive context caching approach that we have implemented, how realtime applications that are 85% faster can be more relevant and dependable to users, while costing 60.22% less than using existing techniques to access context information. Our model is also at least twice as fast and more flexible to adapt compared to existing benchmarks even under uncertainty and lack of prior knowledge about context, transiency, and variable context query loads.
{"title":"Reinforcement Learning Based Approaches to Adaptive Context Caching in Distributed Context Management Systems","authors":"Shakthi Weerasinghe, A. Zaslavsky, S. W. Loke, A. Medvedev, A. Abken, Alireza Hassani, Guang-Li Huang","doi":"10.1145/3648571","DOIUrl":"https://doi.org/10.1145/3648571","url":null,"abstract":"Real-time applications increasingly rely on context information to provide relevant and dependable features. Context queries require large-scale retrieval, inferencing, aggregation, and delivery of context using only limited computing resources, especially in a distributed environment. If this is slow, inconsistent, and too expensive to access context information, the dependability and relevancy of real-time applications may fail to exist. This paper argues, transiency of context (i.e., the limited validity period), variations in the features of context query loads (e.g., the request rate, different Quality of Service (QoS), and Quality of Context (QoC) requirements), and lack of prior knowledge about context to make near real-time adaptations as fundamental challenges that need to be addressed to overcome these shortcomings. Hence, we propose a performance metric driven reinforcement learning based adaptive context caching approach aiming to maximize both cost- and performance-efficiency for middleware-based Context Management Systems (CMSs). Although context-aware caching has been thoroughly investigated in the literature, our approach is novel because existing techniques are not fully applicable to caching context due to (i) the underlying fundamental challenges and (ii) not addressing the limitations hindering dependability and consistency of context. Unlike previously tested modes of CMS operations and traditional data caching techniques, our approach can provide real-time pervasive applications with lower cost, faster, and fresher high quality context information. Compared to existing context-aware data caching algorithms, our technique is bespoken for caching context information, which is different from traditional data. We also show that our full-cycle context lifecycle-based approach can maximize both cost- and performance-efficiency while maintaining adequate QoC solely based on real-time performance metrics and our heuristic techniques without depending on any previous knowledge about the context, variations in query features, or quality demands, unlike any previous work. We demonstrate using a real world inspired scenario and a prototype middleware based CMS integrated with our adaptive context caching approach that we have implemented, how realtime applications that are 85% faster can be more relevant and dependable to users, while costing 60.22% less than using existing techniques to access context information. Our model is also at least twice as fast and more flexible to adapt compared to existing benchmarks even under uncertainty and lack of prior knowledge about context, transiency, and variable context query loads.","PeriodicalId":29764,"journal":{"name":"ACM Transactions on Internet of Things","volume":null,"pages":null},"PeriodicalIF":2.7,"publicationDate":"2024-02-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140454663","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Nada Alhirabi, Stephanie Beaumont, Omer F. Rana, Charith Perera
Internet of Things (IoT) applications (apps) are challenging to design because of the heterogeneous systems on which they are deployed. IoT devices and apps may collect and analyse sensitive personal data, which is often protected by data privacy laws, some within highly regulated domains such as healthcare. Privacy-by-design (PbD) schemes can be used by developers to consider data privacy at the design stage. However, software developers are not widely adopting these approaches due to difficulties in understanding and interpreting them. There are currently a limited number of tools available for developers to use in this context. We believe that a successful privacy-by-design tool should be able to (i) assist developers in addressing privacy requirements in less regulated domains, as well as (ii) help them learn about privacy as they use the tool. The findings of two controlled lab studies are presented, involving 42 developers. We discuss how such a PbD tool can help novice IoT developers comply with privacy laws (such as GDPR) and follow privacy guidelines (such as privacy patterns). Based on our findings, such tools can help raise awareness of data privacy requirements at design. This increases the likelihood that subsequent designs will be more aware of data privacy requirements.
{"title":"Designing Privacy-Aware IoT Applications for Unregulated Domains","authors":"Nada Alhirabi, Stephanie Beaumont, Omer F. Rana, Charith Perera","doi":"10.1145/3648480","DOIUrl":"https://doi.org/10.1145/3648480","url":null,"abstract":"Internet of Things (IoT) applications (apps) are challenging to design because of the heterogeneous systems on which they are deployed. IoT devices and apps may collect and analyse sensitive personal data, which is often protected by data privacy laws, some within highly regulated domains such as healthcare. Privacy-by-design (PbD) schemes can be used by developers to consider data privacy at the design stage. However, software developers are not widely adopting these approaches due to difficulties in understanding and interpreting them. There are currently a limited number of tools available for developers to use in this context. We believe that a successful privacy-by-design tool should be able to (i) assist developers in addressing privacy requirements in less regulated domains, as well as (ii) help them learn about privacy as they use the tool. The findings of two controlled lab studies are presented, involving 42 developers. We discuss how such a PbD tool can help novice IoT developers comply with privacy laws (such as GDPR) and follow privacy guidelines (such as privacy patterns). Based on our findings, such tools can help raise awareness of data privacy requirements at design. This increases the likelihood that subsequent designs will be more aware of data privacy requirements.","PeriodicalId":29764,"journal":{"name":"ACM Transactions on Internet of Things","volume":null,"pages":null},"PeriodicalIF":2.7,"publicationDate":"2024-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139834365","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Nada Alhirabi, Stephanie Beaumont, Omer F. Rana, Charith Perera
Internet of Things (IoT) applications (apps) are challenging to design because of the heterogeneous systems on which they are deployed. IoT devices and apps may collect and analyse sensitive personal data, which is often protected by data privacy laws, some within highly regulated domains such as healthcare. Privacy-by-design (PbD) schemes can be used by developers to consider data privacy at the design stage. However, software developers are not widely adopting these approaches due to difficulties in understanding and interpreting them. There are currently a limited number of tools available for developers to use in this context. We believe that a successful privacy-by-design tool should be able to (i) assist developers in addressing privacy requirements in less regulated domains, as well as (ii) help them learn about privacy as they use the tool. The findings of two controlled lab studies are presented, involving 42 developers. We discuss how such a PbD tool can help novice IoT developers comply with privacy laws (such as GDPR) and follow privacy guidelines (such as privacy patterns). Based on our findings, such tools can help raise awareness of data privacy requirements at design. This increases the likelihood that subsequent designs will be more aware of data privacy requirements.
