Sonia Solera, Ph.D. in Telematic Systems Engineering

On October 2nd our college Sonia Solera Cotanilla obtained the title of Ph.D. in Telematic System Engineering. The Ph.D. dissertation was titled “ANÁLISIS Y MEJORA DE LA SEGURIDAD Y LA PRIVACIDAD DE LOS DISPOSITIVOS CONECTADOS EN EL HOGAR DIGITAL” with the Professors Ph.D. Manuel Álvarez-Campana Fernández-Corredor and Ph.D. Mario Vega Barbas as directors.

This dissertation particularly focuses on a specific and extremely vulnerable category of private environments, that of, smart homes. Despite the existence of security tools and countermeasures, or regulations that promise to protect data privacy, the smart home continues to be an extremely susceptible target for elaborate attacks on connected devices. Therefore, the aim of this Doctoral Thesis is to contribute to the improvement of the security and privacy of connected devices within smart homes.

Based on the literature review carried out, the author proposes a glossary of seven security and three privacy vulnerabilities, which are conducive to the materialisation of attacks and threatening situations. In order to corroborate the adverse circumstances affecting the smart home, a set of commercial devices has been selected to simulate attacks and test the devices’ response to them. Undoubtably, the results of this partial contribution reveal serious vulnerabilities affecting data integrity, availability and confidentiality.

As a result of the tests carried out, the author proposes a methodology for vulnerability assessment of connected devices in the smart home. The main objective is to provide a set of guidelines to assess the security and privacy status of a device by analysing its response in an attack simulation scenario.

The second contribution addresses the still existing security and privacy issues surrounding the smart home, which show a severe lack of protection mechanisms to protect itself from these vulnerabilities. With respect to this situation, the author proposes a system in charge of managing the security and privacy of connected devices. This system, which is integrated in the router, is made up of a set of components that address the problem through the tasks of monitoring and data acquisition, information storage, data analysis, event processing, and data visualisation.

As a solution to the aforementioned problems, the author proposes a set of mechanisms to further automate the secure integration and continuous monitoring of devices in the smart home. Thus, these mechanisms, which can be integrated into the proposed system, provide the home with real-time management capabilities of the devices and notification of alerts detected in the home network.