LAWRENCE — More and more, the internet connects to devices in our homes, our offices and even to critical infrastructure that supports the American way of life.
Yet, this snowballing interconnectivity of devices and systems — dubbed the “Internet of Things” or “IoT” — suffers from security vulnerabilities that leave people, companies and governments open to cyberattack from bad actors. Some liken the IoT tech frontier to a “Wild West.”
Now, a new planning grant from the National Science Foundation is enabling researchers from the University of Kansas School of Engineering to design a multi-institutional Center for High-Assurance Secure Systems and IoT (CHASSI) that would partner with private firms in the Kansas City area and across the United States to boost security of IoT products and systems ranging from medical devices to energy grids, real-time financial markets and national-defense infrastructure.
“The center would be built around this notion of cybersecurity for high-assurance systems and the Internet of Things,” said Michael Branicky, professor of electrical engineering & computer science at KU. “We mean mission-critical items — so we're not talking about using cryptography to secure cat videos. We’ll be working with people who manufacture things like medical devices, where it's critical to a company's business that these be secured. We've got five university partners, and KU is the overall lead institution.”
Under the NSF grant, KU’s partners in the CHASSI include the University of Minnesota, Syracuse University, Case Western Reserve University and Indiana University, each of which brings a distinct set of expertise, potential industry members and regional industrial strengths to the CHASSI partnership.
“These are institutions that we have research relationships with or that have key expertise related to this area,” Branicky said. “Case Western Reserve University has expertise in the manufacturing and energy applications and industrial controls. Indiana University has done a lot in privacy and usability of IoT devices on the consumer side — for instance, they have a lab where they tested a toy bear that has a camera connected to the internet. You know, parents might want to know if somebody would be seeing where their child is in the house and what they're doing. Syracuse University has a lot of expertise on certified security by design, where you formally construct proofs of the performance of the systems, and they've mainly done this for the military and the government, but they want to branch out to also doing this for companies. And then the University of Minnesota has expertise in the medical device area.”
The five partnering institutions on the CHASSI planning grant would form a virtual center and work with tech companies in their geographic regions to develop more secure products and practices for cybersecurity. Multiple industry partners have signed letters of interest in hopes of coordinating with the prospective center.
“We're trying to answer slightly broader hypotheticals that would give companies frameworks for IoT cybersecurity, offering them a toolbox for approaching these types of problems,” Branicky said. “This would work in the evaluation of not one particular product but maybe a family of products that would be applicable to more than one industry partner. But eventually centers like this could lead to proprietary research for partners. Once we understand a general framework, or general rules or tools that you could use to design these products, six months later a partner might have a new product and might want help — that would be separate follow-on research we would also anticipate as an outcome of the center.”
Branicky’s co-investigators on the planning grant from the KU School of Engineering are Perry Alexander, AT&T Foundation Distinguished Professor of Electrical Engineering and Computer Science and director of the Information and Telecommunication Technology Center; Victor Frost, the Dan F. Servey Distinguished Professor of Electrical Engineering and Computer Science; and Bo Luo, professor of electrical engineering & computer science.
At KU, the IoT cybersecurity researchers will leverage strengths in cybersecurity within the School of Engineering. For instance, the NSF CyberCorps Scholarship for Service program; students working toward undergraduate and graduate certificates in cybersecurity; the KU student cybersecurity group, the JayHackers (advised by Luo); and joint cybersecurity exercises of KU students with soldiers from Fort Riley and local high school students. Further, the researchers will tap diversity programs collected under IHAWKe (Indigenous, Hispanic, African-American, Women KU Engineering) to advance diversity and outreach and also join with KU’s Women in Computing group to identify student researchers.
Branicky said researchers would conduct a planning workshop and submit a final proposal to NSF in 2020.