A few years ago we posted a fun video describing our Wanda approach to securely introduce mobile devices to a Wi-Fi network… or to each other. Wanda was published in INFOCOM 2016; since then we’ve refined the technique with the CloseTalker (MobiSys 2019) and SNAP (MobiCom 2019). We just made a new Wanda video, which we hope you’ll enjoy!
This one-hour talk by David Kotz was presented at ARM Research in Austin, TX at the end of January 2019. The first half covers some recent THaW research about Wanda and SNAP and the second half lays out some security challenges in the Internet of Things. Watch the video below.
Abstract: The homes, offices, and vehicles of tomorrow will be embedded with numerous “Smart Things,” networked with each other and with the Internet. Many of these Things interact with their environment, with other devices, and with human users – and yet most of their communications occur invisibly via wireless networks. How can users express their intent about which devices should communicate – especially in situations when those devices have never encountered each other before? We present our work exploring novel combinations of physical proximity and user interaction to ensure user intent in establishing and securing device interactions.
What happens when an occupant moves out or transfers ownership of her Smart Environment? How does an occupant identify and decommission all the Things in an environment before she moves out? How does a new occupant discover, identify, validate, and configure all the Things in the environment he adopts? When a person moves from smart home to smart office to smart hotel, how is a new environment vetted for safety and security, how are personal settings migrated, and how are they securely deleted on departure? When the original vendor of a Thing (or the service behind it) disappears, how can that Thing (and its data, and its configuration) be transferred to a new service provider? What interface can enable lay people to manage these complex challenges, and be assured of their privacy, security, and safety? We present a list of key research questions to address these important challenges.