Personal activity data are generated from various aspects of an individual’s life – actual physical activity, occupancy behaviour and preferences, social media activity and more. With the wide adoption of Internet of Things (IoT) technologies, these data can now be captured and stored.
However, this massive volume of data would be useless if they just rested in databases; and this is where data analytics can help. Individuals can find out more about their habits, preferences and discover patterns that would go unnoticed. Organisations can learn the habits of users and target audiences at a big scale, assess their performance and plan accordingly their strategies and products.
The S5 ATracker – Personal data analytics suite
Driven by this potential, Suite5 has developed the S5 Personal Activity Data Analytics Suite (ATracker), a cloud-based analytics engine for activity data (Featured image). The ATracker collects data in an automatic or semi-automatic manner from various data sources, such as social media platforms, wearables, smartphone applications and smart home sensors (Figure 1). Afterwards, with the use of data analytics and machine learning, the ATracker creates information-rich user profiles that are available to the individuals and aggregated, anonymised user Personas for external organisations.
IoT devices, wearables and third-party applications have been accused of infringing basic security requirements, such as the encrypted transmission of passwords, while the diversity in operating systems and the integration of third-party components is a nightmare for system security and trustworthiness assessment. Recently, with the outburst of healthcare-related applications due to the Covid19 pandemic, cybersecurity deficits have come in the foreground (Figure 2)
The role of PUZZLE
As in any cloud-based analytics engine, the development and deployment of the ATracker services requires continuous integration and testing efforts. It is still a challenge to develop on top of the ATracker analytics functionalities its own cybersecurity services, thus leaving security, privacy and performance aspects on the side lines.
However, the personal and sensitive nature of activity data leaves no space for security gaps. A malevolent actor could tamper with the ATracker system and the data in-transit or at-rest in multiple ways (Figure 3) such as:
- compromised devices connecting to the overall system to insert false data, disperse malicious files or gain access to higher levels of control
- sniffing of communication channels to extract sensitive information
- network flooding and other performance and operation-related attacks to overload the system
- and more.
This is where the PUZZLE Cybersecurity-as-a-Service Marketplace can assist, offering services for the protection of data, users and communications at edge and cloud level. The envisioned areas of intervention for PUZZLE involve among others the ongoing risk assessment of the ATracker system for existing and new vulnerabilities, the attestation of devices to ensure the trustworthiness of the exchanged data, and the real-time traffic monitoring at edge and cloud level for the timely identification of threats and attacks.
The PUZZLE consortium is working intensively to specify the cybersecurity needs of a personal data handling system like the ATracker and develop the appropriate services that will be tested and evaluated through the PUZZLE demonstrator activities. We are still in the beginning of this journey, so stay tuned!