What drew you to security of the internet of things and emerging technologies?
Security has always been an exciting field for me because it’s a mixture of multiple different fields. When you’re working on system security problems you have to deal with cryptography, networking, operating systems, system development, and sometimes computer architecture. You have a mixture of all of these different fields of computer science represented and you have to have some knowledge of every field to efficiently design solutions and that’s something I really liked. Working on Internet of Things security magnifies that because you have to understand that these systems usually have energy-limitations or hardware limitations. You have to have good understanding of hardware and the ecosystem in general to be able to design solutions.
Is there a specific domain or certain categories of devices that currently interest you?
I’m currently looking in a couple of domains in my research, one of which is autonomous driving. We had a paper recently where we looked at the vision system in autonomous driving systems and designed some attacks that were able to fool them. Other than that, home IoT platforms and how we can meaningfully present the decisions to users such that they are able to make good designs. I’ve been starting to look at industrial IoT systems and how they can be attacked at a large scale.
Large-scale doomsday problems within autonomous driving are often brought up but what are the underrated problems in this area that don’t get as much attention that peoples should be aware of?
Currently there is a lot of hype in this area. I don’t believe any of the attacks out there are able to perform a full end-to-end attack on an autonomous driving platform but we have to understand that we have limited knowledge of how these models react and the inputs they are vulnerable to. There is currently a huge cat and mouse game being played with new attacks and new defenses being designed every day. We need to go back to the basics and figure out what the fundamental properties that allow these attacks to design better defenses. How are these models being dealt with and what are the fundamental components allowing these attacks to happen in these platforms.
Could you tell me more about Tyche?
The current way access control decisions are represented to users in the IoT environment is very much like how permissions are represented in the mobile platform. It’s usually all or nothing permission requests that you have to answer to at installation time. We already know that this model doesn’t work well in the mobile environment and this will surely not work any better in the IoT environment, which is more complicated and involves multiple devices, each of them having access to some type of personal or sensitive data or function. In this paper, we wanted to experiment with the idea of breaking down these permissions that are exposed by each device into three different categories based on the risk that we associate with them. We asked domain experts to rate how sensitive each of these functions that the device has are. We also conducted a user study to see how much risk normal users associated with them. The interesting finding we had was that users, when presented with these different levels of risk, are actually able to make good decisions and are able to, for the most part, match the domain experts on their reasoning about the sensitivity of each of these functions. The proposal we present in the paper is that by simply breaking down the levels of permission in each device in three risk categories, you can minimize the risk associated with different apps using the device.
Who are the end users in this study and what is their knowledge level?
For the user study, we used 400 Amazon Turk participants and specifically targeted people who already used some type of smart device in their home environment. These would be your normal home user. They were not picked from a computer science background or certain level of education. Of course, there are known biases in the Amazon Turk platform but we think this is a fairly decent representation of normal users.
IoT devices are notorious for having vulnerabilities. Why do you think it is so difficult to secure these types of devices?
There are a couple of different problems in this space. Generally, the manufacturers of these devices want to make them as cheap as possible. Security is one of things they will not invest in when they want to make these devices cheaper. Along similar lines, when we’re talking about startups and trying to quickly develop a device, sometimes security wouldn’t be the highest priority. Other problems unique to this space are that we don’t have a good way of representing the different choices users have to them. That’s a huge shortcoming of the current IoT environment. We don’t have a uniform or good way of representing the risks and permissions to the user in a meaningful manner.
What do you think we could we be doing better to present these risks in a way that’s meaningful to end users?
We have to understand that people are not able to spend a lot of time making these decisions. We have to expose the minimum information that they need for them to make a good decision. Honestly, I’m not sure what that perfect solution is or what it would look like but our work was the first step toward that in this domain. For the manufacturers, there are a couple of low hanging fruits that they need to pay attention to. One huge problem is the use of default passwords and the lack of security patches or update process for many of these devices. Most of the vulnerabilities we hear about in the large-scale, such as the Mirai botnet, resulted from these low-hanging fruits that have not been addressed by manufacturers.