Security and Privacy in the Lifecycle of IoT for Consumer Environments (SPLICE)

CS89/189.26, Fall 2020
Professor David Kotz

Description

We are entering an era of Smart Things, in which everyday objects become imbued with computational capabilities and the ability to communicate with each other and with services across the Internet.  Indeed, the Internet of Things now involves the deployment of Smart Things in everyday residential environments – houses, apartments, hotels, senior-living facilities – resulting in Smart Homes. Although Smart Things offer many potential benefits, they can also create unsafe conditions and increase risk of harm to persons and property. This course explores the key security and privacy challenges required for the vision of Smart Homes to be safely realized, with an explicit focus on consumer-facing “things” where end-user privacy and usability are essential. It will take a holistic approach to the entire lifecycle of security, privacy, and usability challenges from the perspective of the everyday consumer who interacts with Smart Things (intentionally or unintentionally) in a residential setting. Students will read, present, and discuss papers from the research literature; write a survey paper about a subset of the research literature; and conduct a security analysis of a current commercial “smart thing”. Guest lecturers will join the class, weekly, to share expertise from both industry and research.

Prerequisites

Required: COSC 50, and experience or willingness to read technical research literature.

Useful: COSC 55, 58, 60, 62, 67, 91.

Time slot

F slot: MWF 2:35-3:40 EDT, with some Thu 1:40-2:30 EDT, as defined by the new timetable. This course will proceed entirely online, with synchronous meetings. Note the new fall-term calendar.

Structure (preliminary)

Each student will present several papers from the literature, for in-class discussion. In a typical week four students will be responsible for selecting and presenting one paper each; a fifth paper or product will be discussed with remote experts who visit the class. Non-presenting students will be expected to read the paper and be prepared to discuss it in-class.

Each student will write a survey paper, due in the middle of the term, in which they read, organize, and summarize papers on a relevant topic of their choosing.

Each student will also write a final paper, due at the end of the term; the student may choose (a) a research paper, (b) a security analysis, or (c) a privacy analysis. The research paper allows the student to pursue a research idea and to draft a paper for submission to a conference.  The security or privacy analysis allows the student to study an existing smart-home device or system, based on review of documentation and hands-on experiments with the product. Each student will briefly present their final paper in the last week of the term.