Defence Against Dark Artefacts

The Internet of Things (IoT) represents a convergence of ubiquitous computing and communication technologies, with emerging uses that actuate in the real world. No longer do ubiquitous computing systems simply sense and respond digitally, now they physically interact with the world, ultimately becoming embodied and autonomous. At the same time, the game is changing from one of privacy, where it is often (contestably) cited that “users don’t care”, to one of user safety, where users (along with regulators, governments, and other stakeholders) certainly do care. Likewise, industry needs to become aware that this shift also changes the legal basis under which companies need to operate, from one of disparate and often weakly enforced privacy laws, to one of product liability.

The current widely adopted approach in which cloud services underpin IoT devices has already raised major privacy issues. Importantly in an actuated future, untrammelled communications implicating a plethora of heterogeneous online services in their normal operation also brings with it resilience challenges. We must ensure the integrity of actuating systems, which will require greater local autonomy alongside increased situated accountability to users. This problem applies in many areas: industrial control, autonomous vehicles, and smart cities and buildings, including the intimate and shared context of the home.

Our research seeks to address the challenge in the context of the home, where the network infrastructure protection is minimal, providing little or no isolation between attached devices and the traffic they carry. Scant attention has been paid by the research community to home network security, and its acceptability and usability, from the viewpoint of ordinary citizens.

This research is also deeply rooted in pragmatism and recognises the ‘real world, real time’ conditions that attach to the IoT:

– that the cyber security solutions currently being defined for IoT systems will not deal with legacy issues and will never achieve 100% adoption

– that extant businesses limit the period of time for which they will provide software and security updates (if they even remain in business)

– that cyber security is an arms race and threats will continue to emerge in future

– and that the public will never become network security experts.

Investigators:

	Andy Crabtree
	Murray Goulden
	Hamed Haddadi
	Richard Mortier
	Lachlan Urquhart
	Derek McAuley

In Partnership:

• ARM Ltd
• Crossword Cybersecurity
• Internet Society
• BT
• Digital Catapult
• Petras Internet of Things Hub
• Cisco
• GCHQ

Funded by:   

Project runs from 5 September 2018 – 31 January 2022

EPSRC – details of DADA grant

Publications and Outputs

University of Nottingham DADA Press Release

Relevant previous work:

• Homework: putting interaction into the infrastructure – Richard Mortier, Tom Rodden, Peter Tolmie, Tom Lodge, Robert Spencer, Andy Crabtree, Joe Sventek, Alexandros Koliousis
• Unremarkable networking – Andy Crabtree, Richard Mortier, Tom Rodden, Peter Tolmie
• Privacy-aware infrastructure for managing personal data – Yousef Amar, Hamed Haddadi, Richard Mortier
• House rules: the collaborative nature of policy in domestic networks – Andy Crabree, Tom Rodden, Peter Tolmie, Richard Mortier, Ton Lodge, Pat Brundell, Nadia Pantidi
• Repacking ‘privacy’ for a networked world – Andy Crabtree, Peter Tolmie, Will Knight
• Playing the legal card – Ewa Luger, Lachlan Urquhart, Tom Rodden, Michael Golembewski