The Internet of Things (IoT) is a global ecosystem of information and communication technologies (ICT) aimed at connecting any type of digital object (thing), at any time and in any place, to each other and to the Internet. The application domains of the IoT are diverse, spanning from smart cities, building and home automation, transportation and logistics, and environmental monitoring, to smart enterprise environments, smart home appliances, connected cars, and smart wearable devices.
The IoT defines a new research domain where ordinary devices, such as refrigerators, coffee machines, TVs, cameras, thermostats, watches and glasses, and more, are transformed into smart digital devices with the capability to sense, compute, and communicate with their surroundings. This results in complex information and communication environments, where most of the data produced by these devices are processed remotely in the cloud.
The proliferation of IoT technology and its applications poses major security and privacy risks, due to the range of functionality and the variety of operations involved in the process. For example, IoT devices are powered by advanced operating systems, and are therefore exposed to different types of security breaches and attacks. Moreover, these smart devices are equipped with advanced sensing and communication capabilities that permit monitoring the surroundings, as well as tracking a user’s activity, behavior, location, and health condition in real-time. The fact that such devices can operate continuously in order to gather information from their surroundings greatly increases the risks of privacy violations. Furthermore, these devices are highly visible and accessible—especially to attackers. In addition, IoT devices have not been developed with security in mind and are designed mainly on the basis of features and cost considerations. Smart devices are low resource devices, in terms of power source, memory size, bandwidth communication, and computational capabilities. This may result in severe security flaws, as only lightweight encryption mechanisms and authentication algorithms can be applied in order to encrypt the data stored on, and transmitted from, the device. Finally, analyzing the security of such devices is considered an extremely complex task due to their heterogeneous nature (numerous types of devices and vendors) and the fact that these devices are used in a variety of contexts and states.
Therefore, in our project we consider various security and privacy aspects related to device architecture, network connectivity, and the type of data collected by IoT devices. We accomplish this objective by employing a variety of security and privacy methodologies, including an advanced security testing framework, anomaly detection based on machine learning methods, network analysis approaches, and the application of privacy mechanisms, all targeted for IoT applications and implementations.