Principles of Secure BootStrapping for IoT

PI: Ninghui Li; Researchers: Syed Hussain (Post Doc), Weicheng Wang (Graduate Student)

HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.

Policy.

PUBLICATIONS

• Weicheng Wang, Fabrizio Cicala, Syed Rafiul Hussain, Elisa Bertino, Ninghui Li. Analyzing the Attack Landscape of Zigbee-enabled IoT Systems and Reinstating Users' Privacy. WiSec'2020.

KEY HIGHLIGHTS

• We have started working on two new topics, going beyond our previous work with Zigbee: one is Connected Vehicle Systems security, and the other is contact tracing. We found that most old vehicles use weak encryption algorithms, if any, on fob-car communication, which may enable an attacker to impersonate the owner and open or close a vehicle illegitimately. We also found that most of the off-the-shelf OBDs do not employ any authentication scheme. Exploiting this limitation, an adversary can potentially launch remote control attacks to steal vehicle private information and even get access to the vehicle. We have recently started looking at security and privacy concerns in mobile contact tracing apps.

COMMUNITY ENGAGEMENTS

EDUCATIONAL ADVANCES:

• A PhD student is supported on the project. In addition, a postdoctoral fellow, who plans to go into the academia, is being partially supported.