To Örebro University

Virtual reality (VR) is a multibillionaire market that keeps growing, year after year. As VR is becoming prevalent in households and small businesses, it is critical to address the effects that this technology might have on the privacy and security of its users. In this paper, we explore the state-of-the-art in VR privacy and security, we categorise potential issues and threats, and we analyse causes and effects of the identified threats. Besides, we focus on the research previously conducted in the field of authentication in VR, as it stands as the most investigated area in the topic. We also provide an overview of other interesting uses of VR in the field of cybersecurity, such as the use of VR to teach cybersecurity or evaluate the usability of security solutions.

One of the innovations brought by Mirai and its derived malware is the adoption of self-contained loaders for infecting IoT devices and recruiting them in botnets. Functionally decoupled from other botnet components and not embedded in the payload, loaders cannot be analysed using conventional approaches that rely on honeypots for capturing samples. Different approaches are necessary for studying the loaders evolution and defining a genealogy. To address the insufficient knowledge about loaders' lineage in existing studies, in this paper, we propose a semantic-aware method to measure, categorize, and compare different loader servers, with the goal of highlighting their evolution, independent from the payload evolution. Leveraging behavior-based metrics, we cluster the discovered loaders and define eight families to determine the genealogy and draw a homology map. Our study shows that the source code of Mirai is evolving and spawning new botnets with new capabilities, both on the client side and the server side. In turn, shedding light on the infection loaders can help the cybersecurity community to improve detection and prevention tools.

Smart homes of the future will have to deal with multi-occupancy scenarios. Multi-occupancy systems entail a preliminary and critical feature: the capability of counting people. This can be fulfilled by means of simple binary sensors, cheaper and more privacy preserving than other sensors, such as cameras. However, it is currently unclear how many people can be counted in a smart home, given the set of available sensors. In this paper, we propose a graph-based technique that allows to map a smart home to an undirected graph G and discover the lower-bound of certainly countable people, also defined as certain count. We prove that every independent set of n vertices of an undirected graph G represents a minimum count of n people. We also prove that the maximum number of certainly countable people corresponds to the maximum independent sets of G, and that the maximal independent sets of G provide every combination of active sensors that ensure different minimum count. Last, we show how to use this technique to identify and optimise suboptimal deployment of sensors, so that the assumptions can be tightened and the theoretical lower-bound improved.

Remote teleoperation using a Virtual Reality (VR) allows users to experience better degrees of immersion and embodiment. Equipped with a variety of sensors, VR headsets have the potential to offer automatic adaptation to users' personal preferences and modes of operation. However, to achieve this goal VR users must be uniquely identifiable. In this paper, we investigate the possibility of identifying VR users teleoperating a simulated robotic arm, by their forms of interaction with the VR environment. In particular, in addition to standard head and eye data, our framework uses hand tracking data provided by a Leap Motion hand-tracking sensor. Our first set of experiments shows that it is possible to identify users with an accuracy close to 100% by aggregating the sessions data and training/testing with a 70/30 split approach. Last, our second set of experiments show that, even by training and testing on separated sessions, it is still possible to identify users with a satisfactory accuracy of 89,23%.

Data storage is one of the main computing issues of this century. Not only storage devices are converging to strict physical limits, but also the amount of data generated by users is growing at an unbelievable rate. To face these challenges, data centres grew constantly over the past decades. However, this growth comes with a price, particularly from the environmental point of view. Among various promising media, DNA is one of the most fascinating candidate. In our previous work, we have proposed an automated archival architecture which uses bioengineered bacteria to store and retrieve data, previously encoded into DNA. The similarities between biological media and classical ones can be a drawback, as malicious parties might replicate traditional attacks on the former archival system, using biological instruments and techniques. In this paper, first we analyse the main characteristics of our storage system and the different types of attacks that could be executed on it. Then, aiming at identifying on-going attacks, we propose and evaluate detection techniques, which rely on traditional metrics and machine learning algorithms. We identify and adapt two suitable metrics for this purpose, namely generalized entropy and information distance.

