Visible to the public Cloud-Assisted IoT Systems Privacy--2020Q2Conflict Detection Enabled

Submitted by FengjunLi on Thu, 07/09/2020 - 12:41am

PI(s), Co-PI(s), Researchers: Fengjun Li, Bo Luo

HARD PROBLEM(S) ADDRESSED

The goal of this project is to develop principles and methods to model privacy needs, threats, and protection mechanisms in cloud-assisted IoT systems. The work aims to address the hard problems of resilient architectures, security metrics as well as scalability and composability.

PUBLIC ACCOMPLISHMENT HIGHLIGHTS

  • The proliferation of IoT devices makes it possible to collect and exchange various types of information with minimal human intervention. To leverage the increased volume and enriched types of IoT data from multiple sources, task-specific deep learning models should be trained to gather insights and support intelligent services. However, transmitting data samples and trained models between a large number of devices and the server inevitably results in high communication overhead and latency. Moreover, data collected by IoT devices may contain privacy-sensitive information. Transmitting such data to a central server raises various privacy concerns due to the inadvertent misuse or abuse at the server and malicious attacks from the external. To train a global deep neural networks (DNN) over data across resource-constrained IoT devices without leaking data of individual devices, we develop an auditable privacy-preserving federated transfer learning (PPFTL) framework to integrate three transfer learning techniques with the federated learning framework, while providing an enhanced privacy protection against a honest-but-curious server and potentially malicious IoT devices. PPFTL incorporates local adaptation and model personalization techniques into the federated learning setting to achieve faster convergence rate and smaller number of training rounds. In this way, the computation overhead for local training is greatly reduced for IoT devices. In PPFTL, each participant locally trains a personalized model using transfer learning without revealing its sensitive data to any other party. In learning, individual model updates are encrypted and hidden from all other entities, which makes model inference attacks impossible. Finally, as training proceeds, the intermediate results such as local updates and the global model of each round are maintained in the encrypted form in the blockchain. Once an attack is detected or suspected, the aggregator or a verifier can step in to trigger a recovery. We implemented the proof-of-concept PPFTL framework with 12 Raspberry Pis and demonstrate its efficiency and effectiveness with extensive experiments.
  • The Controller Area Network (CAN) has been widely used in cyber-physical systems to support the communication between microcontrollers. However, in its initial design, CAN only provided very limited security features, which is seriously behind today's standards for secure communication. We investigate the security of CAN communication protocol and discovered a new stealthy denial of service (DoS) attack against targeted microcontrollers (e.g., ECUs in automotive systems) on CAN. The attack is hardly detectable since the actions are perfectly legitimate to the bus. To defend against this new DoS attack and other existing denial and spoofing attacks, we design a CAN firewall to prevent malicious nodes' misbehaviors such as injecting unauthorized commands or disabling targeted services. We implement our CAN firewall on a cost-effective and open-source device, to be deployed between any potentially malicious CAN node and the bus. Therefore, it does not require to modify CAN or existing ECUs. This work has been accepted to ESORICS 2020 for publication.

PUBLICATIONS

  • N/A

COMMUNITY ENGAGEMENTS

  • Fengjun Li gave an invited talk on "Achieving Accountable Single Sign-on with Ticket Transparency" in the Secure Multiparty Computation Symposium, May 30, 2020.
  • Bo Luo gave an invited talk on "Mobile and IoT Device Identification" in the Secure Multiparty Computation Symposium, May 30, 2020.
  • Bo Luo gave a guest lecture on "Privacy, a Computer Science perspective" to JOUR790 Social Media Research & Analysis at the School of Journalism and Mass Communications, The University of South Carolina, April 15, 2020.

EDUCATIONAL ADVANCES

N/A

Groups: