Xinwen Fu Aims to Improve the Security and Privacy of the Internet of Things

Prof. Xinwen Fu and his student in the lab Image by Joson Images

Computer Science Prof. Xinwen Fu, left, and undergraduate student Chukpozohn Erastus Toe conduct cybersecurity research at UMass Lowell’s new Cyber Range facility near East Campus.

By Edwin L. Aguirre

Computer Science Prof. Xinwen Fu has been awarded more than $4.5 million by the National Science Foundation (NSF) and the U.S. Department of Energy (DOE) for his research on the Internet of Things, or IoT. This refers to the network of separate physical and virtual devices that communicate with each other wirelessly, without human interaction or intervention.

“IoT is booming with the popularity of smart, mobile devices,” says Fu, a cybersecurity and cyberforensics expert who is the director of UMass Lowell’s Center for Internet Security and Forensics Education and Research (iSAFER) and a faculty member of the UML Cyber Range.

“However, these devices, if left unprotected, will allow hackers to be able to collect or manipulate data using a Bluetooth connection,” he says.

Last fall, the NSF awarded two grants, totaling $1.54 million spread over three years, to Fu and his collaborators from the University of Central Florida (UCF) to improve the security and privacy of IoT.

The first grant, worth more than $1,198,000, focuses on building a secure, trustworthy and reliable air quality monitoring system for smart, connected communities.

“We are building sensors so that the air quality data cannot be manipulated by anybody, even by those who can physically touch and access the sensors,” says Fu.

A total of 110 prototypes will be deployed across Boston and Orlando. The data collected will be transmitted to a central server for analysis.

“The techniques used for securing the sensors can also be applied to protect all kinds of IoT devices, including security cameras, hospital medical sensors and virtual home assistants, so that administrators and researchers can make correct decisions based on trustworthy data,” says Fu.

The second grant, worth more than $340,000, is education funding to build low-cost, state-of-the-art IoT security hands-on laboratory kits for use in university classrooms.

“We will teach students how to design and build secure IoT devices. They will experiment with the devices and learn how to defend them from cyberattacks,” explains Fu, who is the principal investigator for UMass Lowell on both projects.

“Our project is the first to use an industrial-grade microcontroller with a crypto coprocessor to systematically develop teaching materials, including hands-on labs and case studies on IoT security and privacy,” says Fu. “This IoT platform costs significantly less than existing platforms, and will allow for the development of a full-fledged IoT laboratory with hardware security modules that is affordable for students and institutions.”

In February, the DOE awarded $3 million to Fu and his UCF co-researchers to secure IoT-based automation systems used in smart buildings. Today’s smart building technology uses wireless sensors, equipment controllers and cloud-based software to control heat, ventilation, airconditioning and lighting systems to save energy, increase comfort and improve air quality.

“Depending on its size and type, each building can have 50 to 100 controlled devices, while each device can have, on average, 10 sensors – that is, each building can have 500 to 1,000 IoT gateway points. With such a large network, vulnerabilities exist that could allow malicious hackers to attack those sensors, connect their computer to the building’s system and attack all devices hooked into the entire building,” says Fu. “My job is to examine network weaknesses and design defense measures against such cyberattacks.”