/ sec.edu.au

SECedu awards its first honours scholarship

SECedu is proud to announce Adam Smallhorn as the recipient of the first of our Honours scholarships.

Adam will be working on a project that aims to empower users to control access to the data collected by Internet-of-Things devices installed in their homes.

Read on (below) for more on the project.

SECedu aims to develop both the next generation of Australia's cyber security professionals, but also to develop a pipeline of great teachers.

Adam is as passionate about teaching the community about security as he is about his research. Adam has, for example,

  • Served as a tutor for the Security Engineering course at UNSW in the first half of 2017;
  • Presented at an Atlassian-Sponsored Cyber Security bootcamp for NGO in July 2017;
  • Worked as a freelance technical consultant for small businesses;
  • Stood as president of Young Scientists of Australia - a non-profit science organisation - for two years;
  • Volunteered at the Rotary Youth Leadership Awards, a 7-day leadership program.

Adam's thesis

Adam intends to build a prototype smart home hub that protects personal data collected by Internet of Things devices in the home, based on designs by Ali Dorri and Salil Kanhere. The smart home hub will connect to a global network architecture built for accessing IOT data securely and in a way that respects a users desire to control who has access to their data and devices.

"Technology is currently outpacing our ability to secure it," Adam says. "The lack of security of the 'internet of things' has potentially devastating effects for the users of these technologies and for other internet users.

“The research is looking at ways to secure the myriad of smart-home internet of things devices that we’re plugging into our homes, but in a way that protects users' data as well," he said.

At the heart of the network is a free, open and interoperable standard that is not under the control of a single company. The project proposes to achieve this by leveraging distributed public ledger technology to ensure that access control and and requests are routed through a distributed network and immutably recorded. This single hub can control ad administer web access for dozens of less secure IOT devices, which both dramatically reduces the user's attack surface while also protecting the internet at large against the increase in attacks due to botnets comprised of insecure IOT devices.

The prototype - and the thinking that supports it - could equally apply to any use case where sensitive personal data is collected that is of interest to third parties.

Modern cars, for example, are often a collaboration between manufacturers and third party producers of sub-components systems - airbags, keyless entry and infotainment systems etc. Data is an extremely valuable asset for all of these organisations as they seek to advance their products. In modern cars, an airbag manufacturer may wish to check safety maintenance data; infotainment systems engineers may wish to check usage stats; end users may grant access to analytics companies for driving insights or even insurance companies to obtain discounts on premiums. The study will argue that from a security perspective, the complexity of dozens of heterogeneous and constant connections to a car is less ideal than a centralised point of data collection interfaced via an open and interoperable standard that gives the end user total control over access to data.

Other use cases may exist where a person is hesitant to relinquish control of the data, but the validity of the data is relied upon by third parties. In digital medical records, there is clear benefit to digitisation of files, however there are serious privacy concerns around ensuring appropriate authorisation, as well as basic information security concerns related to security and data breaches. Under a similar model to what is proposed, patients could personally retain their medical record history and still provide access to medical professionals as needed, without any concerns of tampering from the medical industry; since integrity of the data can be verified by the data fingerprints stored in the distributed blockchain.

"The world’s most valuable resource is no longer oil, but data," Adam says. "As providers of digital services collect more and more user data, the privacy concerns of the individual will become increasingly at odds with the financial interests of service providers."

The study assumes that users will more likely embrace these technological advances if they feel they have a degree of control in how their data is being used, and who can have access to it.