Information and Communication Technology 2019ICT19-056

IoTIO: Analyzing and Understanding the Internet of Insecure Things


Principal Investigator:
Institution:
Co-Principal Investigator(s):
Kevin Borgolte (Princeton University)
Status:
Laufend (01.06.2020 – 31.05.2024)
Fördersumme:
€ 783.940

Consumer devices, from door locks to light bulbs, are becoming increasingly smart. They are linked with other devices as part of smart homes and offices, usually Internet-connected, and may be publicly accessible through misconfiguration or IPv6. The corresponding security and privacy implications have yet to be explored in depth, and their analysis is complicated by device type and architecture diversity. Prior work focused on case studies of specific device types, or analyzed devices' firmware in isolation, requiring substantial manual effort. In contrast, the automatic analysis of devices' interaction with their environment and other devices could uncover new vulnerability types and privacy violations. In this project, we will propose scalable techniques to analyze smart devices for potential vulnerabilities based on how they are collecting, processing, and sharing data by interacting with their mobile companion app or smart hubs. We will provide a proof-of-concept tool to show our research's practicality. The basis of our project are novel software and network analyses of companion apps and hub integration to synthesize protocols, discover commands to exercise device functionality, and identify information flows -- without requiring access to the smart devices themselves. The project is a multi-disciplinary research effort enabling security and privacy analyses. It has also societal impact by enabling informed decision making by manufactures, lawmakers, and users.

 
 
Wissenschaftliche Disziplinen: Security research (80%) | Software development (10%) | Network engineering (10%)

Wir nutzen Cookies auf unserer Website. Einige von ihnen sind technisch notwendig, während andere uns helfen, diese Website zu verbessern oder zusätzliche Funktionalitäten zur Verfügung zu stellen. Weitere Informationen