The Internet of Things (IoT) and its application in Home automation systems (HAS) are expected to offer a plethora of novel services that adapt dynamically to a context, automate decisions and provide better situation awareness. In homes they are seen as facilitators for reducing energy consumption as well as increasing comfort and security. IoT-based HAS will be a widespread and important future field of digitalization directly influencing the most private parts of the lives of people.
Yet, in order to fulfil these tasks such systems have to be deeply engrained in our everyday lives and therefore will also gain much attraction for attackers that might use the capabilities to remote control and manage many parts of homes to spy on potential targets, to stalk inhabitants as well as facilitate criminal activities like burglaries, identity theft or blackmail.
The ARES proposal intends to investigate the attack resilience and security measures for sensor data based on meta-information, i.e., information that is different from the primary sensor measurement such as jitter of the supply voltage or the circuit core temperature, which shows characteristic changes during attacks on the sensor value. The outputs of the project will provide:
• A methodology of using meta information as input to security measures and specifically protecting sensor data by imposing this meta-information directly on the analog sensor circuit thus closing the gap between data acquisition and digital protection.
• A holistic security analysis and intrusion detection by merging meta-information. This includes an evidence-based consumer survey to identify the most common cyber risks and security needs for IoT devices in Austria’s private households.
• An experimental evaluation and a technology assessment of meta-information based security
• Guidelines for future secure design and use of such systems
In opposite to classical IT security and industrial applications of IoT, HAS systems are characterized by unplanned installation, drop & forget usage, extremely resource-limited devices due to the high cost pressure and in particular untrained users having little know-how in installing and operating the system.
To achieve the above goals and outputs the project pursues an multidisciplinary approach combining sensor-(network)-knowhow, IT security expertise and expertise in social sciences. Only through this combination of research fields security measures can be designed having both higher technical attack resilience and are applicable and accepted by users.
|Duration||01/11/2019 - 31/10/2021|
|Funding||Bundesländer (inkl. deren Stiftungen und Einrichtungen)|
|Principle investigator for the project (Danube University Krems)||Priv.-Doz.Dipl.-Ing.Dr. Thilo Sauter|
|Project members||Mag. Dr. Edith Huber Bettina Pospisil, BA MA Priv.-Doz.Dipl.-Ing.Dr. Thilo Sauter Ass. Prof. Mag. Dr. Walter Seböck, MAS MSc Dipl.-Ing. Albert Treytl|
Security of Home Automation Systems – a status quo analysis for Austrian households
In-Depth Security Conference Europe 2020, 20/11/2020
FH St. Pölten