CyLab is launching a multi-year Secure and Private IoT Initiative with a singular, ambitious mission:
We will develop a suite of novel foundations and technologies that address the following IoT challenges: scalability, speed and cost, safety and security, uptime and reliability, and privacy and compliance. Our approach: build a network that can autonomously protect devices, create novel ways to bootstrap trust in devices (even when compromised), and built-in primitives to hold the network and devices accountable for data collection and dissemination.
Through this multi-year Initiative, CyLab intends to re-imagine an IoT world along the following three core concepts and underlying research themes:
1. Autonomous Healing
- Observation: The network is the only security touchpoint for both new and existing devices.
- Consequence: A new resilient and secure network-centric approach to autonomously close the loop, and dynamically customize the network’s security posture, is needed.
- Initiative Objective: An IoT stack that leverages new advances in Software Defined Networking (SDN) to autonomously detect and react to security incidents at machine timescales that cannot be fundamentally done by humans-in-the-loop.
- Observation: IoT devices are deployed with limited or no user or management interfaces so it is difficult to ensure they remain secure over the lifecycle – from configuration, to resetting to a known state in the presence of malware, and ongoing updatability.
- Consequence: Secure enforcement mechanisms for establishing a root of trust in a heterogeneous set of devices without requiring a user interaction are needed.
- Initiative Objective: Trusted devices built on new advances in remote attestation pioneered at CyLab, as well as provably secure primitives for bootstrapping trust such as verified end-to-end systems stacks.
- Observation: Massive data collection and machine learning is possible today, but there is no way to ensure that the learning obeys company policies and is not inadvertently biased or privacy violating.
- Consequence: Explainable artificial intelligence and enforcement mechanisms are needed so that human security and privacy auditors know the learning respects policy and the human.
- Initiative Objective: New accountable artificial intelligence primitives that can be built-in to ensure new devices, when added to the network, obey data collection and privacy policies.