IoTBDS 2024 Abstracts

Area 1 - Big Data Research

Full Papers

Paper Nr:	26
Title:	Need for Speed: Leveraging the Power of Functional Encryption for Resource-Constrained Devices
Authors:	Eugene Frimpong, Alexandros Bakas, Camille Foucault and Antonis Michalas
Abstract:	Functional Encryption (FE) is a cutting-edge cryptographic technique that enables a user with a specific functional decryption key to determine a certain function of encrypted data without gaining access to the underlying data. Given its potential and the fact that FE is still a relatively new field, we set out to investigate how it could be applied to resource-constrained environments. This work presents what we believe to be the first lightweight FE scheme explicitly designed for resource-constrained devices. We also propose a use case protocol that demonstrates how our scheme can secure an Internet of Things (IoT) architecture where relevant devices collect data and securely deliver them to a storage server, where an analyst can request access to the encrypted data. Finally, we conduct thorough experiments on two commercially available resource-constrained devices to provide compelling evidence of our approach’s practicality and efficiency. Although the results of our evaluations show that there is room for improvement in the proposed scheme, this work represents one of the first attempts to apply FE to the IoT setting that can directly impact people’s daily lives and the everyday operations of organizations.
Download

Paper Nr:	38
Title:	UoCAD: An Unsupervised Online Contextual Anomaly Detection Approach for Multivariate Time Series from Smart Homes
Authors:	Aafan A. Toor, Jia-Chun Lin, Ming-Chang Lee and Ernst G. Gran
Abstract:	In the context of time series data, a contextual anomaly is considered an event or action that causes a deviation in the data values from the norm. This deviation may appear normal if we do not consider the timestamp associated with it. Detecting contextual anomalies in real-world time series data poses a challenge because it often requires domain knowledge and an understanding of the surrounding context. In this paper, we propose UoCAD, an online contextual anomaly detection approach for multivariate time series data. UoCAD employs a sliding window method to (re)train a Bi-LSTM model in an online manner. UoCAD uses the model to predict the upcoming value for each variable/feature and calculates the model’s prediction error value for each feature. To adapt to minor pattern changes, UoCAD employs a double-check approach without immediately triggering an anomaly notification. Two criteria, individual and majority, are explored for anomaly detection. The individual criterion identifies an anomaly if any feature is detected as anomalous, while the majority criterion triggers an anomaly when more than half of the features are identified as anomalous. We evaluate UoCAD using an air quality dataset containing a contextual anomaly. The results show UoCAD’s effectiveness in detecting the contextual anomaly across different sliding window sizes but with varying false positives and detection time consumption.
Download

Paper Nr:	58
Title:	Optimising Data Processing in Industrial Settings: A Comparative Evaluation of Dimensionality Reduction Approaches
Authors:	José Cação, Mário Antunes, José Santos and Miguel Monteiro
Abstract:	The industrial landscape is undergoing a significant transformation marked by the integration of technology and manufacturing processes, giving rise to the concept of the Industrial Internet of Things (IIoT). IIoT is characterized by the convergence of manufacturing processes, smart IoT devices, and Machine Learning (ML) algorithms, enabling continuous monitoring and optimisation of industrial operations. However, this evolution translates into a substantial increase in the number of interconnected devices and the amount of generated data. Consequently, with ML algorithms facing an exponentially growing volume of data, their performance may decline, and processing times may significantly increase. Dimensionality reduction (DR) techniques emerge as a viable and promising solution, promoting dataset feature reduction and the elimination of irrelevant information. This paper presents a comparative study of various DR techniques applied to a real-world industrial use case, focusing on their impact on the performance and processing times of multiple classification ML techniques. The findings demonstrate the feasibility of applying DR: for a Logistic Regression classifier, minor 4% performance decreases were obtained while achieving remarkable improvements, over 300%, in the processing time of the classifier for multiple DR techniques.
Download

Short Papers

Paper Nr:	23
Title:	How Is Starlink Manoeuvring? An Analysis of Patterns in the Manoeuvres of Starlink Satellites
Authors:	David P. Shorten, Wathsala Karunarathne and Matthew Roughan
Abstract:	The rapid increase in the number of active satellites orbiting earth along with the simultaneous increase in the amount of space debris is causing earth’s exosphere to become ever more crowded. This crowding forces satellites to perform a rising number of collision-avoidance manoeuvres. At the time of publication, of the roughly 7700 active satellites orbiting earth, over 5000 belonged to the Starlink constellation. These satellites not only substantially contribute to the crowding of space, but are required to perform tens of thousands of collision-avoidance manoeuvres per year. As Starlink does not publish information on the timing of these manoeuvres, little is known about them beyond their total number. This work uses a recently-proposed algorithm for detecting satellite manoeuvres from the publicly-available 18th Space Defence Squadron TLE data to study the patterns in the manoeuvres of this constellation. Rich structure was found in the patterns of these manoeuvres, including regular synchronous bursts of station-keeping manouevres within launch groups (the groups of satellites launched on a single day) and a cyclical pattern of station keeping amoung the launch groups.
Download

