The Internet is going through a new phase in which billions of new of devices which sense and interact with the physical world are getting connected in homes, industry, cities, farms, etc. These devices, collectively known as Internet of Things (IoT), bring unprecedented possibilities for improvements in automation, healthcare, transportation, water quality monitoring, agriculture, and disaster response, to name a few. However, this same technology poses serious risks to users' privacy and security. As examples, recent attacks on IoT infrastructure have created threats such as the 'baby camera search engine', and also some of the largest distributed denial of service (DDoS) attacks in history, which brought down the Internet for millions of users for many hours in 2016. In many cases, there are no external signs that IoT devices are being attacked or are operating in a malicious way. This, coupled with complex configurations, insecure default settings, and the difficulty of upgrading devices, makes depending on users or manufacturers to guarantee the security of IoT insufficient. This project aims to revisit the role of the network in protecting infrastructure, home networks and the Internet against these attacks on, and by, IoT devices. In particular, the project will investigate algorithms and designs to effectively detect and defend against these attacks. If successful, the proposed research can have significant impact in society at large by mitigating many of these risks, and enabling greater, safe, adoption of IoT technologies. The proposed research may also change the way home networks are managed, by using smart home routers that understand and mitigate threats, as well as to create new business models for cloud-based outsourcing of these capabilities.

This proposal focuses on important security challenges brought on by IoT. The proposed research will advance our understanding of the traffic characteristics of different classes of IoT devices, and the threats they pose to their users and to the larger Internet infrastructure. The unique features of the IoT environment-- no expert administration, many unpatchable devices, and restricted traffic patterns--justify in-depth exploration of this space. If successful, this research will develop novel ways to detect and mitigate attacks involving home IoT infrastructures, including models, algorithms, and an architecture in which to deploy and test them. In particular, we propose to (i) characterize and identify traffic patterns of normal and compromised home IoT devices, (ii) devise new methods of detecting and mitigating attacks that both target and use IoT devices, leveraging the unique characteristics of IoT devices and their deployments, and (iii) create and deploy a prototype architecture based on home routers, both individually and in concert, to test these ideas. The architecture will run the distributed and centralized components of the models, detect attacks, and isolate compromised devices. The project will use the comprehensive characterization of (a variety of) IoT device behavior to derive effective and dynamic policies, and to design user-friendly mechanisms that directly manage a heterogeneous data plane and resolve policy conflicts in order to prevent these attacks from happening and from spreading. These efforts will be able to inform both manufacturers and users of best practices on how to configure, update, and use IoT devices, enabling a path in which we attain the potential benefits of IoT for society at large, without the current risks that threat to hinder its adoption.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Type
Standard Grant (Standard)
Application #
1816340
Program Officer
Ann Von Lehmen
Project Start
Project End
Budget Start
2018-10-01
Budget End
2021-09-30
Support Year
Fiscal Year
2018
Total Cost
$499,995
Indirect Cost
Name
Brown University
Department
Type
DUNS #
City
Providence
State
RI
Country
United States
Zip Code
02912