Menu
Semantics, Cybersecurity & Services (SCS)
Semantics, Cybersecurity & Services (SCS)
UTFacultiesEEMCSDisciplines & departmentsSCSEducationAssignmentsOpen AssignmentsOpen Master AssignmentsAutomated generation of Security and Privacy labels

Automated generation of Security and Privacy labels

MAster assignment

Automated generation of Security and Privacy labels

Type: Master CS

Period: Start date: as soon as possible

Student: Unassigned

If you are interested please contact:

Picture of dr.ir. A. Continella (Andrea)
dr.ir. A. Continella (Andrea) Associate Professor
+31534892752
 a.continella@utwente.nl
Building: Zilverling 2023
Personal page
Picture of C. Gupta MSc (Chakshu)
C. Gupta MSc (Chakshu) PhD Candidate
+31534898241
 c.gupta@utwente.nl
Building: Zilverling 2042
Personal page
Picture of J.J. van Nielen MSc (Jorik)
J.J. van Nielen MSc (Jorik) PhD Candidate
+31534897534
 j.j.vannielen@utwente.nl
Building: Zilverling 2042
Personal page

Objective:
IoT devices have become a norm in households these days. While they add convenience to our lives, they are very insecure, adding insecurity to our home networks. The National Institute of Standards and Technology (NIST) and the EU parliament have taken steps to address the security and privacy concerns of these devices. In response to these initiatives, researchers like Emami-Naeini et al. [2] have designed security and privacy labels for IoT devices, following the same principles of the nutrition labels for food.

In a previous project [1], we explored network traffic analysis to extract information about the devices to generate these labels. Although, there is a limitation to how much information we can extract from a device’s network traffic since most of the network traffic is encrypted. We plan to extend this project by analyzing the device’s firmware and it’s companion app.

References

  1. Abbate, Gabriele (2024) Automated Generation of Security and Privacy Labels for IoT Devices: A Framework based on NIST Guidelines.
  2. P. Emami-Naeini, Y. Agarwal, L. Faith Cranor and H. Hibshi, "Ask the Experts: What Should Be on an IoT Privacy and Security Label?," 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2020, pp. 447-464, doi: 10.1109/SP40000.2020.00043.
  3. W. R. F. Merkel, “DRAFT Baseline Security Criteria for Consumer IoT Devices,” Cybersecurity White Paper, 2021. [Online]. Available: https://www.nist.gov/system/files/documents/2021/08/31/IoT%20White%20Paper%20-%20Final%202021-08-31.pdf
  4. National Institute of Standards and Technology, “Cybersecurity White Paper: EO Response,” National Institute of Standards and Technology, Tech. Rep., 2022. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.02042022-2.pdf
  5. Nigel Cory, “Why the United States and EU Should Seize the Moment to Cooperate on Cybersecurity Labeling for IoT Devices,” ITIF - Information Technology & Innovation Foundation, Tech. Rep., 2024. [Online]. Available: https://itif.org/publications/2024/03/28/why-us-eu-should-cooperate-on-cybersecurity-labeling-for-iot-devices/
Close
Suggestions