IoT House Research Lab

Our Mission

IU's Hacker House for the Internet of Things & Cybersecurity

Security and privacy for an Internet of Things (IoT) ecosystem requires addressing human aspects and technical aspects in a holistic, multidisciplinary manner and bringing those to the public in forms that are usable and impactful.

Our researchers

Joshua Streiff
House Manager
CSI/IoT Project Manager

L. Jean Camp
Director of SPICE
Professor of Informatics

XiaoFeng Wang
Director of SPICE
Luddy Associate Dean for Research

Esfandiar Haghverdi
Professor of Computer Science
Adjunct Professor of Mathematics

Apu Kapadia
Luddy Associate Dean for Graduate Studies
Professor of Computer Science

Yan Huang
Luddy Director of Graduate Studies for Computer Science
Associate Professor of Computer Science

Luyi Xing
Assistant Professor of Computer Science

Xiaojing Liao
Assistant Professor of Computer Science

Hang Zhang
Assistant Professor Computer Science

Chenghong Wang
Assistant Professor Computer Science

Our publications

E. Zheng, S. Mare, and F. Roesner, "End User Security and Privacy Concerns with Smart Homes," in Proceedings of the Symposium on Usable Privacy and Security (SOUPS), 2017.
L. Huber and L. J. Camp, "User-Driven Design in Smart Homes: Ethical Aspects," in Handbook of Smart Homes, Health Care and Well-Being, Springer International Publishing, 2017.
J. Dev, S. Das, and L. J. Camp, "Privacy Practices, Preferences, and Compunctions: WhatsApp Users in India," in HAISA 2018.
P. van Schaik, et al, "Security and privacy in online social networking: Risk perceptions and precautionary behavior," in Computers in Human Behavior, 2018.
A. S. M. Noman, S. Das, and S. Patil, "Techies Against Facebook: Understanding Negative Sentiment Toward Facebook via User Generated Content," in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI), 2019.
J. Dev, et al., "Personalized WhatsApp Privacy: Demographic and Cultural Influences on Indian and Saudi Users," in Social Science Research Network (SSRN), 2019.
J. Schubauer, D. Argast, J. Camp, and S. Patil, "Apps, Code, Culture, and Market Reform: Examining Influences on Android Permissions in the United States, South Korea, and Germany," in the 47th Research Conference on Communications, Information, and Internet Policy (TPRC), 2019.
S. Mare, F. Roesner, and T. Kohno, "Smart Devices in Airbnbs: Considering Privacy and Security for both Guests and Hosts," under review 2019.
S. Das, B. Wang, Z. Tingle, and L. J. Camp, "Evaluating User Perception of Multi-Factor Authentication: A Systematic Review," in HAISA, 2019.

K. Benton and L. J. Camp, "Firewalling Scenic Routes: Preventing Data Exfiltration via Political and Geographic Routing Policies," in Proceedings of the ACM Workshop on Automated Decision Making for Active Cyber Defense, 2016.
K. Benton, L. J. Camp, and M. Swany, "Bongo: A BGP speaker built for defending against bad routes," in Proceedings of IEEE Military Communications Conference (MILCOM) 2016.
P. Moriano, S. Achar, and L. J. Camp, "Incompetents, criminals, or spies: Macroeconomic analysis of routing anomalies," Computers & Security, 2017.
P. Moriano, R. Hill, and L. J. Camp, "Using Bursty Announcements for Early Detection of BGP Routing Anomalies," in CoRR, vol. abs/1905.05835, 2019.

Z. Dong, K. Kane, and L. J. Camp, "Detection of Rogue Certificates from Trusted Certificate Authorities Using Deep Neural Networks," In ACM Transactions of Privacy and Security, 2016.
S. Myers and A. Shull, "Practical Revocation and Key Rotation," in Topics in Cryptology – CT-RSA 2018, 2018.
H. Hadan, N. Serrano, S. Das, and L. J. Camp, "Making IoT Worthy of Human Trust," in Social Science Research Network (SSRN), 2019.
N. Serrano, H. Hadan, and L. J. Camp, "A Complete Study of P.K.I. (PKI’s Known Incidents)," in TPRC 2019.

