6/12/2020
Written by
Amazon Echo, Nest Thermostat, Ring Doorbell, Philips Hue Lighting, iRobot Roomba, plus televisions, locks, appliances, and even beds—the use of smart devices has exploded in the last few years. With it comes the promise of automation and control with a voice command or by tapping a smart phone’s button. Terminology like “smart home” has even started to pop up in real estate listings.
But what does the lifecycle of these household Internet-of-Things (IoT) devices look like? What do all of these “smart things” in the home mean for users’ privacy and security?
Illinois Computer Science professors and cybersecurity researchers Carl Gunter and Adam Bates are seeking holistic answers to those questions as part of an interdisciplinary team that has received a $10 million, five-year grant from the National Science Foundation (NSF).
“We were very much inspired by this lifecycle question. What happens to these devices over time?” Gunter said. “We also want to investigate what happens with these devices as more complex details become the norm in terms of how they’re used."
“Our part of this project has to do with keeping records on why certain things occur to help consumers understand issues like privacy better.”
Bates and Gunter will join a team of seven academic institutions on the five-year project – called Security and Privacy in the Lifecycle of IoT for Consumer Environments (SPLICE). Other institutions include Dartmouth College, Johns Hopkins University, the University of Maryland, the University of Michigan, Morgan State University and Tufts University.
Their goal is to develop trustworthy devices and systems in the home.
“It’s very important that we use this opportunity provided to synergize the work of individuals through the right collaborations,” Gunter said. “For example, we handle hardware and software components, but sociologists like Denise Anthony (University of Michigan) can analyze people’s attitudes to study why they interact with these devices the way they do.”
The shift toward smart devices and systems in residences—such as houses, apartments, hotels, and assisted-living facilities—offers benefits that include increased energy efficiency and personalized services. Through faulty configuration or poor design, however, these items can also create unsafe conditions and increase risk of harm to people and property.
Since many homes are complex environments in which residents, landlords, and guests have different privacy needs, researchers will consider the interests of all property owners and users.
“Some of our techniques may result in immediate gains for the average consumer, such as identifying bugs or hidden privacy-infringing behaviors in smart devices,” Bates said. “However, we are also looking to the future of IoT security through exploring standards and clean slate designs that establish privacy as a first-class design principle in smart spaces.”
In its entirety, SPLICE will develop technology and design principles related to smart homes. Breakthrough solutions envisioned for the program include:
- the first-ever toolkit to discover, identify, and locate cooperative and non-cooperative smart devices within a home’s wireless network – allowing residents to have a complete understanding of their home’s technological environment;
- tools that move away from the failed “notice and consent” model of privacy management – shifting the privacy burden away from end users, who are ill-equipped to manage an increase in the number of devices and decisions;
- identification of privacy issues in smart homes that must be addressed to advance consumer trust – informing the development of best-practice principles for smart homes.
Bates and Gunter provide a depth of experience in systems and software security. Their research over the years has focused on a range of topics that consider the security and privacy of traditional computers, mobile devices, and smart devices.
They fit within this 10-person interdisciplinary research team, which will also conduct research in sociology, human-computer interface design, ubiquitous and mobile computing, embedded systems, wireless networks, and radio engineering.
They will also develop prototypes that integrate new insights emerging from the project while allowing them to seek feedback from experts and everyday consumers.
Finally, they will focus on developing programs for students, junior researchers, and community members with the aim of encouraging more people from underrepresented groups to pursue careers in computing.
“The technology in the average home today is radically different from even a decade ago and is likely to change even more rapidly in the coming years,” said David Kotz, a professor of computer science at Dartmouth and the lead principal investigator for the project. “Home is a place where people need to feel safe from prying eyes. SPLICE will address the challenges required for the vision of smart homes to be realized safely and successfully.”
SPLICE is funded by NSF’s Secure and Trustworthy Cyberspace Frontiers (SaTC Frontiers), a cross-cutting program to address fundamental scientific challenges related to privacy and cybersecurity.
The research program will begin on October 1. For more information and to follow SPLICE’s progress, individuals can access the project blog at splice-project.org.
The SPLICE team: