Over the past two decades, there has been a significant surge in the popularity of Internet-of-Things (IoT) devices. They have become ubiquitous in various settings, including private (e.g., homes, offices, and factories), semi-private (e.g., rentals and hotels), as well as public (e.g., cultural, entertainment, and transportation). They also play an important role in applications domains, such as military, agriculture, industrial processes, and vehicular automation. In many settings, IoT devices perform safety-critical functions. Furthermore, they are often interconnected and/or connected to the global Internet.

On the lower end, IoT devices are usually constructed using low-end micro-controller units (MCUs), which are subject to constraints on cost, size, and energy. Compared to their higher-end counterparts, these devices tend to lack security features. Due to the sensitive information they collect and their frequent involvement in safety-critical actuation tasks, they represent attractive targets for attacks. These attacks span a wide spectrum of concerns, ranging from privacy associated with sensing to safety and security in the context of actuation. There have even been instances of large-scale device zombification, exemplified by the infamous Mirai botnet.

This Dagstuhl Seminar aims to explore the landscape of attacks on IoT devices, discuss potential research directions for effective countermeasures, and facilitate the relationship between academia and industry in addressing these challenges.

Specific topics to be discussed include:

1. Balancing mission-criticality, safety, and security in system design
2. The role of secure hardware (Trusted Computing) in IoT security
3. Realizing security/privacy services across hardware and software boundaries
4. Addressing the scalability challenge in securing large IoT deployments
5. The value of formal methods and verification in IoT security
6. The lifecycle of digital twins for IoT devices
7. Security challenges in unattended environments, such as low-orbit satellites
8. Privacy implications of human/IoT relationships and data collection
9. Security and privacy challenges in instrumented spaces
10. Bridging the gap between academic research and industry needs

The seminar aims to foster collaboration between academia and industry to address the evolving security and privacy concerns of IoT devices and systems in an increasingly interconnected world.

Creative Commons BY 4.0

Bruno Crispo, Alexandra Dmitrienko, Gene Tsudik, and Wenyuan Xu