Dagstuhl Seminar 24312
Security and Privacy of Current and Emerging IoT Devices and Systems
( Jul 28 – Aug 02, 2024 )
(Click in the middle of the image to enlarge)
Permalink
Please use the following short url to reference this page:
https://www.dagstuhl.de/24312
Organizers
- Bruno Crispo (University of Trento, IT)
- Alexandra Dmitrienko (Universität Würzburg, DE)
- Gene Tsudik (University of California - Irvine, US)
- Wenyuan Xu (Zhejiang University - Hangzhou, CN)
Contact
- Michael Gerke (for scientific matters)
- Christina Schwarz (for administrative matters)
Shared Documents
- Dagstuhl Materials Page (Use personal credentials as created in DOOR to log in)
Over the past two decades, there has been a surge in the popularity of Internet-of-Things (IoT) devices and Cyber-Physical Systems (CPS). These devices are now commonplace in private settings, such as homes, offices, and factories, and public spaces like cultural, entertainment, and transportation facilities. They are also extensively used in farming, industrial, and vehicular automation. Furthermore, they are often interconnected and connected to the global Internet. These devices are typically built using low-end microcontroller units (MCUs), which have strict cost, size, and energy constraints and lack security features compared to their higher-end counterparts. As a result, these embedded devices, including sensors, actuators, and hybrids, have become attractive targets for various types of attacks. The focus of these attacks ranges from privacy concerns in the context of sensing, to safety and security issues in the context of actuation, and even zombification, as seen in the infamous Mirai botnet.
The goal of the Dagstuhl Seminar was first to explore the landscape of attacks on current and emerging devices and then to identify and discuss promising research directions for effective countermeasures, both reactive and proactive. The relationship between academic research and industry was also of interest; specifically, to what extent is there a flow of ideas and innovation from the research community and device manufacturers, and what can be done to improve it.
The original proposal for this Dagstuhl Seminar included nine topics. However, once the seminar was approved and attendees were confirmed, it turned out that some of the topics simply did not have sufficient numbers of interested participants. In the end, five topics "survived" to the actual seminar and became - together with one new topic - individual sessions. (The session leader(s) are mentioned in parenthesis.):
- Security and Privacy Challenges in IoT-instrumented spaces (Gene Tsudik) - originally named Implications of increasing human immersion in instrumented spaces. The increasing human immersion in instrumented spaces, such as smart homes, offices, and cities, brings new security and privacy challenges. The proliferation of interconnected devices that collect, store, and transmit personal data creates a larger attack surface for cybercriminals. Additionally, users may not be aware of the privacy implications of these devices and the data they generate. The seminar participants will focus on emerging privacy concerns and discuss the ways to protect users' personal data while still enabling the functionality of these devices. Another challenge is the lack of standardization, which makes it difficult to create uniform security and privacy mechanisms and ensure the interoperability of different devices.
- Realizing Security/Privacy Services Across Hardware and Software Boundaries (Alexandra Dmitrienko) - originally named Scope of potential security/privacy services and how they should be realized across the SW/HW boundary. Currently, microprocessors and many hardware platforms implement many security mechanisms, such as PAC, MTE, BTI, PUF, shadow stacks, and others, in hardware. However, more high-level trusted services (such as remote attestation, authentication, etc.) implemented in software on these platforms only partially, if at all, utilize these available mechanisms. To fully realize the potential of these security features implemented in hardware, a more systematic co-design of hardware and software is required. This approach can result in more efficient implementation of existing trusted services, as well as the design of new ones, thereby enhancing the overall security and privacy of IoT platforms.
- The Role of Secure Hardware (Trusted Computing) in IoT Security (Bruno Crispo) - originally named The Role of Trusted Computing in providing robust security services for IoT. Trusted Execution Environments (TEEs) and Roots of Trust (RoTs) are common Trusted Computing tools in the academic literature related to IoT security. Specific instances have also been implemented in the industry (e.g., ARM TrustZone, Intel SGX, etc.). However, the first generation of TEEs has shown to be vulnerable to security issues. Therefore, major vendors and initiatives like RISC-V are revisiting trusted computing architectures to avoid past pitfalls. Hence, it is important to establish what types of Trusted Computing technologies are needed for different types of devices and under what types of attacks to ensure effective security measures.
- Balancing mission-criticality, safety, and security in system design (Wenyuan Xu) - originally named Mission-criticality/safety vs. security/privacy. When it comes to mission-critical systems, striking a balance between safety and security can be challenging. Security measures often come with real-time overhead such as timing delays, interruptions, and increased bandwidth usage. In critical settings where safety is the primary concern, these impacts can have significant consequences. Unfortunately, safety and security requirements are often treated in isolation during the design process, without considering their natural implications and the correlation between them. This separation is also reflected in the evaluation of these systems, with different and separate standards and regulations for assessing safety and security. To address this challenge, it is important to consider these two concerns jointly rather than in isolation. By doing so, unexpected interferences between the two subsystems can be avoided. A comprehensive approach to designing and evaluating mission-critical systems should take into account both safety and security requirements in an integrated manner. This will help ensure that these systems operate reliably and securely, without compromising on safety.