{"title":"Designing Privacy-Aware IoT Applications for Unregulated Domains","authors":"Nada Alhirabi, Stephanie Beaumont, Omer F. Rana, Charith Perera","doi":"10.1145/3648480","DOIUrl":"https://doi.org/10.1145/3648480","url":null,"abstract":"Internet of Things (IoT) applications (apps) are challenging to design because of the heterogeneous systems on which they are deployed. IoT devices and apps may collect and analyse sensitive personal data, which is often protected by data privacy laws, some within highly regulated domains such as healthcare. Privacy-by-design (PbD) schemes can be used by developers to consider data privacy at the design stage. However, software developers are not widely adopting these approaches due to difficulties in understanding and interpreting them. There are currently a limited number of tools available for developers to use in this context. We believe that a successful privacy-by-design tool should be able to (i) assist developers in addressing privacy requirements in less regulated domains, as well as (ii) help them learn about privacy as they use the tool. The findings of two controlled lab studies are presented, involving 42 developers. We discuss how such a PbD tool can help novice IoT developers comply with privacy laws (such as GDPR) and follow privacy guidelines (such as privacy patterns). Based on our findings, such tools can help raise awareness of data privacy requirements at design. This increases the likelihood that subsequent designs will be more aware of data privacy requirements.","PeriodicalId":29764,"journal":{"name":"ACM Transactions on Internet of Things","volume":null,"pages":null},"PeriodicalIF":2.7,"publicationDate":"2024-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139774664","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Recognizing if two objects are in close physical contact (CPC) is the basis of various Internet-of-Things services such as vehicle proximity alert and radiation exposure reduction. This is achieved traditionally through tailor-made proximity sensors that proactively transmit wireless signals and analyze the reflection from an object. Despite its feasibility, the past few years have witnessed the prosperity of reactive CPC detection techniques that do not need spontaneous signal transmission and merely exploit received wireless signals from a target. Unlike existing approaches entailing additional effort of multiple antennas, dedicated signal emitters, human intervention, or a back-end server, this paper presents TONARI, an effortless CPC detection framework that performs in a reactive manner. TONARI is developed for the first time with LoRa, the representative of unlicensed low-power wide area network (LPWAN) technologies, as the wireless signal for CPC detection. At the heart of TONARI lies a novel feature arbitrator that decides whether two devices are in CPC or not by distinguishing different types of LoRa chirp-based additive sample magnitude sequences. Software-defined radio-based experiments are conducted to show that the achievable CPC detection accuracy via TONARI can reach 100% in most practical cases.
{"title":"TONARI: Reactive Detection of Close Physical Contact using Unlicensed LPWAN Signals","authors":"Chenglong Shao, Osamu Muta","doi":"10.1145/3648572","DOIUrl":"https://doi.org/10.1145/3648572","url":null,"abstract":"Recognizing if two objects are in close physical contact (CPC) is the basis of various Internet-of-Things services such as vehicle proximity alert and radiation exposure reduction. This is achieved traditionally through tailor-made proximity sensors that proactively transmit wireless signals and analyze the reflection from an object. Despite its feasibility, the past few years have witnessed the prosperity of reactive CPC detection techniques that do not need spontaneous signal transmission and merely exploit received wireless signals from a target. Unlike existing approaches entailing additional effort of multiple antennas, dedicated signal emitters, human intervention, or a back-end server, this paper presents TONARI, an effortless CPC detection framework that performs in a reactive manner. TONARI is developed for the first time with LoRa, the representative of unlicensed low-power wide area network (LPWAN) technologies, as the wireless signal for CPC detection. At the heart of TONARI lies a novel feature arbitrator that decides whether two devices are in CPC or not by distinguishing different types of LoRa chirp-based additive sample magnitude sequences. Software-defined radio-based experiments are conducted to show that the achievable CPC detection accuracy via TONARI can reach 100% in most practical cases.","PeriodicalId":29764,"journal":{"name":"ACM Transactions on Internet of Things","volume":null,"pages":null},"PeriodicalIF":2.7,"publicationDate":"2024-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139776404","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}