Strengthening IoT Privacy and Security

PhD program in Electrical, Electronics and Communications Engineering


Marco Mellia –
Idilio Drago –
Danilo Giordano –

PhD Student: Thomas Favale

Context of the research activity

Internet of Things (IoT) devices, such as sensors, wearables and actuators are increasing their pervasiveness. Many households are equipped with this kind of devices nowadays. They are used to monitor the power consumption with smart sockets, to control the illumination of the environment with smart lights, to monitor the environment security with smart cameras, etc.
IoT devices send a sensible amount of information over the network. Being designed to assist users’ routines, they essentially operate with users’ sensitive data. By interacting with IoT devices, users’ sensitive information travels the network and are collected at cloud services, thus becoming vulnerable to attacks and abuses. For example, even in case all network communication is encrypted, a malicious player may be able to infer whether the user is at home by fingerprinting the traffic of a smart camera, and in which precise room the user may be in a given moment.
In such scenario, the collection of data related to the IoT devices plays a fundamental role to the study of new security and privacy threats for the users. Considering the large numbers of IoT devices and the vast range of possible states such devices can assume during their usage, the datasets of IoT usage is deemed to become big data. Big data approaches are thus needed to understand the privacy and security risks related to the data collected by the IoT devices.


The research has two main objectives.
First, the PhD student will design and build a testbed for the analysis of IoT privacy and security implications. The testbed will be composed by physical IoT devices (acquired using external funding) as well as a virtual environment, e.g., where emulators will run the firmware of typical IoT devices. The testbed will include the possibility of running honeypots too, i.e., IoT devices with known vulnerabilities that are let to be exploited, so to capture real data about security attacks. These environments will allow the production of open data describing the normal behavior of IoT devices, as well as the simulation of abnormal situations due to, e.g., possible exploits and attacks targeting them.
Second, the PhD student will investigate new automatic methods to fingerprint IoT devices and detect anomalies in their traffic. He will focus on innovative Machine Learning (ML) and cognitive methodologies, such as unsupervised anomaly detection algorithms, Generative Adversarial Networks, Deep Reinforcement Learning, which are gaining momentum to solve these problems. Such techniques will be used to understand implications for users’ privacy of the data exchanged by IoT devices, as well as to trigger alerts in case the IoT traffic diverges from the expected fingerprints.

Skills and competencies for the development of the activity

The candidate is required to have very good competences in basic machine learning, topology/geometry, experience in algorithm design/analysis and good programming skills.

Further information about the PhD program at Politecnico can be found here

Back to the list of PhD positions