Cookies Policy
The website need some cookies and similar means to function. If you permit us, we will use those means to collect data on your visits for aggregated statistics to improve our service. Find out More
Accept Reject
  • Menu
Interest
Topics
Details

Details

  • Name

    Patrícia Raquel Sousa
  • Role

    External Research Collaborator
  • Since

    01st May 2016
  • Nationality

    Portugal
  • Contacts

    +351220402963
    patricia.r.sousa@inesctec.pt
Publications

2023

Collecting, Processing and Secondary Using Personal and (Pseudo)Anonymized Data in Smart Cities

Authors
Sampaio, S; Sousa, PR; Martins, C; Ferreira, A; Antunes, L; Cruz-Correia, R;

Publication
APPLIED SCIENCES-BASEL

Abstract
Smart cities, leveraging IoT technologies, are revolutionizing the quality of life for citizens. However, the massive data generated in these cities also poses significant privacy risks, particularly in de-anonymization and re-identification. This survey focuses on the privacy concerns and commonly used techniques for data protection in smart cities, specifically addressing geolocation data and video surveillance. We categorize the attacks into linking, predictive and inference, and side-channel attacks. Furthermore, we examine the most widely employed de-identification and anonymization techniques, highlighting privacy-preserving techniques and anonymization tools; while these methods can reduce the privacy risks, they are not enough to address all the challenges. In addition, we argue that de-identification must involve properties such as unlikability, selective disclosure and self-sovereignty. This paper concludes by outlining future research challenges in achieving complete de-identification in smart cities.

2022

IoT security certifications: Challenges and potential approaches

Authors
Cirne, A; Sousa, PR; Resende, JS; Antunes, L;

Publication
COMPUTERS & SECURITY

Abstract
The Internet of Things (IoT) has changed how we interact with the world around us. Many devices are moving from offline to online mode, connecting between them and the Internet, offering more functionality to users. Despite the increase in the quality of life for users provided by IoT devices, it is also necessary to establish trust in the privacy and security of end-users. With this level of connectivity, the amount of data exchanged between devices also increases, inducing malicious activities. One of the main problems is the lack of regulation in the IoT industry, especially between different manufacturers. There are no formal security rules, and manufacturers may not choose to install security mechanisms. Therefore, it is necessary to promote the adoption of security measures. One way to do this is by using IoT devices and systems certification. In recent years, IoT certifications have emerged. Meanwhile, the European Union has passed the Cyber Security Act to unify and regulate security certifications in member states. Our work collects the requirements that different IoT environments and application scenarios impose on certifications and discusses the current certifications' status according to those requirements. In addition, we also explored how EU measures apply to IoT and, where applicable, how certifications implement them, highlighting future research challenges.

2022

Host-based IDS: A review and open issues of an anomaly detection system in IoT

Authors
Martins, I; Resende, JS; Sousa, PR; Silva, S; Antunes, L; Gama, J;

Publication
FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE

Abstract
The Internet of Things (IoT) envisions a smart environment powered by connectivity and heterogeneity where ensuring reliable services and communications across multiple industries, from financial fields to healthcare and fault detection systems, is a top priority. In such fields, data is being collected and broadcast at high speed on a continuous and real-time scale, including IoT in the streaming processing paradigm. Intrusion Detection Systems (IDS) rely on manually defined security policies and signatures that fail to design a real-time solution or prevent zero-day attacks. Therefore, anomaly detection appears as a prominent solution capable of recognizing patterns, learning from experience, and detecting abnormal behavior. However, most approaches do not fit the urged requirements, often evaluated on deprecated datasets not representative of the working environment. As a result, our contributions address an overview of cybersecurity threats in IoT, important recommendations for a real-time IDS, and a real-time dataset setting to evaluate a security system covering multiple cyber threats. The dataset used to evaluate current host-based IDS approaches is publicly available and can be used as a benchmark by the community.

2022

Threat Detection and Mitigation with Honeypots: A Modular Approach for IoT

Authors
Silva, S; Sousa, PR; Resende, JS; Coelho Antunes, LF;

Publication
Trust, Privacy and Security in Digital Business - 19th International Conference, TrustBus 2022, Vienna, Austria, August 24, 2022, Proceedings

Abstract
A honeypot is a controlled and secure environment to examine different threats and understand attack patterns. Due to the highly dynamic environments, the growing adoption and use of Internet of Things (IoT) devices make configuring honeypots complex. One of the current literature challenges is the need for a honeypot not to be detected by attackers, namely due to the delays that are required to make requests to external and remote servers. This work focuses on deploying honeypots virtually on IOT devices. With this technology, we can use endpoints to send specific honeypots on recent known vulnerabilities on IOT devices to find and notify attacks within the network, as much of this information is verified and made freely available by government entities. Unlike other approaches, the idea is not to have a fixed honeypot but a set of devices that can be used at any time as a honeypot (adapted to the latest threat) to test the network for a possible problem and then report to Threat Sharing Platform (TSP). © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

2022

The case for blockchain in IoT identity management

Authors
Sousa, PR; Resende, JS; Martins, R; Antunes, L;

Publication
JOURNAL OF ENTERPRISE INFORMATION MANAGEMENT

Abstract
Purpose The aim of this paper is to evaluate the use of blockchain for identity management (IdM) in the context of the Internet of things (IoT) while focusing on privacy-preserving approaches and its applications to healthcare scenarios. Design/methodology/approach The paper describes the most relevant IdM systems focusing on privacy preserving with or without blockchain and evaluates them against ten selected features grouped into three categories: privacy, usability and IoT. Then, it is important to analyze whether blockchain should be used in all scenarios, according to the importance of each feature for different use cases. Findings Based on analysis of existing systems, Sovrin is the IdM system that covers more features and is based on blockchain. For each of the evaluated use cases, Sovrin and UniquID were the chosen systems. Research limitations/implications This paper opens new lines of research for IdM systems in IoT, including challenges related to device identity definition, privacy preserving and new security mechanisms. Originality/value This paper contributes to the ongoing research in IdM systems for IoT. The adequacy of blockchain is not only analyzed considering the technology; instead the authors analyze its application to real environments considering the required features for each use case.

Supervised
thesis

2021

Isolated environments for threat detection and mitigation

Author
Simão Francisco Oliveira da Silva

Institution
UP-FCUP