Privacy-Aware Trustworthy Control as a Service for the Internet of Things (IoT) is a collaborative project funded by the National Science Foundation under its Secure and Trustworthy Cyberspace (SaTC) program, and involves researchers from Rutgers and UCLA.

The Internet is now being used to not only network traditional computing devices such as servers, desktops, and smartphones, but to also control smart appliances, cars, and other physical systems. This Internet of Things (IoT) presents new kinds of security and privacy threats that were not previously present. Intelligent systems, devices, appliances etc. that connect to the IoT have sensors via which they probe the state of physical systems (e.g., track occupancy in a building), and from this data algorithms calculate appropriate commands to control the state of physical systems (e.g. control the HVAC and elevators in the building). The electronics and the software in the IoT devices, the data communication over the Internet, and the servers in the datacenter where control algorithms run are all vulnerable to a variety of attacks by hackers as well as state actors. These attacks are being mounted with increasing frequency, and result not only in theft of sensitive information but also in danger to physical safety of people and property. The project is developing solutions to security and privacy threats in the IoT, which is at the foundation of the modern society and world economy.

The project research provides trustworthy and privacy-aware control architectures for IoT through mechanisms drawn from control, cryptography, software, and hardware. These include: (i) A framework for formally reasoning about safety and privacy properties of control software in conjunction with dynamical models of the physical world and associated sensing and actuation channels; (ii) Lightweight domain-specific mechanisms, for policing flow of information through software applications, while leveraging the semantics of machine learning and control algorithms, physics of the system, and numerical properties; (iii) Enforcing desired safety and information leakage properties via a combination of principled sensor data perturbation, control algorithms optimized for efficient computation over encrypted data, and a hardware-supported trusted computing base tailored to protecting sensed data and control algorithm parameters; (iv) A resilient control and timing infrastructure that protects against attacks on timing information through a hybrid use of edge and cloud resources and physical models. The success of the mechanisms is being assessed on experimental testbeds for smart home, industrial automation and smart vehicles, but have broader applicability to many other IoT applications. The project team is also creating a new graduate class on IoT security and developing educational material on IoT security for high-schoolers through the Los Angeles Computing Circle initiative at UCLA.

This material is based upon work supported by the NSF under awards CNS-1705135 and CNS-1703782. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the NSF.