IoT Authentication Setup

The goal of this assignment is to devise a system design for setting up an IoT device.

Consider something like the Roomba, a "robot" vacuum cleaner. After vacuuming, or during the process when its battery is low, it returns to its base to recharge. The battery on the vacuum cleaner is pretty powerful, since it has to move the device around, sweep up dirt, etc., and the base is of course plugged in. A phone app is used to control the robot.

There are, of course, several constraints:

• A house may have multiple vacuum cleaners, one for each floor
• Multiple phones may control the robots in a house
• Communication with the robot can be via a vendor server, as discussed in class; however, Apple's Homekit requires that devices be controllable from on-LAN without going to a server, in case the Internet isn't reachable. In other words, the multiple phones have to be able to talk to the robots either directly or via the vendor server.
• The robots have cameras, to help them navigate around a house, avoid dangling wires, etc. They also have microphones to permit voice control.

"In the middle of his assurances about the harmlessness of Merlin, the housecleaning robot began knocking things off the top of a table.

"'Oscar! You stop that!' his mother yelled.

"Oscar, deaf as the adder, kept on. Conn yelled at his mother to use her control; she remembered that she had one, a thing like an old-fashioned pocket watch, around her neck on a chain, and got the robot stopped.”

The Cosmic Computer

H. Beam Piper, 1963

Your goal is to describe the setup process—what people do, what sorts of messages are exchanged and between which parties, etc., so that all commands to the robot vacuum cleaner are properly authenticated. Your solution must include the following:

• A description of your threat model
• A way to add new phones
• A "lost phone" process
• Adding a new robot to an existing setup
• Selling a robot to someone else

Some facts that may or may not prove useful to you:

• Many devices can turn their WiFi interfaces into temporary access points that phones can talk to. (My camera does this.)
• The range of WiFi is about 100 meters; more (a lot more) with a special antenna
• The range of Bluetooth is about 10 meters; again, a suitable antenna can extend that
• The range of NFC (near field communication) is a few centimeters at most

You may make any reasonable assumptions, including the threat model, as long as you document them. This is a technical design, not a short memo to management. There is no length limit (which is not a suggestion that this is a 20-page paper!).

As always, this homework must be submitted via Courseworks as a PDF file.