Paper Nr:	27
Title:	Revolutionizing Vehicle Damage Inspection: A Deep Learning Approach for Automated Detection and Classification
Authors:	Onikepo D. Amodu, Adel Shaban and Gbenga Akinade
Abstract:	In the past, fleet managers and vehicle insurance companies relied on manual methods to inspect vehicle damage. This involved visually examining the vehicles and taking measurements manually. The aim of this study was to explore the use of deep learning algorithms to automate the process of vehicle damage detection and classification. By automating these tasks, stakeholders in the industry, such as fleet managers and insurance companies, can streamline vehicle inspections, assess the extent and severity of damage, and validate insurance claims. The research focused on three main deep learning architectures: Convolutional Neural Networks (CNNs), Generative Adversarial Networks (GANs), and Deep Neural Networks (DNNs). These algorithms were applied to a diverse dataset containing vehicles in different lighting conditions. The study conducted a comprehensive evaluation of each algorithm’s performance, considering factors such as accuracy, speed, and detection rates. The goal was to assess the strengths and weaknesses of each approach. The results of the experiment revealed significant differences in the performance of the CNN, DNN, and GAN models. The CNN model achieved the highest accuracy rate, at 91%, followed by the DNN model at 84%. The GAN model achieved a more modest accuracy rate of 78%. These findings contribute to the advancement of vehicle damage detection technology and have important implications for industries, policymakers, and researchers interested in deploying state-of-the-art solutions for faster and more precise identification of various levels of damage and their severity.
Download

Paper Nr:	33
Title:	Sample-Based Cardinality Estimation in Full Outer Join Queries
Authors:	Uriy Grigorev, Andrey Ploutenko, Aleksey Burdakov, Olga Pluzhnikova and Evgeny Detkov
Abstract:	Efficient query planning is crucial in large smart databases, where the complexity of joining tables can exceed a hundred. This paper addresses the pivotal role of cardinality estimation in generating effective query plans within a Database Management System (DBMS). Over the past decade, various estimation methods have been developed, yet their accuracy tends to decrease as the number of joined tables increases due to specific constraints and prerequisites. This paper introduces EVACAR, a novel cardinality estimation method rooted in the theory of approximate aggregate calculations. Unlike existing methods, EVACAR is designed to alleviate limitations associated with increasing table joins. Our method not only matches but often surpasses the accuracy of machine learning methods, achieving superior results for 75-88% of the evaluated queries (subplans). This advancement signifies a promising step towards optimizing query performance in large-scale smart databases.
Download

Paper Nr:	52
Title:	Industrial Internet of Things for Assembly Line Worker’s Work Fatigue Recognition
Authors:	Venkata R. Pabolu, Divya Shrivastava and Makarand S. Kulkarni
Abstract:	The fourth industrial revolution or Industry 4.0 is based on the Internet of Things (IoT) and other intelligent technologies. IoT is mature enough to make seamless real-time communication between data-grasping sensors and intelligent machines. Recognition and prevention of workers’ work fatigue remain challenging for manufacturing industries. The objective of this research is to develop an IoT-based worker’s work fatigue recognition system to recognize the real-time fatigue status of assembly line workers. A learning-based knowledge model is prepared from the historical worker’s work fatigue status to classify the worker’s work fatigue status (as ‘Yes’ or ‘No’) using the real-time monitoring system. Where a sensor-connected IoT framework is adopted for monitoring the real-time state of an assembly worker. Finally, an intelligent system is proposed to recognize the real-time worker’s fatigue status from the IoT real-time monitored data using the learning-based worker’s work fatigue recognition model. A use-case illustration is given to demonstrate the research scope for a manual assembly line.
Download

Paper Nr:	20
Title:	Data Sets for Cyber Security Machine Learning Models: A Methodological Approach
Authors:	Innocent Mbona and Jan P. Eloff
Abstract:	Discovering Cyber security threats is becoming increasingly complex, if not impossible! Recent advances in artificial intelligence (AI) can be leveraged for the intelligent discovery of Cyber security threats. AI and machine learning (ML) models depend on the availability of relevant data. ML based Cyber security solutions should be trained and tested on real-world attack data so that solutions produce trusted results. The problem is that most organisations do not have access to useable, relevant, and reliable real-world data. This problem is exacerbated when training ML models used to discover novel attacks, such as zero-day attacks. Furthermore, the availability of Cyber security data sets is negatively affected by privacy laws and regulations. The solution proposed in this paper is a methodological approach that guides organisations in developing Cyber security ML solutions, called CySecML. CySecML provides guidance for obtaining or generating synthetic data, checking data quality, and identifying features that optimise ML models. Network Intrusion Detection Systems (NIDS) were employed to illustrate the convergence of Cyber security and AI concepts.
Download

Paper Nr:	25
Title:	IndraFlow: Seamless Data Transfer and Transformation Between Internet of Things, Robot Systems and Cloud-Native Environments
Authors:	Attila C. Marosi and Krisztián Póra
Abstract:	In this paper we present our solution which aims to be a generic streaming data bridge. It utilizes a modular architecture with current support for MQTT, ROS1, ROS2, Kafka and relational database management systems (RDBMS), such as MySQL or PosgreSQL as data sources or destinations. Our solution also supports custom transformations of messages and using multiple sources and destinations within a single bridge instance. We compare our solution to existing generic streaming solutions (such as the GUI-based Apache NiFi) and custom-made bridge codes (such as a ROS to MQTT bridge). Next, we present two use cases for our solution from different projects. In the first use case ROS messages are received from drones, transformed and sent to a cloud-based Kafka cluster. The second use case is representing an industrial IoT use case where MQTT messages are received, transformed and sent to a PostgreSQL server for persistent storage. Finally, we evaluate the performance and reliability of our solution using the second use case.
Download

Area 2 - Internet of Things (IoT) Applications

Short Papers

Paper Nr:	6
Title:	HOMEFUS: A Privacy and Security-Aware Model for IoT Data Fusion in Smart Connected Homes
Authors:	Kayode S. Adewole and Andreas Jacobsson
Abstract:	The benefit associated with the deployment of Internet of Things (IoT) technology is increasing daily. IoT has revolutionized our ways of life, especially when we consider its applications in smart connected homes. Smart devices at home enable the collection of data from multiple sensors for a range of applications and services. Nevertheless, the security and privacy issues associated with aggregating multiple sensors’ data in smart connected homes have not yet been sufficiently prioritized. Along this development, this paper proposes HOMEFUS, a privacy and security-aware model that leverages information theoretic correlation analysis and gradient boosting to fuse multiple sensors’ data at the edge nodes of smart connected homes. HOMEFUS employs federated learning, edge and cloud computing to reduce privacy leakage of sensitive data. To demonstrate its applicability, we show that the proposed model meets the requirements for efficient data fusion pipelines. The model guides practitioners and researchers on how to setup secure smart connected homes that comply with privacy laws, regulations, and standards.
Download

Paper Nr:	36
Title:	Navigating the CRA: A Brief Analysis of European Cyber Resilience Act and Resulting Actions for Product Development
Authors:	Peter Schoo
Abstract:	This short-paper analyses the forthcoming European Cybersecurity Legislation, focusing on the Cyber Resilience Act (CRA), with an examination of the challenges in defining the CRA addressing product security requirements, life-cycle and supply chain protection, and product criticality classification, that points to certification of product security. Stakeholders, including EU institutions, industry players and Open Source Software (OSS) community, play pivotal roles. The discussion provides a concise but complete overview of the regulatory content and context, the obligations and recommendations for action for companies and practical recommendations for courses at universities, as they arise from the CRA.
Download

Paper Nr:	37
Title:	Lite4More: A Hardware and Software Solution to Improve the Commissioning of Lighting Infrastructures
Authors:	Diogo Correia, João Gomes, Carlos Resende, Filipe Sousa, Jorge Filipe, Carlos Silva and Antonio Sousa
Abstract:	The Internet of Things is being integrated into many aspects of our daily lives to optimise it. Smart building, in particular, smart lighting, is one of the aspects that can benefit power consumption and user well-being. However, such systems’ installation and maintenance costs are hampering their dissemination. The commissioning of lighting infrastructures is a human and time-consuming task whose complexity increases with the size of the building under installation. The manual discovery of the luminaires in the building and their association with their digital counterparts is one of the main reasons for this, and the current state-of-the-art solutions do not properly address it. In this paper, we propose Lite4More, a modular hardware and software solution that can be easily adapted to different installation requirements and address the lighting infrastructure commissioning issue by automating it. Lite4More takes advantage of the Cloud, Edge and IoT device layers to, through the use of AI algorithms, guide the technician along the commissioning procedure, reducing on-site work and aiming to reduce the total time for commissioning.
Download

Paper Nr:	21
Title:	Credential Lifecycle Analysis in Private LoRaWAN Networks for Industrial IoT (IIoT)
Authors:	Sergio H. Silva, Guilherme P. Koslovski, Mauricio A. Pillon and Charles C. Miers
Abstract:	The adoption of smart devices in the industrial context has led to the emergence of the Industrial Internet, also known as the Industrial Internet of Things (IIoT). Compliance with security requirements and standards is necessary for IIoT networks, including general Internet technology standards and specific standards for IIoT regulation, such as those defined by the Industrial Internet Consortium (IIC). In this article, we focus on the issue of non-compliance with the credential lifecycle in private LPWAN LoRaWAN networks based on ChirpStack, a widely used open-source solution for connecting IoT devices over large geographical areas. Non-compliance with credential lifecycle standards can pose risks to business continuity. Our goal is to analyze the lifecycle of credentials in the context of IIoT using the LoRaWAN 1.1 protocol with ChirpStack servers. The contributions of this work include identifying the lifecycle of identities applied and analyzing the identity lifecycle when used with ChirpStack open-source LoRaWAN Network Server.
Download

