Internet of Things (IoT) are revolutionizing society by supporting novel applications in an interconnected environment. The potential of IoT is limitless. In future, we anticipate devices interacting with each other with very little human interaction. IoT infrastructure has been exploited to launch large-scale attacks such as the Mirai botnet. Consequently, before IoT systems can be widely deployed, we need to evaluate the security and privacy risks in such an environment. In this project, we are investigating how we can prevent, detect, and mitigate attacks launched using IoT devices, IoT network, and IoT applications.

IoT Device Identification

In order to provide security for IoT devices we need to know what devices are connected in the first place. This can be a trivial task if you are the one who installed the devices, but can become much more difficult in BYOD (Bring Your Own Device) environments or ones in which an intruder has installed a device. Using passive network monitoring we are able to identify device types down to the model granularity. Our experiments have shown high accuracy, up to 99%.

What happens when a device has become compromised and starts spoofing already trusted devices? Can we detect which device is performing the spoofing? These are just a couple of questions that we as a group are currently exploring.

Fine-grain access control model for IoT environments

Access Control

IoT devices are becomming more and more integrated into our home environments. One issue with this is that we as consumers do not have the capability to effectively manage how these devices interact. We are designing an access control framework for Smart Home IoT devices that will enforce user specified policies at the network level. This means that the system is device type and manufacturer agnostic.


Publications

Patents
  • Indrajit Ray and Steve Goeringer, “System and Methods for Distributed Trust Model and Framework,” US Patent 11108557, 11695493
Papers

