Hitchhiker’s Guide to the IoT Galaxy full of Security & Privacy Challenges

Speaker Bio

Ahmad-Reza Sadeghi is a full Professor of Computer Science at the Technische Universität Darmstadt, in Germany, where he heads the System Security Lab. He is also the Director of Intel Collaborative Research Institute for Secure and Resilient Autonomous Systems (ICRI-CARS) at TU Darmstadt.

He received his Ph.D. in Computer Science with the focus on privacy protecting cryptographic protocols and systems from the University of Saarland in Saarbrücken, Germany. Prior to academia, he worked in Research and Development of Telecommunications enterprises, amongst others Ericson Telecommunications. He has been leading and involved in a variety of national and international research and development projects on the design and implementation of Trustworthy Computing Platforms and Trusted Computing, Security Hardware, and Applied Cryptography. He has been serving as general or program chair as well as a program committee member of major conferences and workshops in Information Security and Privacy. He is Editor-In-Chief of IEEE Security and Privacy Magazine and on the editorial board of ACM Books. He served 5 years on the editorial board of the ACM Transactions on Information and System Security (TISSEC) and was guest editor of the IEEE Transactions on Computer-Aided Design (Special Issue on Hardware Security and Trust).

Prof. Sadeghi has been awarded the renowned German prize “Karl Heinz Beckurts” for his research on Trusted and Trustworthy Computing technology and its transfer to industrial practice. The award honors excellent scientific achievements with high impact on industrial innovations in Germany. Further, his group received German IT Security Competition Award 2010.

In 2018 Prof. Sadeghi received the ACM SIGSAC Outstanding Contributions Award for dedicated research, education, and management leadership in the security community and for pioneering contributions in content protection, mobile security, and hardware-assisted security. SIGSAC is ACM’s Special Interest Group on Security, Audit, and Control.

Description

The Internet of things (IoT) is rapidly emerging with the goal to connect the unconnected. Many new device manufacturers are entering the market of Internet-connected appliances for smart homes and offices, ranging from motion sensors to virtual voice assistants. However, due to lack of security by design and flawed implementations we are facing significant security and privacy challenges specific to IoT, such as perilous IoT botnet attacks, and novel privacy threats caused by the widespread installation of wireless sensors, actuators and smart home appliances even in the private setting of our homes. Unfortunately, standard security measures like properly encrypted communications do not protect against these threats.

The massive scale of the IoT device population and enormous diversity of device hardware, operating systems, software frameworks, and manufacturers make it very difficult to establish standard IoT security and privacy-protecting solutions by simply applying and extending known solutions, neither for per-device security architectures nor for network security measures. In particular, existing intrusion detection techniques seem ineffective to detect compromised IoT devices.
In this talk, we will present our recent work, including industry collaborations, addressing various security and privacy challenges in the growing IoT landscape. In particular, we focus on automated device identification and reliable detection of compromised devices based on their inherent communication behavior.