A. Dingman, G. Russo, G. Osterholt, T. Uffelman, and L. J. Camp, "Poster: Good Advice That Just Doesn’t Help," in Proceedings of the IEEE/ACM Third International Conference on Internet-of-Things Design and Implementation (IoTDI), 2018.
B. Momenzadehet, H. Dougherty, M. Remmel, S. Myers, and L. J. Camp, "Best Practices Would Make Things Better in IoT," under review, 2018.
S. Das, J. Dev, and K. Srinivasan, "Modularity is the Key A New Approach to Social Media Privacy Policies," in Mexican Conference on Human-Computer Interaction, 2018.
J. Abbott, H. MacLeod, N. Nurain, G. Ekobe, and S. Patil, "Local Standards for Anonymization Practices in Health, Wellness, Accessibility, and Aging Research at CHI," in CHI 2019
N. Serrano, H. Hadan, and L. J. Camp, "A Complete Study of P.K.I. (PKI’s Known Incidents)," in TPRC 2019.
S. Mare, L. Girvin, F. Roesner, and T. Kohno, "Consumer Smart Homes: Where We Are and Where We Need to Go," in HotMobile Workshop, 2019.
L. Camp et al., "Towards a Secure IoT: Directions for IoT Research," under review, 2019.

S. M. Hafiz and R. Henry, "Querying for Queries: Indexes of Queries for Efficient and Expressive IT-PIR," in ACM SIGSAC Conference on Computer and Communications Security, 2017.
G. Yaroslavtsev and A. Vadapalli, "Massively Parallel Algorithms and Hardness for Single-Linkage Clustering under p Distances," in Conference on Machine Learning (ICML), 2018.
S. M. Hafiz and R. Henry, "A Bit More Than a Bit Is More Than a Bit Better: Faster (essentially) optimal-rate many-server PIR," in Privacy Enhancing Technologies (PoPETs), 2019.
W. Black and R. Henry, "There Are 10 Types of Vectors (and Polynomials): Efficient Zero-Knowledge Proofs of ‘One-Hotness’ via Polynomials with One Zero," in IACR Cryptology ePrint Archive, vol. 2019.

R. Nandakumar, A. Takakuwa, T. Kohno, and S. Gollakota, "CovertBand: Activity Information Leakage Using Music," in Proceedings of Ubicomp, 2017.
K. Eykholt et al., "Physical Adversarial Examples for Object Detectors," in Proceedings of the USENIX Workshop on Offensive Technologies (WOOT), 2018.
R. Henry, A. Herzberg, and A. Kate, "Blockchain Access Privacy: Challenges and Directions," IEEE Security Privacy, vol. 16, no. 4, 2018.
K. Eykholt, I. Evtimov, E. Fernandes, B. Li, A. Rahamti, C. Xiao, A. Prakash, T. Kohno, D. Song, "Robust Physical-World Attacks on Deep Learning Visual Classification," in the Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2018.
M. Palekar, E. Fernandes, and F. Roesner, "Analysis of the Susceptibility of Smart Home Programming Interfaces to End User Error," in IEEE Workshop on the Internet of Safe Things (SafeThings), 2019.
P. Moriano, R. Hill, and L. J. Camp, "Using Bursty Announcements for Early Detection of BGP Routing Anomalies," in CoRR, vol. abs/1905.05835, 2019.
V. Andalibi, D. Kim, and L. J. Camp, "Throwing MUD into the FOG: Defending IoT and Fog by expanding MUD to Fog network," in Proceedings of the USENIX Workshop on Hot Topics in Edge Computing (HotEdge), 2019.

A. K. Simpson, F. Roesner, and T. Kohno, "Securing vulnerable home IoT devices with an in-hub security manager," in PerCom Workshop on Pervasive Smart Living Spaces, 2017.
J. Streiff, O. Kenny, S. Das, A. Leeth, and L. J. Camp, "Who’s Watching Your Child? Exploring Home Security Risks with Smart Toy Bears," in IoTDI 2018.
J. Streiff and S. Das, "Eyes In Your Child’s Bedroom: Exploiting Child Data Risks with Smart Toys," BSides MSP, 2019.
J. Streiff, "Bears, Unicorns, & Crockpots, Oh My! An Introduction to Internet of Things (IoT) Threat Modeling Education," in Proceedings of the AI & Connected Conference, 2019.
S. Mare, L. Girvin, F. Roesner, and T. Kohno, "Consumer Smart Homes: Where We Are and Where We Need to Go," in HotMobile Workshop, 2019.

A. K. Simpson, F. Roesner, and T. Kohno, "Securing vulnerable home IoT devices with an in-hub security manager," in PerCom Workshop on Pervasive Smart Living Spaces, 2017.
W. He et al., "Rethinking Access Control and Authentication for the Home Internet of Things (IoT)," in Proceedings of the USENIX Security Symposium (USENIX Security), 2018.
V. Andalibi, D. Kim, and L. J. Camp, "Throwing MUD into the FOG: Defending IoT and Fog by expanding MUD to Fog network," in Proceedings of the USENIX Workshop on Hot Topics in Edge Computing (HotEdge), 2019.

