In order to reach climate and energy goals in viable cities digital solutions are needed, however increased digitization makes cities increasingly vulnerable to cyber attacks. The higher the degree of digitization, the more devastating the potential attacks.
In order to mitigate cyber threats, vulnerabilities first need to be identified. This is generally very difficult, because it requires (i) a detailed understanding of the system architecture, and (ii) significant security expertise. The task can be significantly facilitated by dedicated engineering tool support in the form of threat modeling and attack simulations. Threat modeling supports requirement no 1 by documenting the design of the system architecture. Attack simulation supports requirement no 2 by automating the identification of vulnerabilities.
The main goal is to develop a threat modeling and attack simulation approach specifically designed for smart facilities, a key concept in viable cities. Ethical hacking of smart components will also take place in order to improve the attack simulations.
This initiative is a continuation of Threat Modeling and Attack Simulation of Viable Cities.
Blog post about phishing in the Infosecurity Magazine, "The Five Strategies Users Use to Determine Phishing: Which Work and Which Don't?". 2021-04-26.
SVT, She fixed the system's loophole: "Your garage can be criminalized" Student: Madeleine Berner, Supervisor: Pontus Johnson, Examiner: Robert Lagerström, 2020-07-13
Article in Trustee Forum "New model for safer digitalization", 2020-03-31
Lecture about #290cybersecurity and Forskardrömmar for four classes during the Järva-week, 2021-06-02.
Popular science presentation for kids and youth at Vetenskapenshus on "cyber security, ethical hacking and simulations", 2021-04-28.
World book day, video for teachers and kids. with me talking about cyber security and Forskardrömmar, 2021-04-23.
Swedish news media Dagens Industri reports on the increased cyber attack acitvity during the pandemic, with comments from Robert, 2020-12-15.
Moderated the annual Nordic SCADA security conference, Nov. 16-17 2020.
Presented our work on threat modeling and attack simulations in the Digital Futures Dive Deep Lunch Seminar series, 2020-11-12.
Presented Cyber security of smart electronics at the Stora Elektronikdagen with SUMMIT, 2020-09-10.
Webinar: Energy transformation and the way there including a discussion on "Is cyber security a threat to sustainable innovation?", 2020-06-16.
Robert Lagerström presented cyber security challenges for Swedish real estate businesses at the HBV "Hållbara dagar" conference, 2020-03-09.
Robert Lagerström presented cyber security challenges for CIOs in the buildings and property managements sector, 2020-02-11.
J. Olegård, "Security and Forensic Analysis of an Internet of Things Smart Home Ecosystem", KTH, 2020
Khorsravi Joashaghani, Mohammadmahdi, Enhanced password recovery through user profiling: Improving password guessing accuracy by utilizing user metadata.
Aasberg, Freddy, HypervisorLang: Attack Simulations of the OpenStack Nova Compute Node
Lindeberg, Axel, Hacking Into Someone's Home using Radio Waves: Ethical Hacking of Securitas' Alarm System.
Wester, Philip, Anomaly-based intrusion detection using Tree Augmented Naive Bayes Classifier
Where's my car: Hacking of a smart garage, Madeleine Berner
Achkoudir, Rami, Ethical Hacking of a Smart Plug
Sjövald, Sebastian, Firmware security analysis of an Industrial Control System
Dzidic, Elvira, Penetration Testinga Saia Unit: A Control System for Water, Ventilation, and Heating in Smart Buildings
Feng, Jesse, Denial-of-service attacks against the Parrot ANAFI drone
Fjellborg, Joakim, Identification and Exploitation of Vulnerabilities in an IP Camera.
Florez Cardenas, Mateo. Ethical Hacking of a Smart Fridge: Evaluating the cybersecurity of an IoT device through gray box hacking.
Grenfeldt, Mattias, Empirical Study of HTTP Request Smuggling in Open-Source Servers and Proxies.
Gripenstedt, Daniel, A security analysis in a life science environment: a case study
Malkhasian, Rafi Aram Yadward, Ethical hacking of Danalock V3: A cyber security analysis of a consumer IoT device.
Nordgren, Isak, Validating enterpriseLang: A Domain- Specific Language Derived from the Meta Attack Language Framework.
Palm, Alexander, Ethical Hacking of Android Auto in the Context of Road Safety
Persman, Pontus, Security analysis of a smartlock
Rubbestad, Gustav, Hacking a Wi-Fi based drone
Salih, Raman, Adagio For The Internet Of Things: IoT penetration testing and security analysis of a smart plug
Öberg, Jesper, Can a robot's confidentiality be trusted?
Security Analysis of Smart Buildings (PDF), Nelly Friman
Threat modeling of large-scale computer systems: Implementing and evaluating threat modeling at Company X, Love Wessman and Niklas Wessman
A Process for Threat Modeling of Large-Scale Computer Systems: A Case Study, Christian Weigelt and Douglas Fischer Horn af Rantzien
Legal and Security Issues of Data Processing when Implementing IoT Solutions in Apartments (PDF), Johan Edman and Wilhelm Ågren
Ethical Hacking of a Robot Vacuum Cleaner (PDF), Christoffer Torgilsman and Eric Bröndum
Ethical Hacking of an IoT-device: Threat Assessment and Penetration Testing A Survey on Security of a Smart Refrigerator, Fredrik Radholm and Niklas Abelfelt.
IoT Long: Threat Modeling of the Internet of Things, Filip Wilén and Andreas Westman