14-829: Mobile and IoT Security

14-829 / 18-638: Mobile and IoT Security - Fall 2021



Lab 7: Security & Privacy of IoT Sensing

Due: Nov 23

Description: This lab will allow you to choose from three possible options:
  1. Design a secure and privacy-preserving IoT sensing testbed;
  2. Analyze security and privacy risks of large-scale sensing;
  3. Design an immersive IoT system with multiple components with consideration for user privacy, security, and safety.
Each of these options has quite a bit of flexibility, and each is outlined in more detail below.




Lab 7 Option 1 (The "Build It" Option)

Build a Secure and Privacy-Preserving IoT Sensing Testbed: The primary tasks of this option for the lab involve building either a physical IoT testbed or creating a virtual IoT system emulation using Raspberry Pi, Arduino, or similar devices that interact with an "IoT server" (your computer or cloud host). Physical devices can include anything in the course inventory or any of your own devices. Emulation can be done using any suitable online platform (such as anything you identified in Lab 5).

Tasks for Option 1:
  1. Build your testbed - Whether you are using physical or virtual devices, be sure to include at least one device that generates data (either a sensor or something that takes input from a user) and at least one device that consumes data (any type of actuator, including motion, audio, video, etc.).
  2. Create your app/service - Using your physical or virtual devices along with your IoT server, design an IoT app or service that uses the combination of sensing and actuation capabilities of your devices as well as some intelligence that lives on your server. Interesting apps/services will involve risk, so make sure to choose a scenario that will require the collection, processing, and management of some type of sensitive data.
  3. Analyze security and privacy - Given your designed system and scenario and its use of sensitive data, perform some type of security and privacy analysis on the system to identify a comprehensive set of security requirements and privacy risks, from the perspective of all of the relevant stakeholders.
  4. Protect your system, server, and user - Based on your security analysis, develop a set of mechanisms for protecting various stakeholder concerns. You don't need to implement anything here, but your mechanisms should be informed by your system design, application scenario, and the nature of the sensitive data. Most importantly, identify any conflicting requirements between different stakeholders that would require you to make a design trade-off, and comment in the potential implications of different design choies on each stakeholder.




Lab 7 Option 2 (The "Analyze It" Option)

Analyze Security and Privacy Risks of Large-Scale Sensing: The primary tasks of this option for the lab involve the analysis of a sufficiently large dataset to study the type of "unintentional" inference that can be done, meaning you are going to try to learn something from the data that was not the original intention of collecting the data. You'll then study whether the data can be "sanitized" or "perturbed" to prevent the unintentional inference without losing the original value of the data.

Tasks for Option 2
  1. Identify or create your dataset - Since the primary goal of this lab option is to study inference from a large-scale sensing system, you'll need to either get access to a large sensing dataset or generate your own sufficiently large dataset for use in your study. Keep in mind that the sensor data must be rich enough to support a particular use case of interest as well as your adversarial goal of learning something unintentional about the user(s) monitored in the original sensing scenario.
  2. Identify the "unintentional" inference target - Aside from the main goal of the sensing system, which seeks to provide some utility to users based on sensing/observing them, your next task is to identify a particular property or behavior of the user that you can learn by further analyzing the sensor data, possibly in a different way from indented by the original sensing scenario. In order to do this, it really helps to have some additional metadata about the users to confirm the outcome of your advesarial analysis (e.g., if you are trying to infer the user's gender, you may need this label somewhere within the data, then your study would suppose this label is not there to begin with).
  3. Determine how to modify or sanitize the dataset - If your adversarial inference is successful (or you believe it is even if you don't have ground truth labels to validate against), your next task is to figure out a way to modify the data in the dataset to intentionally degrade the adversary's ability to do such inference. For example, what happens if you add noise to each measurement in the dataset? What happens if you remove some fraction of the data?
  4. Analyze the trade-offs between security/privacy and data utility - Building on the previous tasks, come up with a characterization of the trade-offs between the adversary's ability to infer the hidden property/behavior and the ability to get the intended utility from the data. For example, you could gradually increase the amount of noise added to each measurement or the fraction of data removed, and for each value, determine how useful the data is and how difficult the adversary's inference becomes.




Lab 7 Option 3 (The "Design It" Option)

Design a Secure and Privacy-preserving Immersive IoT Environment: The primary tasks of this option for the lab focus on the design of an immersive IoT environment with multiple sensors, actuators, displays, etc. without the need to build a system or perform any data analytics. Instead, this options challenges you to think about the interactions among a larger number of IoT devices, services, and providers that are directly or indirectly collaborating to provide a rich, immersive experience to users in the IoT environment. Your goal is to understand the security and privacy risks of this larger-scale system and be able to describe various trade-offs between different requirements/goals and different stakeholders.

Tasks for Option 3
  1. Envision your Immersive IoT System - This is your opportunity to be really creative in thinking about what types of interactions devices and users can have when there are a diverse collection of sensors, actuators, and other devices in an environment, along with multiple users, networks, and service providers. Design what your ideal system would do, how users would use it, what data would be involved, what types of network/service providers would be involved, and any other important details of the system.
  2. Focus on the Data - For your hypothetical scenario, identify the various data streams that may be generated by IoT sensors, consumed by IoT actuators, outsourced for analysis by cloud service providers, etc. In addition, determine which of these data streams include potentially sensitive data, and (qualitatively) characterize the potential security and privacy risks involved in each data exchange, paying particular attention to risks from different stakeholder perspectives.
  3. Manage the Risks - Your next task is to design a variety of mechanisms to manage the various security and privacy risks that you've identified. For security risks, what types of protections could potentially address the requirements of the various stakeholders? Be sure to identify any necessary trust relationships among stakeholders (e.g., if PKI is needed, who is the trusted authority?) or other assumptions about infrastructure. For privacy risks, are there ways that particular data streams could be sanitized or eliminated entirely (e.g., insourcing functionality rather than outsourcing computation).




Deliverables: Each student will submit a written summary of their efforts and responses for the above tasks, making sure that all components of the selected option are addressed. The summary report should clearly outline the goals of the chosen option and how each tasks was approached and accomplished. The written summary should be formatted as a single- or double-column document using font size 11 or greater, converted to a .pdf document for submission.

Grading: This assignment is worth 40 points, which will be allocated to your design, analysis, and documentation aspects, regardless of which project option you choose, noting that the allocation of points will focus on tasks that are most related to security and privacy considerations, and fewer points will be allocated to aspects of coding, analysis, or visualization, though these may be relevant tasks that contribute to your grade. Your grade will reflect your effort and demonstration of mastery of IoT security and privacy concepts covered in the course. We reserve the right to take off points for presentation aspects, e.g., incorrect format, poor writing, etc.