The event gathered representatives of the main UK companies of the housing sector, with a view to sharing experiences of deploying IoT systems in the wild, ideas and future directions. Quite a few companies have already been experimenting with IoT devices. Unsurprisingly, this technological move leads to impressive returns on investment, by allowing companies to become proactive about their assets and optimising resources.
Our presentation aimed to give an overview of Cocoon, presenting the latest developments and reviewing some of the risks that should be considered. Most importantly, we argued that a successful and safe IoT strategy can only be based on how users interact with your system.
We presented Cocoon at the dCypher Symposium 2017, which is a Dutch public-private network gathering researchers, teachers, manufacturers, users and policy makers to increase knowledge and expertise in the Netherlands in the area of cybersecurity.
The Symposium The symposium held 8 parallel sessions, and offered an impression of the output resulting from earlier tenders for short term, medium term (SBIR) and long term cybersecurity research, both nationally and internationally. Solutions for bridging gaps between cybersecurity higher education curricula and demands from the labor market were addressed and sharing ideas and transferring knowledge was encouraged in 16 parallel sessions and at session tables, also lectures, a demo market and a young talent career fair were to be visited.
The Department of Industrial Engineering & Innovation Sciences (IE&IS) has several BSc and MSc programs in two separate schools. The School of Innovation Sciences focuses on the development and use of new technologies in a broad societal context. Research is multi-disciplinary, based on fundamental scientific insights and methods. Main areas of interest are economics and sociology of technological developments, sustainable innovation policy, human-technology interaction, and the history and philosophy of technology.
The Human-Technology Interaction (HTI)Group of the School of Innovation Sciences concentrates expertise in both social sciences and engineering, studying technology and its relations to humans and human well-being, within the broader context of a socially and ecologically sustainable society. The HTI group has a strong track record in education at the TU/e, running the BSc program Psychology and Technology and a (international) Master program in Human-Technology Interaction. Current research topics at the Human-Technology Interaction group include data science, affective computing, persuasive technology, virtual environments, digital gaming, recommender systems, online behavior, interactive lighting, robotics, embodied interfaces, and smart environments.
Project Context In the past, cyberattacks would be largely limited to cyberspace, but since the advent of the Internet of Things (IoT) they now routinely extend to the physical world, with smart homes, cars, wearables and other highly computerized and networked systems becoming victim to cyberattacks. In the European project ‘Cocoon: Emotion psychology meets cyber-physical security in IoT smart homes’ the focus is on smart homes. The home ought to be a safe haven where the occupant can experience a sense of privacy and control, of personal autonomy, and the integrity of one’s self and one’s family members. These qualities are at stake when the IoT network security is compromised. This project is a collaboration between TU/e, University of Reading, University of Greenwich, Gent University, and ETH Zurich.
Goal of the project The project combines technological research in the domain of cybersecurity and psychological research on people’s reactions to IoT or smart home related cyberattacks, including the effects on people’s relationships with their home (e.g., place attachment). By taking such interdisciplinary approach, the project aims to better understand the risks and possible long-terms consequences of cyberattacks, but also to develop and test novel tools for intrusion detection and for educating home owners in how to best manage their IoT / smart home infrastructure and data (e.g., through visualization methods). A large part of the research will be conducted in naturalistic field trials involving households in the participating countries. The HTI group will be actively involved in setting up these field trials and conducting psychological research aimed at explaining the short- and long-term effects of cyberattacks on occupants’ sense of home and related well-being.
Role and requirements
The candidate should have a PhD in environmental psychology, social psychology, human-technology interaction, or a related discipline. We are looking for candidates with an interest in developing and conducting psychological research in the context of smart homes, and to inform the user-centered design of IoT security tools. Candidates who are knowledgeable of or have an affinity with people-place relations and place attachment are in particular invited to apply. Candidates should have proven track record in managing, designing and conducting field research, and have solid experience with empirical research methods and the analysis of both quantitative and qualitative data. Successful candidates have excellent writing and documentation skills, good analytical and research capabilities, and excellent communication and organization skills, in particular in the context of multidisciplinary and international research projects.
a challenging job in a dynamic and ambitious University;
full-time employment as a Postdoctoral research for a period of 22 months;
gross salary is in the range of € 42.817 – € 56.214 per annum (on a full-time basis), this includes 8% holiday allowance and 8.3% end of year allowance;
a broad package of fringe benefits (including an excellent technical infrastructure, child care, moving expenses, savings schemes, and excellent sports facilities);
Information More detailed information can be obtained from prof.dr. Wijnand IJsselsteijn (firstname.lastname@example.org), or dr.ir. Antal Haans (email@example.com).
