Security in IoT (Srini Devadas)

• Why is security for IoT so hard?
• Threat models
• Defensive strategies and examples

HCI in an IoT World (Jim Glass)

• Theory and applications of spoken dialogue for human-computer interaction
• Combining speech with other modalities for natural interaction
• Considerations for multilingual interactions
• Paralinguistic information from speech for enhanced HCI
• Future challenges for ubiquitous speech interfaces

Robotics and Autonomous Vehicles (John Leonard)

• Potential benefits of self-driving vehicles and service robots
• Sensing and data processing
• Simultaneous mapping and localization
• Levels of autonomy
• Future research challenges

Security has been the most complex topic so far in my opinion. Security is a huge challenge and when privacy is added to the complexity its clear they are two very, very important topics in the Internet of Things. Srini Devadas (Professor, MIT Computer Science and Artificial Intelligence Laboratory at Massachusetts Institute of Technology, MS and PhD from the University of California, received the IEEE Computer Society Technical Achievement Award in 2014 for inventing Physical Unclonable Functions and single-chip secure processor architectures.) says ‘security is a challenging problem, because it’s a negative goal’. Prefesor Devadas uses the example of accessing a .txt file. He gives us a myriad of ways that someone could attack another and discover the .txt, and he could keep going on and on. How do you know that you’ve thought of all the ways to stop an attack? You don’t, and that is why security is a challenging problem, because it’s a negative goal.

There are three defensive strategies for IoT systems: prevention, resilience, and detection & recovery. This is where the complexity factor begins to nudge up a quite a few notches, like physical unclonable functions that correspond to protecting integrated circuits from physical attacks to extract secret keys that are stored in the integrated circuits. I had to read the transcript a number of times as the video lecture wasn’t enough to be able to understand the concepts in one sitting. In particular there was a section that was very mathematical and gave examples of the gen algorithm and the Learning Parity with Noise problem. Profesor Devadas uses an interesting analogy to describe the notion of computation under encryption.

Let’s say Alice wants to buy a beautiful ring for herself. Not only that, she wants to design this ring. She is going to hire jewelry workers to create this ring for her and give them raw materials to do this. But there’s a problem here. The problem is one of theft. The jewelry workers could create the ring for her and just walk away with the ring. How could she protect against this scenario?

Alice could create a locked glove box and put her raw materials inside the locked glove box. Alice puts the raw materials in a locked glove box. The jewelry workers are going to put their hands into the locked glove box, work on the raw materials, and create a ring, except that they have no idea that they’re even creating a ring. It’s only Alice that knows that they’re creating a ring for her. The jewelry workers, after they have finished their task, are going to take their hands out of the locked glove box and walk away. Alice willpresumably pay them for their work. But now Alice is going to be able to open up the locked glove box in private and take out her beautiful ring and enjoy it.

Given this jewelry example, let me tell you exactly what happens from a mathematical standpoint. The analogy here is that encrypting is putting raw materials into the locked glove box. So the raw materials correspond to sensitive data that’s associated with Alice’s DNA, for example.

Decrypting is taking things out of the box. As I mentioned, the jewelers have no idea that they’re building a ring. They simply produce an encrypted result in the mathematical domain. Alice is able to take the encrypted results and decrypt it to obtain her diagnosis. The computation is the process of assembling the jewelry, and this corresponds to computing on encrypted data. We need particular mathematical structures corresponding to the encryption and decryption algorithms to ensure that the computation on the encrypted data, to produce an encrypted result, produces exactly the same result as if Alice had computed on the original sensitive data using standard operations.

The profesor gave one example for each of the defensive strategies, ‘There are many other examples. Typically, these examples correspond to different layers of abstraction or correspond to different layers of software and hardware in an IoT system. To build a secure system may require such mechanisms at all layers of abstraction– the compiler, operating system, the application, and the hardware.’

The HCI and Robotics & Autonomous Vehicles lectures were an interesting history lesson on how both these technologies via Siri, Cortana, Alexa and Google’s driverless car etc are testament to the pace of technogical change. The future is much closer than we think.

Jim Glass:

I think speech based interfaces for IOT is inevitable. Our devices are getting smaller. We want to talk to them all of the time. It’s just so natural for people. We’ve crossed that point in our society where speech is out there and people want more of it. And I think that’s what is going to happen.

These interfaces are the future. They have to be untethered. They have to be robust to different environments, different contexts. They have to understand in larger context. Have to incorporate different modalities. Have to be multilingual. The types of things we see out there now coming out of the commercial market on smartphones and other devices is just the tip of the iceberg. Much more remains to be done. There’s lots of challenges, but the future is exciting.

And finally from John Loenard:

I want to see learning on steroids, lifelong learning where you can really think about the limit, as time goes to infinity, how does a system get better and better and learn more and more about the world?

And ultimately this entails connecting to the cloud. When one robot learns a Coke can, every robot should know what a Coke can is. This notion of sharing information, things getting logged to the cloud. I have this notion of a robot that operates autonomously each day, capturing new experiences. And then at night when it goes back and connects to charge its batteries, there’s a sort of dreaming that happens overnight, of trying to makesense of all the data of that day and connect it to the data previously acquired by itself and other robots to try to build ever richer and deeper understandings of the world.

Next week the course covers applications, specifically: Beyond IoT – Ubiquitous Sensing and Human Experience and Wireless Technologies for Indoor Localization, Smart Homes, and Smart Health