In 2019, twelve projects were selected to be funded under IoT@CyLab for one year, and results were presented at the IoT@CyLab annual summit in 2020.

All projects fall under one of the three IoT@CyLab main research themes:

Funding for these projects was made possible by sponsorships from Amazon Web Services, AT&T Mobility, Infineon Technologies, and Nokia Bell Labs. These sponsors were active in working with IoT@CyLab co-directors Anthony Rowe and Vyas Sekar on the request for proposals and proposal review.

Not all IoT-related projects at CMU are funded under this initiative. Explore other IoT projects at CMU.

 

Trust

Securing Embedded Software

Today, we don't have security analysis that can find rounding errors and other critical bugs. Not a big deal for a webserver, but a huge deal for IoT devices found in cars, automobiles, and planes. We are research and developing new tools to help identify such problems and releasing our tools as open source at https://github.com/binaryanalysisplatform/bap

Principle Investigator (PI):

  • David Brumley, Professor of Electrical and Computer Engineering (ECE)

 

Toward a Smarthome IoT Infrastructure Free of Privacy Leaks and Software Vulnerabilities

The software components of home IoT ecosystems are often constructed from off-the-shelf components, like messaging libraries. This project examines to what extent use of such components introduces risks to users' data, including due improper configuration of and vulnerabilities in the off-the-shelf components. The project will both empirically quantify these risks and develop tools and guidance to avoid them.

Co-Principle Investigators (Co-PI):

  • Lujo Bauer (ECE, ISR)
  • Limin Jia, Associate Research Professor (ECE)

 

IoT Device Privacy and Security Nutrition Labels 

Our ongoing project is to design a privacy and security label for IoT devices based on inputs from privacy and security experts and follow-up user studies with average consumers. The label, which may appear online or on physical product packaging, will contain information about key privacy and security factors such as the types of data the device is collecting, the purpose of data collection, who the data is being shared with, the security update lifetime, the average response time to patch a found vulnerability, and whether or not the device is receiving signed and critical automatic updates. The labels are designed to educate consumers to make more informed IoT-related purchase decisions, allow for product comparisons based on privacy and security properties, and promote device manufacturer accountability for privacy and security.

Co-PIs:

  • Lorrie Cranor (ISR, EPP)
  • Yuvraj Agarwal, Assistant Professor (ISR)

 

Wireless Physical Layer Security

This project aims to develop an authentication paradigm for extremely low-power wireless devices, the vast majority of connected devices in the Internet of Things. We aim to do so by learning unique hardware-specific imperfections that these radios inevitably manifest in the signals they transmit. The project aims to leverage these imperfections to tackle a wide range of security and privacy challenges in low-power networks.

PI:

  • Swarun Kumar, Assistant Professor (ECE)

 

Lightweight Quantized Deep Neural Networks for IoT Devices

Co-PIs:

  • Shawn Blanton, Trustee Professor (ECE)
  • Diana Marculescu, David Edward Schramm Professor (ECE)

 

 

Accountability

Internet of Things Compliance Gaps Under New California Laws

The new California Consumer Privacy Act (CCPA) creates new rights for Californians. CCPA is similar to, but different from, Europe’s GDPR, and very like requires new implementation work. Our research captures the compliance gap between what IoT makers do today, and what they will need to do in order to comply with CCPA.

PI:

  • Aleecia M. McDonald, Assistant Professor of the Practice (INI)

 

Third-Party Network Traffic Attribution and Cross-Device User Tracking for IoT and Web

Not long after the invention of the cookie, online advertisers realized technical features of the web could facilitate fine-grained observation of user behavior.  By the time mobile “apps” debuted there was an extensive industry ready and willing to apply web tracking techniques to a new medium.  The purpose of this study is to investigate if tracking techniques from web and mobile are migrating into the IoT space.  We will seek to determine what third-parties, if any, are capable of tracking users across web, mobile, and IoT, and what policies, if any, regulate the collection and processing of IoT data.

PI:

  • Timothy Libert, special faculty in the School of Computer Science (SCS)

 

Privacy-preserving Inference and Decision-Making with IoT Data 

In the age of Internet-of-things (IoT) and edge computing, various data-collection mechanisms are constantly collecting rich data about the environment. While these data are an essential component of smart decision-making and inference, they can reveal sensitive information about individuals and violate their privacy. Commercial adoption of data analytics systems will be constrained by these privacy issues, in both regulatory domain (e.g., the EU General Data Protection Regulation, GDPR) and from the users' trust perspective. This project aims to enable statistical inference and learning systems without compromising individual privacy. To achieve this goal we will pursue: i) the design of data-collection mechanisms that protect individual privacy, while still providing useful information about the system as a whole;  ii) provably optimal techniques to combine information collected from heterogeneous sources; iii) algorithms to sequentially obtain measurements in order to minimize the cost of data collection.

