More and more objects used in daily life have Internet connectivity, creating an "Internet of Things" (IoT). Computer security and privacy for an IoT ecosystem are fundamentally important because security breaches can cause real and significant harm to people, their homes, and their community. These security issues also are very challenging not only because of the properties of IoT devices themselves but also because the users are diverse, vary in their technical knowledge and access to technical support, and include vulnerable populations such as children and those using in-home care technologies. Moreover, additional risks emerge when users combine technologies in unexpected ways.
Meeting the challenges of IoT security and privacy requires a large, interdisciplinary effort. An effective approach to IoT security and privacy is holistic, integrating human-computer interaction, network security, cryptography, and pervasive computing. Enforcing cryptographic requirements requires not only building systems that can function on low-capacity IoT devices, but also using threat models that incorporate human requirements. Translating security and privacy requirements and preferences requires understanding what people want, presenting the technologies in a manner people can understand, and knowing what is technologically realistic. This requires behavioral and organizational research, with discussions involving public and private sector stakeholders. The project is developing a foundation for IoT security and privacy that is intuitive, natural to the human experience, provides the necessary technical guarantees, and facilitates adoption by the larger IoT community of users and manufacturers.
|