IoT Pre-workshop CITP, October 20, 2016 Attendees: *Kyle Jamieson *Themis Melissaris *Abhinav Narain *Brett Frischmann *Joanna Huey *Marcela Melara *Seda Gurses *Carl DiSalvo *Noah Apthorpe *Dillon Reisman *Chip Hay *Nick Feamster *Margaret Martonosi Nick Introduction: How did we get here? *Discussion at Hewlett Foundation *What is CITP good for? What activities could serve that? *Evidence based policy making *DC is light on technologists *There are decisions being made that effect all our lives and decisions that affect technology *Based on no or scant data *One of the things Eli Sugarman said is that discussions on policy needs to include technologists *For evidence, measurements, systems *Unlike Berkman or Data and Society or ISP at Yale which are centered on law *we could really bring a unique voice to the table * *That was line item #1 * *We also want people from CITP doing tours in DC *Maybe an internship in a civil society organization, CDT, New America, or FTC *Often you go to these places and there is money to have you *So, Hewlett often funds people to go to DC and do this kind of thing * *And, the reverse: bring people from DC to spend time here * *We also tried to get interest ($$$) from industry *Amazon, Comcast, CISCO and Microsoft * *Chip is going to tell usmore about oppotunities and engagements * *Hopefully there will be more companies *If you know of a company or foundation interested in this, please let us know. *That is where we are. There is a lot of interest and momentum. *Many of you have been thinking about and working in this area: so what do we want to do? * *We are going to write research papers to our favorite conferences *In 4-5 months we will have another such meeting. *Where the companies will be coming and we want to push ideas in their direction *So, that they don't come and say: we work on cars, but we don't work on cars. *So, we say we are working on x and y, should we do more on this, should we respond to NTIA? More research papers? *What topics should we focus on? *So, it would be helpful for that to have us be able to tell a coherent story of what we are interested in so that we can get more leverage. *People will be like, someone who runs all of policy for Amazon *So, we can say, we think this is important, and what can we do to help you push this through. * *That's the concept in the document attached in the PDF. *Hackathons, MOOCs, people interested in education *Interships *If you want to do an internship in DC, we are a resource to set that up for you. Find contacts and fund it. *It is happening and going to go on for three years. *The center is there to help you get your research done. *Chip has been instrumental in helping the center get this off the ground. * Chip Hay *Office of Corporate Engagement at Princeton *I am based in the San Francico/Bay area *Our job is to help faculty build and manage research relationships with companies *And, have companies fund research *We work closely with a lot of the innovation people *Funds so that research gets pushed out into a product *I focus on companies *We worked with nick and joanna to put this consortium together *Interesting thing with these companies: they have policy and technical people, but it is difficult to figure out where they intersect in the company *Since we do the intersection, it is interesting to navigate through a company and find the people you want to talk to and fund something liek this *We asked for 100.000$ is not a lot for a company *This usualy goes to a VP or CTO type of person to make such a decision *We have the four, and probably getting two more *If you have corporate contacts, please let me know *The idea of intersection of tech and policy is very interesting to these companies *Ones that are signed up are looking forward more onto IoT *They all know that it is going to be an issue. *The idea of evidence based research feeding into policies is very interesting *Large consortia that companies have funded to do work on IoT: MIT and Stanford *What it is unique here is that we are combining tech and policy *We are doing something different *It takes a little bit to explain that and find the right people to explain it to * Nick: *The scope is important *Based on my background: consumer IoT space *There is also certainly security and privacy *Industrial *Military *At the risk of scope creep *If those kinds of questions come up *The center is certainly interested * * Joanna: * We are here not only to support you in your own research *You may want your research to get out and have policy impact *And you don't have the time to write a white paper or go to DC *Part of this initiative is to support that kind of translation work *If you have things like that, things you wished you had the time to make effective, we can find resources as well *What distinguishes us from a pure CS research group is that aspect of thigns * Kyle Jamieson - CS prof: * Lab works on wireless tech - longrange wireless (LORA(sp?)) *-range of miles across a city *"Opposite of privacy" - systems that can track mobile device location indoors, or RFID tags down to centimeter precision. *-Ex. how to locate books on a shelf, or invetory in a store *By building the systems, hopefully solutions to mitigate privacy concerns will also reveal themselves. *LORA (long-range wireless). Applicaitions and uses of LORA for city-wide sensing. Themis Melissaris - *- Measurement studies on home automation protocols (Zigbee, etc) *- Traffic measurement, such as throughput, timeouts, speed, efficiency. * * *Measurements in smart home settings. RTT, throughput. *Complications due to high latency in Zigbee networked settings * * Sarthak Grover - *IoT in home networks *Looking at whether traffic is encrypted from IoT devices *Looking at whether you can use traffic patterns to identify devices *Working with Comcast: DNS queries + DPI to learn more about IoT devices in smart homes * Abhinav - *Measurement of EM interference to characterize devices, learn about abnormal/compromised devices. *Range of about an average room size in a home. *Goal: the idea being to build a device for consumers that could monitor devices via EMI * Brett Frischmann - *Visiting law prof for year. *Active project: "How we engineer ourselves." How the products/tech we use influence who we are and develop. *A big section of project is about ubiquitous networks/monitoring/tech, and the effect that tech-augmented environments have on people. *Interested in future IoT systems, what they might look like/how they'll be deployed. * * Marcela Melara - *3rd year PhD student. Interested in systems security. *Current project: Hardening individual IoT applications against data leaks *Differs from past research because past research often treats applications as entirely untrusted or entirely trusted. *-Marcela more interested in treating various components of a system like IoT differently *-Looking at devices with single purpose (like a camera, or a singular monitor). How do you construct a barrier before data even leaves a device. * *Data leaks as a result of running untrusted software, etc. How to separate malicious bad software components that handle sensitive data? *Lots of devices that are single-application/user, etc. In some ways, simpler because you don't have to worry about interaction between applications. *How to separate components within an application. Tracking data flows within a single application: is it legitimate/allowed? How to do this without requiring developers to do too much work. *How to ensure that the right components are doing the right thing? *Taint-tracking. In the Python runtime. Layer in Python that interposes on these mechanisms. * *Artik Cloud - cloud-backed infrastructure for trusted software updates, makes some engineering assumptions about device connectivity but the basic idea is to build a trusted infrastructure for making software updates easier for companies. (Samsung project) *Coniks - Project from Marcela and Mike F for a trusted, publicly auditable key-value store. Originally used for key distribution for encrypted comms, but similar concept could work for trusted device updates. * *Questions: *Who should be liable/responsible: vendor, ISP, consumer, service provider *Difficulty of secure software updates, lightweight crypto, etc. *How the existence of libraries affect what policies/regulation ultimately come into existence *Role of the network vs. role of the device * Seda Gurses - *Based in Belgium, CITP affiliate *Current work : Privacy/Security requirements. How developers/engineers work, how software is actually produced. *Looking at security/privacy papers on IoT, to find the mismatch between academic work on IoT and how IoT is actually developed and used *Example: Many papers until now assume a single user in smart homes, when that is more often than not an incorrect assumption. *Why are we assuming that IoT has to be IP-connected? We need to question our mental model. *- Impacts on security/privacy when it comes to data transfer, but also data caps, network performance. *Seda has some visibility into mobile app developers, but more work has to be done to communicate to IoT devs/engineers * Arvind Narayanan - *CS Prof here, working largely on privacy measurement. *Doing the measurement alone has actually improved practices on privacy, by giving the market incentive to change now that their practices are being scrutinized. *Goals: Do automated measurement on a large scale. The focus right now is on the web. *Future goal: bring measurement model to the IoT space. *Problems to be overcome: When device info is encrypted, the user or researcher is actually cut out of the equation because they cannot inspect data flow. *- Maybe this requires a policy remedy to require certain access for users. *future of ad blocking? *readaable privacy policies? privacy policies have had positive impact. readers never actually read them, but regulators can go after companies who violate their own privacy policies. consumer advocacy and researchers do examine them. later mode has been automated in some cases (e.g., TOSback from the EFF). Sophisticated NLP to analyze policies. *how do you measure the change in behavior as an effect of something like automated measurement? (signals: pressure on third parties to change practices; longitudinal measurements). depending on countries, trackers *https://cointelegraph.com/storage/uploads/view/5e8f6e0d3a029807dfe181dc3d160cf0.png *Question from Brett: Is the privacy policy approach even the right design choice? *Cole: Google, Amazon, etc. selling at or below cost to try to draw consumers into the ecosystem. No evidence yet that this data is being monetized. (answer to question from Joanna about whether this is happening.) *Brett: Is a device that actually depends on advertising, is it worth even having this device/product/service in the first place? Could a consumer pay instead of having data collected on them? (evidence suggests that the costs to users will be *very* high) * *Seda: Why did we switch to services? vs. Why did we switch to advertising - Two separate questions. What else are the companies getting out of this data? *Dillon: Amazon P/E ratio is $200. Future expectation on value of data. *Privacy and health: http://www.slate.com/articles/technology/future_tense/2015/02/how_data_from_fitness_trackers_medical_devices_could_affect_health_insurance.html * Carl DiSalvo - *Georgia Tech. *How theories of democracy can inform how IoT should work. Treat devices as pieces of media, look at this through a political lens. *Past work has been done in HCI: how IoT works in co-housing situations (multifamily, multitenant) with shared spaces/resources. *Currently working with Atlanta to deploy a sensor network, for a "smart city." How can the data be useful for providing/improving services? How should the data be handled? Noah Apthorpe - *CS PhD, Princeton *Even knowledge about owning a particular device could be privacy compromising *Network-level solutions to keep various data private. Where should these solutions be deployed? Individual device? Router? ISP? Further up? *Lots to be learned even in the presence of encryption. *Project to infer device identities/behaviors from encrypted IoT device traffic. How traffic can be used as a side channel to privacy violations. *A lot of this relies on the singular use of many devices (like an IoT blood glucose monitor, or a sleep monitor that has network activity when a user goes to bed and wakes up). *Question: *Cost of obfuscation? *How hard to make traffic indistinguishable from other applications? *How might an attacker learn about different devices, sets of states, etc.? *Look at things like address rendomization, Bluetooth BLE (mistakes in randomization for that protocol make it possible to still identify devices) *Challenge: Defining the threat model. *What could we reasonably expect from users, as far as deployments? *Obfuscation techniques: Padding, buffering, delays, etc. Cole Schlesinger - *Formerly Princeton CS, now Samsung, next week IoT company in Palo Alto *Programming languages research in home automation. *There are companies that offer the service of coming in and "designing" a smart home for a consumer. *If-this-then-that provides a new language for non-programmers to "program" their lives. *If you're savvy enough, you can get into open source home automation solutions and tinker on your own. *How can we design languages to enable end-users to program sophisticated IFTT programs while still being simple? This is a problem for HCI. *How can laypeople use these platforms? *Worked this past year on designing a precise rule-based language for users to define processes and abstract away hard systems issues (concurrency, etc.). *Built tools to enable users to design their programs more easily, and detect anomolies or undesirable behaviors in their programs. *- Implicit in this language is user expectation of what CANNOT happen. Ex. Maybe it is always an anomaly for your fridge to talk to your smart lock. *Event-driven programming, functional reactive proramming, trigger-action programming, etc. Lots of different programming paradigms, tradeoffs, etc. *Importance of good tool support for the typical user (troubleshooting, etc.). Intuitive language for end users is incredibly important. Tool support that gives feedback about why things happened. Having a precise programming language is incredibly important here. *Driving firewall rules from data manifests produced by vendors. Manifessts could be exported by devices and installed on routers. *OCF: Microsoft, Samsung, Cisco, Intel. Independent third-party verification of devices. Can send device off to some lab, runs a battery of tests, yes/no OK? Not checking anything sophisticated. Setting things in place for third-party auditing. * Dillon: * And, want to look at privacy preservation in IoT tracking via metadata and think about what would be solutions that could be effective using policy/design/with third parties (hope this is an ok summary?) * I also work with Arvind on the web transparency project * Themes *What are the means to do this research? How do to this work? vs. What does the real-world ecosystem actually look like? vs. What ought it look like? *Keeping tabs on standards bodies, industry, "real world", etc. Ways to tie in with contacts. *Tools that help us and others do future research: testbed, etc. Is there an app store/vetting process for IoT applications? (Role of hubs in this space: SmartThings, Wemo, OpenHAB) *Business models and the market. Role of the market in what is driving these decisions about privacy and security. Often tied to the domain in which we are operating (home automation, industrial IoT, smart buildings) *Campus as a lab types of projects for IoT/Smart Cities-like projects. *Modularity: Should be talking more about this. *How are the IoT devices in different domains going to fit together? Discourse on smart cities do not address smart homes, as if they are not part. What are the expectations we have from these technologies? What do we expect from governments to set privacy and security standards vs. what we expect from a company like Samsung? *Privacy and security in the home will not necessarily map to smart city. We will have to do work to figure out how these map. *How does net neutrality/nondiscrimination factor in this discussion. Principle seems really important for smart roads, smart grid, etc. What should be the guiding principles for infrastructure? "Securing Uber" (defense against turning off app to create a surge). Could require pulling in folks like urban planners. Users, developers, technologists together. * What Next? *Hackathon. What should this include/entail? What else? Follow up meeting, discusion? *Multi-day workshop to include architects, designers, etc. to look at security and privacy issues in various settings. *Kick the tires on the platform for several days. Rapid prototyping project. *Provide testbed in advance (test it out in advance to ensure a productive workshop) *More activity on Slack channel *Meetings to workshop policy (bringing in a staffer to help, bringing in people who work on policy to help us with this) *Request to bring in different perspectives. Also, some of you may want to check out this initiative: https://www.dyne.org/software/dowse/ Dowse aims to be a smart (A.I. based) software for home based local area networks (LAN), but also small and medium business offices, that makes it possible to connect objects and people in a friendly, conscious and responsible manner. *