| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | August 17, 2015 |
| Latest Amendment Date: | September 15, 2016 |
| Award Number: | 1505773 |
| Award Instrument: | Continuing Grant |
| Program Manager: |
David Corman
CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | September 1, 2015 |
| End Date: | August 31, 2019 (Estimated) |
| Total Intended Award Amount: | $524,975.00 |
| Total Awarded Amount to Date: | $524,975.00 |
| Funds Obligated to Date: |
FY 2016 = $174,999.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
1608 4TH ST STE 201 BERKELEY CA US 94710-1749 (510)643-3891 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
Berkeley CA US 94704-5940 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Information Technology Researc |
| Primary Program Source: |
01001617DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Computation is everywhere. Greeting cards have processors that play songs. Fireworks have processors for precisely timing their detonation. Computers are in engines, monitoring combustion and performance. They are in our homes, hospitals, offices, ovens, planes, trains, and automobiles. These computers, when networked, will form the Internet of Things (IoT). The resulting applications and services have the potential to be even more transformative than the World Wide Web. The security implications are enormous. Internet threats today steal credit cards. Internet threats tomorrow will disable home security systems, flood fields, and disrupt hospitals. The root problem is that these applications consist of software on tiny low-power devices and cloud servers, have difficult networking, and collect sensitive data that deserves strong cryptography, but usually written by developers who have expertise in none of these areas. The goal of the research is to make it possible for two developers to build a complete, secure, Internet of Things applications in three months.
The research focuses on four important principles. The first is "distributed model view controller." A developer writes an application as a distributed pipeline of model-view-controller systems. A model specifies what data the application generates and stores, while a new abstraction called a transform specifies how data moves from one model to another. The second is "embedded-gateway-cloud." A common architecture dominates Internet of Things applications. Embedded devices communicate with a gateway over low-power wireless. The gateway processes data and communicates with cloud systems in the broader Internet. Focusing distributed model view controller on this dominant architecture constrains the problem sufficiently to make problems, such as system security, tractable. The third is "end-to-end security." Data emerges encrypted from embedded devices and can only be decrypted by end user applications. Servers can compute on encrypted data, and many parties can collaboratively compute results without learning the input. Analysis of the data processing pipeline allows the system and runtime to assert and verify security properties of the whole application. The final principle is "software-defined hardware." Because designing new embedded device hardware is time consuming, developers rely on general, overkill solutions and ignore the resulting security implications. The data processing pipeline can be compiled into a prototype hardware design and supporting software as well as test cases, diagnostics, and a debugging methodology for a developer to bring up the new device. These principles are grounded in Ravel, a software framework that the team collaborates on, jointly contributes to, and integrates into their courses and curricula on cyberphysical systems.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
The major goal of this project was to show that, with the help of new cryptography, software, user interfaces, and network technologies, developing secure Internet of Things applications can be easy.
One principal finding of the project was that many especially dangerous attacks on Internet of Things applications target the weak link: the tiny, low-power devices "Things". The past 20 years have seen tremendous advances in software security for servers, personal computers, and mobile devices, but the software used in low-power embedded devices had changed very little. To address this, the project developed the Tock operating system, the first open-source secure operating system for embedded systems. Tock uses recent advances in programming languages to be safe from many common attacks, such as buffer overflows. Tock has been adopted by several startup companies and we are working with Google to port it to their Titan chip that provides the root-of-trust for all of their computing systems.
A second principal finding of the project is that it is possible to build software services that process encrypted user data. The services cannot decrypt the data: to them, it is a black box. Nonetheless, using new cryptography, these services can compute useful things about the data. For example, a service can store user data and respond to queries about it (e.g., show me the records in the first week of August) without actually knowing what the query or the answer is. Our system WAVE enables access control in IoT systems without relying on a central point of trust, which is important not only to prevent a point of attack, but also to enable the cross-trust domain nature of IoT systems. Our system JEDI enables end-to-end encryption for messaging in IoT systems by supporting publish and subscribe model common in IoT systems and resource constrained devices. WAVE and JEDI have been open-sourced and WAVE has been used for more than 3 years to control more than 200 IoT devices over 20 Californian campuses. Our systems Oblix, SafeBricks, DIZK, and MiniCrypt enable secure computation on sensitive IoT data in the cloud providing privacy and integrity.
The third principal finding of the project is that the lack of interoperability between many Internet of Things devices today is a networking problem. The "Internet of Things" evokes an idea of many smart devices working together to form larger, more sophisticated applications, much as many web applications build on Google Maps or other services. But today, applications are vertical stovepipe designs, where a device talks only to its mobile app, which talks only its own cloud service. This is an unforeseen implication of some low-level decisions in mobile operating system design, and the project devised new protocols that enable new applications. Furthermore, because applications are vertical stovepipes, we are forced to trust that devices only collect the data they say they do: we cannot see what our devices are sending in the same way we can with web browsers. The project developed a new approach to network security that allows users to inspect what devices are sending while fully protecting that data, something which was previously impossible.
The final principal finding of the project is that developing IoT applications is especially difficult because their devices are truly cyber-physical: they involve a tight coupling between hardware, sensing, software, and physical design. As a result, many things can go wrong, and debugging these systems is especially difficult. We developed several debugging tools that allow developers to interrogate how information flows across the boundaries of sensors and embedded processors; and between embedded processors and the cloud. We also contributed novel approaches for designing IoT devices where appropriate hardware is automatically and correctly synthesized from high-level specifications of the desired IoT application.
Intellectual Merit: The project researched how Internet of Things applications differ from standard Internet applications, finding new principles for the design and implementation of these systems. This involved an exploration of cryptography, human-computer interaction, networking, hardware, and software. It demonstrated that new techniques, such as lightweight multi-party computation, secure embedded operating systems, auditable networking, and smart tools, make developing secure Internet of Things applications much easier.
Broader Impact: Research performed under the grant has seen significant commercial adoption. It has helped pave the way for a next generation of Internet of Things systems and applications. It has established key principles for developing secure Internet of Things applications and demonstrated how to apply those principles in practice.
Last Modified: 02/12/2020
Modified by: Bjoern Hartmann
Please report errors in award information by writing to: awardsearch@nsf.gov.