Paper Nr:	22
Title:	Context Data Compact Prediction Tree (CD-CPT): Transforming User Experience Through Predictive Analysis
Authors:	Pooja Goyal, Md K. Khan, Natnael Teshome, Brendan Geary and Renee Bryce
Abstract:	Use of IoT (Internet of Things) devices have significantly increased over the last decade, specifically smartphones as compared to desktops, and laptops have become an integral part of our everyday lives. Smartphone applications operate in dynamic environments and generate huge and vast amount of context events such as screen orientation, location, battery life, and network connectivity throughout the day. Such context events may affect usage of the smartphone and smartphone applications by the user and the behaviour of these applications, Sparsity and complexity of these events make it difficult to identify patterns and trends in the data using traditional data mining techniques. Hence, predictive analysis of these events and finding patterns in context event data can have drastic impact on the application usage and enhance user experience. Prediction trees can be used to predict future events based on the context of past events, This work proposes a modified method of Compact Prediction Tree (CPT) called Context Data Compact Prediction Tree (CD-CPT) to predict real-world context data for multiple users. The experiments conducted used Transition Directed Acyclic Graph (TDAG) and All-k Order Markov (AKOM) algorithms to generate short-term predictions based on current context events and compare with baseline models such as Prediction by Pattern Mining (PPM), Dependency Graph (DG), CPT, and CPT+. The experimental results indicate that AKOM and TDAG outperform other algorithms, achieving a 50.4% weighted F-1 score for the highest supported context event. CD-CPT, without referencing the test file, still achieves a 14.27% weighted F-1 score for the same event, showing potential for improved accuracy in predicting context data compared to other algorithm.
Download

Paper Nr:	44
Title:	Classification and Prediction of Hypoglycemia in Patients with Type 2 Diabetes Mellitus Using Data from the EHR and Patient Context
Authors:	Luis C. Gubert, Felipe A. Zeiser, Cristiano André da Costa and Rafael Kunst
Abstract:	The increase in obesity, a sedentary lifestyle, and population aging are considered the main factors for the increase in Type 2 Diabetes Mellitus (T2DM) worldwide. Global estimates indicate that around 400 million people live with T2DM, reaching 600 million in 2035. This scenario generates a high social and financial cost for the patient and the healthcare system. In this context, this work evaluates machine learning models to classify and predict hypoglycemic crises in patients with T2DM. A dataset with data from a clinical center in southern Brazil is constructed. Patient data involves Electronic Health Records (EHR) and data collected in the patient context through Internet of Things (IoT). This dataset is used to run classification and prediction models. Results show that the proposed approach is promising, achieving an AUC of 0.8200 and a sensitivity of 90.00% for classifying hypoglycemia. In addition, the Clarke Error Grid plot demonstrates an assertiveness of prediction for high blood glucose in clinical terms. These results demonstrate that the proposed method achieves comparable or superior results to related works in the literature. The combined use of EHR, IoT, and Machine Learning can be a promising alternative to improve the monitoring of chronic and long-term diseases, such as T2DM, contributing to a more accurate and effective diagnosis.
Download

Paper Nr:	60
Title:	Indescribably Blue: Bluetooth Low Energy Threat Landscape
Authors:	Christopher Skallak and Silvie Schmidt
Abstract:	This paper elaborates security vulnerabilities of Bluetooth Low Energy. The STRIDE process is used to builld a threat model in order to identify these vulnerabilites. These range from packet sniffing on the physical layer to sophisticated Machine-in-the-Middle attacks that are built upon address spoofing and jamming attacks. The proposed threat model also identifies the optional and mandatory dependencies between the attack vectors. Furthermore, we elaborate the attack vectors aligned to the BLE stack.
Download

Paper Nr:	61
Title:	Enhancing Hydroponic Farming Productivity Through IoT-Based Multi-Sensor Monitoring System
Authors:	Khadijah F. R., Rahul Thakur and Sudip Roy
Abstract:	Hydroponic farming has gained prominence in modern agriculture owing to its inherent advantages in resource efficiency and crop yield. This research explores the integration of Internet of Things (IoT) technologies to further optimize hydroponic systems by monitoring and controlling crucial solution and environmental parameters. A novel IoT-based hydroponic monitoring system has been developed, featuring a comprehensive array of sensors including solution’s temperature, acidity (pH), total dissolved solids (TDS) and electrical conductivity (EC), ambient temperature and humidity, and light intensity. This system leverages both WiFi and LoRaWAN technologies to enhance connectivity, ensuring reliable communication over extended ranges. This integration of communication protocols facilitates seamless data transmission and real-time control of hydroponic conditions. The proposed IoT-based system aims to provide growers with a comprehensive and user-friendly platform to monitor and adjust key parameters critical for plant growth, thereby maximizing the productivity and yield in hydroponic farming. The results of this study contribute valuable insights into the potential of IoT technologies to revolutionize precision agriculture and sustainable food production.
Download

Area 3 - Internet of Things (IoT) Fundamentals

Full Papers

Paper Nr:	15
Title:	Automation of Smart Homes with Multiple Rule Sources
Authors:	Hoffner Yigal, Kaufman Eran, Avidan Amir, Elad Yovel and Fogel Harel
Abstract:	Using rules for home automation presents several challenges, especially when considering multiple stakeholders in addition to residents, such as homeowners, local authorities, energy suppliers, and system providers, who will wish to contribute rules to safeguard their interests. Managing rules from various sources requires a structured procedure, a relevant policy, and a designated authority to ensure authorized and correct contributions and address potential conflicts. In addition, the smart home rule language needs to express conditions and decisions at a high level of abstraction without specifying implementation details such as interfaces, access protocols, and room layout. Decoupling high-level decisions from these details supports the transferability and adaptability of rules to similar homes. This separation also has important implications for structuring the smart home system and the security architecture. Our proposed approach and system implementation introduce a rule management process, a rule administrator, and a domain-specific rule language to address these challenges. In addition, the system provides a learning process that observes residents, detects behavior patterns, and derives rules, which are then presented as recommendations to the system.
Download

