Embedded, networked sensors and actuators are everywhere. They are in engines, monitoring combustion and performance. They are in our shoes and on our wrists, helping us exercise enough and measuring our sleep. They are in our phones, our homes, hospitals, offices, ovens, planes, trains, and automobiles. Their streams of data will improve industry, energy consumption, agriculture, business, and our health. Software processes these streams to provide real-time analytics, insights, and notifications, as well as control and actuate the physical world.
The emerging Internet of Things has tremendous potential, but also tremendous dangers. As we have seen with the Internet worm infecting the first networked computers in 1988, Nimda in 2001, and SQL injection attacks since the late 2000s, new applications and software present tremendous security threats. New systems and protocols, developed quickly and through grassroots efforts, do not foresee these threats, with the result that it takes decades to react and make these systems secure. For the Internet of Things, this danger is even more acute due to scale and interaction with the physical world. Internet threats today steal credit cards. Internet threats tomorrow will disable home security systems, flood fields, and disrupt hospitals.
The Secure Internet of Things Project is a cross-disciplinary research effort between computer science and electrical engineering faculty at Stanford University, UC Berkeley, and the University of Michigan. The research effort focuses on three key questions:
This whitepaper describes our overall research agenda.