Security and privacy in IoT—New post-doc at IOTAP

Ahmed Elmesiry recently started his post-doc at IOTAP and he will focus on privacy and security within Internet of Things applications, such as smart homes.

Ahmed, what is your research interest?

My research interests lie at the intersection of three main areas: machine learning, applied cryptography, and distributed systems. My work has broadly combined principles of the design, analysis, and implementation of security and privacy for real-world systems and future services. Over the past years, my interests have evolved to include topics in intrusion detection systems, secure e-payment systems, secure mobile agent systems, pervasive computing, and privacy enhancing technologies in a wide range of fields.

My approach in conducting research in these areas considers using and advancing well-established theories to fit the problems at hand, and applying them to system-driven needs. Furthermore, I built privacy primitives that consider application-specific requirements – such as collaborative privacy, stochastic block ciphering based on clustering, and two-stage concealment process – as main design principles, thus reducing constraints and complexities to achieve better functionality. I have broad experience in developing and implementing national and international projects, including FP7, R&D, and commercialization projects.

Why is this research important?

The advent of the Internet of Things (IoT) industry ecosystem created new opportunities for enterprises in current and new markets. The pioneers of IoT managed to create intelligent applications, products, and services in a societal context. These innovative applications and products allow people to deal with their environment in an optimal and flexible manner. It is envisioned that IoT will be able to penetrate all aspects of life including homes and urban areas.

The IoT ecosystem is not only changing the internet, but also changing how things will be connected to the internet. “Smart” things on the edge of the network are now being able to autonomously create, process, and exchange data, and also to request a service or start an action. However, turning physical, offline things into online assets will broaden their attack surface for cyber-threats.

Enterprises will have to respond by expanding the scope of their security strategy to involve these new online things. The new security strategies should be tailored to each IoT system according to the limited capabilities of the devices involved and the risks related to the networks which are used by those devices. It is expected that the spending on tools to secure IoT-based applications and services will expand over the next five years.

Generating an enormous volume of data is essential for the IoT ecosystem services, but managing this data is a daunting task. Broadly speaking, data is streaming across many boundaries with different models, policies, and purposes. Additionally, data is analyzed or stored on edge hubs or gateways which have highly limited capabilities and are vulnerable to sophisticated attacks. Security and privacy issues pose a serious challenge to the further expansion of the IoT and the user acceptance of diverse IoT-based applications and services. The existing security solutions can play a role in mitigating some of the risks but they are not enough. Consideration should be given to preserving data throughout its lifecycle. End users should be empowered with convenient tools to handle their security and privacy as they see fit; these tools should enable them to exchange their data securely, to the right place, at the right time, in the right form. This end-to-end control over the data can be considered as the key to increase public acceptance and confidence in the IoT.

Security needs to be enforced during the design phase of IoT systems – with proper validity checks, access policies, authorization, and authentication – and all data needs to be verified and encrypted. The development phase for IoT-based applications and services needs to impose the writing of stable and trustworthy code with a proper threat analysis and testing. Moreover, the whole IoT systems need to agree on a safe interoperability standard when they are to interact with each other. Without such solid structure, more threats will be created with every device added to the IoT system.

Which IOTAP projects will you be involved in?

I will primarily be involved in the iSMASH project where I will be researching innovative technologies and solutions that address the current and future privacy and security challenges in the context of the smart home. The smart home can be envisioned as an example of an IoT-based application that is characterized by a certain degree of ambient intelligence recognized by the human user. I will also be working on the CoSIS project, which focuses on embedding intelligent behavior into surveillance systems, such as cooperation and self-awareness. Within this project, I will be researching security and privacy issues in such collaborative environments. Furthermore, I will be looking for solutions to secure privacy in public and semi-public spaces.

While emerging computing technologies offer us previously unimaginable global access to data, they concurrently threaten our data privacy. Privacy, trust, and security problems still exist in a wide range of fields such as cloud computing, location based services, Internet of Things, social networks, public surveillance, RFID systems, and smart homes. However, within any emerging field, new data types, computing, and human computer interaction models are projected; privacy, trust and security issues are still and will become more important than ever before. My research aims to build the next generation of systems based on these new models for handling data, for computing, and for interaction, with formal guarantees of trust, privacy, and security, where users can understand and trust these systems. This requires theoretical principles to ensure sound security guarantees coupled with practical techniques to ensure scalability and performance.

Why did you want to come to Malmö University?

The IOTAP center is very attractive to me because of the well-established reputation of computer science at Malmö University: dedicated staff, links with industry, recognizable research around the globe, quality research facilities, and superb resources. IOTAP allows me to work on a variety of interesting research projects with outstanding researchers. Another advantage is that in each research group, there are new students and researchers who have been working for a few years. This is something I really like. You get a lot of input not only on a research level but also on a personal level. I also have the opportunity to work under the tutelage of some of the sharpest minds in computer science.

Malmö is a quite beautiful and multicultural city. The cost of living is reasonable, the climate is pleasant, the city is clean and the pace of life is not too hectic. The people are friendly and helpful, which helps anyone to feel welcome and comfortable so it is quite easy to fit in.

» Recent publication: Collaborative privacy framework for minimizing privacy risks in an IPTV social recommender service

» Recent patent: A System of Collaborative Privacy Framework for End-users’ Privacy in Social Recommender Service

Bookmark the permalink.

Comments are closed.