Further information about the appointment can be obtained from: Kim van Puijenbroek, personnel officer IE&IS, (firstname.lastname@example.org).
Application Your application must contain the following documents (all in English):
A letter of interest, stating your motivation to apply
An extensive curriculum vitae
At least two names (with email addresses) of people willing to act as references
If you are interested, we invite you to apply before May 31st , 2017. You can apply by pressing the ‘apply now’ button for this vacancy on the TU/e web-site. We don’t accept applications sent by e-mail. You can only upload the maximum of 5 documents of 2 Mb each. If you have more than 5 documents, you will need to combine them.
The global CHIST-ERA 2017 project seminar took place on March 21-23, 2017 in Brussels. This yearly seminar brings together researchers involved in ongoing CHIST-ERA projects, such as Cocoon, together with representatives of the national research funding organisations. The seminar was an excellent opportunity to exchange ideas between the various projects, identify synergies, and in general to meet in person and hear of the other projects funded in the same remit.
The Cocoon team took the opportunity to demonstrate the Cocoon node that includes our software-defined IoT radio, which has been designed and built throughout the first months of the project. The demonstration of the early prototype received good feedback from representatives of the funding agencies and triggered interesting discussions with members of the other projects. A half-day Cocoon project meeting helped to discuss the overall project work and plan the experiments. The pictures were taken during the project demonstration and the workshop.
Dr. Roesch gave a keynote address to the 2017 edition of Housing Technology Conference & Executive Forum (http://www.housing-technology.com/events/ht17/), held at Q Hotels’ Oxford Belfry, 7-9 March, 2017. This yearly event, organised by Housing Technology, is the one national event in the UK that gathers professionals of the housing sector wanting to make the best out of technology and share best practices.
Prior to the advent of the IoT, an email or instant message purporting to originate from your fridge would seem ludicrous. Nowadays, the concept is not absurd. In fact, it is exactly this change in expectations from the way we use technology and the increasing capabilities of system-to-system communication that poses the most risk.
Users expect visibility and control over their environment, including their home; leading a proliferation of network interfaces attached to what used to be isolated systems, sharing new types of data, including sensor data and control commands to and from our physical space. The result is an augmented attack surface at the disposal of cyber criminals. Since IoT devices are not always directly exploitable, cyber criminals can take advantage of their distributed functionality and associated behaviour to deceive the user directly. Take for example an attacker crafting a spoofed instant message from a user’s smart fridge, reporting that the fridge is running low on milk and asking whether they would like to place an order; with the Amazon style “one-click” ordering button (which conveniently leads to malware of the drive-by download type). The likelihood of the condition (running low on milk) is very high anyway, but if the attacker wanted to be absolutely certain, they could find out if they “sniffed” that seemingly unimportant (and almost always unencrypted) sensor data as they are periodically transmitted from the fridge to the home automation hub in the smart home.
Here, the attacker has exploited platform functionality that interfaces with the IoT device, in this case a fridge, by manipulating the perceived behaviour of the system as opposed to the device itself. It is not a great leap to envision that your fridge could be held to ransom by ransomware: “Pay up or your fridge won’t turn on”. Unlike phishing emails claiming to originate from financial institutions and banks, users are not yet sensitive to malicious behaviour originating from smart home/city systems.
Social engineering attacks against IoT devices in the smart home are by no means “hypothetical” and exploitations abusing functionality in smart home devices have already been observed in the wild. For example, over the period of December 2013 to January 2014, security provider Proofpoint identified a cyber-attack that was originating from the IoT, where three times a day, in bursts of 100,000, malicious emails targeting businesses and individuals was sent out. In total, the global attack was claimed to consist of more than 750,000 malicious emails originating from over 100,000 everyday consumer gadgets, 25 percent of which originated from smart TVs, home routers, and even one fridge. Crucially, the attack demonstrated that botnets are now IoT botnets, capable of recruiting almost any device with a network connection and messaging software … and homes included!
Described below are two hypothetical social engineering attack scenarios, where each attack could be practically facilitated by system functionality provided in the IoT.
