Cloud-Assisted IoT Systems Privacy--2020Q1

PI(s), Co-PI(s), Researchers: Fengjun Li, Bo Luo

HARD PROBLEM(S) ADDRESSED

The goal of this project is to develop principles and methods to model privacy needs, threats, and protection mechanisms in cloud-assisted IoT systems. The work aims to address the hard problems of resilient architectures, security metrics as well as scalability and composability.

PUBLIC ACCOMPLISHMENT HIGHLIGHTS

• We have studied the IoT device identification problem in this quarter. While it is critical for system administrators to identify the type and/or model of devices connected to the network, mobile and IoT devices are not obligated to report their detailed identities when joining (public) wireless networks. Moreover, the device attributes can be easily forged by the adversaries. To address the problem, we have designed a novel device identification mechanism that recognizes the manufacturer, type and model of wireless devices using features extracted from broadcast/multicast (BC/MC) packets. We have also developed an abnormal device detection mechanism that discovers the subtle evidence of inherent discrepancies across BC/MC packets to identify fabricated, counterfeit, or forged devices. The results are accepted in the 2020 USENIX Security Conference.
• IoT apps developed by device manufacturers or third-party developers may collect various types of privacy-sensitive information about the user, and sometimes, share the information with external entities and other apps. However, few apps provide sufficient documentation about their data collection and usage. The privacy information about the user may be exported to external entities without the user's awareness nor consent. In this quarter, we continued on assessing the privacy risks of IoT apps in cloud-assisted IoT systems. The goal is to locate privacy-sensitive information collected by an IoT app and exported to external entities, and develop an automated privacy risk analysis framework to identify and measure potential privacy risks of a given IoT app. With this framework, we expect to automatically generate a Privacy Usage Description (PUD) for the apps of IoT devices, in a similar format as the IETF-recommended Manufacture Usage Description (MUD) for IoT devices.

PUBLICATIONS

• Qiang Zhou, Chengliang Tian, Hanlin Zhang, Jia Yu, Fengjun Li, "How to Securely Outsource the Extended Euclidean Algorithm for Large-scale Polynomials over Finite Fields," in Information Sciences, 512, 641-660, 2020.

COMMUNITY ENGAGEMENTS

• Bo Luo was invited to visit the Center for Trustworthy IoT Infrastructure at Japan Advanced Institute of Science and Technology and gave a talk on "A First Cut on IoT Security -- A Cyber-Physical Perspective" on Feb 6, 2020.
• Fengjun Li gave an invited talk on "Privacy-Preserving Collaborative Learning" in the Frontiers Informatics Meetup: Healthcare Data Analytics and Security, Kansas City, KS, USA, March 5, 2020.
• Fengjun Li was invited to give a Professional Skill-Building Webinar on "Social Network Security & Privacy: Learning the Truth While Protecting the Sensitive" in the Spring 2020 Advisory Boards Meeting of the Center for Environmentally Beneficial Catalysis, University of Kansas, April 6, 2020.

EDUCATIONAL ADVANCES

N/A