  • Yaser Baseri, Abdelhakim Hafid, Mahdi Daghmehchi Firoozjaei, Soumaya Cherkaoui, Indrakshi Ray: Statistical privacy protection for secure data access control in cloud. Journal of Information Security and Applications, Volume 84: 103823 (2024) Paper
  • Matt Gorbett, Caspian Siebert, Hossein Shirazi, Indrakshi Ray: The intrinsic dimensionality of network datasets and its applications. Journal of Computer Security, Volume 31,6: 679-704 (2023) Paper
  • Maxwel Bar-on, Bruhadeshwar Bezawada, Indrakshi Ray, and Indrajit Ray, “A Small World–Privacy Preserving IoT Device-Type Fingerprinting with Small Datasets” Foundations and Practice of Security, 2023, Springer Nature Switzerland, Cham, 104–122. Paper | Link
  • Faiza Tazi, Suleiman Saka, Griffin Opp, Shradha Neupane, Sanchari Das, Lorenzo De Carli, Indrakshi Ray:Accessibility Evaluation of IoT Android Mobile Companion Apps. CHI Extended Abstracts 2023: 19:1-19:7
  • Fathima James, Indrajit Ray, Deep Medhi, “Worst Attack Vulnerability and Fortification for IoT Security Management: An approach and An Illustration for Smart Home IoT”, Proceedings of the IEEE/IFIP Network Operations and Management Symposium, Miami, FL, USA, May 8-12, 2023. Paper
  • Matt Gorbett, Hossein Shirazi, Indrakshi Ray, “WiP: The Intrinsic Dimensionality of IoT Networks.” SACMAT, 2022. Paper
  • Shradha Neupane, Faiza Tazi, Upakar Paudel, Freddy Veloz Baez, Merzia Adamjee, Lorenzo De Carli, Sanchari Das, Indrakshi Ray, “On the Data Privacy, Security, and Risk Postures of IoT Mobile Companion Apps.” Conference on Data and Applications Security and Privacy 2022. Paper
  • Matt Gorbett, Hossein Shirazi, Indrakshi Ray, “Local Intrinsic Dimensionality of IoT Networks for Unsupervised Intrusion Detection.” Conference on Data and Applications Security and Privacy 2022. Paper
  • Elisa Bertino, Ravi S. Sandhu, Bhavani Thuraisingham, Indrakshi Ray, Wenjia Li, Maanak Gupta, Sudip Mittal, “Security and Privacy for Emerging IoT and CPS Domains.” CODASPY, 2022. Paper
  • Fathima James, Indrajit Ray, Deep Medhi, “Situational Awareness for Smart Home IoT Security via Finite State Automata Based Attack Modeling,” Proceedings of the 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, Atlanta, GA, USA, December 13-15, 2021. Paper
  • Saja Alqurashi, Hossein Shirazi, and Indrakshi Ray, “On the Performance of Isolation Forest and Multi Layer Perceptron for Anomaly Detection in Industrial Control Systems Networks”, Proceedings of the International Conference on Internet of Things, Systems, Management, and Security, December 2021. Paper
  • Upakar Paudel, Andy Dolan, Suryadipta Majumdar, and Indrakshi Ray, “Context-Aware IoT Device Functionality Extraction from Specifications for Ensuring Consumer Security”, Proceedings of the 9th IEEE Conference on Communications and Network Security, October 2021. Paper
  • Lorenzo De Carli, Indrakshi Ray, and Erin T. Solovey, “Vision: Stewardship of Smart Devices Security for the Aging Population”. EuroUSEC ’21: European Symposium on Usable Security ACM (2021) Paper
  • Kyle Haefner and Indrakshi Ray, “Trust and Verify: A Complexity-Based IoT Behavioral Enforcement Method”, 5th International Symposium on Cyber Security Cryptology and Machine Learning (CSCML), 2021
  • Vishwajeet Bhosale, Lorenzo De Carli, and Indrakshi Ray, “Detection of Anomalous User Activity for Home IoT Devices” (Short Paper), Virtual Conference, International Conference on Internet of Things, Big Data, and Security, Virtual Conference, April 2021.
  • Bruhadeshwar Bezawada, Indrakshi Ray, and Indrajit Ray, “Behavioral Fingerprinting of Internet-of-Things Devices”, Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 11(1), 2021.
  • Dolan, Andy, Indrakshi Ray, and Suryadipta Majumdar. “Proactively Extracting IoT Device Capabilities: An Application to Smart Homes.” In IFIP Annual Conference on Data and Applications Security and Privacy, pp. 42-63. Springer, Cham, 2020. Paper | Link
  • Johnston, Drew, Jarret Flack, Indrakshi Ray, and Francisco R. Ortega. “Towards a Virtual Reality Home IoT Network Visualizer.” arXiv preprint arXiv:2001.06579 (2020). Paper | Link
  • Indrajit Ray, Diptendu Mohan Kar, Jordan Peterson, Steve Goeringer, “Device Identity and Trust in IoT-sphere Forsaking Cryptography,” Proceedings of the 5th IEEE International Conference on Collaboration and Internet Computing, Los Angeles, CA, USA, December 12-14, 2019. Paper
  • Haefner, Kyle, and Indrakshi Ray. “ComplexIoT: Behavior-Based Trust For IoT Networks.” In 2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), pp. 56-65. IEEE, 2019. Link
  • Bezawada, Bruhadeshwar, Maalvika Bachani, Jordan Peterson, Hossein Shirazi, Indrakshi Ray, and Indrajit Ray. “Iotsense: Behavioral fingerprinting of iot devices.” arXiv preprint arXiv:1804.03852 (2018). Paper | Link

Our Team

Indrakshi Ray
Project Manager

Colorado State University

Homepage
Indrajit Ray
Faculty Member

Colorado State University

Homepage
Lorenzo De Carli
Faculty Member

Worcester Polytechnic Institute

Homepage
Suryadipta Majumdar
Faculty Member

Concordia University

Homepage
Hossein Shirazi
Post-Doc Researcher

Colorado State University

Homepage

Students

Vishwajeet Bhosale

Colorado State University

LinkedIn
Jordan Peterson

Colorado State University

Homepage
Upakar Paudel
Colorado State University
LinkedIn

Alumni

Bruhadeshwar Bezawada
Homepage
Andy Dolan
LinkedIn
Kyle Haefner
LinkedIn
Maalvika Bachani
LinkedIn

Our Sponsors

They help make it happen.

CableLabs

CableLabs is a non-profit Innovation and R&D Lab founded in 1988 by members of the cable television industry. With a strong focus on innovation, CableLabs develops technologies and specifications for the secure delivery of high speed data, video, voice and next generation services. It also provides testing, certification facilities and technical leadership for the industry. CableLabs’ mission is to enable cable operators to be the providers of choice to their customers. Cable operators from around the world are members.

Cyber Risk Research

Cyber Risk Reseach