Advertisement

Analysis of Human Awareness of Security and Privacy Threats in Smart Environments

  • Luca Caviglione
  • Jean-François Lalande
  • Wojciech Mazurczyk
  • Steffen WendzelEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9190)

Abstract

Smart environments integrate Information and Communication Technologies (ICT) into devices, vehicles, buildings and cities to offer an increased quality of life, energy efficiency and economical sustainability. In this perspective, the individual has a core role and so has networking, which enables such entities to cooperate. However, the huge amount of sensitive data, social aspects and the mixed set of protocols offer many opportunities to inject hazards, exfiltrate information, mass profiling of citizens, or produce a new wave of attacks. This work reviews the major risks arising from the usage of ICT-techniques for smart environments, with emphasis on networking. Its main contribution is to explain the role of different stakeholders for causing a lack of security and to envision future threats by considering human aspects.

Keywords

Privacy Security Steganography Smart buildings Human aspects 

References

  1. 1.
    Al-kahtani, M.: Survey on security attacks in vehicular ad hoc networks (VANETs). In: 2012 6th International Conference on Signal Processing and Communication Systems (ICSPCS), pp. 1–9, December 2012Google Scholar
  2. 2.
    Arfaoui, G., Gharout, S., Traoré, J.: Trusted execution environments: a look under the hood. In: The International Workshop on Trusted Platforms for Mobile and Cloud Computing, pp. 259–266. IEEE Computer Society, Oxford, April 2014Google Scholar
  3. 3.
    Bronkhorst, A., Post, W., te Brake, G.: From human factors to HSI and beyond: design of operations centers and control rooms. In: 9th Future Security - Security Research Conference, pp. 140–146. MEV Verlag, September 2014Google Scholar
  4. 4.
    Caviglione, L., Coccoli, M.: Privacy problems with web 2.0. Comput. Fraud Secur. 2011(10), 16–19 (2011)CrossRefGoogle Scholar
  5. 5.
    Caviglione, L., Mazurczyk, W.: Understanding information hiding in iOS. IEEE Comput. Mag. 48(1), 62–65 (2015)CrossRefGoogle Scholar
  6. 6.
    Checkoway, S., McCoy, D., Kantor, B., et al.: Comprehensive experimental analyses of automotive attack surfaces. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, pp. 6. USENIX Association, Berkeley (2011)Google Scholar
  7. 7.
    Engoulou, R.G., Bellache, M., Pierre, S., Quintero, A.: VANET security surveys. Comput. Commun. 44, 1–13 (2014)CrossRefGoogle Scholar
  8. 8.
    Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, p. 3. ACM Press, New York, October 2011Google Scholar
  9. 9.
    Franke, U., Brynielsson, J.: Cyber situational awareness - a systematic review of the literature. Comput. Sec. 46, 18–31 (2014)CrossRefGoogle Scholar
  10. 10.
    Gambs, S., Killijian, M.O., Nunez del Prado Cortez, M.: De-anonymization attack on geolocated data. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 789–797 (2013)Google Scholar
  11. 11.
    Granzer, W., Kastner, W., Neugschwandtner, G., Praus, F.: Security in networked building automation systems. In: 2006 IEEE International Workshop on Factory Communication Systems, pp. 283–292 (2006)Google Scholar
  12. 12.
    Granzer, W., Praus, F., Kastner, W.: Security in building automation systems. IEEE Trans. Indus. Electron. 57(11), 3622–3630 (2010)CrossRefGoogle Scholar
  13. 13.
    Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy (S&P), pp. 447–462, May 2010Google Scholar
  14. 14.
    Lipiński, B., Mazurczyk, W., Szczypiorski, K., Śmietanka, P.: Towards effective security framework for vehicular ad-hoc networks. In: Proceedings of 5th International Conference on Networking and Information Technology (ICNIT 2014) (2014)Google Scholar
  15. 15.
