Dr. Camp of School of Iformatics and Computing, Indiana University

We are entering an Internet of Things (IoT) era. It is widely recognized that computer security and privacy for an IoT ecosystem is fundamentally important and challenging. It is important because security and privacy lapses in IoT devices can cause financial, social, and physical harms to people and their environments. It is challenging because of the technical properties of IoT devices and because of the complex issues that arise when designing technologies for diverse stakeholders.

Any significant advance in the state of the art in security and privacy for an IoT ecosystem will require a large, interdisciplinary effort that takes into account not only the technical side, but considers how groups of stakeholders interact with the technology. Making such advances is the goal of our proposal. The talk propose a holistic approach to IoT security and privacy, blending research in human-computer interaction, computer security, cryptography, and ubiquitous computing. We envision our work providing a strong and broad foundation for improving the security and privacy of future IoT systems; we will work with key stakeholders throughout the project to ensure our work has the greatest possible breadth, depth, and impact.

The talk focus is primarily be on IoT devices in the home. This environment is one of the most complex environments in which to consider IoTsecurity and privacy, due in part to the diversity of stakeholders involved, their complex social relationships, and the diversity of computer security and privacy expertise within and between homes.

The talk considers IoT security and privacy along multiple axes: stakeholders involved (e.g, device owner, family members, friends, hired help), the lifecycle of IoT devices (development, installation, use, and abandonment), the potential harms to stakeholders (e.g., physical harms to people or property, privacy exposures from IoT sensor data, or the adversarial use of IoT devices as stepping stones to compromise other computers),ease of use of security solutions, mental models of different stakeholders, security and privacy risks that might arise both during normal use (e.g., because of poor configuration options) and risks that might arise as a result of adversarial action (e.g., adversary compromising a back-end database or a device in the home).

Biography:

L. Jean Camp is a Professor at the School of Informatics and Computing at Indiana University. She is a Fellow of the Institute of Electrical and Electronic Engineers. She is a  Fellow of the American Association for the Advancement of Science.  She joined Indiana after eight years at Harvard’s Kennedy School where her courses were also listed in Harvard Law, Harvard Business, and the Engineering Systems Division of MIT.  She spent the year after earning her doctorate from Carnegie Mellon as a Senior Member of the Technical Staff at Sandia National Laboratories. She began her career as an engineer at Catawba Nuclear Station with a MSEE at University of North Carolina at Charlotte.  Her research focuses on the intersection of human and technical trust, leveraging economic models and human-centered design to create safe, secure systems. Her early contributions in the interdisciplines of economics of security, user-centered security, risk communication, and online trust underlie her applied research in the domains of IoT, authentication, secure networking, ecrime, ethics in computer science, and a few works on applied cryptography. 

Email: