IoT Security and Privacy for Shared Habitats

Project overview

This project aims to harness the potential of IoT devices, such as smart thermostats, lights and power meters, to optimize energy and water consumption in shared public spaces. IoT devices can also improve public safety by enabling environmental monitoring and health data collection. However, these devices pose significant security and privacy challenges as they are generally poorly secured. Focusing on shared public spaces, which have not been adequately studied for these risks, the project proposes developing new technologies for the safe deployment of IoT. This includes designing secure network management tools, employing future-proof cryptographic techniques, applying multi-party computation for privacy-preserving energy management and using software security to prevent data leaks from IoT apps.

Key project details

Principal investigator	Lorenzo De Carli, assistant professor, Electrical and Software Engineering, University of Calgary
Co-principal investigators	Ryan Henry, assistant professor, Computer Science, University of Calgary; Joel Reardon, associate professor, Computer Science, University of Calgary; Rei Safavi-Naini, professor, Computer Science, and NSERC/TELUS Industrial Research Chair in Information Security, University of Calgary
Research collaborators	Cindy Stegmeier, Calgary Housing Company; Bo M. Jiang, Calgary Housing Company
Non-academic partners	Calgary Housing Company
Research Keywords	IoT security, IoT privacy, data privacy, smart cities, smart buildings
Budget	Cash: $200,000

Publications:

F. Tazi et al., “A Multi-Dimensional Analysis of IoT Companion Apps: a Look at Privacy, Security and Accessibility,” IEEE Trans. Serv. Comput., pp. 1–14, 2025, doi: 10.1109/TSC.2025.3625817.

Accepted publications in national and international conferences:

A. S. A. Yelgundhalli et al., “SCORED ’25: Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses,” in Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security, Taipei Taiwan: ACM, Nov. 2025, pp. 4898–4899. doi: 10.1145/3719027.3767662.

Y. Zeng et al., “Algorithmic Collusion among EV Charging Stations with Independent Reinforcement Learning Agents,” in 2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), North York, ON, Canada: IEEE, Sept. 2025, pp. 1–7. doi: 10.1109/SmartGridComm65349.2025.11204603.

Y. Yuan et al., “Analyzing Agent Collisions in AI-Aided Energy Management Systems,” in 2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), North York, ON, Canada: IEEE, Sept. 2025, pp. 1–7. doi:

10.1109/SmartGridComm65349.2025.11204591.

D. Hitaj, G. Pagnotta, F. De Gaspari, L. De Carli, and L. V. Mancini, “Minerva: A File-Based Ransomware Detector,” in Proceedings of the 20th ACM Asia Conference on Computer and Communications Security, Hanoi Vietnam: ACM, Aug. 2025, pp. 576–590. doi: 10.1145/3708821.3733867.

S. Owolabi, F. Rosati, A. Abdellatif, and L. D. Carli, “Characterizing Packages for Vulnerability Prediction,” in 2025 IEEE/ACM 22nd International Conference on Mining Software Repositories (MSR), Ottawa, ON, Canada: IEEE, Apr. 2025, pp. 359–363. doi: 10.1109/MSR66628.2025.00066.

E. Wyss, D. Davidson, and L. De Carli, “What’s in a URL? An Analysis of Hardcoded URLs in npm Packages,” in Proceedings of the 2024 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, Salt Lake City UT USA: ACM, Nov. 2024, pp. 26–32. doi: 10.1145/3689944.3696168.

Book chapters:

S. Pordanesh, S. Bukhari, B. Tan, and L. De Carli, “Hiding in Plain Sight: On the Robustness of AI-Generated Code Detection,” in Detection of Intrusions and Malware, and Vulnerability Assessment, vol. 15748, M. Egele, V. Moonsamy, D. Gruss, and M. Carminati, Eds., in Lecture Notes in Computer Science, vol. 15748. , Cham: Springer Nature Switzerland, 2025, pp. 44–64. doi: 10.1007/978-3-031-97623-0_3.

Research focus

A detailed 3D model visualization of an urban area with various layers indicating different aspects of the built environment. The image shows a software interface with main layers and services listed on the left side, including options for 'Built Environment', 'Transport', 'Energy', 'Waste' and 'Ecosystem'.

Understanding network security in smart buildings

Conduct interview-based user studies to guide the design of network management tools that can securely configure building networks and smart sensors.

A detailed 3D model visualization of an urban area with various layers indicating different aspects of the built environment. It features a services menu with options such as 'Building Info', 'Energy Demand' and 'Network Solution'.

Preserving long-term security and privacy of IoT data

Creating tools and algorithms for preserving the long-term security and privacy of IoT data and communications. This involves understanding technological risks, like quantum weakening existing cryptography, and deploying mitigations on example scenarios.

Enabling secure and private data analysis

Developing tools and algorithms for privately computing aggregate statistics at the building and city level. This goal aims to create efficient algorithms for private multi-party computation and deploy these tools on realistic sample datasets.

Securing building networks against mobile threats

Creating tools and algorithms to analyze IoT-related mobile app traffic and identify privacy-harmful behavior. This includes developing a demonstrator for monitoring and analysis of app traffic, aiming for accuracy in identifying such behavior and deploying technology demonstrators for analysis in realistic building settings.

Volt-Age is funded by a $123-million grant from the Canada First Research Excellence Fund.