Computer Science Thesis Oral
In Person and Virtual - ET - Reddy Conference Room, Gates Hillman 4405 and Zoom
HAN ZHANG , Ph.D. Candidate, Computer Science Department, Carnegie Mellon University
Secure and Practical Splitting of IoT Device
Internet-of-things (IoT) devices have rapidly gained popularity in people's daily lives. While these devices provide many smart functionalities and enable new applications, they raise several security and privacy concerns and practical operational challenges for device users and vendors. With their growing adoption and sheer volumes in deployment, IoT devices have become attractive targets for attackers, and many recent security incidents have had broad and serious impacts. Meanwhile, IoT devices can collect a wide range of personal data through sensors and ubiquitous placements. It is an important challenge for device vendors to protect users' privacy and manage access control properly. In addition, device vendors have to invest heftily in cloud infrastructures to mitigate the limited computation resources on devices. With more and more devices installed in the future, the demand for more computation will also increase.
We attribute these concerns and challenges of future IoT deployment partially to the predominant monolithic design of IoT devices and applications. Device vendors must take responsibility for many tasks, including managing device security, protecting user data privacy, and maintaining cloud infrastructure efficiently. However, device vendors mainly focus on building compelling applications to attract more users. Therefore, they have to prioritize certain tasks over other responsibilities, given the limited engineering resources. As a result, the current monolithic design leads to many vulnerabilities, security incidents, and inefficiencies.
In this thesis, we argue that by combining formal security analyses and performance optimizations, we can break IoT devices' monolithic design and offload many high-level functionalities to third-party services, improving IoT devices' security and privacy while minimizing performance impacts.
In particular, we design three systems — TEO, Capture, and VeriSplit — to showcase the potential benefits of functionality splitting. Each of these systems delivers strong security and practicality guarantees. We demonstrate their feasibility and effectiveness with prototype implementations and evaluations using various smart home applications. Overall, we present several techniques enabling secure and practical functionality splitting in IoT devices.
Yuvraj Agarwal (Co-chair)
Matt Fredrikson (Co-chair)
Alec Wolman (Microsoft Research)
In Person and Zoom Participation. See announcement.