Internet of Things (IoT) Security and Privacy Center
The Center conducts research and development aimed at providing IoT developers, integrators, and users with effective tools and methods for building and managing secure, privacy-preserving and maintainable IoT systems.
From wearables to public infrastructure, today’s Internet of Things (IoT) devices are designed to connect wirelessly and collect data with the promise of delivering benefits to health, safety, and productivity. However, most IoT devices and networks are not designed with basic security and privacy practices, and those who manage IoT systems don't have the information required to make informed decisions about security and privacy for their system. They must be able to address questions such as: What happens to my level of security when I make this configuration change? How will the addition of this new type of device affect privacy?
SRI’s Internet of Things Security and Privacy Center conducts research and development aimed at providing IoT developers, integrators, and users with usable and effective tools and methods for building and managing secure, privacy-preserving and maintainable IoT systems. The Center’s researchers investigate novel technical approaches including:
- Application of a language-theoretic security concept to IoT, helping developers limit and formalize the untrusted input an IoT device accepts, thereby eliminating many potential attack vectors;
- Measuring the "true" security and privacy impact of changes or additions to IoT systems and networks; and
- Exploration and identification of attack paths beyond IP connectivity, such as physical attack channels.
The Center’s initial research areas focus on medical devices and wearables (such as monitoring, diagnostic and therapeutic devices), as well as automotive applications (such as infotainment and telematics in connected passenger vehicles). SRI’s researchers aim to advance the capability of the R&D community to ensure privacy and security for IoT by providing current and future developers and integrators with the tools, methods, and knowledge that they are lacking today.