Dr.-Ing. Mikhail Fomichev

IoT Security and Privacy

Contact Information

Offered Theses Topics

No results match your search criteria.

  2022 Completed

Collecting a Real-World Dataset of Private Patterns for Stream Processing Systems

Supervisor: Mikhail Fomichev

The Internet of Things (IoT) shows a clear shift towards analyzing streaming data (collected by IoT devices) using so-called stream processing systems (SPSs) that infer knowledge from these data in (near) real-time. Such SPSs work on the notion of events detected from sensor data, e.g., a user is standing, jogging, or eating. The SPSs raise serious privacy concerns, as they not only ignore user privacy but also pose new threats to it. For example, a sequence of seemingly nonsensitive events, like "swallow" --> "drink" --> "lay down", can reveal a sensitive private pattern of taking medicine. A few privacy-preserving mechanisms (PPMs) exist to address the private patterns' threat, but they need to be validated on realistic datasets containing a number of private patterns that are captured by various sensor data, e.g., IMU, ECG/EMG, and heart rate. To date such datasets do not exist. Hence, collecting one would the main goal of this thesis, which will be a big step towards validating existing and designing new PPMs that tackle the threat of private patterns in SPSs. The precise topic addressing the above research goal would be tailored depending on your skillset. However, a hands-on experience with data collection using smart devices (phones, watches, IoT sensors) and/or user studies is a strong plus. [1, 2] are exemplary data collection studies, which can serve as an inspiration for this work. [1] FallAllD: An Open Dataset of Human Falls and Activities of Daily Living for Classical and Deep Learning Applications [2] Case Studies Using Shimmer Sensors

  2022 Completed

Hiding User Private Attributes Using Machine Learning

Supervisor: Mikhail Fomichev

The ubiquity of IoT sensors enables customized user services such as smart health or smart home. Recently, the advances in machine learning have been exploited to discover private user attributes (e.g., gender, age) from sensor data collected for different purposes such as activity recognition, violating user’s privacy. Two recent works [1, 2] utilize state-of-the-art machine learning techniques to suppress private user attributes in sensor data while maintaining the utility of the target application (e.g., target activity recognition remains accurate). In this thesis, we will critically evaluate the above proposals, with respect to their security (can other private attributes be learned on these data), generalizability (would they still work on a slightly different sensor data?), and deployability (can such approaches run on edge devices?). The precise topic addressing the above research goal would be tailored depending on your skillset. However, a solid background in machine learning and data mining is required in addition to a thorough understanding of privacy issues stemming from sensor data (also known as inference attacks). [1] Protecting Sensory Data against Sensitive Inferences [2] Preventing Sensitive Information Leakage from Mobile Sensor Signals via Integrative Transformation

  2022 Completed

Discovering Oversensing Privacy Issues in Smart IoT Environments

Supervisor: Mikhail Fomichev

The proliferation of the IoT makes numerous smart devices equipped with rich sensing capabilities part of our everyday life. These sensors enable customized services by measuring a user’s ambient environment such as a fitness tracker recording daily activities (e.g., jogging), allowing users who exercise a lot to get an insurance discount. However, the ubiquity of sensing raises the problem of oversensing [1], namely inferring user’s sensitive attributes or behaviors (e.g., health conditions, political orientation) from the sensor data that was collected for benign purposes. In this thesis, we will explore the landscape of oversensing, focusing on the following problem: how to discover the oversensing issues in various sensor data in a scalable (i.e., automated) way? The precise topic addressing the above research goal would be tailored depending on your skillset. However, a solid background in machine learning and data mining is required in addition to a thorough understanding of privacy issues stemming from sensor data (also known as inference attacks). [1] How to Curtail Oversensing in the Home

  2020 Completed

Speeding up and hardening zero-interaction pairing by utilizing off-the-shelf IoT actuators

Supervisor: Mikhail Fomichev

  2019 Completed

nextoyou - a zero-interactiion co-presence detection scheme based on Channel State Information

Supervisor: Mikhail Fomichev

  2017 Completed

Implementation of a Contextual Framework for Secure Device Pairing Methods on Android