Co-PIs:

  • Gauri Joshi, Assistant Professor (ECE)
  • Osman Yagan, Associate Research Professor (ECE)

 

Privacy Preserving Data Analytics using Secure Multi-Party Computation

IoT devices collect a significant amount of data and this is expected to go up even further. There is a need to develop data analytics techniques which can respect the privacy constraints. In this project, we will investigate privacy preserving data analytics by using the cryptographic technique of secure multi-party computation (MPC).

PI:

  • Vipul Goyal, Associate Professor (CSD)

 

 

Autonomous Healing

Flipping the Cloud: Managing and Protecting IoT Interactions among Mutually Distrusting Stakeholders at the Network Edge

The future of IoT software will involve complicated interactions among multiple stakeholders, including software developers, hardware manufacturers, infrastructure providers, network operators, users, and regulators, many of which involve user data.  However, according to many current and future visions, users have very little control over the data they create.  This project focus on how to change this by allowing users to directly influence or even control the data that relates to them, including data ownership, privacy, and sharing; at the same time, our approach can maintain value provided to other stakeholders. Our approach builds on core technologies of edge computing, hardware security, and regulation of information.

PI:

  • Patrick Tague, Associate Director, Information Networking Institute (INI); Associate Research Professor (ECE, INI)

 

IoTHub for Managing and Securing Devices in the Home

We are building an IoTHub that will make it easy for everyday consumers to manage and secure IoT devices in the context of homes. Think of this hub like a smart WiFi router for IoT devices, which also offers services and functionality to help with managing and securing IoT devices, especially low-end devices that have minimal computational and networking capabilities.

PI:

  • Jason Hong, Professor (HCII)

 

Do-It-Yourself-Locally: An IoT Architecture for Localized Data Control for Privacy and Security

Most IoT devices these days come vertically integrated with the manufacturers proprietary backend services, raising serious privacy concerns since users have to cede complete control over their sensitive data and implicitly trust the manufacturer without much  transparency on how their data will be used. To protect users’ privacy without compromising the functionality of the current IoT ecosystems, we propose a new clean-slate IoT architecture -- DIYL -- that safely extends a local IoT hub’s data control to generic cloud platforms. In DIYL, IoT apps execute either locally or are securely offloaded to a DIYL supported generic cloud platform (e.g. Amazon AWS) using primitives that provide secure execution and data privacy, completely in the user's control.

PI:

  • Yuvraj Agarwal, Assistant Professor (ISR)

 

 

Other IoT projects at CMU

End-to-End Support for Privacy in the Internet of Things

We are developing new programming models and new privacy models for making it easier to develop and deploy apps on top of an IoT infrastructure. Examples include stream-based programming models for accessing sensitive data, ways for developers to declare their purpose of us for sensitive data, and new kinds of access control mechanisms based on proximity.

Co-PIs:

  • Yuvraj Agarwal (ISR)
  • Jason Hong, Professor (HCII)

 

Analysis of Security-Relevant Configuration Options in IoT Infrastructure

The objective of this project is to secure modern cyber-physical systems and internet of things (IoT) devices that are built on layers of reusable software components and infrastructure by understanding, modeling, and offering decision support regarding the impact of configuration options and their interactions on the functionality, performance, energy consumption, and attack surface of the system. 

Co-PIs:

  • David Garlan (ISR)
  • Christian Kaestner (ISR)
  • Bradley Schmerl (ISR)

 

Crowdsourced Smart Cities

PI:

  • Bob Iannucci (ECE)

 

The Usable Privacy Policy Project

Co-PIs:

  • Norman Sadeh (ISR)
  • Alessandro Acquisti (Heinz College)
  • Travis Breaux (ISR)
  • Lorrie Cranor (ISR, EPP)
  • Joel Reidenberg (Fordham University)
  • Barbara va Schewick (Stanford University)
  • Noah Smith (University of Washington)

 

Personalized Privacy Assistants for IoT

Co-PIs:

  • Norman Sadeh (ISR)
  • Alessandro Acquisti (Heinz College)
  • Lujo Bauer (ECE, ISR)
  • Lorrie Cranor (ISR, EPP)
  • Anupam Datta (ECE)

 

Privacy Infrastructure for IoT

Co-PIs:

  • Norman Sadeh (ISR)
  • Alessandro Acquisti (Heinz College)
  • Lujo Bauer (ECE, ISR)
  • Lorrie Cranor (ISR, EPP)
  • Anupam Datta (ECE)

 

GymCam

Co-PIs:

  • Mayank Goel (HCII)
  • Chris Harrison (HCII)

 

Ubicoustics

Co-PIs:

  • Chris Harrison (HCII)
  • Mayank Goel (HCII)

 

SCION Next-Generation Secure and Available Internet for IoT

SCION provides path-aware networking and hidden path routing, as well as enhanced bandwidth availability and reliability through multipath operation and path-optimization.

Learn more about SCION.