TULiPS

Technology Usability Lab in Privacy and Security

Logo: Technology Usability Lab in Privacy and Security
Research Publications People Student Projects Wiki Outreach

IoT Awareness

The Internet of Things (IoT) has great potential for helping people in many aspects of their lives, however; it also has great potential to cause serious security and privacy issues. In this project we look at awareness around IoT, how people currently think about IoT devices, how to help them become better informed, and how to provide a better sense of control over the seemingly uncontrollable amount of data produced.

One of the first problems is understanding how IoT devices interact with the world around them, both in terms of how they communicate with the people who own them and how they interact with other computers both inside and outside their local networks. In an initial exploration of this space we investigated the unboxing of IoT devices and how to best capture all these aspects during a controlled unboxing of a new device [1]. Capturing all communications is actually surprisingly complex and requires recording from multiple angles including packet capture from several points, video capture of the human-visible components of the device, and capture of various aspects of the associated app, if any.

We have also started exploration of different ways to help people understand the types of network connections being formed between IoT devices and the Internet. As part of a series of student projects we put OpenVAS on a router and performed pcap capture of IoT devices. We are now exploring different ways to present the captured information to end users.

Publications

  1. Capturing the Connections: Unboxing Internet of Things Devices [bibtex]
    K. Vaniea, E. Tallyn, C. Speed; In arXiv. 2017.

People

Current

Funding

Research and projects here are partially funded by the following groups:

Related Student Projects

Project screenshot.

Talk to Google Assistant about Privacy

Nurul Syakirah Binti Ahmad Ghazali (2020-2021, Undergraduate Thesis)

Supervisor: Kami Vaniea

Smart Personal Assistants such as Amazon Echo and Google Home have become prevalent in our daily lives but people still lack the digital literacy and the rights to properly control the information these devices collect and share. One part of the problem is that privacy notices are designed to be read in a written form, but these devices are designed to be interacted with via audio in a queston and answer format. The aim of this project is to explore ways to enable people to interact with the privacy policies of smart personal assitants through their own audio channel. In other words, how do we get Alexa to talk to people about privacy?

Project screenshot.

Analysis of Network Traffic to Create an Educational Visualisation of the IoT Ecosystem

Anna Aloshine (2019-2020, Undergraduate Thesis)

Supervisors: Kami Vaniea, Nicole Meng

Assist the general public in understanding how IoT devices communicate within the home by using visualizations; particularly how they interact with other devices such as phones, routers and hubs like Alexa. The project collected packets from a real IoT device and then used the real packet flows to generate a set of scenarios and visualizations that walk a user through what the device is doing.

Project screenshot.

Visualize IoT network traffic as a chat conversation

Luqi Li (2019-2020, Masters Thesis)

Supervisor: Kami Vaniea

IoT network traffic can be challenging for people to understand easily or even learn about. In this project we created a website that allows users to upload a network traffic trace file and then view elements of the file using a more user-friendly chat-themed visualization. The website also featured user training and explainations around common network protocols like TCP.

Project screenshot.

Of Smart Speakers and Men - An Exploration of Privacy and Security Perceptions of Smart Speaker Users in Shared Spaces

Nicole Meng (2018-2019, Masters Thesis)

Supervisors: Kami Vaniea, Bettina Nissen

Smart speakers increasingly adopted into our everyday life. Sometimes, they are also placed in shared spaces and automatically turn every person in the room into a user (visitor) even if they do not regularly interact with it. Previous work primarily focuses on smart speaker adoption and owners, but does not consider the implications of smart speakers on visitors. Our research aims to determine differences between owners and visitors in mental and threat models, privacy perceptions, protection strategies, factors of discomfort. Also, we want to identify which areas of smart speakers need to be addressed to improve smart speaker interactions for both owners and visitors.

Project screenshot.

Visualisation of networking connections traversing a single router

Nicholas Lynch (2017-2018, Undergraduate Thesis)

Supervisor: Kami Vaniea

Interactive demo that allows users to visualize their web traffic live. Users connect their personal mobile device to a special Wifi node and see their traffic displayed on a large demo screen. The goal of the project is to facilitate conversations around privacy, security, networking, and what computer scientists do.

Project screenshot.

Interactive physical visual aid to support active learning in understanding DDoS concepts

Willy Halim Dinata (2016-2017, Masters Thesis)

Supervisor: Kami Vaniea

This project explored a new way to bring security awareness of Distributed Denial of Service (DDoS) attacks to the masses. The project consisted of a physical-visual aid showing participants a set of simulated Internet of Things (IoT) devices. Participants could interact with the IoT devices through a Facebook chat bot and use them to attack the video server in the center of the board. When all four IoT devices attack at once the video slows to a crawl.

Project screenshot.

IoT unboxing

Kaloyan Popstoyanov (2017-2017, Internship)

Supervisor: Kami Vaniea

Developed a systematic process for unboxing IoT devices such that all possible data is captured. I then unboxed 14 devices recording the process from multiple angles, including video of the interactions and packets from both the phone and the IoT device itself.

Project screenshot.

Visualize router traffic

Constantinos Chrysostomou (2016-2016, Internship)

Supervisor: Kami Vaniea

The Internet of Things (IoT) can make it seem like we have lost control over where our data goes. In this project we took IoT traffic passing across a home network router and visualized where in the world the traffic was going in a live display. The system used D3 for the visualization and a system created by Nikolaos Tsirigotakis to do the packet capture.

Project screenshot.

A framework for an en masse network security evaluation and network flow analysis for the Internet of Things era

Nikolaos Tsirigotakis (2015-2016, Masters Thesis)

Supervisor: Kami Vaniea

Internet of Things (IoT) is characterized by rapid expansion on top of several different standards, protocols, and technologies, making security evaluation on a per-devices scale prohibitively time consuming. This project focused on building a router-based platform to change all that by allowing the automation of security checks.