Professor Avi Rubin recently testified at a Maryland State Senate Finance Committee, hearing regarding a bill about IoT security [February 26, 2019]. Below are his remarks.
My name is Avi Rubin, and I am a full professor of Computer Science at Johns Hopkins University and Technical Director of our Information Security Institute. I am also the Founder and Chief Scientist of Harbor Labs, a Maryland CyberSecurity company that has developed an IoT Security Analysis product. I have been an active researcher in the area of Computer and Network Security since 1992. The primary focus of my research is Security for the Internet of Things (IoT Security). These are the types of connected devices that are addressed in SB 553.
This one-hour talk by David Kotz was presented at ARM Research in Austin, TX at the end of January 2019. The first half covers some recent THaW research about Wanda and SNAP and the second half lays out some security challenges in the Internet of Things. Watch the video below.
Abstract: The homes, offices, and vehicles of tomorrow will be embedded with numerous “Smart Things,” networked with each other and with the Internet. Many of these Things interact with their environment, with other devices, and with human users – and yet most of their communications occur invisibly via wireless networks.How can users express their intent about which devices should communicate – especially in situations when those devices have never encountered each other before? We present our work exploring novel combinations of physical proximity and user interaction to ensure user intent in establishing and securing device interactions.
What happens when an occupant moves out or transfers ownership of her Smart Environment?How does an occupant identify and decommission all the Things in an environment before she moves out?How does a new occupant discover, identify, validate, and configure all the Things in the environment he adopts?When a person moves from smart home to smart office to smart hotel, how is a new environment vetted for safety and security, how are personal settings migrated, and how are they securely deleted on departure?When the original vendor of a Thing (or the service behind it) disappears, how can that Thing (and its data, and its configuration) be transferred to a new service provider?What interface can enable lay people to manage these complex challenges, and be assured of their privacy, security, and safety? We present a list of key research questions to address these important challenges.