CAREER: Towards Secure and Usable IoT Authentication Under Constraints
George Mason University, Fairfax VA
Investigators
Abstract
The booming development of Internet of Things (IoT) makes ever-growing impacts on various industries and daily lives. IoT authentication, which authenticates the legitimacy of a user and/or an IoT device, is among the most fundamental and critical IoT security problems. Existing approaches often suffer from insecurity (e.g., Bluetooth based proximity proving can be exploited by wireless attacks) or poor usability (e.g., requiring user interfaces or sensors unavailable on most IoT devices). The research advances secure and usable IoT authentication under constraints. Unlike many prior works that build authentication on proximity, which can be exploited by wireless attacks, the project's novelty is based on physical operations that cannot be spoofed by an attacker. The project's broader significance and importance are as follows. 1) The research can help people in rural areas or with disabilities have equal rights of access to modern techniques, such as drone delivery, without relying on special user-side hardware. 2) The research can make IoT pairing and authentication much easier and more secure, and the results have wide applications to smart health, forensics, and continuous security monitoring. 3) The PI will conduct outreach and educational activities that aim to increase awareness of cybersecurity in the K-12 community and broaden the participation of students from underrepresented groups. The project seeks to improve IoT authentication and deliver novel approaches, algorithms, techniques, and systems through the following thrusts. Thrust 1: Authentication for UI-Constrained Devices. A protocol that supports mutual authentication, over an insecure wireless channel, to establish trust between a UI-constrained device and the user to support authentication for heterogeneous IoT devices. Thrust 2: Authentication for Distance-Constrained Devices. A highly usable approach enables secure authentication between an IoT device and the user even when they are multiple meters apart, which has applications ranging from drone delivery to ride sharing. Thrust 3: Authentication for Operation-Constrained Devices. For traditional objects retrofitted with zero-UI sensor nodes, AI-assisted implicit authentication enables recognizing a user without requiring any explicit authentication operations. In sum, the research seeks to substantially advance IoT authentication and foster a variety of IoT applications. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →