Internet of Things (IoT) are revolutionizing society by supporting novel applications in an interconnected environment. The potential of IoT is limitless. In future, we anticipate devices interacting with each other with very little human interaction. IoT infrastructure has been exploited to launch large-scale attacks such as the Mirai botnet. Consequently, before IoT systems can be widely deployed, we need to evaluate the security and privacy risks in such an environment. In this project, we are investigating how we can prevent, detect, and mitigate attacks launched using IoT devices, IoT network, and IoT applications.
IoT Device Identification
In order to provide security for IoT devices we need to know what devices are connected in the first place. This can be a trivial task if you are the one who installed the devices, but can become much more difficult in BYOD (Bring Your Own Device) environments or ones in which an intruder has installed a device. Using passive network monitoring we are able to identify device types down to the model granularity. Our experiments have shown high accuracy, up to 99%.
What happens when a device has become compromised and starts spoofing already trusted devices? Can we detect which device is performing the spoofing? These are just a couple of questions that we as a group are currently exploring.
Access Control
IoT devices are becomming more and more integrated into our home environments. One issue with this is that we as consumers do not have the capability to effectively manage how these devices interact. We are designing an access control framework for Smart Home IoT devices that will enforce user specified policies at the network level. This means that the system is device type and manufacturer agnostic.
- Yaser Baseri, Abdelhakim Hafid, Mahdi Daghmehchi Firoozjaei, Soumaya Cherkaoui, Indrakshi Ray: Statistical privacy protection for secure data access control in cloud. Journal of Information Security and Applications, Volume 84: 103823 (2024) Paper
- Matt Gorbett, Caspian Siebert, Hossein Shirazi, Indrakshi Ray: The intrinsic dimensionality of network datasets and its applications. Journal of Computer Security, Volume 31,6: 679-704 (2023) Paper
- Maxwel Bar-on, Bruhadeshwar Bezawada, Indrakshi Ray, and Indrajit Ray, “A Small World–Privacy Preserving IoT Device-Type Fingerprinting with Small Datasets” Foundations and Practice of Security, 2023, Springer Nature Switzerland, Cham, 104–122. Paper | Link
- Faiza Tazi, Suleiman Saka, Griffin Opp, Shradha Neupane, Sanchari Das, Lorenzo De Carli, Indrakshi Ray:Accessibility Evaluation of IoT Android Mobile Companion Apps. CHI Extended Abstracts 2023: 19:1-19:7
- Fathima James, Indrajit Ray, Deep Medhi, “Worst Attack Vulnerability and Fortification for IoT Security Management: An approach and An Illustration for Smart Home IoT”, Proceedings of the IEEE/IFIP Network Operations and Management Symposium, Miami, FL, USA, May 8-12, 2023. Paper
- Matt Gorbett, Hossein Shirazi, Indrakshi Ray, “WiP: The Intrinsic Dimensionality of IoT Networks.” SACMAT, 2022. Paper
- Shradha Neupane, Faiza Tazi, Upakar Paudel, Freddy Veloz Baez, Merzia Adamjee, Lorenzo De Carli, Sanchari Das, Indrakshi Ray, “On the Data Privacy, Security, and Risk Postures of IoT Mobile Companion Apps.” Conference on Data and Applications Security and Privacy 2022. Paper
- Matt Gorbett, Hossein Shirazi, Indrakshi Ray, “Local Intrinsic Dimensionality of IoT Networks for Unsupervised Intrusion Detection.” Conference on Data and Applications Security and Privacy 2022. Paper
- Elisa Bertino, Ravi S. Sandhu, Bhavani Thuraisingham, Indrakshi Ray, Wenjia Li, Maanak Gupta, Sudip Mittal, “Security and Privacy for Emerging IoT and CPS Domains.” CODASPY, 2022. Paper
- Fathima James, Indrajit Ray, Deep Medhi, “Situational Awareness for Smart Home IoT Security via Finite State Automata Based Attack Modeling,” Proceedings of the 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, Atlanta, GA, USA, December 13-15, 2021. Paper
- Saja Alqurashi, Hossein Shirazi, and Indrakshi Ray, “On the Performance of Isolation Forest and Multi Layer Perceptron for Anomaly Detection in Industrial Control Systems Networks”, Proceedings of the International Conference on Internet of Things, Systems, Management, and Security, December 2021. Paper
- Upakar Paudel, Andy Dolan, Suryadipta Majumdar, and Indrakshi Ray, “Context-Aware IoT Device Functionality Extraction from Specifications for Ensuring Consumer Security”, Proceedings of the 9th IEEE Conference on Communications and Network Security, October 2021. Paper
- Lorenzo De Carli, Indrakshi Ray, and Erin T. Solovey, “Vision: Stewardship of Smart Devices Security for the Aging Population”. EuroUSEC ’21: European Symposium on Usable Security ACM (2021) Paper
- Kyle Haefner and Indrakshi Ray, “Trust and Verify: A Complexity-Based IoT Behavioral Enforcement Method”, 5th International Symposium on Cyber Security Cryptology and Machine Learning (CSCML), 2021
- Vishwajeet Bhosale, Lorenzo De Carli, and Indrakshi Ray, “Detection of Anomalous User Activity for Home IoT Devices” (Short Paper), Virtual Conference, International Conference on Internet of Things, Big Data, and Security, Virtual Conference, April 2021.
- Bruhadeshwar Bezawada, Indrakshi Ray, and Indrajit Ray, “Behavioral Fingerprinting of Internet-of-Things Devices”, Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 11(1), 2021.
- Dolan, Andy, Indrakshi Ray, and Suryadipta Majumdar. “Proactively Extracting IoT Device Capabilities: An Application to Smart Homes.” In IFIP Annual Conference on Data and Applications Security and Privacy, pp. 42-63. Springer, Cham, 2020. Paper | Link
- Johnston, Drew, Jarret Flack, Indrakshi Ray, and Francisco R. Ortega. “Towards a Virtual Reality Home IoT Network Visualizer.” arXiv preprint arXiv:2001.06579 (2020). Paper | Link
- Indrajit Ray, Diptendu Mohan Kar, Jordan Peterson, Steve Goeringer, “Device Identity and Trust in IoT-sphere Forsaking Cryptography,” Proceedings of the 5th IEEE International Conference on Collaboration and Internet Computing, Los Angeles, CA, USA, December 12-14, 2019. Paper
- Haefner, Kyle, and Indrakshi Ray. “ComplexIoT: Behavior-Based Trust For IoT Networks.” In 2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), pp. 56-65. IEEE, 2019. Link
- Bezawada, Bruhadeshwar, Maalvika Bachani, Jordan Peterson, Hossein Shirazi, Indrakshi Ray, and Indrajit Ray. “Iotsense: Behavioral fingerprinting of iot devices.” arXiv preprint arXiv:1804.03852 (2018). Paper | Link
Our Team
Students
Alumni
Our Sponsors
They help make it happen.
CableLabs
CableLabs is a non-profit Innovation and R&D Lab founded in 1988 by members of the cable television industry. With a strong focus on innovation, CableLabs develops technologies and specifications for the secure delivery of high speed data, video, voice and next generation services. It also provides testing, certification facilities and technical leadership for the industry. CableLabs’ mission is to enable cable operators to be the providers of choice to their customers. Cable operators from around the world are members.