IoT Lab is an effort by DBSec Group to provide research and hands-on experience with the cutting edge technologies.
We have connected numerous smart device such as Music Player, Voice Assistant,
Smart Bulbs, Camera and many more to develop Smart Home Environment. Our main emphasis is to explore
ways to secure the communication between the devices and protect them from attacks. We aim to establish an environment
that address and solve real world issues of security.
Devices In Lab
ON GOING PROJECTS
Fingerprinting IOT Devices
The Internet-of-Things (IOT) computing paradigm has brought in new challenges in security and privacy especially when operating within the home environment.
The main problem with these devices is their plug-and-play model that does not require strong identification or authorization. Therefore, it is a challenging problem to accurately characterize and identify an IOT device that has been plugged into the network.
Such devices might pose serious security threat if they are not properly monitored and verified. In this project, we focus on the problem of device identification in an IOT network with the objective of confining or isolating unauthorized or misbehaving IOT devices. Our lab setup consists of various devices plugged into the network and communicating autonomously. The goal is to fingerprint these devices and identify the communication patterns while observing anomalous network traffic.
Secure IoT Communication between device within a Smart Home Network
This aims to secure communication within an IoT network. The devices in a smart home
are segmented into network based on functional zones. Each device belongs to one or more network zones.
It focuses on securing the communication between these functional zones such that if one zone is affected,
the effects are not propagated to other zones. Moreover, any intrusion on the victim device should be detected
based on its behavior. This, this will not isolate the affected device from other zone, but will also provide
measures to restore the device to its original state.
Pen testing IOT Devices
There are scores of IoT devices in the market place that are offering attractive services to the users. However, the security of the applications and the firmware on these devices is an open question.
Many vendors do not use safe coding practices to program the applications. This makes these devices vulnerable to code injection and other serious attacks. The protocols used by these device are at risk as well due to lack of proper security measures in place. Many devices do not even deploy encryption to protect their payloads, making them vulnerable to remote control by anyone who can communicate with them. In this project, we are devising methods to perform robust penetration testing of these devices to discover such vulnerabilities.
Bruhadeshwar Bezawada, Maalvika Bachani, Jordan Peterson, Hossein Shirazi, Indrakshi Ray, and Indrajit Ray: "Behavioral Fingerprinting of IoT Devices", in The second Workshop on Attacks and Solutions in Hardware Security (ASHES 2018) in Conjunction with 25th ACM Conference on Computer and Communications Security (ACM CCS) Oct 15th — Oct 19th, 2018 Toronto, CA
Bruhadeshwar Bezawada, Kyle Haefner and Indrakshi Ray. "Securing Home IoT Environments with Attribute-Based Access Control" in proceedings of the Third ACM Workshop on Attribute-Based Access Control (ABAC), 43-53. March, 2018 Tempe, Arizona, USA
IoT Lab Location: Room 376
Department of Computer Science Colorado State University