The emerging and much-touted Internet of Things (IoT) under the slogan “connecting the unconnected” presents a variety of security and privacy challenges in a broad spectrum of application domains, ranging from large-scale smart energy grids to smart vehicles, homes and personal wearable devices. Prominent among these challenges is the establishment of trust in remote IoT devices typically attained via remote attestation, a distinct security service that aims to ascertain the current state of potentially compromised remote devices.
However, recent studies have revealed many security vulnerabilities in embedded devices that are core components of the IoT. On one hand, established protection measures for traditional computing platforms and networks may not always directly apply to IoT due to their diversity, resource constrains and large scale. On the other hand, it may not be feasible to equip every IoT-device with adequate security architectures and hence other methods are needed to isolate vulnerable or compromised devices from the uncompromised ones.
In this talk we will discuss the landscape of the recent research on security architectures, scalable remote attestation schemes, as well as automatic identification and isolation approaches for IoT devices. We also discuss the related tradeoffs as well as future research challenges and directions.