A Research Project Explores Security Gaps and Creates Guidelines for Secure Technology
Turning the light on and off with voice command, remote-controlling the window blinds from the office when a storm is brewing, or simply checking whether everything is fine at home while you are on vacation: So-called smart homes and the technologies behind them make life much more convenient for their users. However, they are an open door for IT attacks as well. A research project of the Danube University Krems and the St. Pölten UAS explores ways to make these information systems more resilient.
The Internet of Things
The Internet of Things (IoT) offers a multitude of new services. The technology can be dynamically adapted to its environment, take automated decisions and raise situation awareness. In private households, so-called home automation systems are used primarily to save energy and increase comfort and safety.
“IoT-based home automation systems are one of the most prominent fields of digitalisation and directly affect the privacy of many people. The growing integration of these systems into our everyday lives makes them an attractive target for criminal attacks as the systems can be used to spy on the residents, thereby facilitating criminal acts such as burglary, identity theft, stalking, and blackmailing”, says Henri Ruotsalainen, a researcher at the Institute of IT Security Research at the St. Pölten UAS.
Fending off Attacks
In the project “ARES – Attack Resilience for IoT-Based Sensor Devices in Home Automation”, Ruotsalainen examines ways to prevent attacks and make the systems more resilient. So-called meta information is used to do this: characteristic system parameters such as supply voltage and process temperatures. They serve to secure sensors and identify attacks.
“We develop methods to use this meta information as security measures to protect sensor data. In this way, we can reduce or even close the security gap between the sensors and the digital algorithms”, explains Ruotsalainen.
Moreover, Ruotsalainen’s team of researchers identify the most important security risks and needs of private households in Austria in the field of IoT. They also carry out a technology assessment and draw up guidelines for secure sensor design and the use of meta information to protect the systems.
In contrast to traditional IT security and industrial applications of the IoT, security measures in smart homes have to take adverse framework conditions into account: unplanned “drop-and-forget” installation (this refers to the fact that many smart home devices such as sensors are configured only once and then run for many years without maintenance), devices with extremely limited resources due to the very high cost pressure, and users who have little to no experience with the (secure) installation and operation of the systems.
Therefore, the project pursues a multidisciplinary approach connecting the specialist areas of sensor technology and networks, IT security, and social sciences. This concept does not only result in new and technically improved security measures but also enhances their acceptance and application.
The project is led by the Danube University Krems and funded by the Gesellschaft für Forschungsförderung Lower Austria.
Studying IT Security
Prospective students can apply for the study programmes IT Security (BA), Information Security (MA), and Cyber Security and Resilience (MA) until end-April and end-May, respectively.