- Security Challenges in Unattended (IoT) Environments, e.g., Low-Orbit Satellites (Wenyuan Xu and Bruno Crispo) - originally named Space and other challenging (unattended) environments. Low-orbit satellites are becoming increasingly popular. Deployed on a large scale, they are expected to provide ubiquitous Internet connectivity. However, these satellites operate in challenging, unattended environments that are physically inaccessible to humans. Despite the absence of attacks on low-orbit satellites thus far, it is only a matter of time before they become a target. The central challenge for designers of low-orbit satellite systems is to develop resilient and fault-tolerant security methods that can mitigate attacks from both far away and nearby sources. The remoteness of these satellites makes it difficult to detect and respond to attacks in real time, which increases the importance of designing security measures that can withstand attacks and continue operating even if a compromise occurs.
- Addressing the scalability challenge in securing large IoT deployments (Alexandra Dmitrienko and Gene Tsudik).
Creative Commons BY 4.0
Bruno Crispo, Alexandra Dmitrienko, Christoph Sendner, Gene Tsudik, and Wenyuan Xu
Over the past two decades, there has been a significant surge in the popularity of Internet-of-Things (IoT) devices. They have become ubiquitous in various settings, including private (e.g., homes, offices, and factories), semi-private (e.g., rentals and hotels), as well as public (e.g., cultural, entertainment, and transportation). They also play an important role in applications domains, such as military, agriculture, industrial processes, and vehicular automation. In many settings, IoT devices perform safety-critical functions. Furthermore, they are often interconnected and/or connected to the global Internet.
On the lower end, IoT devices are usually constructed using low-end micro-controller units (MCUs), which are subject to constraints on cost, size, and energy. Compared to their higher-end counterparts, these devices tend to lack security features. Due to the sensitive information they collect and their frequent involvement in safety-critical actuation tasks, they represent attractive targets for attacks. These attacks span a wide spectrum of concerns, ranging from privacy associated with sensing to safety and security in the context of actuation. There have even been instances of large-scale device zombification, exemplified by the infamous Mirai botnet.
This Dagstuhl Seminar aims to explore the landscape of attacks on IoT devices, discuss potential research directions for effective countermeasures, and facilitate the relationship between academia and industry in addressing these challenges.
Specific topics to be discussed include:
- Balancing mission-criticality, safety, and security in system design
- The role of secure hardware (Trusted Computing) in IoT security
- Realizing security/privacy services across hardware and software boundaries
- Addressing the scalability challenge in securing large IoT deployments
- The value of formal methods and verification in IoT security
- The lifecycle of digital twins for IoT devices
- Security challenges in unattended environments, such as low-orbit satellites
- Privacy implications of human/IoT relationships and data collection
- Security and privacy challenges in instrumented spaces
- Bridging the gap between academic research and industry needs
The seminar aims to foster collaboration between academia and industry to address the evolving security and privacy concerns of IoT devices and systems in an increasingly interconnected world.
Bruno Crispo, Alexandra Dmitrienko, Gene Tsudik, and Wenyuan Xu
Please log in to DOOR to see more details.
- Z. Berkay Celik (Purdue University - West Lafayette, US) [dblp]
- Alfred Chen (University of California, Irvine, US) [dblp]
- Bruno Crispo (University of Trento, IT) [dblp]
- Ivan De Oliveira Nunes (Rochester Institute of Technology, US) [dblp]
- Xuhua Ding (SMU - Singapore, SG) [dblp]
- Alexandra Dmitrienko (Universität Würzburg, DE) [dblp]
- Jan-Erik Ekberg (Huawei Technologies - Helsinki, FI) [dblp]
- Earlence Fernandes (University of California - San Diego, US) [dblp]
- Kevin Fu (Northeastern University - Boston, US) [dblp]
- Jorge Guajardo Merchan (Robert Bosch LLC - Pittsburgh, US) [dblp]
- David Hock (Infosim - Würzburg, DE) [dblp]
- Murtuza Jadliwala (University of Texas - San Antonio, US) [dblp]
- Yongdae Kim (KAIST - Daejeon, KR) [dblp]
- Farinaz Koushanfar (University of California at San Diego, US) [dblp]
- Veelasha Moonsamy (Ruhr-Universität Bochum, DE) [dblp]
- Surya Nepal (CSIRO - Eveleigh, AU) [dblp]
- Panagiotis Papadimitratos (KTH Royal Institute of Technology - Kista, SE) [dblp]
- Christina Pöpper (New York University - Abu Dhabi, AE) [dblp]
- Sara Rampazzi (University of Florida - Gainesville, US) [dblp]
- Kasper Rasmussen (University of Oxford, GB) [dblp]
- Stefanie Roos (RPTU Kaiserslautern-Landau, DE) [dblp]
- Ahmad-Reza Sadeghi (TU Darmstadt, DE) [dblp]
- Nader Sehatbakhsh (University of California at Los Angeles, US) [dblp]
- Christoph Sendner (Universität Würzburg, DE) [dblp]
- Gene Tsudik (University of California - Irvine, US) [dblp]
- Markus Wamser (Ingenics Digital - Gräfelfing, DE) [dblp]
- Wenyuan Xu (Zhejiang University - Hangzhou, CN) [dblp]
Classification
- Cryptography and Security
- Hardware Architecture
Keywords
- IoT
- CPS
- Smart Devices
- Security
- Privacy
- Mission Criticality
- Safety
- Resilience
- Trusted Computing
- Computer Architecture
