IoT Security and Privacy

The Internet-of-Things (IoT) is primarily associated with “smart home” devices like Alexa. But, IoT technologies are also integral parts of industrial systems, and even provide software updates to the electronic control units on automobiles. Despite the growing number of IoT applications, these devices often run insecure software and engage in obscure privacy practices, such as sending data to unknown third parties. The Center for Cybersecurity is currently analyzing the security and privacy threats from real-world IoT devices from all over the world through the IoT Inspector project. Data gathered using this tool is shared with consumers to educate them about the risks, and with other researchers who can use the information  to mitigate these threats. Other CCS research teams have introduced practical strategies to protect software updates for automotive electronic control units and other systems that rely on software over the air update strategies. This research goes hand in hand with other areas of CCS, including Privacy and Data Protection, Securing Cyberphysical Systems, and Supply Chain Security.

Relevant Faculty

1. Justin Cappos
2. Danny Yuxing Huang
3. Randal Milch
4. Quanyan Zhu

Labs

1. Vertically Integrated Projects (VIP) Program @ LARX
2. mLab
3. Secure Systems Lab

Sample Projects/Papers/Programs

1. IoT Inspector
2. “ ‘It would probably turn into a social faux-pas:’ Users’ and Bystanders’ Preferences of Privacy Awareness Mechanisms in Smart Homes”
3. Uptane
4. “Combating Ransomware in Internet of Things: A Games-in-Games Approach for Cross-Layer Cyber Defense and Security Investment”
5. “A First Legislative Step in the IoT Security Battle”
6. IoT and Supply Chain Security (book chapter)

Grants

1. Consumer Reports Digital Lab Fellows  (Danny Yuxing Huang)