Mon(IoT | ito)r Research Group

Welcome to the Mon(IoT)r Research Group at Northeastern University.

Our mission Contact us

Our Mission

The goal of the Mon(IoT)r research group is to provide awareness of the privacy implications of Internet of Things devices, and ultimately produce a means to inform users about what information they share.

What we do

isec

The key research questions we are investigating in the Mon(IoT)r research group are:

  • What personally identifiable information (PII) is being leaked, intentionally or otherwise, from IoT devices?
  • What can we do to mitigate privacy risks beyond simply encrypting, modifying, or blocking PII?

Our methodology entails recording and analyzing all network traffic generated by a variety of IoT devices that we have acquired. We not only inspect traffic for PII in plaintext, but attempt to man-in-the-middle SSL connections to understand the contents of encrypted flows. Our analysis allows us to uncover how IoT devices are currently protecting users’ PII, and determine how easy or difficult it is to mount attacks against user privacy.

The Mon(IoT)r Lab

The Mon(IoT)r Lab

The Mon(IoT)r Lab is a first-of-its-kind IoT “living lab” for measuring IoT device network leakage, conducting controlled experiments, and IRB-approved user studies. The lab consists of a “fishbowl” (glass walls) that encloses a space replete with smart devices from TVs to toasters, fridges to fitbits, lights to locks. Specifically, all of the IoT devices in the lab are configured to use an OpenWRT router that is instrumented with packet-recording software. We use this lab to conduct controlled experiments, to observe IoT behavior in uncontrolled experiments (through its use by consenting researchers in the research group), and to provide demonstrations of security and privacy research. Together with interfaces for visualizing and controlling data, the lab not only supports research, but it also provides an interactive component that allows researchers and visitors to visualize, understand, and control the information exposed by IoT devices.

Related Projects

projects

ReCon
ReCon analyzes your network traffic to tell if personal information is being transmitted, and it doesn’t even need to know what is your personal information to work. It detects device/user identifiers used in tracking, geolocation leaks, unsafe password transmissions, and personal information such as name, address, gender, and relationship status. We make this information available to you via a private Web page, and allow you to tell us if we found important leaks, and whether we should block or modify them.

ReCon website

Meddle
Meddle provides services that interpose on the traffic your device generates. It can block, shape, filter or otherwise modify traffic your device generates so that we can save you time, energy and money.

Meddle website

The Team

Prof. David Choffnes
David Choffnes is an Assistant Professor in the College of Computer and Information Science at Northeastern University.
Dr. Daniel J. Dubois
Daniel J. Dubois is a Postdoctoral Research Associate in the College of Computer and Information Science at Northeastern University.
Jingjing Ren
Jingjing Ren is a PhD student in the Computer Science program at Northeastern University’s College of Computer and Information Science.

Contact us


How to get in touch

Are you interested in getting in touch or to start a collaboration? Feel free to send an email to any members of the Mon(IoT)r Team. You can find their contact information in their personal websites.

Where we are

ISEC

  • Interdisciplinary Science and Engineering Complex (ISEC) - 6th Floor
    805 Columbus Avenue
    Boston, MA 02120
    United States

Acknowledgment

This work is supported by DHS S&T contract FA8750-17-2-0145 Revealing and Controlling Privacy Leaks in Network Traffic.