Securing Sensors in Insecure IoT

   Information Security Group

This project is no longer listed on and may not be available.

Click here to search for PhD studentship opportunities
  Dr Maryam Mehrnezha  No more applications being accepted  Competition Funded PhD Project (Students Worldwide)

About the Project

Please note that advertised projects are sample projects and prospective applicants are not required to apply to one of the advertised projects, but are welcome to discuss broader research interests with the academic named in the advert - and/or to apply with their own research proposal.

The Centre for Doctoral Training in Cyber Security for the Everyday at Royal Holloway University of London seeks to recruit a PhD student to work on applications of time and delay in cryptographic protocols.

Ubiquitous sensing through IoT has already revolutionized the way we interact with each other and our environment. IoT devices have a multitude of sensors such as Bluetooth and NFC, motion and ambient sensors, and have applications on various platforms such as mobile, wearables, and smart environments (buildings, roads, etc.). While this is exciting, it is also an opportunity for hackers to steal and exploit sensitive information for their individual or organisational advantage.

The current safeguarding methods do not stop sensors from recording, processing and broadcasting sensitive information. This sensor information leakage happens without users’ permission or notification most of the time. The problem is further exacerbated when the sensor, hardware and software resources come from different vendors, who have their own set of privacy and security policies. Securing IoT environments and devices is challenging due to various factors including the computational limitations on such platforms and devices, lack of input and output devices (e.g., monitor and keyboard) for classic security mechanisms (such as passwords), and lack of physical access in certain applications e.g., industrial IoT or medical IoT devices in people bodies. Current protection mechanisms are expensive and operate only on hardware or software levels and are often limited to certain products from specific manufacturers. This leads to high security and safety costs in heterogeneous IoT configurations.

This project aims to find novel alternative solutions for securing IoT environments by exploring the capability of sensors on IoT devices and the current landscape of IoT sensor security, performing attacks and developing low-cost mechanisms to protect the usage of sensors and the generated data in insecure IoT platforms. More specifically, this project aims to: 

·  Study the protection mechanisms in current sensor-based IoT platforms, and classify their security features, potential vulnerabilities, functionality and usability, and cost of implementation.

·   Perform security attacks via IoT sensors including side-channel, fingerprinting, and tracking attacks.

·   Develop cost-effective proof-of-concept systems for security purposes such as pairing devices and authentication in IoT environments based on sensor data including calibration.

Each year, millions of unsecured sensor-enabled IoT devices are shipped to people’s lives, being used by children, adults, elderlies, and people with special needs e.g. in care houses and medical settings. By securing these sensors, we can offer more reliable products to the end-users enabling them to benefit from plenty of useful applications which will improve their quality of life without risk and fear.

We welcome applications from students with an interest in system security projects with a background in computing science, engineering or a very closely related discipline. The student is expected to have a background in mobile and IoT programming and will receive training in sensor, mobile, and IoT security.

Please contact Dr Maryam Mehrnezhad to discuss this further. 

Computer Science (8)

Funding Notes

The Centre for Doctoral Training in Cyber Security for the Everyday can offer up to ten studentships per year, three of which can be awarded to international students (which includes EU and EEA.)
Please ensure you are familiar with the eligibility criteria set by UKRI and their terms and conditions.
In order to apply please visit the CDT website and follow the application instructions.
The studentship includes
* Tuition fees:
* Maintenance: £23,668.00 for each academic year.


[1] Gray, Mehrnezhad, and Shafik. Sensig: Practical IoT Sensor Fingerprinting Using Calibration Data, Security Standardisation Research (SSR), IEEE Euro Security and & Privacy Workshops (EuroS&PW), 2022.
[2] Mehrnezhad, Toreini, Shahandashti, Hao, Stealing PINs via Mobile Sensors: Actual Risk vs User Perception, Springer International Journal of Information Security, 2018.
[3] Mehrnezhad Toreini, Shahandashti, Hao, Touchsignatures: Identification of User Touch Actions and PINs based on Mobile Sensor Data via javascript, Elsevier Journal of Information Security and Applications, 2016
[4] Zhang, Beresford, Sheret. Sensorid: Sensor Calibration Fingerprinting for Smartphones, IEEE Security and Privacy, 2019

Where will I study?

Search Suggestions
Search suggestions

Based on your current searches we recommend the following search filters.