Privacy-Preserving IoT Devices

As discussed in class, vendors play a necessary in most interactions with IoT devices. This creates privacy risks: vendors know who owns what devices and what they do with their devices.

You work for an IoT company that takes privacy seriously. It's certainly easy to simply announce "we won't retain or match any data", but many people won't believe such announcements. A complete design would take far too long, so I won't ask for that. Instead, prepare a list of privacy-sensitive items that the device and hence the vendor might know, and give a few suggestions about architectural or implementation ideas that could protect these items. (You need not show how to protect them all.) Assume that the verification would be done by someone who is technically very knowledgeable and has rational test gear. By rational, I mean things that can be observed externally and do not involve disassembling the devices, reading out chip ROMs or flash memory, etc. Assume that these devices that your company ships will have a small screen and some input capability, e.g., via a touch screen or a small number of buttons (but nowhere near a complete keyboard).

You may assume that the code is honest. That is, if the device is reconfigured to permit investigation, it will not detect that reconfiguration and behave differently. In other words, the testing should be about providing assurance of correct behavior rather than be an investigation into misbehavior.

This homework must be submitted via Courseworks as a PDF file. To permit anonymous grading, DO NOT put your name on the PDF file. However, you MUST put your group number on the page.