Award Abstract # 1505728
Synergy: Collaborative: CPS-Security: End-to-End Security for the Internet of Things

NSF Org: CNS
Division Of Computer and Network Systems
Recipient: THE LELAND STANFORD JUNIOR UNIVERSITY
Initial Amendment Date: August 17, 2015
Latest Amendment Date: September 15, 2016
Award Number: 1505728
Award Instrument: Continuing Grant
Program Manager: David Corman
CNS
 Division Of Computer and Network Systems
CSE
 Directorate for Computer and Information Science and Engineering
Start Date: September 1, 2015
End Date: August 31, 2018 (Estimated)
Total Intended Award Amount: $600,000.00
Total Awarded Amount to Date: $600,000.00
Funds Obligated to Date: FY 2015 = $400,000.00
FY 2016 = $200,000.00
History of Investigator:
  • Philip Levis (Principal Investigator)
    pal@cs.stanford.edu
  • Mark Horowitz (Co-Principal Investigator)
  • Dan Boneh (Co-Principal Investigator)
  • Dawson Engler (Co-Principal Investigator)
  • Keith Winstein (Co-Principal Investigator)
Recipient Sponsored Research Office: Stanford University
450 JANE STANFORD WAY
STANFORD
CA  US  94305-2004
(650)723-2300
Sponsor Congressional District: 16
Primary Place of Performance: Stanford University
CA  US  94305-4100
Primary Place of Performance
Congressional District:
16
Unique Entity Identifier (UEI): HJD6G4D6TJY5
Parent UEI:
NSF Program(s): Information Technology Researc
Primary Program Source: 01001516DB NSF RESEARCH & RELATED ACTIVIT
01001617DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 8225, 8235
Program Element Code(s): 164000
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

Computation is everywhere. Greeting cards have processors that play songs. Fireworks have processors for precisely timing their detonation. Computers are in engines, monitoring combustion and performance. They are in our homes, hospitals, offices, ovens, planes, trains, and automobiles. These computers, when networked, will form the Internet of Things (IoT). The resulting applications and services have the potential to be even more transformative than the World Wide Web. The security implications are enormous. Internet threats today steal credit cards. Internet threats tomorrow will disable home security systems, flood fields, and disrupt hospitals. The root problem is that these applications consist of software on tiny low-power devices and cloud servers, have difficult networking, and collect sensitive data that deserves strong cryptography, but usually written by developers who have expertise in none of these areas. The goal of the research is to make it possible for two developers to build a complete, secure, Internet of Things applications in three months.

The research focuses on four important principles. The first is "distributed model view controller." A developer writes an application as a distributed pipeline of model-view-controller systems. A model specifies what data the application generates and stores, while a new abstraction called a transform specifies how data moves from one model to another. The second is "embedded-gateway-cloud." A common architecture dominates Internet of Things applications. Embedded devices communicate with a gateway over low-power wireless. The gateway processes data and communicates with cloud systems in the broader Internet. Focusing distributed model view controller on this dominant architecture constrains the problem sufficiently to make problems, such as system security, tractable. The third is "end-to-end security." Data emerges encrypted from embedded devices and can only be decrypted by end user applications. Servers can compute on encrypted data, and many parties can collaboratively compute results without learning the input. Analysis of the data processing pipeline allows the system and runtime to assert and verify security properties of the whole application. The final principle is "software-defined hardware." Because designing new embedded device hardware is time consuming, developers rely on general, overkill solutions and ignore the resulting security implications. The data processing pipeline can be compiled into a prototype hardware design and supporting software as well as test cases, diagnostics, and a debugging methodology for a developer to bring up the new device. These principles are grounded in Ravel, a software framework that the team collaborates on, jointly contributes to, and integrates into their courses and curricula on cyberphysical systems.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

