Our Mission
The goal of the Mon(IoT)r research group is to provide awareness of the privacy implications of Internet of Things devices, and ultimately produce a means to inform users about what information they share.
What we do
The key research questions we are investigating in the Mon(IoT)r research group are:
- What personally identifiable information (PII) is being leaked, intentionally or otherwise, from IoT devices?
- What can we do to mitigate privacy risks beyond simply encrypting, modifying, or blocking PII?
Our methodology entails recording and analyzing all network traffic generated by a variety of IoT devices that we have acquired. We not only inspect traffic for PII in plaintext, but attempt to man-in-the-middle SSL connections to understand the contents of encrypted flows. Our analysis allows us to uncover how IoT devices are currently protecting users’ PII, and determine how easy or difficult it is to mount attacks against user privacy.
The Mon(IoT)r Lab
The Mon(IoT)r Lab is a first-of-its-kind IoT “living lab” for measuring IoT device network leakage. The lab consists of a “fishbowl” (glass walls) that encloses a space replete with smart devices. Specifically, all of the IoT devices in the lab are configured to use a router instrumented with packet-recording software. We use this lab to conduct controlled experiments, to observe IoT behavior in uncontrolled experiments (through its use by consenting researchers in the research group), and to provide demonstrations of security and privacy research.
Getting involved
There are two ways to get involved in the lab activities:
- Enroll in our IRB-approved research study with no minimum commitment
- Join any of our research opportunities for students
Related Projects
ProperData
Personal data collection typically starts on user devices, in a range of application domains (web, mobile, IoT). Data are then shared with service providers as well as with a large number of trackers.
The ProperData project seeks to protect personal data, by improving the transparency and control of personal data flow on the Internet. We take a multidisciplinary approach, combining methodologies from computer science and engineering (theory, network measurement, systems, security) with policy and concepts from economics.
BehavIoT
The goal of BehavIoT is to explore the extent to which network-inferred behavioral analysis of IoT deployments, combined with control over the network traffic they generate, can identify and mitigate misbehavior of IoT systems.
The Team
Prof. David Choffnes
David Choffnes is an Associate Professor in the Khoury College of Computer Sciences at Northeastern University.
Dr. Daniel J. Dubois
Daniel J. Dubois is an Associate Research Scientist in the Khoury College of Computer Sciences at Northeastern University.
Tianrui Hu
Tianrui Hu is a PhD student in the Computer Science program at Northeastern University’s Khoury College of Computer Sciences.Contact us
How to get in touch
Are you interested in getting in touch or to start a collaboration? Feel free to send an email to moniotr@ccs.neu.edu.Where we are
- Interdisciplinary Science and Engineering Complex (ISEC) - 6th Floor - room 660C 805 Columbus Avenue Boston, MA 02120 United States
Acknowledgment
This lab and its activities were partially supported by:NSF (CNS-1955227 ProperData, CNS-1909020 BehavIoT)
Consumer Reports Digital Lab
DHS S&T (FA8750-17-2-0145 Revealing and Controlling Privacy Leaks in Network Traffic)