Jump to: navigation, search
Security in IoT for Smart Grids
Home Research Security Centre Publications Student corner About

Student Corner for IoTSec

Welcome to the Student Corner for Security and Privacy in the Internet of Things (IoT).

Feel free to have a look at UNIK4750 course related to the project.

Please read UiO guidelines for MSc evaluations, especially p.7 and p.15 about what the evaluators are expecting from the thesis document.

Topics for Master Thesis

Open Master Thesis related to IoTSec
  • Network-aware traffic shaping (Supervisor(s): Maghsoud Morshedi, Josef Noll, Elin Sundby Boysen,
    Future Networks need to be application aware in order to provide an appropriate Quality of Service. As an example, 5G networks will start in cities with high-traffic, but people will use the 5G applications also in areas where mobile networks are weak. Given a traffic jam somewhere out in the forest, currently all traffic tries to achieve maximum throughput, without any form of prioritisation. This thesis will analyse the traffic requirements of mobile applications (apps), will create a database containing the traffic characteristics, e.g. port number, encryption, url-specific content, communication protocol. Based on the analysis, the thesis will suggest a method for prioritisation of traffic types, depending on the network characteristics, e.g. throughput.)
  • Remote Configuration of Infrastructure (Supervisor(s): Josef Noll, Toktam Ramezani,
    Investigation on how to remotely configure home networks and comply with the specific applications such as security is required.)
  • Security Library (Supervisor(s): Josef Noll, Toktam Ramezani,
    Providing common library supporting basic and especially lightweight security mechanisms (e.g., encryption, authentication, signing, etc.) for communication with hardware is the objective.)
  • Secure InterNetwork Architecture (Supervisor(s): Josef Noll, Toktam Ramezani,
    Design a secure architecture for the network infrastructure is the main goal.)
  • Mobile Edge Computing (Supervisor(s): Josef Noll, Toktam Ramezani,
    Edge Computing Controllers make decisions about services based on information retrieved from nodes, and we aim to check the privacy issues in such decisions.)
  • Secure communication (Supervisor(s): Josef Noll, Toktam Ramezani,
    Identification, authentication, and trust in smart sensors are the major goals.)
  • Attribute-based policy specification and enforcement (Supervisor(s): Josef Noll, Toktam Ramezani,
    The main aim is to provide context-aware, dynamic and more efficient policy enforcement.)
  • Measurable security and privacy (Supervisor(s): Josef Noll, Toktam Ramezani,
    The objective is to develop metrics for measuring security and privacy of systems in general and in a specific domain of interest.)
  • Privacy violation through improper handling of electronic waste (Supervisor(s): Josef Noll, Christian Johansen, Adam Szekeres,
    Distribution system operators (DSO) represent the link between the electric grid and end-users, as they are responsible for delivering electricity to residential homes, industrial consumers, etc. As the grid quickly evolves into a Smart Grid by the addition of a variety of IoT devices like Smart Meters, more and more personal sensitive information is being collected, transmitted and stored. When devices are replaced, sensitive information might still be present that could end up in the hands of persons trying to take advantage of it causing privacy threats. The thesis would focus on electronic waste handling practices (current and planned) by identifying # devices storing sensitive information (including but not limited to the Advanced Metering Infrastructure – AMI), # the attributes of the information stored, # regulations regarding the data life-cycle. # etc. Questions that the thesis might answer: # Is it a reasonable worry that information might be leaked from discarded devices? (Risk owner – Customer) # What are the existing e-waste handling practices? # Are there DSO`s (among the 100+ in Norway) whose customers might face the risk of their information being leaked after storage devices are discarded? (Risk owner – Customer) # Might DSO’s face penalties for negligent handling of discarded devices? (Risk owner – DSO))
  • Novel Services through Consumption Monitoring (Supervisor(s): Josef Noll, György Kálmán,
    Future Homes will have one or several gateways to information on the Internet. Norway will introduce Smart Meters by 2019, giving the opportunity to develop new services on top of this infrastructure. Current regulations suggest a reading of power values 1/hour, or in maximum every 15 min. Given a high-frequency reading of power consumption (1/s, 1/2s, 1/min) might give an opportunity to introduce new services. One of such services is the virtual fall sensor, establishing a probability of an abnormal situation with the readings from e.g. power consumption. Such an analysis, comparing the habits/profile of the user with the actual consumption, is suggested to be performed in the home of the user, and thus preserve privacy. The envisaged assessment of novel services will be based on high-frequency consumption data from actual smart meters, as well as modelling of services. The thesis is related to the project.)
  • Smart Meter Security Analysis (Supervisor(s): György Kálmán, Josef Noll,
    Within 1Jan2019 all electricity customers in Norway will have to use smart metters. These smart meters (SM) will become part of the ”Avanserte Måle- og Styringssystemer” (Automatic Meter Systems - AMS), and include that users can have a better information on their electricity usage, a more accurate billing of their consumption and the opportunity for automatic controlling of the power consumption. Pilots have already been running at several places in Norway. Academia, Grid distributors, Industry, and Consumer Organisations have joined through the initiative to discuss security and privacy related to the services and infrastructures in an AMS. This thesis will focus on security and privacy of the meters themselves. The thesis will compare smart meters with other infrastructures like payment terminals, and provide a classification of security of the components of the smart meter.)
  • Building an Attack Simulator on the Electric Grid Infrastructure (Supervisor(s): György Kálmán, Josef Noll,