Supervisor: Mikhail Fomichev

Motivation With the proliferation of numerous personal gadgets and smart devices, device pairing has become prominent in introducing security to such a diverse environment. Clearly, the process of secure device pairing is much more ambiguous than previously thought. This stems from the fact that there is no coherent vision of the pairing problem among the research community. To this end, we see that there is a plethora of various pairing protocols that have been proposed many of which are insecure or fail to work in practice. Clearly, there is no single winner in a device pairing race. Goal Correspondingly, one solution to such a problem is to support several pairing methods. However, from a user prospective this may create an additional burden. On top of that, some pairing protocols may be less appropriate security‐wise in certain scenarios. For instance, if a paring method relies on audio but is used in a noisy environment, this creates an additional attack vector or causes reliability issues. Another example are visual paring techniques used in a public place, which can be subject to shoulder surfing. Overall, in this thesis you will research which contextual information that can be gathered by a modern smartphone can augment in secure device pairing. We already have a working Android implementation which performs different methods of device pairing. More specifically, your task is to identify which factors can be potentially hazardous or beneficial for a certain pairing method in a particular scenario. The context that we are going to incorporate includes both the environmental information as well as the user input (feedback, preferences, etc.). Hence, you'll take measurements on the smartphone to rate the environmental information, and perform a small user study (20-30 users) on the device pairing usability.

  2017 Completed

Design, Implementation and Evaluation of a Privacy-preserving Framework for Trust Inference on Android

Supervisor: Mikhail Fomichev

Publications

No results match your search criteria.

  2023  Proceedings of the 17th ACM International Conference on Distributed and Event-Based Systems Conference

No One Size (PPM) Fits All: Towards Privacy in Stream Processing Systems

Mikhail Fomichev Manisha Luthra Maik Benndorf Pratyush Agnihotri

PDF BibTeX DOI: 10.1145/3583678.3596889

Abstract
Stream processing systems (SPSs) have been designed to process data streams in real-time, allowing organizations to analyze and act upon data on-the-fly, as it is generated. However, handling sensitive or personal data in these multilayered SPSs that distribute resources across sensor, fog, and cloud layers raises privacy concerns, as the data may be subject to unauthorized access and attacks that can violate user privacy, hence facing regulations such as the GDPR across the SPS layers. To address these issues, different privacy-preserving mechanisms (PPMs) are proposed to protect user privacy in SPSs. Yet, selecting and applying such PPMs in SPSs is challenging, since they must operate in real-time while tolerating little overhead. The multilayered nature of SPSs complicates privacy protection because each layer may confront different privacy threats, which must be addressed by specific PPMs. To overcome these challenges, we present Prinseps, our comprehensive privacy vision for SPSs. Towards this vision, we (1) identify critical privacy threats on different layers of the multilayered SPS, (2) evaluate the effectiveness of existing PPMs in addressing such threats, and (3) integrate privacy considerations into the decision-making processes of SPSs.

  2022  ACM Transactions on Internet of Things Article

Next2You: Robust Copresence Detection Based on Channel State Information

Mikhail Fomichev Luis F. Abanto-Leon Max Stiegler Alejandro Molina Ramirez Jakob Link Matthias Hollick

PDF BibTeX DOI: 10.1145/3491244

Abstract
Context-based copresence detection schemes are a necessary prerequisite to building secure and usable authentication systems in the Internet of Things (IoT). Such schemes allow one device to verify proximity of another device without user assistance utilizing their physical context (e.g., audio). The state-of-the-art copresence detection schemes suffer from two major limitations: (1) they cannot accurately detect copresence in low-entropy context (e.g., empty room with few events occurring) and insufficiently separated environments (e.g., adjacent rooms), (2) they require devices to have common sensors (e.g., microphones) to capture context, making them impractical on devices with heterogeneous sensors. We address these limitations, proposing Next2You, a novel copresence detection scheme utilizing channel state information (CSI). In particular, we leverage magnitude and phase values from a range of subcarriers specifying a Wi-Fi channel to capture a robust wireless context created when devices communicate. We implement Next2You on off-the-shelf smartphones relying only on ubiquitous Wi-Fi chipsets and evaluate it based on over 95 hours of CSI measurements that we collect in five real-world scenarios. Next2You achieves error rates below 4%, maintaining accurate copresence detection both in low-entropy context and insufficiently separated environments. We also demonstrate the capability of Next2You to work reliably in real-time and its robustness to various attacks.