Z. Dong, K. Kane, and L. J. Camp, "Detection of Rogue Certificates from Trusted Certificate Authorities Using Deep Neural Networks," In ACM Transactions of Privacy and Security, 2016.
P. Moriano, J. Pendleton, S. Rich, and L. J. Camp, "Insider Threat Event Detection in User-System Interactions," in Proceedings of the International Workshop on Managing Insider Security Threats, 2017.
P. Moriano, J. Pendleton, S. Rich, and L. J. Camp, "Stopping the Insider at the Gates: Protecting Organizational Assets through Graph Mining," in Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 2018.
P. Moriano, J. Finke, and Y.-Y. Ahn, "Community-Based Event Detection in Temporal Networks," in Scientific Reports, vol. 9, no. 1, 2019.

E. Zheng, S. Mare, and F. Roesner, "End User Security and Privacy Concerns with Smart Homes," in Proceedings of the Symposium on Usable Privacy and Security (SOUPS), 2017.
L. Huber and L. J. Camp, "User-Driven Design in Smart Homes: Ethical Aspects," in Handbook of Smart Homes, Health Care and Well-Being, Springer International Publishing, 2017.
J. Dev, S. Das, and L. J. Camp, "Privacy Practices, Preferences, and Compunctions: WhatsApp Users in India," in HAISA 2018.
P. van Schaik, et al, "Security and privacy in online social networking: Risk perceptions and precautionary behavior," in Computers in Human Behavior, 2018.
A. S. M. Noman, S. Das, and S. Patil, "Techies Against Facebook: Understanding Negative Sentiment Toward Facebook via User Generated Content," in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI), 2019.
J. Dev, et al., "Personalized WhatsApp Privacy: Demographic and Cultural Influences on Indian and Saudi Users," in Social Science Research Network (SSRN), 2019.
J. Schubauer, D. Argast, J. Camp, and S. Patil, "Apps, Code, Culture, and Market Reform: Examining Influences on Android Permissions in the United States, South Korea, and Germany," in the 47th Research Conference on Communications, Information, and Internet Policy (TPRC), 2019.
S. Mare, F. Roesner, and T. Kohno, "Smart Devices in Airbnbs: Considering Privacy and Security for both Guests and Hosts," under review 2019.
S. Das, B. Wang, Z. Tingle, and L. J. Camp, "Evaluating User Perception of Multi-Factor Authentication: A Systematic Review," in HAISA, 2019.

P. Rajivan, P. Moriano, T. Kelley, and L. J. Camp, "Factors in an end user security expertise instrument," Information & Computer Security, 2017.
G. M. Deckard, "Cybertropolis: breaking the paradigm of cyber-ranges and testbeds," in Proceedings of the IEEE International Symposium on Technologies for Homeland Security, 2018.

L. Camp, "Channels, Devices, & People - Oh My! A Re-examiniation of IoT Threat Modeling," Federal Trade Commission, 2017.
S. Das, L. Camp, and G. Russo, "Two-Factor Authentication, Usable or Not? A Two-Phase Usability Study of the FIDO U2F Security Key," Black Hat, 2018.
L. Camp, and S. Das, "Studies of 2FA, Why Johnny Can’t Use 2FA and How We Can Change That," RSA Conference, 2019.

R. Henry, "Tutorial: Private Information Retrieval," in Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, 2017.
K. Kabe, "Students Get Education," CyberSecurity Brown County Democrat. 2019.
J. Streiff, "Capturing Education: CTF and IoT in K-12 Education," Luddy Hall Pathfinders Night Session. 2019.
J. Streiff, "How Santa knows if you are Naughty or Nice: How your IoT toys can spy on you,". SPICE Colloquium. 2019.

J. Streiff, C. Justics, and L. J. Camp, "Escaping to Cybersecurity Education: Using Manipulative Challenges to Engage and Educate," in Proceedings of the European Conference on Games Based Learning, 2019.
J. Streiff, "Flipping the Switch! Cybersecurity Workshop Session at Indiana Department of Education (IDoE)," Indian's Annual K-8 Computer Science Conference 2019.
J. Streiff, "How Santa knows if you are Naughty or Nice: How your IoT toys can spy on you,". SPICE Colloquium. 2019.
I. Evtimov, E. Fernandes, K. Koscher, F. Roesner, T. Kohno, "IoT lab: A platform for research and education," forthcoming. 2019
J. Streff, "Cybersecurity & You", Brown Co. Schools, 2019.
J. Streiff, "Educational Hacking Using Command Line & Bluetooth Low Energy", Avon STEM Educator Leadership Day, 2020.

