Keynote: Research Challenges and Opportunities in IoT Security

Abstract

The Internet of Things (IoT) paradigm refers to the network of physical objects or 'things' embedded with electronics, software, sensors, and connectivity to enable objects to exchange data with servers, centralized systems, and/or other connected devices based on a variety of communication infrastructures. IoT makes it possible to sense and control objects creating opportunities for more direct integration between the physical world and computer-based systems. IoT will usher automation in a large number of application domains, ranging from manufacturing and energy management (e.g. SmartGrid), to healthcare management and urban life (e.g. SmartCity). However, because of its fine-grained, continuous and pervasive data acquisition and control capabilities, IoT raises concerns about security. IoT systems are at risk for several reasons. They do not have well defined perimeters, are highly dynamic, and continuously change because of mobility. In addition IoT systems are highly heterogeneous with respect to communication medium and protocols, platforms, and devices. IoT systems may also include 'objects' not designed to be connected to the Internet. Finally, IoT systems, or portions of them, may be physically unprotected and/or controlled by different parties. Attacks, against which there are established defense techniques in the context of conventional information systems and mobile environments, are thus much more difficult to protect against in the IoT. IoT systems thus offer challenging research opportunities in many different areas of cyber security, ranging from cryptographic protocols and public key infrastructures to application and data security. In this talk, after outlining key challenges in IoT security, we present initial approaches to securing IoT data, including firewall techniques to prevent IoT devices from being compromised and used by botnets.