Paper Nr:	54
Title:	Privacy Sensitive Building Monitoring Through Generative Sensors
Authors:	Angan Mitra, Denis Trystram and Christopher Cerin
Abstract:	A building equipped with sensors collects heterogeneous data, distributed naturally across zones. The lack of spatiotemporal awareness can lead to excessive sensors or non-optimal distribution across a building. We introduce a novel approach to reduce the friction between high smartness cost and ecological sustainability by proposing virtual sensors as an artifact to estimate the environmental benefit for the planet of doing the ”same with less.” The key idea behind the contribution is to inject data from virtual sensors to determine if an actual sensor can be replaced, followed by a sub-grouping of sensors. As a first contribution, our work exploits the concept of ”less is more” to bring down the capital investment (CAPEX) and recurring expense (OPEX) of the smart-building solutions. This fact opens the door to new research for an eco-responsible deployment of sensors by revisiting the current approach of blind systematic deployment of sensors. We aim to deploy the necessary amount (according to actual, simulated, or virtual uses) and not every room with all possible sensors. As a second contribution, our experiments show a trade-off between virtualization accuracy and active monitoring. Additionally, we validate our insights with 40-60% savings on sensor reduction for a 7-storied Thailand building.
Download

Short Papers

Paper Nr:	53
Title:	Comparing On-Premise IoT Platforms: Empowering University of Things Ecosystems with Effective Device Management
Authors:	Mevludin Blazevic and Dennis M. Riehle
Abstract:	This paper presents a comparative evaluation of on-premise Internet of Things (IoT) platforms utilizing the Utility Analysis (UA) method within a university campus environment. The market analysis and evaluation are conducted systematically using a scoring procedure, guided by expert interviews to identify functional and non-functional requirements for the IoT device management in the University of Things (UoT) setup. After a market exploration considering the exclusion criteria, ”no on-premise installation” and ”no license-free cost models”, five IoT platforms are assessed against predefined evaluation criteria derived from these requirements. Among the evaluated platforms, the Long-Range Wide Area Network (LoRaWAN) Network Server ChirpStack is the most suitable software solution, demonstrating superior utility value. Chirpstack may be integrated into the university’s own Infrastructure as a Service (IaaS) cloud infrastructure, enhancing data privacy, security, and application control. The primary objective of this study is to identify an optimal IoT platform capable of meeting stakeholder requirements for the exploration of available solutions. Recognizing the critical role of the IoT platform within the Smart Campus/UoT ecosystem, this research contributes to the enhancement of a Smart Campus infrastructure by facilitating efficient IoT sensor and gateway management.
Download

Paper Nr:	31
Title:	Towards a Write once Run Anywhere Approach in End-User IoT Development
Authors:	Ekene Attoh and Beat Signer
Abstract:	With the rise of popular task automation or IoT platforms such as If This Then That (IFTTT), users can define rules to enable interactions between smart devices in their environment and thereby improve their daily lives. However, the rules authored via these platforms are usually tied to the platforms and sometimes even to specific devices for which they have been defined. Therefore, when a user wishes to move to a different environment controlled by a different platform and/or devices, they need to recreate their rules for the new environment. The rise in the number of smart devices further adds to the complexity of rule authoring since users will have to navigate an ever-changing landscape of IoT devices. In order to address this problem, we need human-computer interaction that works across the boundaries of specific IoT platforms and devices. A step towards this human-computer interaction across platforms and devices is the introduction of a high-level semantic model for end-user IoT development, enabling users to create rules at a higher level of abstraction. However, many users who are used to the rule representation in their favourite tool might be unwilling to learn and adapt to a new representation. We present a method for translating proprietary rules to a high-level semantic model by using natural language processing techniques. Our translation enables users to work with their familiar rule representation language and tool, but then apply their rules across different IoT platforms and devices.
Download

Area 4 - IoT Technologies

Full Papers

Paper Nr:	18
Title:	Advancements in Household Data Mining: Fine-Tuning of Usage Pattern Inference Pipeline
Authors:	Ramona Tolas, Raluca Portase and Rodica Potolea
Abstract:	In the era of rapidly expanding smart household devices, a surge in data generation within domestic environments has occurred. This paper focuses on optimizing knowledge inference methods from this rich household-generated data, building upon our earlier work for uncovering intricate usage patterns. This work addresses non-functional requirements, emphasizing data processing efficiency by introducing innovative techniques for dimensionality reduction. Another contribution of this research is the formalization of a synthetic data generation process, crucial for comprehensive testing and data privacy compliance. Overall, this work advances household data mining by refining usage pattern inference pipeline, enhancing performance, and providing a framework for synthetic data generation.
Download

