This project consists of the following four major tasks:
- An extensive data collection campaign about the IoT deployments to ascertain the types of deployed IoT devices, their interaction capabilities, and the underlying vulnerabilities;
- Development of a framework that addresses the security and privacy issues and provides external access control for two representative interaction surfaces: BLE and voice-based control;
- Validation of the developed solutions via a full-fledged implementation and experimentation on an IoT testbed;
- User studies to address the deployment and usability challenges of the proposed framework.
The proposed research will also significantly advance the understanding of the challenges to secure IoT interaction surfaces in practice, thus promoting the progress of science. This project will establish a general direction to secure interactions in the current and future IoT deployments. It will offer an additional protection layer in the cases where security cannot be properly built-in and maintained.
By shifting the trust base from the various manufacturers and developers to a single framework under the user’s control, deploying IoT devices will be more feasible and less vulnerable. The proposed framework will help advance the national health, prosperity and welfare, and also secure the national defense. Securing IoT interface surfaces as case studies will be integrated in graduate-level courses, and used to train (especially underrepresented and female) students with interdisciplinary topics that require a balanced mix of theory and practice, thus developing human resources in the nationally needed areas.
This project is funded by the NSF under grant NSF-164613-CPS.
- Kang G. Shin, Professor/Principal Investigator. Email: kgshin at eecs.umich.edu
- Liang He
- Kassem Fawaz, Grad. Student.
- Huan Feng*, Kassem Fawaz*, and Kang G. Shin (*co-primary authors). Continuous Authentication for Voice Assistants. The 23rd Annual International Conference on Mobile Computing and Networking (ACM MobiCom 2017), Snowbird, UT, USA, October 2017. pdf
- Kassem Fawaz, Kyu-Han Kim, and Kang G. Shin. Protecting Privacy of BLE Device Users . The 25th USENIX Security Symposium 2016 (Sec ’16), Austin, TX, USA, August 2016. pdf