A smart environment is a complex system, involving IoT devices, servers, communication protocols, the physical environment, humans, etc. These entities interact and interfere with each other, raising many interesting and unique security questions. An interdisciplinary approach, which combines knowledge and techniques from different domains, is vital to address such questions. I will share how the approach is applied to two IoT security projects. (1) The first one (Oakland’22) reveals novel IoT attacks, named Phantom-Delay Attacks, that exploit an IoT design vulnerability we have identified. It widely exists on IoT protocol stacks and impacts billions of IoT devices. The new vulnerability and attacks have been acknowledged by Google, Ring, and SimpliSafe. (2) The second (CCS’20) builds a highly secure and usable IoT pairing technique, which can be applied to more than 92% of the heterogeneous IoT devices on the market. It is resilient to man-in-the-middle attacks without needing any passwords. The successes of both projects can be attributed to an interdisciplinary approach that considers the interaction of different entities in a smart environment. I will also discuss my research plan on protecting the privacy of IoT users and authenticating robotic vehicles (such as drones and mobile robots).
Dr. Qiang Zeng is an Assistant Professor in the Department of Computer Science and Engineering at University of South Carolina. He received his Ph.D. from Penn State University. His main research interest is Computer Systems Security, with a current focus on Internet of Things. He publishes papers in Oakland, CCS, USENIX Security, NDSS, MobiCom, and MobiSys. He is a recipient of an NSF CAREER Award.