3 Maryland universities join $10M smart home security research effort

Sensors and firmware are helping to make homes “smart.” But as more automated appliances are being developed and bought, it also growing the attack surface for potential cyber threats.

The effort to address security in smart homes is driving a new initiative bringing together seven universities called Security and Privacy in the Lifecycle of IoT for Consumer Environments (SPLICE), launching with $10 million in funding from the National Science Foundation’s Secure and Trustworthy Cyberspace Frontiers.

Dartmouth University is organizing and leading the effort. Among the 10 principal investigators, four are representing three Maryland institutions:

• Dr. Avi Rubin, the Johns Hopkins University computer science professor, technical director for the Johns Hopkins University Information Security Institute and frequent leading voice on cybersecurity.
• Dr. Michel Kornegay, associate professor, interim chairperson and director of the laboratory for Advanced RF/Microwave Measurement and Electronic Design in the Department of Electrical and Computer Engineering at Morgan State University.
• Dr. Kevin Kornegay, IoT security professor and director of Cybersecurity Assurance and Policy Center and CREAM Lab in the Department of Electrical and Computer Engineering at Morgan State University.
• Dr. Michelle Mazurek, an assistant professor of computer science at the University of Maryland

IoT security has been a consistent worry among cybersecurity pros, as the proliferation of devices in cities brings new ways for attackers to break in and enact potentially scary scenarios like taking over cars and security cameras. As we’ve discussed with technologists working in IoT security, vulnerabilities in household items are often not addressed by manufacturers. Even a smart baby monitor could be an entry point for malicious deeds.

“Many smart home IoT devices have been built, sold and deployed without proper security,” Rubin told the JHU Hub. “These vulnerable systems often present easy targets for malicious attackers who can utilize them as platforms for further intrusion into the home network, for participation in botnets, and for ransomware attacks.”

SPLICE is aiming to produce a toolkit for residents to get a complete understanding of smart devices on their wireless network. They are also looking to develop tools that move away from a “notice and consent” model of privacy management and identify privacy issues in smart homes.

Work on the effort begins on Oct. 1.