  2021  19th Annual International Conference on Mobile Systems, Applications, and Services Conference

FastZIP: faster and more secure zero-interaction pairing

Mikhail Fomichev Julia Hesse Lars Almon Timm Lippert Jun Han Matthias Hollick

BibTeX DOI: 10.1145/3458864.3467883

Abstract
With the advent of the Internet of Things (IoT), establishing a secure channel between smart devices becomes crucial. Recent research proposes zero-interaction pairing (ZIP), which enables pairing without user assistance by utilizing devices' physical context (e.g., ambient audio) to obtain a shared secret key. The state-of-the-art ZIP schemes suffer from three limitations: (1) prolonged pairing time (i.e., minutes or hours), (2) vulnerability to brute-force offline attacks on a shared key, and (3) susceptibility to attacks caused by predictable context (e.g., replay attack) because they rely on limited entropy of physical context to protect a shared key. We address these limitations, proposing FastZIP, a novel ZIP scheme that significantly reduces pairing time while preventing offline and predictable context attacks. In particular, we adapt a recently introduced Fuzzy Password-Authenticated Key Exchange (fPAKE) protocol and utilize sensor fusion, maximizing their advantages. We instantiate FastZIP for intra-car device pairing to demonstrate its feasibility and show how the design of FastZIP can be adapted to other ZIP use cases. We implement FastZIP and evaluate it by driving four cars for a total of 800 km. We achieve up to three times shorter pairing time compared to the state-of-the-art ZIP schemes while assuring robust security with adversarial error rates below 0.5%.

  2021  GetMobile: Mobile Computing and Communications Article Postprint

Zero-Interaction Security-Towards Sound Experimental Validation

Mikhail Fomichev Max Maass Matthias Hollick

PDF BibTeX DOI: 10.26083/tuprints-00018518

Abstract
Reproducibility and realistic datasets are crucial for advancing research. Unfortunately, they are often neglected as valid scientific contributions in many young disciplines, with computer science being no exception. In this article, we show the challenges encountered when reproducing the work of others, collecting realistic data in the wild, and ensuring that our own work is reproducible in turn. The presented findings are based on our study investigating the limits of zero-interaction security (ZIS)- a novel concept, leveraging sensor data collected by Internet of Things (IoT) devices to pair or authenticate devices. In particular, we share our experiences in reproducing five state-of-the-art ZIS schemes, collecting a comprehensive dataset of sensor data from the real world, evaluating these schemes on the collected data, and releasing the data, code, and documentation to facilitate reproducibility of our results.

  2021  Technische Universität Darmstadt Darmstadt PhD thesis

Making Zero-interaction Pairing and Authentication Practical in the Internet of Things

Mikhail Fomichev

PDF BibTeX DOI: 10.26083/tuprints-00019768

Abstract
The proliferation of the Internet of Things (IoT) requires establishing and maintaining secure communication between smart devices to ensure user privacy and trustworthiness of IoT systems. Zero-interaction pairing (ZIP) and zero-interaction authentication (ZIA) are recent techniques that allow pairing or authenticating devices without user involvement utilizing devices’ physical context (e.g., ambient audio). Compared to centralized security solutions for the IoT such as public-key infrastructure (PKI) and conventional user-assisted pairing and authentication methods (e.g., entering a password), ZIP and ZIA schemes promise improved user experience, as they do not require users to participate in pairing or authentication procedures, and easy deployment, as they rely on on-board sensors of smart devices. However, we find that proposed ZIP and ZIA schemes are still immature, requiring improvements in three areas: security, usability, and deployability. In this thesis, we advance the domain of ZIP and ZIA in these three areas as follows. First, we analyze state-of-the-art ZIP and ZIA schemes both theoretically and empirically using real-world data that we collect. Our findings reveal that these schemes show reduced security and usability under realistic conditions, and we identify reasons why this reduction occurs. Second, we improve on ZIP, proposing a novel ZIP architecture called FastZIP combining a recently introduced Fuzzy Password-Authenticated Key Exchange (fPAKE) protocol, which has stronger security properties than the cryptographic primitives used by the state-of-the-art ZIP schemes, and sensor fusion, which allows building robust context from multiple sensor modalities, each capturing a distinct physical phenomenon. We demonstrate, collecting real-world data using off-the-shelf devices, that FastZIP has higher security guarantees than state-of-the-art ZIP schemes against brute-force offline and predictable context attacks (e.g., context replay) and significantly shorter pairing time, improving the usability of our scheme. Third, we develop a new copresence detection method named Next2You; copresence detection is a core part of any ZIA scheme. Next2You utilizes channel state information (CSI), which captures a unique wireless context of an environment (e.g., a room), and neural networks. Through our real-world experiments using off-the-shelf smartphones, we demonstrate that Next2You outperforms state-of-the-art copresence detection methods in two ways: (1) it achieves accurate copresence detection in challenging cases of low-entropy context (e.g., empty room with few events occurring) and insufficiently separated environments (e.g., adjacent rooms), thus is more secure and (2) Next2You requires devices to only have ubiquitous Wi-Fi chipsets, without a need for extra sensors (e.g., microphones), improving the deployability of our method. Fourth, we publicly release the collected context data and codebase of the above contributions, enhancing the reproducibility in the domain of ZIP and ZIA.