Short Papers

Paper Nr:	56
Title:	Emergency Corridor Building on Multi-Lane Motorways with Autonomous Model Cars
Authors:	Jurij Kuzmic, Günter Rudolph and Fabian Ostermann
Abstract:	This paper introduces an algorithm for forming an emergency corridor on motorways with autonomous vehicles. This algorithm can be used in slow-moving traffic and in standing traffic scenarios. In addition, several autonomous model vehicles were assembled for the experiments in this work in order to test this algorithm in real-world use. Furthermore, a model motorway was constructed that resembles a real three-lane motorway. The Filtered Canny Edge Detector algorithm, also previously published by us, is used to recognise the lanes of the motorway from camera images. Also, in this work, this lane detector is further extended and improved for use with model vehicles in the real environment. Our experiments also show successful emergency lane formations for four different events. Finally, possible future work in this area is presented.
Download

Paper Nr:	28
Title:	Tile Quality Detection Device: Internet of Things (IoT) Demonstration Prototype
Authors:	Bernhard Heiden, Danijel Pačnik, Jessica Pregl, Maximilian Müller, Simone Leitner, Volodymyr Alieksieiev and Bianca Tonino-Heiden
Abstract:	In this paper we present the development of a quality tile detection device for the Internet of Things (IoT) demonstration in a prototype for educational purposes. For this an Arduino UNO microcontroller is used, and the prototype is chosen after an initial design process, together with suitable tile parts, that imitate possible real tiles in a production line in the downscaled prototype. The Artificial Intelligence (AI) task of pattern detection is performed by a Matlab script. Finally, the Arduino, that controls the conveyor belt and the switch of the tile quality detection device is linked to the Matlab Script, that controls the picture detection and AI-script evaluation on the PC and its backcoupling to the Arduino, yielding a semi-automatic tile quality checking procedure with a human in the loop.
Download

Area 5 - Security, Privacy and Trust

Full Papers

Paper Nr:	11
Title:	A Systematic Mapping Study in Security Software Testing for Mobile Devices
Authors:	Felipe Faustino, Jéssyka Vilela, Carla Silva and Mariana Peixoto
Abstract:	Context: Due to mobile devices’ popularity, they contain more valuable information. Problem: these devices face many security issues and challenges since smartphones are interesting for security attacks once they contain private and sensitive data. Objective: the aim of this paper is to investigate security testing techniques for mobile devices. Method: a Systematic Mapping Study (SMS) was conducted to identify solutions focused on software security testing for mobile devices. Results: 1264 primary papers were identified, and 17 relevant papers were selected. We found mobile security testing tends to be mostly: dynamic; automated testing; penetration testing; dynamic analysis. Conclusions: dynamic testing represents 58.82% of security testing, followed by static testing, 29.41%, and studies that present both of them 11.76%. It’s important to highlight that automated and semi-automated testing represent 88.23% of the studies and only 11.76% used manual testing.
Download

Paper Nr:	13
Title:	IoTective: Automated Penetration Testing for Smart Home Environments
Authors:	Kevin Nordnes, Jia-Chun Lin, Ming-Chang Lee and Victor Chang
Abstract:	As the prevalence of Internet of things (IoT) continues to increase, there is a corresponding escalation in security concerns. Given that many IoT devices lack robust security features, the need for specialized security testing tools has become evident. In this paper, we introduce an open-source automated penetration testing tool named IoTective for smart home environments in response to the increasing security concerns surrounding IoT devices. IoTective aims to discover devices in Wi-Fi, Bluetooth, and Zigbee networks, identify vulnerabilities, and gather valuable information for further analysis. IoTective streamlines the initial stages of reconnaissance, planning, and scanning, which provides a good support for a variety of devices and protocols common used in smart home environments. With a focus on ease of use and flexibility, the tool provides an intuitive user interface and customizable scanning capabilities. We evaluated the effectiveness of IoTective and explored the impact on overall security posture. Ethical considerations for automated penetration testing are also discussed.
Download

Paper Nr:	35
Title:	Interoperable Access and Usage Control of Self-Sovereign Digital Twins Using ODRL and I4.0 Language
Authors:	Jiahang Chen, Lennart Schinke, Xuebilian Gong, Martin Hoppen and Jürgen Roßmann
Abstract:	The trend in digital transformation catalyzes an increasing amount of Digital Twins (DTs) being interconnected to share data and services. In this context, secured interconnections of DTs are a key foundation for establishing a trustworthy environment, which necessitates fundamental technologies and concepts regarding access control. Considering the layer of usage restrictions of data and services, traditional access control can be extended to usage control. Here, diverse policy models utilized to formalize access and usage control result in a lack of interoperability, especially in a decentralized Internet of Things (IoT). To address this issue, we propose in this paper a concept that applies Open Digital Rights Language (ODRL) to describe access and usage control policies in an interoperable way. Besides, we define a message-based communication protocol based on Industry 4.0 (I4.0) language to flexibly enable interoperable interactions with policy engines. The proposed concept is then integrated in an access and usage control management system and demonstrated in a proof-of-concept manner. Here it is also shown why the proposed concept forms a basis for the implementation of self-sovereign Digital Twins (SSDTs).
Download