IoT devices permeate our society, collect personal data, and support critical infrastructures such as the healthcare. Therefore, there is a critical need for authentication and authorization schemes for IoT devices to meet privacy requirements, such as mutual authentication and user anonymity, as well as robustness against security attacks. In this paper, we propose a device authentication and key agreement scheme for IoT networks. Our proposal takes as a model the scheme proposed by Rezai et al., and combines it with a physical layer security technique and a hyper-elliptic curve cryptosystem. Our results show that not only our authentication scheme provides anonymity, mutual authentication, and efficiency, but it also provides resilience to various attacks, including man-in-the-middle, replay, and de-synchronization attacks. Our comparison shows that our scheme performs better than the state-of-the-art in terms of security properties, while adding a small overhead of ≈ 10(ms).

Smart home technologies can enable older adults, including those with dementia, to live more independently in their homes for a longer time. Activity recognition, in combination with anomaly detection, has shown the potential to recognise users' daily activities and detect deviations. However, activity recognition and anomaly detection are not sufficient, as they lack the capacity to capture the progression of patients' habits across the different stages of dementia. To achieve this, smart homes should be enabled to recognise patients' habits and changes in habits, including the loss of some habits. In this study, we first present an overview of the stages that characterise dementia, alongside real-world personas that depict users' behaviours at each stage. Then, we survey the state of the art on activity recognition in smart homes for older adults with dementia, including the literature that combines activity recognition and anomaly detection. We categorise the literature based on goals, stages of dementia, and targeted users. Finally, we justify the necessity for habit recognition in smart homes for older adults with dementia, and we discuss the research challenges related to its implementation.

The Internet of Things (IoT) revolutionised the way devices, and human beings, cooperate and interact. The interconnectivity and mobility brought by IoT devices led to extremely variable networks, as well as unpredictable information flows. In turn, security proved to be a serious issue for the IoT, far more serious than it has been in the past for other technologies. We claim that IoT devices need detailed descriptions of their behaviour to achieve secure default configurations, sufficient security configurability, and self-configurability. In this article, we propose S×C4IoT, a framework that addresses these issues by combining two paradigms: Security by Contract (S×C) and Fog computing. First, we summarise the necessary background such as the basic S×C definitions. Then, we describe how devices interact within S×C4IoT and how our framework manages the dynamic evolution that naturally result from IoT devices life-cycles. Furthermore, we show that S×C4IoT can allow legacy S×C-noncompliant devices to participate with an S×C network, we illustrate two different integration approaches, and we show how they fit into S×C4IoT. Last, we implement the framework as a proof-of-concept. We show the feasibility of S×C4IoT and we run different experiments to evaluate its impact in terms of communication and storage space overhead.

Since the birth of computer and networks, fuelled by pervasive computing, Internet of Things and ubiquitous connectivity, the amount of data stored and transmitted has exponentially grown through the years. Due to this demand, new storage solutions are needed. One promising media is the DNA as it provides numerous advantages, which includes the ability to store dense information while achieving long-term reliability. However, the question as to how the data can be retrieved from a DNA-based archive, still remains. In this paper, we aim to address this question by proposing a new storage solution that relies on bacterial nanonetworks properties. Our solution allows digitally-encoded DNA to be stored into motility-restricted bacteria, which compose an archival architecture of clusters, and to be later retrieved by engineered motile bacteria, whenever reading operations are needed. We conducted extensive simulations, in order to determine the reliability of data retrieval from motility-restricted storage clusters, placed spatially at different locations. Aiming to assess the feasibility of our solution, we have also conducted wet lab experiments that show how bacteria nanonetworks can effectively retrieve a simple message, such as "Hello World", by conjugation with motility-restricted bacteria, and finally mobilize towards a target point for delivery.

An increasing interest is growing around the idea of microservices and the promise of improving scalability when compared to monolithic systems. Several companies are evaluating pros and cons of a complex migration. In particular, financial institutions are positioned in a difficult situation due to the economic climate and the appearance of agile competitors that can navigate in a more flexible legal framework and started their business since day one with more agile architectures and without being bounded to outdated technological standard. In this paper, we present a real world case study in order to demonstrate how scalability is positively affected by re-implementing a monolithic architecture (MA) into a microservices architecture (MSA). The case study is based on the FX Core system, a mission critical system of Danske Bank, the largest bank in Denmark and one of the leading financial institutions in Northern Europe. The technical problem that has been addressed and solved in this paper is the identification of a repeatable migration process that can be used to convert a real world Monolithic architecture into a Microservices architecture in the specific setting of financial domain, typically characterized by legacy systems and batch-based processing on heterogeneous data sources.