Security Challenges in Internet of Things

Date: 31 July 2020, 14.00 -15.00 AEST


Slides:IoTSec-Jha-July-2020-Data61-CSCRCv1 copy-2

Title: “Security Challenges in Internet of Things”

Guest speaker: Professor Sanjay Jha from UNSW.

Professor Sanjay K. Jha is Director of the Cybersecurity and Privacy Laboratory (Cyspri) at the University of New South Wales, Sydney.  He  leads  UNSW  in the Cyber Security Cooperative Research Centre (CyberCRC)  where he is also the leader of the  Security and configuration management  IoT Security theme. Formerly, Sanjay was the head of  the Network Systems and Security Group (NetSys) at the School of Computer Science and Engineering at the University of New South Wales for a number of years. His current research activities cover a wide range of topics at the intersection of networking and application layer security. He has worked over 2 decades in Wired and wireless networking including IP core/enterprise, SDN, Wireless Sensor and Mesh Networking and the IoT. He has published over 300 articles in high quality journals and conferences and graduated 28 PhD students. He is the principal author of the book Engineering Internet QoS and a co-editor of the book Wireless Sensor Networks: A Systems Perspective. He was an editor of the IEEE Trans. Of Secure and Dependable Computing (TDSC), the IEEE Trans. on Mobile Computing (TMC) and the ACM Computer Communication Review (CCR).


In this talk, I will discuss how the community is converging towards the IoT vision having worked in wireless sensor networking and Machine-2-Machine (M2M) communication. This will follow a general discussion of security challenges in IoT.  I will discuss some results from some ongoing projects on security of bodywork devices and Secure IoT configuration management.   In particular, I will discuss a mechanism to secure data provenance and location proof for these devices by exploiting symmetric spatio-temporal characteristics of the wireless link between two communicating parties. Our solution enables both parties to generate closely matching `link’ fingerprints, which uniquely associate a data session with a wireless link such that a third party, at a later date, can verify the links the data was communicated on. These fingerprints are very hard for an eavesdropper to forge, lightweight compared to traditional provenance mechanisms, and allow for interesting security properties such as accountability and non-repudiation.   I will also touch upon other research on secure reprogramming (code-image) of heterogenous IoT devices over wireless networks. Finally, I will discuss an architecture of a secure digital key solution that exploits the unique BLE channel features for automatic proximity estimation and second factor authentication for keyless vehicle access.