Internet of Things or Internet of Hackable Things?

In the context of its activities in Information Technologies, the Luxembourg Institute of Science and Technology (LIST) works in collaboration with the Singapore University of Technology and Design (SUTD). In 2017, LIST and SUTD have initiated the FNR AFR bilateral project “Post-quantum Remote Device Authentication and Data Analysis Protocols for IoT” (CATALYST).

CATALYST, a Luxembourg - Singapore collaboration

With its AFR bilateral Singapore programme, the Luxembourg National Research Fund (FNR) supports PhD and Postdoc projects in cooperation between a Luxembourg based eligible research institution and one of the Singapore research centres. It follows a bottom-up approach and is open to all research domains. As a solid basis for this ongoing collaboration, CATALYST leverages on LIST’s rich experiences on Internet of Things (IoT) applications and security and privacy in general and SUTD’s strong expertise in cyber-physical systems and IoT security at its iTrust center. Moreover, the IoT security testbed from SUTD is a very valuable asset for this project.

CATALYST is managed at LIST by Tang Qiang who is the supervisor of Bowen Liu, PhD student working on the project. The topic is about designing post-quantum secure authentication protocols for IoT devices, and designing privacy-preserving protocols to share the data generated by IoT devices. This project aims at combining the expertise from both sides to advance the science and technology in IoT security and privacy. To reach the objectives, CATALYST will tackle two very important issues with regard to IoT security

• One is remote device authentication and key agreement based on lightweight cryptographic techniques, which allows an IoT device to authenticate itself to a remote server and establish a secure channel between them.
• The other is data encryption and privacy-preserving data analysis protocols, which allow services to employ IoT data from various sources yet without breaching the privacy of device owners.

Successfully addressing these two issues will be a crucial step towards securing the IoT ecosystem as a whole. 

IoT security focus

Today, IoT are appearing at every corner of our daily lives, and are disrupting a wide range of sectors of the society, such as energy, transportation, health, finance, and so on. As an example, connected cars and driverless vehicles intensively use IoT technologies to avoid accidents and control a wide array of safety technologies, from anti-lock brakes to airbags, and to interact with other vehicles.

More interestingly, IoT devices are generating a dramatic amount of data due to their ever-growing sensing abilities. The abundance of data in turn motivated the explosive development in studying and deploying machine learning and big data analytical algorithms, to discover the assets embedded underneath the data. The availability of data and algorithms provides great opportunities for new cloud-based services, from the data storage, data analysis, to numerous value-added services based on the data. In the near future, such services will allow considering more customer requirements in the production process and planning, enabling a new level of product individualization at a minimal cost. Despite the exciting applications, IoT have also posed unprecedented challenges to the society. The security and privacy issues are among the fundamental ones. As many people put it, IoT have now become the Internet of Hackable Things or Internet of Bad Things.

> For any further information about this topic, send an email to Qiang Tang or Bowen Liu.