(Showing: 1 - 10 of 44)
Adkins, Joshua and Flaspohler, Genevieve and Dutta, Prabal "Ving: Bootstrapping the Desktop Area Network with a Vibratory Ping" 2015 ACM Workshop on Hot Topics in Wireless , 2015
Amit Levy and James Hong and Laurynas Riliskis and Philip Levis and Keith Winstein "{Beetle: Flexible Communication for Bluetooth Low Energy}" {Proceedings of the 14th International Conference on Mobile Systems, Applications and Services (MobiSys)} , 2016
Amit Levy and Michael P Andersen and Bradford Campbell and David Culler and Prabal Dutta and Branden Ghena and Philip Levis and Pat Pannuto "{Ownership is Theft: Experiences Building an Embedded OS in Rust}" {Proceedings of the 8th Workshop on Programming Languages and Operating Systems (PLOS 2015)} , 2015
Ben Lampert and Riad S. Wahby and Shane Leonard and Philip Levis "{Robust, low-cost, auditable random number generation for embedded system security}" {The 14th ACM Conference on Embedded Networked Sensor Systems (SenSys)} , 2016
Brown, Fraser and Notzli, Andres and Engler, Dawson "How to Build Static Checking Systems Using Orders of Magnitude Less Code" Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems , 2016
Campbell, Bradford and Adkins, Joshua and Dutta, Prabal "Cinamin: A Perpetual and Nearly Invisible BLE Beacon" Proceedings of the 2016 International Conference on Embedded Wireless Systems and Networks , 2016
Carmelo Di Franco and Amanda Prorok and Nikolay Atanasov and Benjamin P. Kempke and Prabal Dutta and Vijay Kumar and George J. Pappas "Calibration-free network localization using non-line-of-sight ultra-wideband measurements" Proceedings of the 16th {ACM/IEEE} International Conference on InformationProcessing in Sensor Networks, {IPSN} 2017, Pittsburgh, PA, USA, April 18-21, 2017 , 2017
Chang Lan and Justine Sherry and Raluca Ada Popa and Sylvia Ratnasamy "Embark: Securely Outsourcing Middleboxes to the Cloud" USENIX Symposium on Networked Design and Implementation (NSDI) , 2016
Chi, Pei-Yu (Peggy) and Li, Yang and Hartmann, Bjoern "Enhancing Cross-Device Interaction Scripting with Interactive Illustrations" Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems , 2016
Clark, Meghan and Dutta, Prabal "The Haunted House: Networking Smart Homes to Enable Casual Long-distance Social Interactions" Proceedings of the 2015 International Workshop on Internet of Things towards Applications , 2015
Dan Boneh and Rosario Gennaro and Steven Goldfeder and Aayush Jain and Sam Kim and Peter M. R. Rasmussen and Amit Sahai "Threshold Cryptosystems from Threshold Fully Homomorphic Encryption" Advances in Cryptology - {CRYPTO} 2018 - 38th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2018, Proceedings, Part {I} , 2018
(Showing: 1 - 10 of 44)

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

The major goal of this project was to show that, with the help of new cryptography, software, user interfaces, and network technologies, developing secure Internet of Things applications can be easy.

One principal findng of the project was that many especially dangerous attacks on Internet of Things applications target the weak link: the tiny, low-power devices "Things". The past 20 years have seen tremendous advances in software security for servers, personal computers, and mobile devices, but the software used in low-power embedded devices had changed very little. To address this, the project developed the Tock operating system, the first open-source secure operating system for embedded systems. Tock uses recent advances in programming languages to be safe from many common attacks, such as buffer overflows. Tock has been adopted by several startup companies and we are working with Google to port it to their Titan chip that provides the root-of-trust for all of their computing systems.

A second principal finding of the project is that it is possible to build software services that process encrypted user data. The services cannot decrypt the data: to them, it is a black box. Nonetheless, using new cryptography, these services can compute useful things about the data. For example, a service can store user data and respond to queries about it (e.g., show me the records in the first week of August) without actually knowing what the query or the answer is. One system in particular, called Prio, has been adopted  by Mozilla and is used to collect aggregate peformance statistics on its software in a way that exposes no information about individual users. Mozilla can learn that certain web pages are slow for its browser without being able to determine who accessed those web pages.

The third principal finding of the project is that the lack of interoperability between many Internet of Things devices today is a networking problem. The "Internet of Things" evokes an idea of many smart devices working together to form larger, more sophisticated applications, much as many web applications build on Google Maps or other services. But today, applications are vertical stovepipe designs, where a device talks only to its mobile app, which talks only its own cloud service. This is an unforeseen implication of some low-level decisions in mobile operating system design, and the project devised new protocols that enable new applications. Furthermore, because applications are vertical stovepipes, we are forced to trust that devices only collect the data they say they do: we cannot see what our devices are sending in the same way we can with web browsers. The project developed a new approach to network security that  allows users to inspect what devices are sending while fully protecting that data, something which was previously impossible.

The final princpal finding of the project is that developing IoT applications is especially difficult because their devices are truly cyber-physical: they involve a tight coupling between hardware, sensing, software, and physical design. As a result, many things can go wrong, and debugging these systems is especially difficutl. The project devised techniques new "smart" maker tools, such as drill that projects a dot where you should drill and tells you when you've drilled deep enough, or a saw that shows you where to cut.

Intellectual Merit: The project researched how Internet of Things applications differ from standard Internet applications, finding new principles for the design and implementation of these systems. This involved an exploration of cryptography, human-computer interaction, networking, hardware, and software. It demonstrated that new techniques, such as lightweight multi-party computation, secure embedded operating systems, auditable networking, and smart tools, make developing secure Internet of Things applications much easier.

Broader Impact: Research performed under the grant has seen signfiicant commercial adoption. It has helped pave the way for a next generation of Internet of Things systems and applications. It has established key principles for developing secure Internet of Things applications and demonstrated how to apply those principles in practice.

 


Last Modified: 11/02/2018
Modified by: Philip A Levis

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page