    Lowe, M.: Defending against cyber-criminals targeting business websites. Netw. Sec. 2014(8), 11–13 (2014)CrossRefGoogle Scholar
  16. 16.
    Chen, L., Hongbo Tang, J.W.: Analysis of VANET security based on routing protocol information. In: Proceedings 4th International Conference Intelligent Control and Information Processing (2013)Google Scholar
  17. 17.
    Martin, T., Hsiao, M., Ha, D.S., Krishnaswami, J.: Denial-of-service attacks on battery-powered mobile computers. In: Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications, PerCom 2004, pp. 309–318. IEEE (2004)Google Scholar
  18. 18.
    Mazurczyk, W., Caviglione, L.: Steganography in modern smartphones and mitigation techniques. IEEE Commun. Surv. Tutor. PP(99), 1 (2014)Google Scholar
  19. 19.
    Moore, H.: Security flaws in universal plug and play. Technical report, January, Rapid7 (2013). https://community.rapid7.com/docs/DOC-2150
  20. 20.
    Mundt, T., Kruger, F., Wollenberg, T.: Who refuses to wash hands? privacy issues in modern house installation networks. In: Proceedings 7th International Conference Broadband, Wireless Computing, Communication and Applications, pp. 271–277, November 2012Google Scholar
  21. 21.
    Nöldgen, M., Bach, A., Heinz, T.: Integration of resilience engineering in the trans-disciplinary building design process. In: Proceedings 9th Future Security - Security Research Conference, pp. 125–132. MEV Verlag, September 2014Google Scholar
  22. 22.
    Rastogi, V., Chen, Y., Jiang, X.: Evaluating android anti-malware against transformation attacks. In: 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 329–334. ACM Press, Hangzhou (2013)Google Scholar
  23. 23.
    Snoonian, D.: Smart buildings. IEEE Spectr. 40(8), 18–23 (2003)CrossRefGoogle Scholar
  24. 24.
    Biswas, S., Jelena Misic, V.M.: Performance analysis of black hole attack in vanet. In: Proceedings of 31st Interenational Conference Distributed Computing Systems (2011)Google Scholar
  25. 25.
    Szlósarczyk, S., Wendzel, S., Meier, M., Schubet, F., Kaur, J.: Towards suppressing attacks on and improving resilience of building automation systems - an approach exemplified using BACnet. In: Proceedings Sicherheit 2014, GI, pp. 407–418 (2014)Google Scholar
  26. 26.
    Wendzel, S., Kahler, B., Rist, T.: Covert channels and their prevention in building automation protocols - a prototype exemplified using BACnet. In: Proceedings 2nd Workshop on Security of Systems and Software Resiliency, pp. 731–736. IEEE (2012)Google Scholar
  27. 27.
    Wendzel, S., Zwanger, V., Meier, M., Szlósarczyk, S.: Envisioning smart building botnets. In: Proceedings Sicherheit 2014, LNI, GI, March 2014, vol. 228, pp. 319–329 (2014)Google Scholar
  28. 28.
    Wendzel, S., Mazurczyk, W., Caviglione, L., Meier, M.: Hidden and uncontrolled-on the emergence of network steganographic threats. In: Reimer, H., Pohlmann, N., Schneider, W. (eds.) ISSE 2014 Securing Electronic Business Processes, pp. 123–133. Springer, Wiesbaden (2014)Google Scholar
  29. 29.
    Zeadally, S., Hunt, R., Chen, Y.S., Irwin, A., Hassan, A.: Vehicular ad hoc networks (VANETS): status, results, and challenges. Telecommun. Syst. 50(4), 217–241 (2012)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Luca Caviglione
    • 1
  • Jean-François Lalande
    • 2
    • 3
  • Wojciech Mazurczyk
    • 4
  • Steffen Wendzel
    • 5
    Email author
  1. 1.Institute of Intelligent Systems for Automation (ISSIA)National Research Council of Italy (CNR)GenovaItaly
  2. 2.Inria, University Rennes 1, Supélec, CNRSRennesFrance
  3. 3.INSA Centre Val de LoireUniversity OrléansBourgesFrance
  4. 4.Institute of TelecommunicationsWarsaw University of TechnologyWarsawPoland
  5. 5.Fraunhofer Institute for CommunicationInformation Processing and Ergonomics (FKIE)BonnGermany

Personalised recommendations