Defence against dark artefacts - the enemy within the wall

A utopian vision of the future is of “smart appliances” in a “smart home” making domestic life simpler and caring for an aging population based on personalisation and control - the Internet connected fridge and kettle are popular examples.

However, recent media reports about the use and exploitation of personal data have increased public awareness of some of the drawbacks, as well as the benefits, of the digital age. And that’s when companies are trying to act legally and the technology works. But, what do we do when “smart appliances” fail or software isn’t updated, exposing us to hackers’ These “dark artefacts” are an enemy within the wall.

Scientists at the University of Nottingham, in collaboration with the University of Cambridge and Imperial College, are about to explore the potential challenges posed by the connections between cloud-based services and the Internet of Things (IoT) in the workplace and home.

The Defence Against Dark Artefacts (DADA) project is one of eleven projects receiving a total of 11m from the Engineering and Physical Sciences Research Council (EPSRC). The projects will address a number of areas that present challenges for those using data and those giving others access to their data.

The DADA project will be led by Derek McAuley , Professor of Digital Economy and Director of Horizon Digital Economy Research in the School of Computer Science.

The project aims to address the challenges resulting from the current, widely-adopted approach in which cloud services underpin IoT devices, in the context of the home where network infrastructure protection is minimal and little or no isolation is provided between attached devices and the data traffic they carry. The research is rooted in pragmatism, acknowledging that current IoT cyber security solutions will not deal with legacy issues and will not achieve 100 per cent adoption, and that the public will never become network security experts.

Professor McAuley said: “In 2016, the largest distributed denial of service was launched from hacked IoT devices; the target, the blog of a security journalist. The threat is already present and it is inevitable that IoT devices in the future will continue to be compromised. However, what if the attack in future was directed into the home itself - interfering with appliances, even cutting off heating and power. Our research seeks to understand how to mount a defence against these attacks that is comprehensible to the average user.”

This area has been a research priority for the EPSRC which is now part of the newly formed UK Research and Innovation. In 2017 EPSRC called on researchers to submit proposals for projects that would further the understanding of Trust, Identity, Privacy and Security (TIPS) issues in the Digital Economy.

The aspiration was to support interdisciplinary research, across the spectrum of technological, economic, cultural, social, legal, ethical, design, behavioural and political disciplines, to engage with those who use research outputs, from industry to charities to communities.