Securing the Next Billion Consumer Devices on the Edge
Lead Research Organisation:
Imperial College London
Department Name: Computing
Abstract
Vision: In this fellowship, I aim to address a major challenge in the adoption of user-centred privacy-enhancing technologies: Can we leverage novel architectures to provide private, trusted, personalised, and dynamically- configurable models on consumer devices to cater for heterogenous environments and user requirements? Importantly, such properties must provide assurances for the data integrity and model authenticity/trustworthiness, while respecting the privacy of the individuals taking part in training and improving such models. Innovation and adoption in this space require collaborations between device manufacturers, platform providers, network operators, regulators, and the users. The objectives of this fellowship will take us far beyond the status-quo, one-size-fits-all solutions, providing a framework for personalised, trustworthy, and confidential edge computing, with ability to respect dynamic policies, in particular when dealing with sensitive models and data from the consumer Internet of Things (IoT) devices.
In this fellowship, I aim to address these challenges by designing and evaluating an ecosystem where analytics from, and interaction with, consumer IoT devices can happen with trust in the model and authenticity, while enabling auditing and personalisation, hence pushing today's boundaries on all-or-nothing privacy and enabling new economic models. This approach requires designing for capabilities beyond the current trusted memory and processing limitations of the devices, and a cooperative dialogue and ecosystem involving service providers, ISPs, regulators, device manufacturers, and the end users. By designing our framework around the latest architectural and security features in edge devices, before they become commercially available, we provision for Model Privacy and a User-Centred IoT ecosystem, where service providers can have trust in the authenticity, attestability, and trustworthiness of the valuable models running on user devices, without the users having to reveal sensitive personal information to these cloud-based centralised systems. This approach will enable advanced and sensitive edge-based analytics to be performed, without jeopardising the individuals' privacy. Importantly, we aim to integrate mechanisms for data authenticity and attestation into our proposed framework, to enable trust in models and the data used by them. Such privacy-preserving technologies have the capacity to enable new form of sensitive analytics, without sharing raw data and thereby providing legal balancing capabilities that might enable certain sensitive (or currently unlawful) data analysis.
In this fellowship, I aim to address these challenges by designing and evaluating an ecosystem where analytics from, and interaction with, consumer IoT devices can happen with trust in the model and authenticity, while enabling auditing and personalisation, hence pushing today's boundaries on all-or-nothing privacy and enabling new economic models. This approach requires designing for capabilities beyond the current trusted memory and processing limitations of the devices, and a cooperative dialogue and ecosystem involving service providers, ISPs, regulators, device manufacturers, and the end users. By designing our framework around the latest architectural and security features in edge devices, before they become commercially available, we provision for Model Privacy and a User-Centred IoT ecosystem, where service providers can have trust in the authenticity, attestability, and trustworthiness of the valuable models running on user devices, without the users having to reveal sensitive personal information to these cloud-based centralised systems. This approach will enable advanced and sensitive edge-based analytics to be performed, without jeopardising the individuals' privacy. Importantly, we aim to integrate mechanisms for data authenticity and attestation into our proposed framework, to enable trust in models and the data used by them. Such privacy-preserving technologies have the capacity to enable new form of sensitive analytics, without sharing raw data and thereby providing legal balancing capabilities that might enable certain sensitive (or currently unlawful) data analysis.