Paper Nr:	48
Title:	Ransomware Reconnaissance: Interrogating Certificates Towards Proactive Threat Mitigation
Authors:	Steph Rudd
Abstract:	“Got Root?” Presented herewith is an innovative approach to ransomware defence by interrogating the security certificate chain pertaining to modern website security. It is a proactive strategy to scrutinise the online resources prior to download for assessment of likelihood that ransomware may be present as a result of inconsistencies between the URL and its security certificate. OpenSSL is employed for interrogating certificate attributes, including characteristics such as domain mismatch and revocation status, through the systematic approach of certificate retrieval, parsing and validation. Whilst not a ‘silver bullet solution’ to the wider realm of ransomware attacks, this study presents a nuanced approach to suspicion detected under certificate-related vulnerabilities at a preemptive and reconnaissance stage of hazard - a necessary basis for any subsequent cyber security investigation.
Download

Short Papers

Paper Nr:	24
Title:	Hybrid Statistical Modeling for Anomaly Detection in Multi-Key Stores Based on Access Patterns
Authors:	Tiberiu Boros and Marius Barbulescu
Abstract:	Anomaly detection in datasets with massive amounts of sparse data is not a trivial task, given that working with high intake data in real-time requires careful design of the algorithms and data structures. We present a hybrid statistical modeling strategy which combines an effective data structure with a neural network for Gaussian Process Modeling. The network is trained in a residual learning fashion, which enables learning with less parameters and in fewer steps.
Download

Paper Nr:	32
Title:	A Framework Addressing Challenges in Cybersecurity Testing of IoT Ecosystems and Components
Authors:	Steve Taylor, Martin Jaatun, Alan Mc Gibney, Robert Seidl, Pavlo Hrynchenko, Dmytro Prosvirin and Rosella Mancilla
Abstract:	This paper describes challenges within IoT ecosystems from the perspective of cybersecurity testing along with a proposed approach to address them that will be investigated in a recently started Horizon Europe project named TELEMETRY. The key observations regarding the design of the framework are summarised as follows. There is a need to consider the full lifecycle of IoT components – at their design time, their integration into systems, and operation of those systems. Threats and risks can propagate when components are connected together in systems - vulnerabilities in one component can affect other components in a system. IoT devices present limitations to current testing and management due to geographical distribution, opacity and limited processing power. Risk assessment fulfils an important requirement because it enables assessment of what elements are important to the system’s stakeholders, how these elements may be compromised, and how the compromises may be controlled. Feedback from operational monitoring of IoT devices can inform firmware updates / patches to the devices but there is a significant challenge in rolling out these patches to multiple low-power devices geographically distributed.
Download

Paper Nr:	42
Title:	Secure Decentralized Carpooling Application Using Blockchain and Zero Knowledge Proof
Authors:	Saksham Goel, Sarvesh V. Sawant and Bhawana Rudra
Abstract:	Blockchain extends its reach far beyond cryptocurrencies such as Bitcoin, encompassing a broader spectrum of applications. It acts as a transparent, distributed, and unchangeable ledger where every participant in the network possesses a copy of the blockchain. This decentralized system secures all data and transactions through encryption, ensuring reliability. The key components of blockchain-based applications include Smart Contracts, which house the application’s logic and operate on the blockchain. In traditional carpooling systems, centralized authorities like Uber or Ola control the entire process, collecting and managing data from both drivers and riders. However, by leveraging blockchain and smart contracts, a more secure and private carpooling system can be established, allowing riders and drivers to connect directly without intermediaries. Blockchain applications encounter challenges, primarily related to scalability and privacy. Every node in the system processing transactions limits scalability. Moreover, the practice of publishing all data at each node for processing raises privacy concerns. To tackle these issues, an approach using non-interactive proofs for off-chain computations can enhance efficiency. This approach verifies correctness without exposing private data, thus improving privacy. ZoKrates, a toolbox, simplifies this process by providing a domain-specific language (DSL), compiler, and generators for proofs and verification of Smart Contracts, streamlining complex zero-knowledge proof tasks and promoting their adoption.
Download

Paper Nr:	43
Title:	An Intrusion Detection Architecture Based on the Energy Consumption of Sensors Against Energy Depletion Attacks in LoRaWAN
Authors:	André Proto, Charles C. Miers and Tereza B. Carvalho
Abstract:	LoRaWAN emerges as a promising technology for deploying low-power sensors to tackle industrial and urban challenges. However, Energy Depletion Attacks (EDAs) presents a substantial threat to sensors operating within the LoRaWAN framework. Various attacks, including jamming, replay attacks, firmware manipulation, and application vulnerabilities in Internet of Things systems, have the potential to induce energy depletion. Some of them are regarded as silent attacks, characterized by the absence or minimal occurrence of network traffic, rendering their detection challenging. In response to this challenge, our research introduces an architecture designed to detect EDAs in LoRaWAN sensors. We propose an implementation of a lightweight and energy-efficient intrusion detection system developed for resource-constrained devices. Our solution applies distance metrics to detect anomaly behaviours in the energy consumption patterns of sensors. In order to assess the viability of our proposed methodology, we employ the F1 score as an evaluative metric that demonstrates the efficiency of its intrusion detection accuracy of EDAs. Thus, our proposal diverges from the traditional approaches relying on network traffic analysis for intrusion detection, opting instead for a focus on the analysis of energy consumption data.
Download

