From Interns to Internet-of-Things Experts in One SummerOctober 2016
The "Internet of Things"—where billions of devices will be connected to one another via computer networks—is so new and exploding so fast that few people know much about it beyond the fact that it will change the way we live and work. What information does exist is often contradictory. Most schools don’t have IoT programs, and few companies have IoT labs.
Which is why it was so unusual to find four IoT experts at MITRE's Bedford, Massachusetts, campus last summer. Even more unusual? Their average age was 20.
College students Jon Aho (University of Rochester), Carmen Matos (University of Puerto Rico, Mayagüez), Anne Oursler (Tufts University), and Omar Taylor (Iowa State University) were interns in MITRE's Advanced Networking Technology and Security department from late May until mid-August. Department head Jeff Schwefler hired them specifically to help design the newest MITRE Challenge--Unique Identification of IoT Devices.
The MITRE Challenge series encourages inventors from all walks of life and all corners of the globe to develop solutions to some of our sponsors' toughest problems. The Unique Identification of IoT Devices Challenge, which opened for registration in September, seeks to resolve two IoT security issues. They are: how to identify the specific types of devices (a phone, appliance, or fitness monitor) in any given network (a home, hospital, or industrial setting), and how to determine if that network has been altered. For example, it's possible that one device might be switched out for another of the same type. Is the thermostat you see today the same one you saw yesterday?
"John, Omar, Anne, and Carmen developed more knowledge of IoT protocols than anyone else in the company," says Schwefler, who looked for interns who would be able to dive into the unknown, on their own, and swim through the debris. "They went from 0 to 90 in about four weeks."
Filling in the Gaps and Managing the Contradictions
The four arrived as IoT neophytes. Schwefler gave them two gigantic standards manuals (for Zigbee and Zwave protocols), a "packet sniffer" that picks up the traffic between networked computers, and a pile of off-the-shelf devices. They took apart every device and reverse engineered how they operate. They searched everywhere for useful information and people to interview for help. They found a lot of contradictions and gaps—and they learned to rely on their own observations.
For example, Aho spent hours manually decoding the data picked up by the sniffer before the team discovered a more sophisticated software program with automatic decryption. They analyzed every related tool available that could help solve the puzzle.
The interns pooled their knowledge of RF engineering, computer programming, protocol analysis, networks, and even hacking. "Sometimes, when you push a person into the corner, that's when they get the most creative," says Taylor, who knows from experience. His father put lots of restrictions on the family home computer to limit the time the kids spent playing video games, but Taylor always found a way around them.
Creating an IoT Testbed—Then Rearranging It
With guidance from Schwefler, the interns helped developed a MITRE Challenge that tests the skills of students, entrepreneurs, and others who want to make a mark in the IoT security space.
The team built a testbed for the Challenge using a broad array of devices with diverse operating characteristics that could be found in a high-tech home. Challenge participants will "listen to" the baseline environment and identify all the devices in it. Then they’ll determine what types of physical, protocol, and operational changes have been made to the network. The interns made sure that there will be plenty to look for.
"Either someone will come up with a great solution that we can all benefit from, or else the problem is impossible to solve, so we don’t have to worry about it!" says Aho.
He’ll have another chance to hone his skills at MITRE next summer. In June 2017, Aho will start his first full-time job out of college as a network engineer in Schwefler's department.
—by Twig Mowatt
Are you a good fit for MITRE, too? Explore our current Job Openings.