The Snapshot
Internet-enabled devices listen to our every word and keystroke, but the data they collect and where it goes is not well understood. ϳԹcomputer scientist Dr. Nur Zincir-Heywood is getting a handle on the risks in a corporate partnership with engineering firm Calian.
The Idea
Data exhaust is comprised of all the billions of ones and zeros we kick up into thedigital environment as a by-product of our online activities. It is the data that is not part of what we are doing online but generated because of it, often without realizing.
In an era where internet of things (IoT) devices – from virtual assistants and smartphones to coffee makers and washing machines – are ubiquitous, data exhaust is particularly troublesome. These devices are constantly listening, yet most of us have no idea how much data is being generated, how it is being collected, where it is going and what it is being used for.
To help get a handle on this significant risk, Calian a global technology company headquartered in Ottawa, turned to Dalhousie’s Office of Commercialization and Industry Engagement to find a research partner with deep expertise in cybersecurity.
The Challenge
“Data exhaust is an area where we are all at risk, from individuals at home, to the largest corporations, to governments all over the world,” says Kevin de Snayer, director of technology solutions and critical infrastructure at Calian, which meets the technology needs of clients in healthcare, communications, learning and cybersecurity.
De Snayer warns that the surreptitious collection of data could be used to create a digital profile of individuals, companies, friends, family, and more. From a corporate or public sector perspective, he says data exhaust could be used to trick employees into sharing their credentials to gain access to a company’s network. Perhaps most chilling, de Snayer suggests that nation-states may be vacuuming up data exhaust to gather information that could pose significant risks to the world at large.
Dr. Zincir-Heywood and a PhD student discuss how signals are being sent by a seemingly innocuous coffee maker.
The Solution
Recognizing that more research needs to be done to address these vulnerabilities, Calian partnered with ϳԹ on a three-year research project to study the data exhaust of consumer IoT devices and find solutions to decrease risk.
“We are discovering that third parties are getting access to this data,” said Dr. Nur Zincir-Heywood, Distinguished Research Professor and associate dean of research at Dal’s Faculty of Computer Science. “In one case we found that data that was to be exchanged only between parties in the United States and UK was being sent to places like Belarus, China, Korea and Russia. We need to know why this is happening and how this can be detected, prevented, and mitigated.”
By understanding how much digital exhaust information is accessible we can make better decisions about our online lives says Dr. Nur Zincir-Heywood, who is the chief researcher on the project. “If we can predict that, then maybe it can help us to choose how and when to connect, what to buy, and what not to buy.”
The project team also includes postdoctoral fellows and graduate students from Dalhousie, de Snayer and Terri Dougall, Calian’s vice president, ESG and industrial development. Once the researchers gain a better understanding of the data collection ecosystem, they will create recommendations for how to use and how not to use IoT devices and try to predict what type of data is leaking and at what times. They will also develop recommendations on how to connect IoT devices more safely.
“Dal researchers work with companies across a wide range of areas, including leading-edge advances in life sciences, materials, clean tech and computer science,” said Stephen Hartlen, the university’s assistant vice president, industry relations. “This project with Calian promises to bring significant value to the company, their clients, and the larger world which is grappling with fast-evolving cybersecurity challenges.”
The Result
The partnership with ϳԹ has provided Calian a new discussion path with customers who are keen to understand the risks of IoT applications and how to best plan for a future that includes gateways for intruders to exploit data. This investment also helped Calian to meet Government of Canada economic development requirements under the Industrial and Technological Benefits policy.
Calian provides funding for the project, but also brings real-world experience. “It’s been wonderful working with Calian,” says Dr. Zincir-Heywood. “At every step of this research there is a wonderful collaboration. And they are giving us the flexibility to be able to explore all the different things that we are identifying.”
“As we get a better understanding of data exhaust, of what is being leaked, how is it accessed, who is using it, what devices and applications are at most risk, and how to protect against the problem, we can use this information to educate people, improve processes and better understand technologies,” says de Snayer. “We can ultimately pass that information on to others to create an overall improved security posture in Canada and beyond.”