Paper Nr:	50
Title:	Decentralized Ransomware Recovery Network: Enhancing Resilience and Security Through Secret Sharing Schemes
Authors:	Sijjad Ali, Jia Wang, Victor M. Leung and Asad Ali
Abstract:	Ransomware attacks present multiple threats to individuals such as businesses and organizations, causing data loss, financial stress, and operational interruptions. Traditional measures to mitigate ransomware threats usually include backups and secure applications. However, these countermeasures may not protect against sophisticated attacks. The purpose of this article is to explore a decentralized approach for recovering from multiple ransomware attacks. A decentralized secure approach is employed by the decentralized ransomware recovery network (DRRN) as a platform for sharing data privacy. Backup and restoration of encryption keys on shared domains are performed in the event of a ransomware attack. By paying for ransomware, users can encrypt their files. Additionally, the technical design of the DRRN and its management, as well as ransomware attacks are explored in our studies. A hybrid approach is utilized to evaluate its effectiveness and implications for cybersecurity and data protection. Finally, we assert that our proposed scheme is more secure and effective in the DRRN environment.
Download

Paper Nr:	59
Title:	Low-Performance Embedded Internet of Things Devices and the Need for Hardware-Accelerated Post-Quantum Cryptography
Authors:	Philipp Grassl, Matthias Hudler and Manuel Koschuch
Abstract:	Quantum computers pose a serious threat to currently widely deployed cryptographic protocols and to data security. New cryptographic algorithms have been developed with the aim to be resistant to attacks by both conventional and quantum computers. While these have been designed to perform well on modern computer hardware, the performance on embedded devices like e.g. used in the Internet Of Things may limit their practical usability. In this position paper, we provide a thorough performance review of the post-quantum algorithms currently evaluated by the National Institute of Standards and Technology on different Raspberry Pi generations, advocating the need for development of post-quantum cryptography application-specific integrated circuits to off-load calculations and improve performance.
Download

Paper Nr:	62
Title:	Overcoming the Complexity of Quality Assurance for Big Data Systems: An Examination of Testing Methods
Authors:	Christian Daase, Daniel Staegemann and Klaus Turowski
Abstract:	As the complexity and diversity of big data systems reaches a new level, testing the solutions developed is becoming increasingly difficult. In this study, a systematic literature review is conducted on the role of testing and related quality assurance techniques in current big data systems in terms of applied strategies and design guidelines. After briefly introducing the necessary knowledge about big data in general, the methodology is explained in a detailed and reproducible manner, including the reasoned division of the main question into two concise research questions. The results show that methods such as individual experiments, standardized benchmarking, case studies and preparatory surveys are among the preferred approaches, but also have some drawbacks that need to be considered. In conclusion, testing alone may not guarantee a perfectly operating system, but can serve to minimize malfunctions to a limited number of special cases by revealing its principal weaknesses.
Download

Paper Nr:	10
Title:	A Systematic Mapping Study on Techniques for Generating Test Cases from Requirements
Authors:	Alessandro Rodrigues, Jéssyka Vilela and Carla Silva
Abstract:	Context: Software testing can be costly for organizations. Techniques and tools that deal with the automatic generation of test cases provide a way to reduce the efforts employed and the time-to-market, in addition to increasing the quality of the software. Objective: This work aims to investigate the literature regarding techniques used to generate test cases from requirements automatically. Method: We performed a Systematic Mapping Study (SMS) using the Snowballing technique to investigate these techniques, the information presented in the test plan/case, the languages used to specify the requirements, and finally, the steps proposed by the techniques. Results: techniques such as Model-based testing (MBT) and Natural Language Processing (NLP) are the most used, mainly based on requirements specified through Natural Language that can be structured or not, as well as UML (Unified Modeling Language) diagrams. We also extracted and presented a series of languages and tools developed, and some are under development that perform this generation.
Download

Paper Nr:	45
Title:	XA4AS: Adaptive Security for Multi-Stage Attacks
Authors:	Elias Seid, Oliver Popov and Fredrik Blix
Abstract:	Identifying potential system threats that define security requirements is vital to designing secure cyber systems. Furthermore, the high frequency of attacks poses an enormous obstacle in analysing cyber-physical systems (CPS). The paper argues for the idea that any security solution for cyber-physical systems (CPS) should be adaptive and tailored to the specific types of threats and their frequency. Specifically, the solution should consistently monitor its surroundings in order to protect itself from a cyber-attack by adjusting its defensive measures. Understanding cyberattacks and their potential consequences on both internal and external assets in cyberspace is essential for preserving cyber security. The importance appears in the work of the Swedish Civil Contingencies Agency (MSB), which collects IT incident reports from vital service providers required by the NIS directive of the European Union and Swedish government agencies. The proposed solution is the Adaptive security framework, which aims to simplify the development of analytical models for implementing model predictive control and adaptive security solutions in the field of CPS. This study analyses security attacks and corresponding security measures for Swedish government agencies and organisations under the European Union’s NIS mandate. A thorough analysis of adaptive security was conducted on 254 security incident reports provided by vital service providers. As a result, an overall total of five security measures were identified.
Download