    The future electricity network is based on components, which are state-of-the-art from some years back in time. As an example, the SCADA system consists of network interfaces, browser sessions..., which all can be hacked using standard vulnerabilities. The goal of this thesis is to analyse the vulnerabilities, and build a mobile demonstrator.)
  • The human aspect in Smart grids (from Security and Privacy point of view) (Supervisor(s): Josef Noll, Christian Johansen,
    In this thesis, we are interested in the human aspect in security and privacy concerns in Internet of Things for smart grids. More precise, we will use case studies to find out exactly how humans can influence the security of the smart grid, and how humans perceive the privacy aspects.)
  • Semantic Modeling of a Smart Home Infrastructure (Supervisor(s): Josef Noll, Christian Johansen,
    Future Homes will have one or several gateways to information on the Internet. Norway will introduce Smart Meters by 2019, giving the opportunity to develop new services on top of this infrastructure. The envisaged modeling of the Smart Home Infrastructure will be based on the planned infrastructure for Smart Meters, and extended towards future capabilities. Main focus is on security and privacy for the user. The thesis is related to the project.)
  • Risk Assessment tool analysis for Industrial Automation and Control Systems (Supervisor(s): Mohammad Mushfiqur Rahman Chowdhury, Judith Rossebø, Josef Noll,
    The thesis focuses on the evaluation of tools and methodologies in the area of risk assessment with the aim to evaluate whether the tools/standards/methodologies are suitable for use in the areas of IACS. The thesis will also reach some conclusions on the applicability of selected suitable methodology based on evaluation criteria (if there are suitable ones that exist). If no suitable evaluation criteria exist, thesis will propose such criteria. Additionally, the student is expected to propose modifications to an existing methodology so that it is even more suitable for IACS. The student will first conduct a state of the art investigation to get an overview over relevant risk assessment methodologies and tools. Based on a set of evaluation criteria, one or more methodologies and tools will be selected for further evaluation and analysis. The state of the art investigation should include methodologies and best practices developed by the research/academic community, relevant International standards focusing IACS (e.g. ISA99/IEC 62443) as well as generic information security risk assessment or management standards (e.g. ISO 27000 series).In addition to International standards, the thesis will evaluate relevant information security guidelines and best practices proposed by organizations such as NIST, CERTs, ENISA etc. Regional standards such as Norwegian Oil and Gas guidelines (old OLF) should also be studied. While evaluating risk assessment methodologies, the student may propose extensions or modifications to a selected suitable methodology in order to improve the methodology so that it is even more suitable for IACS. The thesis will identify the most relevant risk assessment tools and will investigate thoroughly the available open source tools. Some of these tools may contain software components to assess risks. While performing the detailed evaluation works, this work will shed lights on how to use these tools and conduct a strength and weakness analysis. The outcome of the thesis will be a detailed review of standards and tools from risk assessment point of view in the areas of Industrial Automation and Control Systems, and the evaluation of 1-2 specific packages.)
  • Prosumers for the future smart electricity grid (Supervisor(s): Josef Noll,
    The electric grid is undergoing changes. Natural resoures like sun and wind contribute to the production of energy. While most of these effects are driven by industrial actors, we'll see the following trends: * Prosumers, where consumers will also contribute to energy * An energy market which is open for private users * users will have the chance to monitor and adopt their energy usage Special aspects being addressed in this thesis are * the role and potential of becoming a prosumer * privacy aspects * analysis of consumption and production of energy (as review) * "norske forhold")
  • Measurable Security for Sensor Communication in the Internet of Things (Supervisor(s): Josef Noll, Mohammad Mushfiqur Rahman Chowdhury, Christian Johansen,
    Internet of Things (IoT) will mean for industrial systems * more sensors * more data * how to ensure that "information" spread from one system to another is secure enough * how to measure the level of security needed to have from a sensor? This thesis will address measurable security as the means for defining the security of an industrial system. Previous work has established the Multi-Metrics method, which will be applied to an industrial system following the security specifications from UNIK4750 for secure industrial systems (see L9 from 2016).)

More details are available at OpenThesis

Do you have an idea for a topic?

Ongoing Master Thesis related to IoTSec

Finished Master Thesis related to IoTSec

Some ideas

Cyber Physical Systems Lab at IFI/UiO

Cyber Physical Systems Lab.png

The Cyber Physical Systems Lab (CPS lab) focuses on a number of Enabling Technologies and their Applications having the physical organization divided into several Spaces pursuing the following goals:

(A) Provide a hands-on opportunity to several IFI courses taught at BSc and MSc levels, and MSc projects, inside the topics covered by this Lab. The topics of CPS Lab are meant to complement existing Lab initiatives at IFI and elsewhere, as far as we are aware of them (e.g., the Smart Grid lab of NTNU).

(B) Provide an open space for various MSc Topics offered at IFI by the applicants and others that want to use the Lab.

(C) Provide a platform for Industry to interact directly with IFI students by providing concrete problems through the Lab (e.g., as devices that need some form of investigation).


If you are interested in a Master Thesis related to any of the topics, please contact the supervisor mentioned in the specific thesis. Or have a look at IoTSec:About for potential supervisors, and tell them what you are interested in.