  2019  GetMobile: Mobile Computing and Communications Article

Zero-Interaction Security - Towards Sound Experimental Validation

Mikhail Fomichev Max Maass Matthias Hollick

PDF BibTeX DOI: 10.1145/3372300.3372304

Abstract
Reproducibility and realistic datasets are crucial for advancing research. Unfortunately, they are often neglected as valid scientific contributions in many young disciplines, with computer science being no exception. In this article, we show the challenges encountered when reproducing the work of others, collecting realistic data in the wild, and ensuring that our own work is reproducible in turn. The presented findings are based on our study investigating the limits of zero-interaction security (ZIS)- a novel concept, leveraging sensor data collected by Internet of Things (IoT) devices to pair or authenticate devices. In particular, we share our experiences in reproducing five state-of-the-art ZIS schemes, collecting a comprehensive dataset of sensor data from the real world, evaluating these schemes on the collected data, and releasing the data, code, and documentation to facilitate reproducibility of our results.

  2019  Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT) Article

Perils of Zero-Interaction Security in the Internet of Things

Mikhail Fomichev Max Maass Lars Almon Alejandro Molina Matthias Hollick

PDF BibTeX DOI: 10.1145/3314397

Abstract
The Internet of Things (IoT) demands authentication systems which can provide both security and usability. Recent research utilizes the rich sensing capabilities of smart devices to build security schemes operating without human interaction, such as zero-interaction pairing (ZIP) and zero-interaction authentication (ZIA). Prior work proposed a number of ZIP and ZIA schemes and reported promising results. However, those schemes were often evaluated under conditions which do not reflect realistic IoT scenarios. In addition, drawing any comparison among the existing schemes is impossible due to the lack of a common public dataset and unavailability of scheme implementations. In this paper, we address these challenges by conducting the first large-scale comparative study of ZIP and ZIA schemes, carried out under realistic conditions. We collect and release the most comprehensive dataset in the domain to date, containing over 4250 hours of audio recordings and 1 billion sensor readings from three different scenarios, and evaluate five state-of-the-art schemes based on these data. Our study reveals that the effectiveness of the existing proposals is highly dependent on the scenario they are used in. In particular, we show that these schemes are subject to error rates between 0.6% and 52.8%.

  2017  IEEE Communications Surveys & Tutorials Article

Survey and Systematization of Secure Device Pairing

Mikhail Fomichev Flor Álvarez Daniel Steinmetzer Paul Gardner-Stephen Matthias Hollick

BibTeX DOI: 10.1109/COMST.2017.2748278

Abstract
Secure Device Pairing (SDP) schemes have been developed to facilitate secure communications among smart devices, both personal mobile devices and Internet of Things (IoT) devices. Comparison and assessment of SDP schemes is troublesome, because each scheme makes different assumptions about out-of-band channels and adversary models, and are driven by their particular use-cases. A conceptual model that facilitates meaningful comparison among SDP schemes is missing. We provide such a model. In this article, we survey and analyze a wide range of SDP schemes that are described in the literature, including a number that have been adopted as standards. A system model and consistent terminology for SDP schemes are built on the foundation of this survey, which are then used to classify existing SDP schemes into a taxonomy that, for the first time, enables their meaningful comparison and analysis. The existing SDP schemes are analyzed using this model, revealing common systemic security weaknesses among the surveyed SDP schemes that should become priority areas for future SDP research, such as improving the integration of privacy requirements into the design of SDP schemes. Our results allow SDP scheme designers to create schemes that are more easily comparable with one another, and to assist the prevention of persisting the weaknesses common to the current generation of SDP schemes.