CybersecurityImproving security for Internet of Things with “big-thinking” research

Published 1 February 2019

Every day, more and more people interact with the Internet of Things (IoT) in daily life. The IoT includes the devices and appliances in our homes — such as smart TVs, virtual assistants like Amazon’s Alexa or learning thermostats like Nest — that connect to the internet. The IoT also includes wearables such as the Apple Watch or Bluetooth chips that keep track of car keys. Our cars themselves, if equipped with sensors and computers, are also part of the IoT. In an age where data theft and cyberattacks are increasingly routine, the IoT has security vulnerabilities that must be addressed as the popularity of IoT devices grows.

Every day, more and more people interact with the Internet of Things (IoT) in daily life. The IoT includes the devices and appliances in our homes — such as smart TVs, virtual assistants like Amazon’s Alexa or learning thermostats like Nest — that connect to the internet. The IoT also includes wearables such as the Apple Watch or Bluetooth chips that keep track of car keys. Our cars themselves, if equipped with sensors and computers, are also part of the IoT.

“Traditionally, when you think about the internet, it’s someone on a computer communicating with something out in the world — usually someone else on a computer,” said Perry Alexander, AT&T Foundation Distinguished Professor of Electrical and Computer Science and director of the Information and Telecommunication Technology Centerat the University of Kansas. “The ‘Internet of Things’ is called that because now we have things talking to other things on the internet without human intervention.”

But in an age where data theft and cyberattacks are increasingly routine, the IoT has security vulnerabilities that must be addressed as the popularity of IoT devices grows.

“These devices are characterized by being low-capability,” said Alexander. “The security story with the IoT is pretty awful. Because these devices are cheap and small, you can’t add much capability to achieve the level of security you might want to achieve.”

KU says that now, Alexander is leading a multidisciplinary team at KU, including computer scientists, electrical and computer engineers, psychologists, sociologists and philosophers, to tackle the fundamental science underpinning the security of the IoT. The team has just received funding from the National Security Agency to shore up the cybersecurity of the IoT, developing the technology that could be integrated into consumer technology in the coming few years.

“The NSA for the last seven years has had a collection of universities they call ‘lablets’ that execute a collection of projects for them — we were able to compete this year and were one of six selected to host these lablets,” Alexander said. “These are places where the NSA contracts foundational research in the style of the National Science Foundation — big-thinking research. Lablets are centered around the NSA hard problems, specific problems the agency feels they need to solve if they’re going to make progress toward solving our cybersecurity problems.”