So-called smarthomes and their technology offer many pleasant services. But they are an open door for IT attacks. A research project by the University of Continuing Education Krems and St. Pölten University of Applied Sciences is investigating how these information systems can be made more resilient. […]
The Internet of Things (IoT) enables a large number of new services. The technology can dynamically adapt to an environment, make automated decisions and provide better situational awareness. In private households, so-called home automation systems are mainly used to save energy and for more comfort and safety.
“IoT-based home automation systems are one of the most important fields of digitization that directly affect the privacy of many people. Due to the increasing integration of these systems into our daily lives, they represent an attractive target for criminal attacks: the systems can be used to spy on residents and carry out criminal acts such as burglaries, identity theft, stalking or extortion,“ says Henri Ruotsalainen, researcher at the Institute for IT Security Research at St. Pölten University of Applied Sciences.
In the project “ARES – Attack resilience for IoT-Based sensor devices in home automation” Ruotsalainen investigates how attacks can be prevented and the systems made more resilient. So-called meta-information is used for this purpose: characteristic system parameters, such as supply voltage or processor temperatures. They are used to secure sensors and identify attacks.
“We are developing methods to use this meta-information as security measures to protect sensor data. As a result, the security gap between the sensor and digital security algorithms can be reduced or closed,“ says Ruotsalainen.
The researchers around Ruotsalainen also identify the most important security risks and needs of private Austrian households in the field of IoT. The researchers also prepare a technology assessment as well as guidelines for a secure design of sensors and the use of meta-information to secure the systems.
In contrast to classic IT security and industrial applications of IoT, security measures in smarthomes have to take into account disadvantageous framework conditions: unplanned “drop & Forget“ installation (this means that many smarthome devices such as sensors are configured only once and then run for many years without maintenance), extremely resource-limited devices due to the very high cost pressure, as well as users who have little or no experience with the (secure) installation and operation of the systems.
The project therefore pursues a multidisciplinary approach that combines the fields of sensor technology and sensor networks, IT security and social sciences. This not only creates technically better and new security measures, but also improves acceptance and application.
The project management is at the University of Continuing Education Krems. The Gesellschaft für Forschungsförderung Niederösterreich is funding the project.