IoT Phishing courtesy of the smart meter
Smart homes are becoming more common as people connect up numerous devices and “things” within their home. All these IoT “things” and devices connect to a network, be it wireless or wired and eventually connect to a routing device. Individually they may not offer any obvious value to cybercriminals, however they can provide a user interface which an attacker may attempt to manipulate to execute a social engineering attack. The following attack considers a threat actor who has gained control of a brand of IoT Smart meter cloud-based services platform (which has been bundled with the product to deliver updates or new content). Here, the attack can either monitor (what may be) unencrypted communication between the cloud services and the smart meter and inject information into existing data flows, or potentially send direct messages to the meters if they have gained complete control over the cloud environment.
In both examples the attack triggers a message to all the smart meters which is displayed when the heating sensor indicates that the users are home (e.g. it has been turned up/down): “Software Upgrade Required, Go to: http://www.heaterupgrades.com/smartupgrade”, Run the patch from a Windows computer on this network”. If the user complies then they have been phished.
Your picture frame speaks a thousand words
Social networking and media is at the heart of the IoT, where it is no longer only people that share information with other people, but also “things” that are able to communicate with users or with other “things”. Think back to your fridge kindly advising that you are low on milk. Your car might even want to tell your Facebook friends that its carbon footprint is less than 4 other cars on the road this week (e.g. in-product advertising across social media). The following attack considers a threat actor scanning Twitter, looking for status posts that include meta-data from IoT picture frames. IoT picture frames often come bundled with an app that allows a user to automatically download and upload pictures to popular social media platforms. In this example, the attacker finds a tweet containing the meta-data, however it is a re-tweet from an open Twitter account following a particular user who owns the target picture frame. Next the attacker sends a direct tweet to the user (who’s account privacy settings were locked down), from a spoofed Twitter account pertaining to be the picture frame’s manufacturer. The tweet contains a shortened URL to a Twitter app that will allow the user to install video functionality on their picture frame for free. In reality the Twitter app gives the attacker’s account rights to download all the pictures from the users IoT picture frame, which they plan to use as ransomware data or to craft future phishing attacks.
A protection Recommendation
To instil confidence and encourage uptake in smart technologies that underpin the smart home and Internet of Things and for them to be usable in the long-term, it is necessary for the security of these devices to be robust, scalable and above all practical. Identifying the source of a deception attempt and the structure of a social engineering attack can be extremely challenging. The challenge of building an effective defence that addresses a range of deception vectors appears insurmountable when taking into consideration all of the different platforms that may been involved in an attack. It is more practical to employ a generic classification criterion to breakdown down attacks into parametric, components parts, as in this taxonomy. This reveal shared characteristics between attacks; which then aids the design of defences that address multiple threats sharing similar traits.
In practice, it is important that IoT developers have a detailed understanding of how their system will interface with users, and how system functionality may affect the wider ecosystem where it is deployed. The Secure Software Development Life cycle (S-SDLC) provides developers with a guideline framework for the design and implementation of system software by integrating security considerations systematically into the core requirements and design of the software’s architecture. Under each life cycle stage, security considerations can be mapped to threats that consider user interface manipulation, by identify these earlier this can aid the development of IoT platforms and functionality that are resistant to deception-based attacks. In the figure below, the key concepts of the S-SDLC are shown with a visual representation of elements that are directly relevant for avoiding exposing vulnerable user interface functionality.
The smart home (and more generally the IoT) promises to synergize technology in new and innovative ways and in doing so presents major social, business and economic benefits for modern society. Equally, for cyber criminals, this paradigm shift in technology promises significant rewards if a social engineering attack is executed successfully, because hacking the user can provide access to all the “things” that they control. The more successful social engineering attacks against the smart home are, the more user confidence in the IoT’s security is undermined, ultimately delaying its adoption and the realization of its potential benefits.
Protecting the integrity of a smart home is a two-way street. The example provided here is the S-SDLC. However, the wider message is that security should be treated as an enabler of system functionality and as a cost-based bolt-on. Equally, users are a crucial firewall in defending against IoT-oriented social engineering threats and it is important that they are empowered to report potential threats, especially as they will be familiar with their own environment and more sensitive to its anomalous behaviour.
In the past the only toys that could speak and hear were those in the movies. However, with the Internet of Things, fantasy is now becoming reality, and a recent hack shown this month by the National Cyber Security Centre demonstrated what might just happen when good toys go bad.