Summary

Overview

While the first generation IoT has largely focused on collecting data to sense the state of various natural and engineered systems, the ability to influence and control those systems is an essential capability of the emerging next generation IoT. Unfortunately, traditional control architectures where a fixed set of control algorithms are executed on dedicated on-premise professionally-managed control computers do not scale to the IoT scenarios due to variety of challenges. The challenges include resource constraints that limit performance and prevent use of sophisticated sensing and control algorithms, and deployment and management difficulties in an IoT with control algorithms running on billions of end-user-managed edge-devices. Two new control architectures - control-as-a-service (CaaS) and control-apps (CApp) - seek to address these challenges by leveraging pervasive connectivity and cloud computing, but in turn introduce new security and privacy challenges. The primary objective of the project is two-fold. First, it seeks to understand and formally model potential new threats and system vulnerabilities in these new IoT control architectures, such as misuse of high-dimensional sensor data, theft of intellectual property associated with control algorithms, corruption of control loops, exploitation of physical channels among sensors and actuators, and manipulation of timing information that control algorithms critically depend upon. Second, the project seeks to develop principled methods to prevent, detect, and mitigate attacks exploiting these vulnerabilities by fusing cryptographic protection and software security mechanisms with control theory and models of IoT’s physical environment.

Intellectual Merit

The project seeks to provide trustworthy and privacy-aware control architectures for the next generation IoT through a suite of mechanisms that are built on a cross-disciplinary foundation of control, cryptography, software, and hardware. These include: (i) A principled framework for formally reasoning about safety and privacy properties of control software in conjunction with dynamical models of the physical world and associated sensing and actuation channels; (ii) Lightweight domain-specific mechanisms, for policing flow of information through software applications, while leveraging the semantics of machine learning and control algorithms, physics of the system, and numerical properties; (iii) Enforcing desired safety and information leakage properties via a combination of principled sensor data perturbation, control algorithms optimized for efficient computation over encrypted data, and a hardware-supported trusted computing base tailored to protecting sensed data and control algorithm parameters; (iv) A resilient control and timing infrastructure that protects against attacks on timing information through a hybrid use of edge and cloud resources and physical models. The success of the proposed mechanisms will be assessed on experimental testbeds focused on control for smart home, industrial automation and smart vehicles. The project team spanning Rutgers and UCLA brings together expertise in computer security, sensor data privacy, control theory, and embedded software and hardware.

Broader Impacts

The trustworthy and privacy-aware architectures for control in IoT has the potential to impact manyfold application domains where concerns about privacy and safety regarding the flow of sensor data and actuation commands across traditional trust boundaries hinder adoption. These include building smart transportation, energy and water management, mHealth, and smart built spaces among many others. The successful development of the proposed architecture and privacy mechanisms will also have considerable economic impact in the control industry since it enables a new cloud-based business model that has the potential to create a very lucrative new market. Educational efforts are also an integral component of this proposal. We will disseminate research results to the academic community via workshops at relevant conferences such as the ACM Conference on Computer and Communications Security or Cyber-Physical Systems Week. A new graduate class on IoT security will be established at UCLA and several security topics will be introduced in the undergraduate classes currently taught by the PIs. Finally, we also propose educational efforts for high-schoolers through the existing LA Computing Circle established by one of the PIs to engage and mentor high-schoolers for careers in computing and engineering.