Haroon Elahi

Abstract: Smart Assistants have rapidly emerged in smartphones, vehicles, and many smart home devices. Establishing comfortable personal spaces in smart cities requires that these smart assistants are transparent in design and implementation—a fundamental trait required for their validation and accountability. In this article, we take the case of Google Assistant (GA), a state-of-the-art smart assistant, and perform its diagnostic analysis from the transparency and accountability perspectives. We compare our discoveries from the analysis of GA with those of four leading smart assistants. We use two online user studies (N = 100 and N = 210) conducted with students from four universities in three countries (China, Italy, and Pakistan) to learn whether risk communication in GA is transparent to its potential users and how it affects them. Our research discovered that GA has unusual permission requirements and sensitive Application Programming Interface (API) usage, and its privacy requirements are not transparent to smartphone users. The findings suggest that this lack of transparency makes the risk assessment and accountability of GA difficult posing risks to establishing private and secure personal spaces in a smart city. Following the separation of concerns principle, we suggest that autonomous bodies should develop standards for the design and development of smart city products and services.

Abstract: Although they offer major advantages, smart cities present unprecedented risks and challenges. There are abundant discrete studies on risks related to smart cities; however, such risks have not been thoroughly understood to date. This paper is a systematic review that aims to identify the origin, trends, and categories of risks from previous studies on smart cities. This review includes 85 related articles published between 2000 and 2019. Through a thematic analysis, smart city risks were categorized into three main themes: organizational, social, and technological. The risks within the intersections of these themes were also grouped into (1) digital transformation, (2) socio-technical, and (3) corporate social responsibility. The results revealed that risk is a comparatively new topic in smart-city research and that little focus has been given to social risks. The findings indicated that studies from countries with a long history of smart cities tend to place greater emphasis on social risks. This study highlights the significance of smart city risks for researchers and practitioners, providing a solid direction for future smart-city research.

Abstract: Smart devices along with sensors are gaining in popularity with the promise of making life easier for the owner. As the number of sensors in an Internet of Things (IoT) system grows, a question arises as to whether the transmission between the sensors and the IoT devices is reliable and whether the user receives alerts correctly and in a timely manner. Increased deployment of IoT devices with sensors increases possible safety risks. It is IoT devices that are often misused to create Distributed Denial of Service (DDoS) attacks, which is due to the weak security of IoT devices against misuse. The article looks at the issue from the opposite point of view, when the target of a DDoS attack are IoT devices in a smart home environment. The article examines how IoT devices and the entire smart home will behave if they become victims of a DDoS attack aimed at the smart home from the outside. The question of security was asked in terms of whether a legitimate user can continue to control and receive information from IoT sensors, which is available during normal operation of the smart home. The case study was done both from the point of view of the attack on the central units managing the IoT sensors directly, as well as on the smart-home personal assistant systems, with which the user can control the IoT sensors. The article presents experimental results for individual attacks performed in the case study and demonstrates the resistance of real IoT sensors against DDoS attack. The main novelty of the article is that the implementation of a personal assistant into the smart home environment increases the resistance of the user's communication with the sensors. This study is a pilot testing the selected sensor sample to show behavior of smart home under DDoS attack.

Abstract: We investigate the privacy, security, and trust issues of the Android bloatware applications and evaluate the claims regarding their utility and the coverage of the functional needs of different end-user market segments. We analyze 17,179 bloatware applications, extracted from the firmware of 100 Android smartphones manufactured by nine leading original equipment manufacturers (OEMs), and conduct an online user study to validate the utility and coverage claims. We find an average of 172 bloatware applications in the firmware of examined smartphones. We discover that most of the bloatware applications can access sensitive data and critical device features in smartphones and perform critical functions. Their nature and abilities due to the use of Dangerous, Custom, and Signature Android Permissions can make privacy protection a complex task for the smartphone users, introduce trust issues, and expand the attack surface in the smartphones. We also provide a non-exhaustive set of examples of bloatware applications from smartphones of all nine brands that violate trust. Coming to their utilities, findings of our online user study involving 180 participants suggest that while most of the respondents agree that bloatware applications are useful to some extent, 39% of the respondents use 0–5 bloatware applications. An additional 35% of respondents use 6–10 bloatware applications. We also find that for their diverse functional needs, users depend more on applications acquired from different application markets. The results of our research suggest that while the pains of the bloatware applications are real, the claims regarding their pleasures need further investigation. We urge that the number and abilities of smartphone bloatware applications need to be constrained proportionally to their practical utilities for their users, and they must conform to security and privacy requirements for trustworthy systems.

Abstract: Smart cities development relies on information and communication technologies (ICTs) to improve all urban aspects, including governance, economy, mobility, and environment. The development is usually associated with several challenges and negative effects. This study relies on revealing ICTs challenges by firstly conducting a comprehensive literature review to identify the challenges that are most associated with ICTs. Then, a questionnaire survey was distributed among the Saudi population to study their expectations, perceptions, and concerns on the smart city concept and services. The questionnaire also investigated ICTs challenges identified from the literature review, including information security risks, privacy violation, incompatibility, and digital skill gaps. Consequently, semi-structured interviews were conducted to perceive the reasons for the incompatibility between different systems and digital skill gaps between the public. The findings show that the most likely challenges are information security risks and privacy violations, which are due to the increase in vulnerability, potential attacks, and lack of public awareness regarding personal data protection. The incompatibility between different systems and services in smart cities arouses worries among the public due to the expected high cost and difficulty of adaptation and utilization. Moreover, digital skill gaps arises between members of the population that have a low education level or are elderly persons.