Privacy and Security for the Future Internet of Things

Aikaterini Mitrokotsa

To: ETH Zurich, Switzerland

From: Chalmers University of Technology

Project abstract

The aim of this project is to start an international partnership, to promote and support research in the area of security and privacy in wireless communications and prepare us for the future Internet of Things (IoT). The IoT has moved from the realm of science fiction to everyday consumer technology. It provides flexibility and enables revolutionary applications such as smart homes, Wi-Fi payments and assisted living, which require strong security and privacy guarantees. At the same time, the IoT becomes an attractive target for criminal activity and state surveillance.

This project has the ambitious goal to address this challenge and introduce a unifying framework for authentication in the future IoT that provides: i) accurate and transparent authentication, ii) rigorous privacy guarantees. Existing solutions address information leakage at a local level; although the functionality of a single device or service can be privacy-preserving, collectively they unwittingly compromise our privacy. This project will enable innovation in the core of wireless communications and will extend opportunities offered by recent advances in cryptography, communications and decision-making.

The project shall bring together two top research institutes in the field of security and privacy: ETH Zurich and Chalmers. This seems to be the ideal moment to initiate this strong partnership and stregthen Chalmers and Sweden in the area of information security in wireless communications. Companies such as Google and IBM are investing in the future IoT while Sweden is lagging behind. The researcher is very experienced in the area of security and privacy in wireless communications, while the host institution ETH Zurich is a universally renowned and top ranked research institute in the field.

Summary results

During this project we have focused on security and privacy issues for the future internet of things. More precisely, we have investigated how to provide strong security guarantees when resource-constrained devices need to perform computations and thus have to outsource these computations to external and untrusted more powerful devices. More precisely, we have proposed a new security primitive multi-key homomorphic authenticators that allows the joint computations of multiple clients on their joint inputs when these computations are outsourced to external untrusted servers. In addition, we have investigated how cloud-assisted computing can be employed in order to verifiy signatures and how to provide strong privacy guarantees in such a setting. Furthermore, we have investigated how proximity based authentication can be employed to combat attacks against authentication protocols designed for resource-constrained devices and invetigated how proximity based authentication (i.e., distancebounding protocols) can be extended to a distributed setting where we need to rely on multiple intermediate untrusted devices in order to determine the distance between a prover and a verifier. Furthermore, we examined how we may provide strong privacy guarantees in a routing mechanism for furture internet architectures while at the same time provide strong efficiency guarantees in the communication network. Finally, we have modeled the authentication and account recovery process in a general way in order to capture all possible authentication methods including the recent social authentciation processes as well as the multi-modal authentication. The project has led until now to two journal publications and one top tier conference publication as well as four additional papers that are under submission.