IoT@CyLab

Building secure and private IoT systems

The Internet of Things (IoT) is reaching critical mass in many sectors of the economy, with the prevalence of IoT devices creating significant challenges for the safety, security, reliability, and privacy of consumers and enterprises that use them. Companies currently spend billions on enterprise IoT lifecycle management, but still struggle with security and privacy vulnerabilities, service disruptions, and costly, inefficient, and ineffective remediation methods. Consumers love the convenience of IoT devices, but are increasingly concerned that personally identifiable information is being collected, and that this information may be stolen or misused.

It is increasingly evident that current approaches are ill-equipped to address the security and privacy challenges that will arise in IoT deployments on several dimensions:

Scalability: Manual security approaches that work for a few hundred IT devices will not scale to billions of IoT devices.

Speed and Cost: Identifying and remediating security vulnerabilities remains largely based upon human effort, thus operates at human-speed of days / months / years – and at human cost. This needs to be automatic, autonomous – taking only seconds or minutes.

Safety and Security: Existing IoT devices may be in service for years, while new greenfield devices are continually being added. New approaches are required to enable ongoing safety and security updates to existing devices without assuming a homogeneous ecosystem.

Uptime and Reliability: IoT devices have specialized functions that require strict uptime (e.g. 24/7 operation) and reliability (low-latency response) guarantees. Unfortunately, they lack management, monitoring and user-interfaces (e.g. keypad and screen) to meet these goals.

Compliance: IoT devices collect large volumes of raw data, but do not deal with compliance and privacy requirements that arise in deployments. Consumers and enterprises need effective ways to ensure data is collected appropriately, responsibly, and disclosed only as necessary and only to authorized parties.

Related news

CyLab researchers develop a taxonomy for AI privacy risks

A team of Carnegie Mellon University researchers constructed a taxonomy of AI privacy risks by analyzing 321 documented AI privacy incidents. The team’s goal was to codify how the unique capabilities and requirements of AI technologies described in those incidents generated new privacy risks, exacerbated known ones, or otherwise did not meaningfully alter known risks.

Unplugging doubt

Smart speakers and other Internet of Things (IoT) devices often have always-on microphones to enable voice-based interaction. In a recent paper, CyLab faculty member Sauvik Das and a team of researchers propose a new concept of "intentionally powered" microphones that can only be powered using the energy harvested from intentional user interactions.

CyLab receives a $250,000 gift from Craig Newmark Philanthropies to support research on IoT security and privacy labels

Craig Newmark Philanthropies has announced a $250,000 gift to support the Carnegie Mellon University CyLab Security and Privacy Institute’s research on privacy and security labels for IoT devices.

CyLab presents at White House's launch of new Cyber Trust mark

Carnegie Mellon's CyLab Security and Privacy Institute met with government officials and technology industry leaders, as the White House launched its new Cyber Trust mark. Associate Professor Yuvraj Agarwal represented CMU at the event, sharing key findings from CyLab’s five plus years of IoT security and privacy label research.

Peekaboo! Here’s a system to guarantee smart home privacy

CyLab researchers have developed a new privacy-sensitive architecture for developers to build smart home apps.

Engineering meets extreme reality Opens in new window

"Extreme reality engineering” is all about creating technology that can operate under some of the worst conditions imaginable.

Watch the Video Opens in new window

Keeping distributed systems secure Opens in new window

Carnegie Mellon researchers are working to design networks that keep our ever-increasing numbers of connected devices safe and secure.

Research paper Opens in new window

Study explores tensions between IoT device owners and “incidental users”

A team of CyLab researchers conducted a study exploring the tensions that may arise between device owners and incidental users, who may or may not be comfortable as incidental users.

See More Stories

CyLab researchers discover novel class of vehicle cyberattacks

The new class of vulnerabilities was disclosed in a new study presented at last month’s IEEE Symposium on Security & Privacy, held virtually.

CyLab’s IoT security and privacy label effectively conveys risk, study finds

The study, presented at this week’s IEEE Symposium on Security and Privacy, helps bridge the gap between experts’ knowledge and consumers’ understanding of privacy and security risks.

Carnegie Mellon CyLab partners with Rolls-Royce and Purdue

As the world continues its trend toward digitization, Carnegie Mellon University has announced the launch of a new research partnership with Rolls-Royce and Purdue University to focus on enhancing the security of embedded system platforms.

Third round of Secure and Private IoT Initiative funded projects announced

Carnegie Mellon CyLab’s Secure and Private IoT Initiative (IoT@CyLab) has announced its third round of funding, which will support 12 Internet of Things (IoT)-related projects for one year.

CMU-Africa and CyLab aim to improve financial inclusion in emerging economies

Carnegie Mellon University (CMU) CyLab and CMU-Africa have established the CyLab-Africa initiative, which aims to improve the cybersecurity of financial systems in Africa and other emerging economies.

Phishing, fairness, and more: CyLab’s 2021 seed funding awardees

Over $350K in seed funding has been awarded to 14 different faculty and staff in seven different departments across three colleges at CMU.

IoT@CyLab sharpens focus on Industrial IoT

Carnegie Mellon’s Secure and Private IoT initiative (IoT@CyLab) has recognized the so-called Industrial IoT (IIoT) as the next big challenge in IoT security.

App and infrastructure alert users about data collection around them

The IoT Assistant app and digital infrastructure, developed by researchers in Carnegie Mellon University’s CyLab, paves the way for people to take control of their privacy amid the booming Internet of Things.

CMU announces partnership with the Cybersecurity Manufacturing Innovation Institute

CyManII’s vision is to introduce a cybersecure energy-ROI for energy efficient manufacturing and supply chains that secures and sustains American leadership in global manufacturing competitiveness for decades.

CyLab names 2020 Presidential Fellows

Seven Ph.D. students pursuing security and/or privacy research will receive 2020 CyLab Presidential Fellowships.

IoT labels will help consumers figure out which devices are spying on them

A team of CyLab researchers have developed a prototype security and privacy “nutrition label” that performed well in user tests. To develop the label, the team consulted with a diverse group of 22 security and privacy experts across industry, government, and academia.

Research paper Opens in new window

Second round of Secure and Private IoT Initiative funded projects announced

Carnegie Mellon CyLab’s Secure and Private IoT Initiative (IoT@CyLab) has announced its second round of funding, which will support ten IoT-related projects for one year.

Protecting 3D printers from attackers Opens in new window

CyLab’s researchers have developed a tool to identify security risks of networked 3D printers.

CyLab researchers create tool to help prevent cyberattacks on vehicles

CyLab's Sekar Kulandaivel and colleagues have developed a network-mapping tool to help keep vehicles protected from cyberattacks. The tool meticulously maps a car's network in under 30 minutes on less than $50 worth of hardware.

Apps are rife with privacy compliance issues, and here’s some evidence

A team of researchers from Carnegie Mellon University and Fordham University recently created the Mobile App Privacy System (MAPS), a tool that uses natural language processing, machine learning, and code analysis to identify potential privacy compliance issues by inspecting apps’ privacy policies and code.

NSF awards $1.2M to create a digital assistant to answer people’s privacy questions

The National Science Foundation (NSF) has awarded a $1.2 million grant to a team of researchers from Carnegie Mellon University, Fordham University, and Penn State University to develop a tool—a “privacy assistant”—that will allow users to simply ask questions about the privacy issues that matter to them.

BUYER UNAWARE: Security and privacy rarely considered before buying IoT devices

In a study presented at the ACM CHI conference in Glasgow earlier this month, researchers from Carnegie Mellon University’s CyLab found that security and privacy risks may not be on the list of considerations when consumers purchase new IoT devices.

First round of Secure and Private IoT Initiative funded projects announced

CyLab’s Secure and Private IoT Initiative (IoT@CyLab) has broken ground as the first round of funded proposals have been announced. Twelve selected projects will be funded for one year, and results will be presented at the IoT@CyLab annual summit next year.

CyLab study: Romantic couples are sharing online accounts in security-compromising ways

A CyLab research team surveyed 195 participants about their relationship status and account-sharing behavior across a multitude of popular websites. The survey revealed users engaging in unsafe security practices.

Your smart home may soon have a smarter way to pair your devices

"Do you feel what I hear?" That’s a phrase that devices in smart homes may be asking each other in the future as a way to pair themselves without any assistance.

Making the Internet of Things smarter than its attackers

A team of CyLab researchers analyzed nearly 20,000 IFTTT applets and found that half of them were potentially unsafe.

NSF awards CyLab’s Vyas Sekar over $1 million to help secure the Internet of Things

While the explosion of IoT has the power to transform society, many are concerned as security experts have exposed vulnerabilities in everything from Internet-connected Barbie dolls to SUVs.

Explore Other Research Topics