NSF-164613-CPS: Breakthrough: Secure Interactions with Internet of Things


Project description

The objective of this research is to (1) gain insights into the challenges of securing interactions in Internet of Things (IoT) deployments, (2) develop a practical framework that mitigates security and privacy threats to IoT interactions, and (3) validate the proposed framework in a medium-scale IoT testbed and through user studies. The emerging IoT computing paradigm promises novel applications in almost all sectors by enabling interactions between users, sensors, and actuators. These interactions can take the form of device-to-device (e.g., Bluetooth Low Energy (BLE)) or human-to-device (e.g., voice control). By exploiting vulnerabilities in these interaction surfaces, an adversary can gain unauthorized access to the IoT, which enables tracking, profiling and posing harm to the user. With the thousands of diverse IoT manufacturers, developers, and devices, it is very challenging, if not impossible, to ensure all devices are properly secured at production and kept up-to-date after production. IoT users and administrators have to place their trust in a set of devices, with the least secure device breaking the security chain.

This project consists of the following four major tasks:

  1. An extensive data collection campaign about the IoT deployments to ascertain the types of deployed IoT devices, their interaction capabilities, and the underlying vulnerabilities;
  2. Development of a framework that addresses the security and privacy issues and provides external access control for two representative interaction surfaces: BLE and voice-based control;
  3. Validation of the developed solutions via a full-fledged implementation and experimentation on an IoT testbed;
  4. User studies to address the deployment and usability challenges of the proposed framework.

The proposed research will also significantly advance the understanding of the challenges to secure IoT interaction surfaces in practice, thus promoting the progress of science. This project will establish a general direction to secure interactions in the current and future IoT deployments. It will offer an additional protection layer in the cases where security cannot be properly built-in and maintained.

By shifting the trust base from the various manufacturers and developers to a single framework under the user’s control, deploying IoT devices will be more feasible and less vulnerable. The proposed framework will help advance the national health, prosperity and welfare, and also secure the national defense. Securing IoT interface surfaces as case studies will be integrated in graduate-level courses, and used to train (especially underrepresented and female) students with interdisciplinary topics that require a balanced mix of theory and practice, thus developing human resources in the nationally needed areas.

This project is funded by the NSF under grant NSF-164613-CPS.



  • Kang G. Shin, Professor/Principal Investigator. Email: kgshin at eecs.umich.edu

Research Fellows

  • Liang He


  • Kassem Fawaz, Grad. Student.


  • Huan Feng*, Kassem Fawaz*, and Kang G. Shin (*co-primary authors). Continuous Authentication for Voice AssistantsThe 23rd Annual International Conference on Mobile Computing and Networking (ACM MobiCom 2017), Snowbird, UT, USA, October 2017. PDFpdf
  • Kassem Fawaz, Kyu-Han Kim, and Kang G. Shin. Protecting Privacy of BLE Device Users The 25th USENIX Security Symposium 2016 (Sec ’16), Austin, TX, USA, August 2016. PDFpdf