The Internet of Things (IoT) has great potential for helping people in many aspects of their lives, however; it also has great potential to cause serious security and privacy issues. In this project we look at awareness around IoT, how people currently think about IoT devices, how to help them become better informed, and how to provide a better sense of control over the seemingly uncontrollable amount of data produced.
One of the first problems is understanding how IoT devices interact with the world around them, both in terms of how they communicate with the people who own them and how they interact with other computers both inside and outside their local networks. In an initial exploration of this space we investigated the unboxing of IoT devices and how to best capture all these aspects during a controlled unboxing of a new device [1]. Capturing all communications is actually surprisingly complex and requires recording from multiple angles including packet capture from several points, video capture of the human-visible components of the device, and capture of various aspects of the associated app, if any.
We have also started exploration of different ways to help people understand the types of network connections being formed between IoT devices and the Internet. As part of a series of student projects we put OpenVAS on a router and performed pcap capture of IoT devices. We are now exploring different ways to present the captured information to end users.
Nurul Syakirah Binti Ahmad Ghazali
Supervisor: Kami Vaniea
Smart Personal Assistants such as Amazon Echo and Google Home have become prevalent in our daily lives but people still lack the digital literacy and the rights to properly control the information these devices collect and share. One part of the problem is that privacy notices are designed to be read in a written form, but these devices are designed to be interacted with via audio in a queston and answer format. The aim of this project is to explore ways to enable people to interact with the privacy policies of smart personal assitants through their own audio channel. In other words, how do we get Alexa to talk to people about privacy?
Anna Aloshine
Supervisors: Kami Vaniea, Nicole Meng
Assist the general public in understanding how IoT devices communicate within the home by using visualizations; particularly how they interact with other devices such as phones, routers and hubs like Alexa. The project collected packets from a real IoT device and then used the real packet flows to generate a set of scenarios and visualizations that walk a user through what the device is doing.
Luqi Li
Supervisor: Kami Vaniea
IoT network traffic can be challenging for people to understand easily or even learn about. In this project we created a website that allows users to upload a network traffic trace file and then view elements of the file using a more user-friendly chat-themed visualization. The website also featured user training and explainations around common network protocols like TCP.
Nicole Meng
Supervisors: Kami Vaniea, Bettina Nissen
Smart speakers increasingly adopted into our everyday life. Sometimes, they are also placed in shared spaces and automatically turn every person in the room into a user (visitor) even if they do not regularly interact with it. Previous work primarily focuses on smart speaker adoption and owners, but does not consider the implications of smart speakers on visitors. Our research aims to determine differences between owners and visitors in mental and threat models, privacy perceptions, protection strategies, factors of discomfort. Also, we want to identify which areas of smart speakers need to be addressed to improve smart speaker interactions for both owners and visitors.
Nicholas Lynch
Supervisor: Kami Vaniea
Interactive demo that allows users to visualize their web traffic live. Users connect their personal mobile device to a special Wifi node and see their traffic displayed on a large demo screen. The goal of the project is to facilitate conversations around privacy, security, networking, and what computer scientists do.
Willy Halim Dinata
Supervisor: Kami Vaniea
This project explored a new way to bring security awareness of Distributed Denial of Service (DDoS) attacks to the masses. The project consisted of a physical-visual aid showing participants a set of simulated Internet of Things (IoT) devices. Participants could interact with the IoT devices through a Facebook chat bot and use them to attack the video server in the center of the board. When all four IoT devices attack at once the video slows to a crawl.
Kaloyan Popstoyanov
Supervisor: Kami Vaniea
Developed a systematic process for unboxing IoT devices such that all possible data is captured. I then unboxed 14 devices recording the process from multiple angles, including video of the interactions and packets from both the phone and the IoT device itself.
Constantinos Chrysostomou
Supervisor: Kami Vaniea
The Internet of Things (IoT) can make it seem like we have lost control over where our data goes. In this project we took IoT traffic passing across a home network router and visualized where in the world the traffic was going in a live display. The system used D3 for the visualization and a system created by Nikolaos Tsirigotakis to do the packet capture.
Nikolaos Tsirigotakis
Supervisor: Kami Vaniea
Internet of Things (IoT) is characterized by rapid expansion on top of several different standards, protocols, and technologies, making security evaluation on a per-devices scale prohibitively time consuming. This project focused on building a router-based platform to change all that by allowing the automation of security checks.