CAREER: Foundations for IoT Cloud Security

About This Grant

The Internet of things (IoT) cloud is one of the key pillars of the foundation upon which modern IoT systems rest (Smart Home, Industrial, Smart City, Retail, and Health applications, etc.). Newer IoT devices are taking advantage of the managed Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) IoT cloud services (e.g., AWS IoT Core, Azure IoT Hub), which offload much of the security responsibilities and deployment burden from device manufacturers to the public cloud providers. IoT clouds must manage trust for hundreds of millions of IoT devices and users, and provide device manufacturers reliable and usable tools for secure IoT deployments. In the IoT cloud systems, compromised security or improper deployments can cause hazardous and deadly consequences. The outcomes of the proposed work will (1) establish the foundational scientific theory, security principles, and practices that define the field of IoT cloud security and (2) protect PaaS and IaaS IoT clouds that underlie the wide array of Smart Home, Health, Industrial, Smart City, Retail, and critical infrastructure from cyberattacks. Techniques and tools to be developed in this project will be used by IoT developers, security analysts in industry, academic researchers, and a wide range of students (system security, formal methods, and engineering). IoT cloud systems have specific challenges imposed by their requirements of large-scale distributed trust management and secure support of emerging IoT computing paradigms such as IoT interoperability, which preclude direct application of solutions devised for general-purpose systems. The project will characterize these challenges while addressing three key, novel research thrusts. The first thrust is to formalize the threats concerning the emerging paradigms of IoT interoperability to conduct novel attacks, and formally verify their security in IoT cloud systems and protocols. The second thrust is to explore and understand emerging cyberattacks leveraging misconfiguration of cloud IoT policies by device manufacturers, and develop innovative formal modeling and verification approaches to elevate security assurance of policy specification and cloud-based IoT deployments. The third thrust is informed by the first two thrusts, which identify the threats and challenges, and is to fundamentally address the threats by developing a systematized IoT-cloud security framework with a set of innovative techniques, including secure clean-slate design of IoT interoperability protocols, a novel in-device channel control framework, and hardened supply chain for IoT brokers (a core component of IoT clouds). Through these thrusts, this project will produce new foundational understanding and methods to safeguard modern and the next generation of IoT cloud systems. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.