Organisations
| Description | EPSRC OpenPlus Fellowship |
| Amount | £1,283,043 (GBP) |
| Funding ID | EP/W005271/1 |
| Organisation | Engineering and Physical Sciences Research Council (EPSRC) |
| Sector | Public |
| Country | United Kingdom |
| Start | 07/2022 |
| End | 06/2027 |
| Title | Advanced IoT Testbed |
| Description | Our state of the art IoT Testbed is instrumental to a number of research projects, government regulation reports, TV documentaries, and independent investigations into the security and privacy of smart devices. The testbed consists of over 140 various consumer IoT devices, state of the art network and device performance monitoring (through BatteryLab), and various automation techniques. Through close collaboration with friends at Northeastern University, We also make our testbed configuration and publications' datasets available to researchers worldside. Please see below for specific articles, papers, and datasets. We also make various IoT device signatures and destination lists available through the IoTrim Project. Our team has won one of the TOP 10 spots in the Telekom Challenge Development Stream. We have received a generous gift and an InnovateUK Cyber Security Academic Startup Accelerator Programme (CyberASAP) grant, supporting our efforts to accelerate IoT Security and to develop IoTrim. |
| Type Of Material | Improvements to research infrastructure |
| Year Produced | 2019 |
| Provided To Others? | Yes |
| Impact | Publications: Oliver Thompson, Anna Maria Mandalari, Hamed Haddadi, "Rapid IoT Device Identification at the Edge", 2nd Workshop on Distributed Machine Learning (DistributedML 2021), co-located with CoNEXT 2021, December 7-10, 2021, Munich, Germany. (Paper available on ArXiv) Anna Maria Mandalari, Daniel J. Dubois, Roman Kolcun, Muhammad Talha Paracha, Hamed Haddadi, David Choffnes, "Blocking without Breaking: Identification and Mitigation of Non-Essential IoT Traffic", in 21st Privacy Enhancing Technologies Symposium (PETS 2021), July 12-16, 2021, On the Internet. (Paper and code available on IoTrim) Said Jawad Saidi, Anna Maria Mandalari, Roman Kolcun, Hamed Haddadi, Daniel J. Dubois, David Choffnes, Georgios Smaragdakis, Anja Feldmann, "A Haystack Full of Needles: Scalable Detection of IoT Devices in the Wild", in ACM Internet Measurement Conference 2020, October 2020, Pittsburgh, Pennsylvania, USA. (Paper and data available) Daniel J. Dubois, Roman Kolcun, Anna Maria Mandalari, Muhammad Talha Paracha, David Choffnes, Hamed Haddadi, "When Speakers Are All Ears: Characterizing Misactivations of IoT Smart Speakers", in proceedings of the 20th Privacy Enhancing Technologies Symposium (PETS 2020), July 14-18, 2020, Montréal, Canada. (Paper, Webpage, Code, and Dataset, NYTimes, The Independent, and USA Today, BBC Panorama program Youtube Link, BBC News, Channel 4 The Truth About Amazon, NYT lead editorial, Vox, ZDNet, Telegraph, Gizmodo, GeekWire, Forbes, BusinessInsider) Anna Maria Mandalari, Roman Kolcun, Hamed Haddadi, Daniel J. Dubois, David Choffnes, "Towards Automatic Identification and Blocking of Non-Critical IoT Traffic Destinations", Workshop on Technology and Consumer Protection (ConPro '20), Co-located with the 41th IEEE Symposium on Security and Privacy, May 21, 2020, San Francisco, CA. (Paper available on ArXiv) Ranya Aloufi, Hamed Haddadi, David Boyle, "Emotionless: Privacy-Preserving Speech Analysis for Voice Assistants", in Privacy Preserving Machine Learning, ACM CCS 2019 Workshop, November 2019, London, UK. (Available on ArXiv, Articles on Vice, Medium) Jingjing Ren, Daniel J. Dubois, David Choffnes, Anna Maria Mandalari, Roman Kolcun, Hamed Haddadi, "Information Exposure From Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach", in ACM Internet Measurement Conference 2019 (IMC 2019), October, 2019, Amsterdam, Netherlands. (Community Contribution Award) (paper and code and dataset, Financial Times article, The Times article, Vice article, BBC News, BBC Click program, Ars Technica) Media coverage: Consumer Reports: Connected Devices Share More Data Than Needed Channel 4 - The Truth About Amazon BBC News - Why Amazon knows so much about you BBC One (Panorama program) - Amazon: What They Know About Us (YouTube Link) BBC and BBC Click program on GDPR Anniversary (YouTube link) USA Today - It's not you, it's them: Google, Alexa and Siri may answer even if you haven't called The Independent - Smart Speakers Could Accidentally Record Users up to 19 Times Per Day, Study Reveals The New York Times - Are Alexa and Google Assistant spying on us? Which? - Are Alexa and Google Assistant spying on us? Centre for Data Ethics and Innovation first series of three snapshot papers on ethical issues in AI including Smart Speakers and Voice Assistants |
| URL | https://netsys.doc.ic.ac.uk/IoTLab.html |