CAREER: Towards Secure and Usable IoT Authentication Under Constraints

职业：在约束下实现安全可用的物联网身份验证

• 批准号: 2144669
• 负责人: Qiang Zeng
• 金额: $ 54.57万
• 依托单位: University of South Carolina at Columbia
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-06-01 至 2023-02-28
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2144669&HistoricalAwards=false
• 关键词: CAREER; Towards; Secure; Usable; IoT

The booming development of Internet of Things (IoT) makes ever-growing impacts on various industries and daily lives. IoT authentication, which authenticates the legitimacy of a user and/or an IoT device, is among the most fundamental and critical IoT security problems. Existing approaches often suffer from insecurity (e.g., Bluetooth based proximity proving can be exploited by wireless attacks) or poor usability (e.g., requiring user interfaces or sensors unavailable on most IoT devices). The research advances secure and usable IoT authentication under constraints. Unlike many prior works that build authentication on proximity, which can be exploited by wireless attacks, the project's novelty is based on physical operations that cannot be spoofed by an attacker. The project's broader significance and importance are as follows. 1) The research can help people in rural areas or with disabilities have equal rights of access to modern techniques, such as drone delivery, without relying on special user-side hardware. 2) The research can make IoT pairing and authentication much easier and more secure, and the results have wide applications to smart health, forensics, and continuous security monitoring. 3) The PI will conduct outreach and educational activities that aim to increase awareness of cybersecurity in the K-12 community and broaden the participation of students from underrepresented groups. The project seeks to improve IoT authentication and deliver novel approaches, algorithms, techniques, and systems through the following thrusts. Thrust 1: Authentication for UI-Constrained Devices. A protocol that supports mutual authentication, over an insecure wireless channel, to establish trust between a UI-constrained device and the user to support authentication for heterogeneous IoT devices. Thrust 2: Authentication for Distance-Constrained Devices. A highly usable approach enables secure authentication between an IoT device and the user even when they are multiple meters apart, which has applications ranging from drone delivery to ride sharing. Thrust 3: Authentication for Operation-Constrained Devices. For traditional objects retrofitted with zero-UI sensor nodes, AI-assisted implicit authentication enables recognizing a user without requiring any explicit authentication operations. In sum, the research seeks to substantially advance IoT authentication and foster a variety of IoT applications.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

物联网（IoT）的蓬勃发展对各种行业和日常生活产生了不断增长的影响。物联网身份验证是用户和/或物联网设备的合法性身份验证的，是最基本和关键的物联网安全问题之一。现有的方法通常遭受不安全感（例如，基于蓝牙的接近性证明可以通过无线攻击来利用）或可用性差（例如，在大多数IoT设备上都不可用用户界面或传感器）。该研究在限制下为安全和可用的物联网身份验证提供了推动。与许多可以通过无线攻击来利用近距离身份验证的先前作品不同，该项目的新颖性是基于攻击者无法欺骗的物理操作。该项目的重要性和重要性如下。 1）研究可以帮助农村地区或残疾人拥有同等的获得现代技术的权利，例如无人机交付，而无需依靠特殊的用户端硬件。 2）该研究可以使物联网配对和身份验证更加容易，更安全，并且结果在智能健康，取证和持续的安全监控方面具有广泛的应用。 3）PI将进行外展和教育活动，旨在提高K-12社区网络安全的认识，并扩大来自代表性不足的团体的学生的参与。该项目旨在通过以下推力来改善物联网身份验证并提供新颖的方法，算法，技术和系统。推力1：对UI受限设备的身份验证。通过不安全的无线通道，支持相互验证的协议，以在UI受限设备和用户之间建立信任，以支持异质IoT设备的身份验证。推力2：距离受限设备的身份验证。一种高度可用的方法可以在物联网设备和用户之间的安全身份验证中，即使它们相距一米，它们的应用程序的应用程序从无人机交付到乘车共享。推力3：对操作约束设备的身份验证。对于使用零-UI传感器节点进行翻新的传统对象，AI辅助隐式身份验证可以识别用户，而无需任何明确的身份验证操作。总而言之，该研究旨在实质上提高物联网身份验证并促进各种物联网应用程序。该奖项反映了NSF的法定任务，并认为使用基金会的知识分子优点和更广泛的影响评估标准，认为值得通过评估来获得支持。

项目成果

Authentication for drone delivery through a novel way of using face biometrics

• DOI: 10.1145/3495243.3560550
• 发表时间: 2022-10
• 期刊: Proceedings of the 28th Annual International Conference on Mobile Computing And Networking
• 作者: Jonathan Sharp;Chuxiong Wu;Qiang Zeng

IoT Phantom-Delay Attacks: Demystifying and Exploiting IoT Timeout Behaviors

• DOI: 10.1109/dsn53405.2022.00050
• 发表时间: 2022-06
• 期刊: 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
• 作者: Chenglong Fu;Qiang Zeng;Haotian Chi;Xiaojiang Du;Siva Likitha Valluru

G2Auth: secure mutual authentication for drone delivery without special user-side hardware

• DOI: 10.1145/3498361.3538941
• 发表时间: 2022-06
• 期刊: Proceedings of the 20th Annual International Conference on Mobile Systems, Applications and Services
• 作者: Chuxiong Wu;Xiaopeng Li;Lannan Luo;Qiang Zeng