Principles of Secure BootStrapping for IoT

PI(s), Co-PI(s), Researchers:

HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.

Policy.

PUBLICATIONS
Papers written as a result of your research from the current quarter only.

None.

KEY HIGHLIGHTS
Each effort should submit one or two specific highlights. Each item should include a paragraph or two along with a citation if available. Write as if for the general reader of IEEE S&P.
The purpose of the highlights is to give our immediate sponsors a body of evidence that the funding they are providing (in the framework of the SoS lablet model) is delivering results that "more than justify" the investment they are making.

• Since some IoT devices also use cellular network, we also looked at privacy problems in 4G and 5G cellular networks. To conserve energy, a cellular device needs to stay mostly in an idle, low-power state when not used. To enable a device to respond to incoming calls and various types of messages, a paging (broadcast) protocol is used, such that a cellular device wakes up periodically. We identified inherent vulnerabilities in the paging protocols that enables an adversary who knows the phone number (or other software ids such as Twitter handle) to identify whether a cellular device is present in a physical region. We also discovered attacks that enable the recovery of persistent identity (such as IMSI) of cellular devices.

COMMUNITY ENGAGEMENTS

• We have notified the GSM Association about our findings and are in communication with them.

EDUCATIONAL ADVANCES:

• A local high school science teacher contacted me about research opportunities for high school students, and we have involved a high school student in the research on IoT security.