• Corpus ID: 219707294

Towards a Secure IoT: Directions for IoT Research

  title={Towards a Secure IoT: Directions for IoT Research},
  author={Jean L. Camp and Ryan Henry and Tadayoshi Kohno and Shrirang Mare and Steven Myers and Shwetak N. Patel and Joshua Streiff},
The current state of Internet of Things is woefully insecure, and reaching a secure state requires addressing several serious gaps. Based on the discussions with practitioners and researchers, we identify key gaps and research challenges that must be overcome to chart a path toward a secure IoT. 


Securing vulnerable home IoT devices with an in-hub security manager
A central security manager that is built on top of the smarthome's hub or gateway router and positioned to intercept all traffic to and from devices is proposed.
Computer security and the modern home
A framework for evaluating security risks associated with technologies used at home and a guide to selecting suitable technologies for use in the home.
Developers are Not the Enemy!: The Need for Usable Security APIs
Using the example of cryptographic APIs, the authors show that developers aren't the enemy and that, to strengthen security systems across the board, security professionals must focus on creating developer-friendly and developer-centric approaches.
That Was Close! Reward Reporting of Cybersecurity 'Near Misses'
Mandatory reporting and investigations into major breaches would result better data collection, and cause firms to internalize, at least to some extent, the externalities of security.
You Get Where You're Looking for: The Impact of Information Sources on Code Security
Analyzing how the use of information resources impacts code security confirms that API documentation is secure but hard to use, while informal documentation such as Stack Overflow is more accessible but often leads to insecurity.
A Framework for Reasoning About the Human in the Loop
This work proposes a framework for reasoning about the human in the loop that provides a systematic approach to identifying potential causes for human failure and can be used by system designers to identify problem areas before a system is built and proactively address deficiencies.
Status report on the first round of the NIST lightweight cryptography standardization process
The evaluation criteria and selection process based on public feedback and internal review of the first-round candidates is described and the list of 32 candidate algorithms selected for the second round of the evaluation process is provided.
Users are not the enemy
It is argued that to change this state of affairs, security departments need to communicate more with users, and adopt a usercentered design approach.
Design for Trust
Designing trust metrics for the next generation Internet, and indeed implementing designs that embed trust, requires an understanding of not only the technical nuances of security but also the human subtleties of trust perception.
Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
The largest ever network survey of TLS and SSH servers is performed and evidence that vulnerable keys are surprisingly widespread is presented, including a boot-time entropy hole in the Linux random number generator.