Professor Ari Juels Wins Cisco Security Grand Challenge
Categories
Cisco, a worldwide leader in IT, recently announced winners for its Internet of Things (IoT) Security Grand Challenge, including a project from Jacobs-Technion Cornell Institute Professor Ari Juels in collaboration with Farinaz Koushanfar at Rice University.
Juels and Koushanfar’s project, “Physical Proof-of-Presence Protocols (P4) for Transient Connections in the IoT,” proposes a new framework of security-credential creation for devices.
Many key connections in the IoT are transient. Wireless chips pass in and out of reader fields, implantable devices make sporadic contact with programmers, and networked vehicles may literally be ships passing in the night. Essential as they are, transient connections depend on instantaneous creation of new trust relationships, so they are especially challenging to secure.
The P4 approach leverages the fact that IoT objects have physical embodiments with unique, time varying characteristics. P4 uses these features within a rigorous framework of cryptographic protocol design to enable flexible, scalable, efficient trust management for IoT objects.
One application for P4 is Juels and Koushanfar’s Heart-to-Heart project, a security system to protect implantable medical devices, including pacemakers, monitoring devices, cardioverter defibrillators and more. There are 25 million patients in the U.S. that have surgically implanted devices, essentially tiny computers that save lives, but they aren’t protected with security codes because doctors might need emergency access to them. The Heart-to-Heart system is an innovation in cyber-physical security that uses P4 to enable medical providers rapid wireless access to medical devices while preventing access by potential attackers.
The P4 system could also easily be incorporated into less constrained devices, like mobile phones, drones and automobiles. For example, vehicular networks might perform vehicle-to-vehicle connections using P4, and it could be used for consumer applications involving wearing devices like Google Glass. A Glass user who starts using an exercise machine like a stationary bike might, simply by touching the handlebars, connect the bike and the Glass. The result would be a heads-up experience to the user (speed, distance, time, calorie consumption, etc.), with little user interaction.
Juels believes that P4 can serve as a fundamental building block in the IoT security where transient connections are dominant and classic solutions – like static passwords – do not work.
Juels and Koushanfar received $75,000 from Cisco to continue pursuing P4 for Transient Connections.