Privacy and Security Risk Assessment in Interoperable IoT Systems

Background

Current trends promote companies to integrate their IoT systems and build data lakes to de-silo data storage and enable the application of AI on data. Important elements for enabling interoperability are service APIs and semantic modeling of data to automate the understanding of data across systems. 

However, the increasing integration and automatic combination of data enables many new forms of privacy and security attacks, e.g., uncovering identifies of people in temporal-spatial or behavioral IoT data. This makes it very difficult from a security and privacy perspective to make informed decisions on how to integrate and what data to share, store, and use together. 

Purpose

This project’s main idea is to address this problem via software technologies that on top of system models inform developers about privacy and security risks. Thereby, the developers quickly become aware of privacy and security challenges to address and can make informed decisions about relevant privacy and security protection technologies to apply.

Activities

The participating companies develop interoperable solutions with IoT components in the form of building sensors, mobile robots, and drones. 

  • The SMV company Lorentz Technology develops autonomous drone systems with AI-based software for safety and security tasks. 
  • Mobile Industrial Robots develops user-friendly, flexible, and safe mobile robots to help companies increase the efficiency of their operations.
  • The SMV company Vemco Group develops software solutions forsensor-based footfall analytics. To strengthen their security and privacy efforts the companies have a need for better means to continuously be aware of privacy and security risks. 
  • The knowledge institutions SDU and the Alexandra Institute have built up knowledge and competences within automatic risk assessment tools based on semantic technology and meta-attack languages for threat modeling. 

In the project, these tools will be further developed in a feasibility study on cases of the participating companies. Thereby, the project develops new knowledge on how to automate privacy and security risks assessment and disseminating knowledge on these tools. Moreover, specific privacy and security risks within the cases of the participating companies will be identified.

Facts about the project

Partners:

  • SDU
  • Alexandra Institute
  • Lorenz Technology Mobile Inudstrial Robots
  • Vemco Group

The project is funded by DigitalLead