CS Special Seminar: Mohit Sethi "Security for the Internet of things (IoT) - from research to standards"
Security for the Internet of things (IoT) - from research to standards
Kone & Aalto University
Abstract: Pervasive computing, also called the Internet of Things (IoT), involves the inter-connection of a large number of heterogeneous devices and networks. Technologies such as embedded sensors & actuators, Zigbee, Bluetooth, and Wi-Fi have transformed simple physical devices into smart objects that can understand and react to their environment. The communication infrastructure for these smart devices is based on an extension of the Internet protocol stack. While mechanisms for security of such connected devices and systems have been developed and deployed, widespread attacks are still a common occurrence.
In this talk, I will highlight our work on designing, implementing, and standardizing security protocols for IoT devices. In particular, I will begin by sharing a persistent security problem: configuring off-the-shelf IoT devices with network and authentication credentials for connecting them to the Internet and to cloud services. I will demonstrate how we initially started with a limited research problem of secure configuration of digital signage and how the solution eventually resulted in a global open standard that supports all types of consumer IoT devices (RFC 9140). I will also share insights from the standards process and our formal security models that led us to discovery of new attacks on a related and widely-used pairing protocol. Finally, I will look at some of the remaining research challenges such as flexible and scalable access-control mechanisms and reliable remote software updates.
Bio: Mohit Sethi works as a product security architect at KONE and as a research fellow at Aalto University. He was previously at Ericsson Research where he worked on security research and standardization for 10 years. Mohit is an expert on Internet of Things (IoT) and 5G security. He has authored several Internet security standards (e.g.: RFC 8387, RFC 8576, RFC 8928, RFC 9140) and chaired three security working groups of the Internet Engineering Task Force (IETF). His research on IoT security has received best paper awards at the ACM Ubicomp and IEEE IoT conferences. He also has experience in demonstrating IEC/ISO security compliance of complex networked systems. Mohit has completed his dual MSc. degree in security and mobile computing from the Royal Institute of Technology (KTH), Sweden and Aalto University, Finland. He received his Doctor of Science (DSc.) degree in Computer Science from Aalto University in 2017.