Jump to: navigation, search
Security in IoT for Smart Grids
Home Research Security Centre Publications Student corner About

Student Corner for IoTSec

Please be welcome to the Student Corner for Security and Privacy in the Internet of Things (IoT).

Feel free to have a look at UNIK4750 course related to the project.

Please read UiO guidelines for MSc evaluations, especially p.7 and p.15 about what the evaluators are expecting from the thesis document.

Topics for Master Thesis

Open Master Thesis related to IoTSec
  • Privacy violation through improper handling of electronic waste (Supervisor(s): Josef Noll, Christian Johansen, Adam Szekeres,
    Distribution system operators (DSO) represent the link between the electric grid and end-users, as they are responsible for delivering electricity to residential homes, industrial consumers, etc. As the grid quickly evolves into a Smart Grid by the addition of a variety of IoT devices like Smart Meters, more and more personal sensitive information is being collected, transmitted and stored. When devices are replaced, sensitive information might still be present that could end up in the hands of persons trying to take advantage of it causing privacy threats. The thesis would focus on electronic waste handling practices (current and planned) by identifying # devices storing sensitive information (including but not limited to the Advanced Metering Infrastructure – AMI), # the attributes of the information stored, # regulations regarding the data life-cycle. # etc. Questions that the thesis might answer: # Is it a reasonable worry that information might be leaked from discarded devices? (Risk owner – Customer) # What are the existing e-waste handling practices? # Are there DSO`s (among the 100+ in Norway) whose customers might face the risk of their information being leaked after storage devices are discarded? (Risk owner – Customer) # Might DSO’s face penalties for negligent handling of discarded devices? (Risk owner – DSO))
  • Novel Services through Consumption Monitoring (Supervisor(s): Josef Noll, György Kálmán,
    Future Homes will have one or several gateways to information on the Internet. Norway will introduce Smart Meters by 2019, giving the opportunity to develop new services on top of this infrastructure. Current regulations suggest a reading of power values 1/hour, or in maximum every 15 min. Given a high-frequency reading of power consumption (1/s, 1/2s, 1/min) might give an opportunity to introduce new services. One of such services is the virtual fall sensor, establishing a probability of an abnormal situation with the readings from e.g. power consumption. Such an analysis, comparing the habits/profile of the user with the actual consumption, is suggested to be performed in the home of the user, and thus preserve privacy. The envisaged assessment of novel services will be based on high-frequency consumption data from actual smart meters, as well as modelling of services. The thesis is related to the project.)
  • Evaluation of the Component`s Interconnection Impact on the System Security (Supervisor(s): Josef Noll, Seraj Fayyad,
    Previous work has established a Multi-Metrics (MM) Method for the analysis of measurable security and privacy. This MM approach is used in a.o. UNIK4750, and described more in IoTSec:T1.2. Some challenges of the method are related to the choice of metrics describing security functionality and their impact of the system. A further potential weakness is the dependency of system components, called "interconnection". Interconnection between the components for a given system has an impact on the security level of this system. In this thesis, the student will investigated and apply a proposed solution for the evaluation of this impact and the integration of it into system`s security level. For applying the proposed solution the student will develop new functionalities for already initiated framework.)
  • Privacy labels for IoT consumer products (Supervisor(s): Josef Noll, Hanne Brostrøm,
    The Consumer Services of Norway (Forbrukerrådet) have established a report on privacy in Apps "App-Fail". In there they have found breach of privacy by apps. They identified a lack of "understandable privacy" as the main challenge. This thesis will * analysis of privacy of home IoT devices * starting from "privacy by design", and identifying input parameters for "privacy" * Adopt the multi-metrics methodology for converting input parameters of privacy into measurable privacy * suggestion for privacy classes, following the European energy labelling * provide at least two usage scenarios of devices/applications, e.g. sporting device ("speedometer") or child doll * criteria and evaluation of privacy labels)
  • Smart Meter Security Analysis (Supervisor(s): György Kálmán, Josef Noll,
    Within 1Jan2019 all electricity customers in Norway will have to use smart metters. These smart meters (SM) will become part of the ”Avanserte Måle- og Styringssystemer” (Automatic Meter Systems - AMS), and include that users can have a better information on their electricity usage, a more accurate billing of their consumption and the opportunity for automatic controlling of the power consumption. Pilots have already been running at several places in Norway. Academia, Grid distributors, Industry, and Consumer Organisations have joined through the initiative to discuss security and privacy related to the services and infrastructures in an AMS. This thesis will focus on security and privacy of the meters themselves. The thesis will compare smart meters with other infrastructures like payment terminals, and provide a classification of security of the components of the smart meter.)
