14-829 / 18-638: Mobile and IoT Security - Fall 2020
Lab 7: Security & Privacy of IoT Sensing
- Due: Dec 4
- Description: This lab will allow you to choose from three possible options:
- Design a secure and privacy-preserving IoT sensing testbed;
- Analyze security and privacy risks of large-scale sensing;
- Design an immersive IoT system with multiple components with consideration for user privacy, security, and safety.
Each of these options has quite a bit of flexibility, and each is outlined in more detail below.
Lab 7 Option 1 (The "Build It" Option)
- Build a Secure and Privacy-Preserving IoT Sensing Testbed: The primary tasks of this option for the lab
involve building either a physical IoT testbed or creating a virtual IoT system emulation using Raspberry Pi, Arduino,
or similar devices that interact with an "IoT server" (your computer or cloud host). Physical devices can include anything
in the course inventory or any of your own devices. Emulation can be done using any suitable online platform (such as
anything you identified in Lab 5).
- Tasks for Option 1:
- Build your testbed - Whether you are using physical or virtual devices, be sure to include at least one device
that generates data (either a sensor or something that takes input from a user) and at least one device that consumes data
(any type of actuator, including motion, audio, video, etc.).
- Create your app/service - Using your physical or virtual devices along with your IoT server, design an IoT app
or service that uses the combination of sensing and actuation capabilities of your devices as well as some intelligence
that lives on your server. Interesting apps/services will involve risk, so make sure to choose a scenario that will
require the collection, processing, and management of some type of sensitive data.
- Analyze security and privacy - Given your designed system and scenario and its use of sensitive data, perform
some type of security and privacy analysis on the system to identify a comprehensive set of security requirements and
privacy risks, from the perspective of all of the relevant stakeholders.
- Protect your system, server, and user - Based on your security analysis, develop a set of mechanisms for
protecting various stakeholder concerns. You don't need to implement anything here, but your mechanisms should be informed
by your system design, application scenario, and the nature of the sensitive data. Most importantly, identify any
conflicting requirements between different stakeholders that would require you to make a design trade-off, and comment
in the potential implications of different design choies on each stakeholder.
Lab 7 Option 2 (The "Analyze It" Option)
- Analyze Security and Privacy Risks of Large-Scale Sensing: The primary tasks of this option for the lab
involve the analysis of a sufficiently large dataset to study the type of "unintentional" inference that can be done,
meaning you are going to try to learn something from the data that was not the original intention of collecting the
data. You'll then study whether the data can be "sanitized" or "perturbed" to prevent the unintentional inference
without losing the original value of the data.
- Tasks for Option 2
- Identify or create your dataset - Since the primary goal of this lab option is to study inference from
a large-scale sensing system, you'll need to either get access to a large sensing dataset or generate your own
sufficiently large dataset for use in your study. Keep in mind that the sensor data must be rich enough to support
a particular use case of interest as well as your adversarial goal of learning something unintentional about the user(s)
monitored in the original sensing scenario.
- Identify the "unintentional" inference target - Aside from the main goal of the sensing system, which seeks
to provide some utility to users based on sensing/observing them, your next task is to identify a particular property
or behavior of the user that you can learn by further analyzing the sensor data, possibly in a different way from
indented by the original sensing scenario. In order to do this, it really helps to have some additional metadata about
the users to confirm the outcome of your advesarial analysis (e.g., if you are trying to infer the user's gender, you may
need this label somewhere within the data, then your study would suppose this label is not there to begin with).
- Determine how to modify or sanitize the dataset - If your adversarial inference is successful (or you
believe it is even if you don't have ground truth labels to validate against), your next task is to figure out a way
to modify the data in the dataset to intentionally degrade the adversary's ability to do such inference. For example,
what happens if you add noise to each measurement in the dataset? What happens if you remove some fraction of the data?
- Analyze the trade-offs between security/privacy and data utility - Building on the previous tasks, come up
with a characterization of the trade-offs between the adversary's ability to infer the hidden property/behavior and the
ability to get the intended utility from the data. For example, you could gradually increase the amount of noise added
to each measurement or the fraction of data removed, and for each value, determine how useful the data is and how difficult
the adversary's inference becomes.
Lab 7 Option 3 (The "Design It" Option)
- Design a Secure and Privacy-preserving Immersive IoT Environment: The primary tasks of this option for the lab
focus on the design of an immersive IoT environment with multiple sensors, actuators, displays, etc. without the need
to build a system or perform any data analytics. Instead, this options challenges you to think about the interactions among
a larger number of IoT devices, services, and providers that are directly or indirectly collaborating to provide a rich,
immersive experience to users in the IoT environment. Your goal is to understand the security and privacy risks of this
larger-scale system and be able to describe various trade-offs between different requirements/goals and different stakeholders.
- Tasks for Option 3
- Envision your Immersive IoT System - This is your opportunity to be really creative in thinking about what types
of interactions devices and users can have when there are a diverse collection of sensors, actuators, and other devices in
an environment, along with multiple users, networks, and service providers. Design what your ideal system would do, how users
would use it, what data would be involved, what types of network/service providers would be involved, and any other important
details of the system.
- Focus on the Data - For your hypothetical scenario, identify the various data streams that may be generated by IoT
sensors, consumed by IoT actuators, outsourced for analysis by cloud service providers, etc. In addition, determine which of
these data streams include potentially sensitive data, and (qualitatively) characterize the potential security and privacy
risks involved in each data exchange, paying particular attention to risks from different stakeholder perspectives.
- Manage the Risks - Your next task is to design a variety of mechanisms to manage the various security and privacy
risks that you've identified. For security risks, what types of protections could potentially address the requirements of
the various stakeholders? Be sure to identify any necessary trust relationships among stakeholders (e.g., if PKI is needed,
who is the trusted authority?) or other assumptions about infrastructure. For privacy risks, are there ways that particular
data streams could be sanitized or eliminated entirely (e.g., insourcing functionality rather than outsourcing computation).
- Deliverables: Each student will submit a written summary of their efforts and responses for the above tasks, making
sure that all components of the selected option are addressed. The summary report should clearly outline the goals of the chosen
option and how each tasks was approached and accomplished. The written summary should be formatted as a single- or double-column
document using font size 11 or greater, converted to a
.pdf
document for submission.
- Grading: This assignment is worth 40 points, which will be allocated to your design, analysis, and documentation
aspects, regardless of which project option you choose, noting that the allocation of points will focus on tasks that are most
related to security and privacy considerations, and fewer points will be allocated to aspects of coding, analysis, or visualization,
though these may be relevant tasks that contribute to your grade. Your grade will reflect your effort and demonstration of mastery
of IoT security and privacy concepts covered in the course. We reserve the right to take off points for presentation aspects,
e.g., incorrect format, poor writing, etc.