SECURE INTEGRATION OF INSECURE IOT DEVICES
The rapid proliferation of Internet of Things (IoT) devices and gadgets that ship with vulnerable software and hardware is particularly problematic today, as smart home devices, such as cameras, are often integrated into the home office environment. Although employers have no control over the patch level of IoT devices in the home office, employees must be provided a workstation with privileged access to the corporate network to continue work processes. These often interact with potentially vulnerable IoT devices in the home office, making them attractive targets for attackers as they can be exploited to penetrate the corporate network with employee privileges.
To reduce the associated threats, the subproject is investigating software solutions that aim to harden and effectively protect IoT devices against attacks to known software and hardware vulnerabilities. Our focus is on developing software extensions that can either be enforced on the corporate network or installed on employee IoT devices without the need to modify or replace IoT hardware. Our approach is to leverage available hardware capabilities to redesign and harden traditional software building blocks used in the IoT, enabling end users to integrate desired IoT devices into secure enterprise structures – without specialized knowledge or additional effort.