  • Building an Attack Simulator on the Electric Grid Infrastructure (Supervisor(s): György Kálmán, Josef Noll,
    The future electricity network is based on components, which are state-of-the-art from some years back in time. As an example, the SCADA system consists of network interfaces, browser sessions..., which all can be hacked using standard vulnerabilities. The goal of this thesis is to analyse the vulnerabilities, and build a mobile demonstrator.)
  • The human aspect in Smart grids (from Security and Privacy point of view) (Supervisor(s): Josef Noll, Christian Johansen,
    In this thesis, we are interested in the human aspect in security and privacy concerns in Internet of Things for smart grids. More precise, we will use case studies to find out exactly how humans can influence the security of the smart grid, and how humans perceive the privacy aspects.)
  • Semantic Modeling of a Smart Home Infrastructure (Supervisor(s): Josef Noll, Christian Johansen,
    Future Homes will have one or several gateways to information on the Internet. Norway will introduce Smart Meters by 2019, giving the opportunity to develop new services on top of this infrastructure. The envisaged modeling of the Smart Home Infrastructure will be based on the planned infrastructure for Smart Meters, and extended towards future capabilities. Main focus is on security and privacy for the user. The thesis is related to the project.)
  • Risk Assessment tool analysis for Industrial Automation and Control Systems (Supervisor(s): Mohammad Mushfiqur Rahman Chowdhury, Judith Rossebø, Josef Noll,
    The thesis focuses on the evaluation of tools and methodologies in the area of risk assessment with the aim to evaluate whether the tools/standards/methodologies are suitable for use in the areas of IACS. The thesis will also reach some conclusions on the applicability of selected suitable methodology based on evaluation criteria (if there are suitable ones that exist). If no suitable evaluation criteria exist, thesis will propose such criteria. Additionally, the student is expected to propose modifications to an existing methodology so that it is even more suitable for IACS. The student will first conduct a state of the art investigation to get an overview over relevant risk assessment methodologies and tools. Based on a set of evaluation criteria, one or more methodologies and tools will be selected for further evaluation and analysis. The state of the art investigation should include methodologies and best practices developed by the research/academic community, relevant International standards focusing IACS (e.g. ISA99/IEC 62443) as well as generic information security risk assessment or management standards (e.g. ISO 27000 series).In addition to International standards, the thesis will evaluate relevant information security guidelines and best practices proposed by organizations such as NIST, CERTs, ENISA etc. Regional standards such as Norwegian Oil and Gas guidelines (old OLF) should also be studied. While evaluating risk assessment methodologies, the student may propose extensions or modifications to a selected suitable methodology in order to improve the methodology so that it is even more suitable for IACS. The thesis will identify the most relevant risk assessment tools and will investigate thoroughly the available open source tools. Some of these tools may contain software components to assess risks. While performing the detailed evaluation works, this work will shed lights on how to use these tools and conduct a strength and weakness analysis. The outcome of the thesis will be a detailed review of standards and tools from risk assessment point of view in the areas of Industrial Automation and Control Systems, and the evaluation of 1-2 specific packages.)
  • Prosumers for the future smart electricity grid (Supervisor(s): Josef Noll,
    The electric grid is undergoing changes. Natural resoures like sun and wind contribute to the production of energy. While most of these effects are driven by industrial actors, we'll see the following trends: * Prosumers, where consumers will also contribute to energy * An energy market which is open for private users * users will have the chance to monitor and adopt their energy usage Special aspects being addressed in this thesis are * the role and potential of becoming a prosumer * privacy aspects * analysis of consumption and production of energy (as review) * "norske forhold")

More details are available at OpenThesis

Do you have an idea for a topic?

Ongoing Master Thesis related to IoTSec

Finished Master Thesis related to IoTSec

Some ideas

Cyber Physical Systems Lab at IFI/UiO

Cyber Physical Systems Lab.png

The Cyber Physical Systems Lab (CPS lab) focuses on a number of Enabling Technologies and their Applications having the physical organization divided into several Spaces pursuing the following goals:

(A) Provide a hands-on opportunity to several IFI courses taught at BSc and MSc levels, and MSc projects, inside the topics covered by this Lab. The topics of CPS Lab are meant to complement existing Lab initiatives at IFI and elsewhere, as far as we are aware of them (e.g., the Smart Grid lab of NTNU).

(B) Provide an open space for various MSc Topics offered at IFI by the applicants and others that want to use the Lab.

(C) Provide a platform for Industry to interact directly with IFI students by providing concrete problems through the Lab (e.g., as devices that need some form of investigation).


If you are interested in a Master Thesis related to any of the topics, please contact the supervisor mentioned in the specific thesis. Or have a look at IoTSec:About for potential supervisors, and tell them what you are interested in.