TraceHome

Transparence of Data in SmartHome (Junior Research Group)

Project Key Data

Time Period: 01.01.2024 - 31.12.2026

Funding Volume: 1,097,675.74€

Funded by: The European Social Fund (ESF) (100693885)

PROFESSORS/ OPERATORS

  • Prof. Dr. rer. nat. Dirk Labudde, Dpt. Forensics
  • Prof. Dr. rer. nat. Michael Spranger, Dpt. Forensics
  • Prof. Dr. rer. pol. Dirk Pawlasczcyk, Dpt. Forensics
  • Prof. Ronny Bodach, Dpt. Forensics

Young Scientists

  • Jenny Felser, M.Sc.
  • Svenja Preuß, M.Sc.
  • Felix Fischer, M.Sc.
  • Paul Seidel, B.Sc.

External Cooperations

  • Fraunhofer Institute for Communication, Information Processing and Ergonomics FKIE – Dpt. Cyber Analysis & Defense – Prof. Dr. Elmar
  • Fraunhofer Academy - Cybersecurity Training Lab Mittweida
  • Central Office for Information Technology in the Security Sector (ZITiS)
  • axilaris GmbH
  • Thuringian State Commissioner for Data Protection and Freedom of Information (TLfDI)
  • IZ 21-6, IuK, Bundeskriminalamt; Heiko Held

Goals and Work Packages

The main objective of the project is the postgraduate qualification of young researchers for employment in key positions in the Saxon economy and science. Key skills in the areas of AI, data economy and data protection are taught jointly and interdisciplinarily and made accessible to the public in the results. An understanding of smart homes will make a significant contribution to the digitalization of the population and the economy alike. In the planned showroom, representatives from both sides can take a creative look at the current state of digitalization via smart homes in practice and develop an understanding of the data streams they produce. This leads to a haptic understanding of data security and data protection, which promotes trust and the conscious use of new technologies.

On 28.06.2023, the EU member states and the European Parliament agreed on the the EU Data Act, which aims to give users of IoT devices a greater degree of greater degree of self-determination over the use of their non-personal non-personal data (James, 2023). Against this background, the fundamental aim of the project is to address aspects of aspects of data protection of smart home devices, taking into account both the the EU Data Act and the EU GDPR. This includes investigating which data is transmitted by smart home devices the development of safeguards to ensure the rights set out in the EU Data Act and the development of mechanisms for the timely detection of data misuse.

Fig. 1 Main objectives of the project

Fig. 1 Main objectives of the project: The focus is on a data-related review of IoT devices and their protocols in relation to the to the EU Data Act and the EU GDPR. The results can be assigned to four areas can be assigned: Protection mechanisms for the data, map of the actors involved, compliance and a demonstrator.

Project Steps

  • Development of a stakeholder map for the Saxony region to show the distribution of manufacturers of smart home devices. Specifically, the aim is to investigate which regional companies provide smart home infrastructure and how this is used. In this context, cooperation with central companies in the smart home sector in Saxony will be sought and usage statistics will be compiled in order to assess the popularity of the various smart home modules.

  • Investigation of protocols used and data communicated in selected smart home infrastructure. Specifically, we will examine which personal and non-personal data is sent by smart home devices and which protocols are used to transmit this data.

  • Assessment of the data with regard to the requirements of the GDPR and EU Data Act. In detail, it will be determined which data collected falls under the protection status of the GDPR and which data justifies an interest in protection under the EU Data Act. Furthermore, the extent to which the user has control over the transfer and use of personal and non-personal data sent will be discussed.

  • Development of protection mechanisms and strategies to enforce the rights arising from the EU Data Act. Specifically, approaches and concepts are to be developed that empower users to share the data generated by the devices they use in a self-determined manner in order to avoid unauthorized access and disclosure as well as redundant data collection.

  • Implementation of a showroom in which data flows and protection mechanisms in the smart home are mapped transparently. Specifically, this is to be integrated as part of the university’s internal TELEWERK real-world laboratory, which serves to unite science, business and society. Visitors will have the opportunity to find out about the resulting data flows and possible protection mechanisms of smart home devices.

  • Analysis of attack vectors for compromising the infrastructure, including the previously developed protection mechanisms to determine their robustness.

  • Development of a system for live data stream analysis of smart home infrastructure with the aim of detecting anomalies and indications of data misuse. Specifically, a system is to be designed using modern methods in the field of artificial intelligence that is able to inform users about unauthorized data access by monitoring smart home data streams.

References

James, K. (2023, June 28). Internet der Dinge: EU-Staaten und EU-Parlament einigen sich auf Datengesetz. Die Zeit. https://www.zeit.de/digital/2023-06/eu-einigung-datengesetz-data-act-datensaetze-datenschutz