L. Huber and L. J. Camp, "User-Driven Design in Smart Homes: Ethical Aspects," in Handbook of Smart Homes, Health Care and Well-Being, Springer International Publishing, 2017.
J. Dev, et al., "Personalized WhatsApp Privacy: Demographic and Cultural Influences on Indian and Saudi Users," in Social Science Research Network (SSRN), 2019.
J. Streiff and S. Das, "Eyes In Your Child’s Bedroom: Exploiting Child Data Risks with Smart Toys," BSides MSP, 2019.
L. J. Camp, et al., "Conceptualizing Human Resilience in the Face of the Global Epidemiology of Cyber Attacks," in HICSS 2019.
S. Mare, F. Roesner, and T. Kohno, "Smart Devices in Airbnbs: Considering Privacy and Security for both Guests and Hosts," under review 2019.
S. Das, A. Kim, B. Jelen, J. Streiff, L. J. Camp, and L. Huber, "Towards Implementing Inclusive Authentication Technologies for Older Adults," in SOUPS Workshop Who Are You?! Adventures in Authentication (WAY), 2019.

B. Momenzadeh and L. J. Camp, "Peeling the Lemons Problem with Risk Communication for Mobile Apps," Indiana University Bloomington, Technical Report TR736, 2017.
A. Mariakakis, E. Wang, S. Patel, and M. Goel, "Challenges in Realizing Smartphone-Based Health Sensing," in IEEE Pervasive Computing, vol. 18, no. 2, 2019.
J. Schubauer, A. Raymond, and D. Madappa, "Over-Priviliged Permission: Using Technology and Design to Create Privacy Compliance," in IACL17: Research Conference on Innovation and the Transformation of Consumer Law, 2019.
J. Schubauer, D. Argast, J. Camp, and S. Patil, "Apps, Code, Culture, and Market Reform: Examining Influences on Android Permissions in the United States, South Korea, and Germany," in the 47th Research Conference on Communications, Information, and Internet Policy (TPRC), 2019.
K. Lebeck, T. Kohno, and F. Roesner, "Enabling Multiple Applications to Simultaneously Augment Reality: Challenges and Directions," in Proceedings of the International Workshop on Mobile Computing Systems and Applications (HotMobile), 2019.
K. Ruth, T. Kohno, and F. Roesner, "Secure Multi-User Content Sharing for Augmented Reality Applications," in Proceedings of the USENIX Security Symposium (USENIX Security), 2019.

L. J. Camp, J. Abbott, and S. Chen, "CPasswords: Leveraging Episodic Memory and Human-Centered Design for Better Authentication," in Proceedings of the Hawaii International Conference on System Sciences (HICSS) 2016.
J. Abbott, D. Calarco, and L. J. Camp, "Factors Influencing Password Reuse: A Case Study," in the 46th Research Conference on Communications, Information, and Internet Policy, 2018.
S. Das, A. Dingman, and L. J. Camp, "Why Johnny Doesn’t Use Two Factor A Two-Phase Usability Study of the FIDO U2F Security Key," in Conference on Financial Cryptography (FC) 2018.
W. He et al., "Rethinking Access Control and Authentication for the Home Internet of Things (IoT)," in Proceedings of the USENIX Security Symposium (USENIX Security), 2018.
S. Das, A. Kim, B. Jelen, J. Streiff, L. J. Camp, and L. Huber, "Towards Implementing Inclusive Authentication Technologies for Older Adults," in SOUPS Workshop Who Are You?! Adventures in Authentication (WAY), 2019.
S. Das, B. Wang, and L. J. Camp, "MFA is a Waste of Time! Understanding Negative Connotation Towards MFA Applications via User Generated Content," in HAISA, 2019.
S. Das, B. Wang, Z. Tingle, and L. J. Camp, "Evaluating User Perception of Multi-Factor Authentication: A Systematic Review," in HAISA, 2019.

Affiliated Centers

SPICE

Security and Computing in Informatics, Computing, and Engineering Center

The Security and Computing in Informatics, Computing, and Engineering Center accomplishes security through research, education, and outreach. Capitalizing on interdisciplinary studies and practical research focuses, they mean to have a real effect on users, economics, and our social environments.

Visit SPICE

CDCC

Center for Distributed Confidential Computing

CDCC is an academic project aiming to lay the technical foundations for scalable data-in-use protection on cloud and edge systems. It is a multi-institution project sponsored by the Secure and Trustworthy Cyberspace Frontiers Program of the National Science Foundation.

Visit the CDCC

Student Clubs

Cyber Security Club

Since 2016, the Cyber Security Club at Indiana University has provided resources to its members in order to allow them to understand what a career in cyber security means. We provide our members with extensive networking opportunities that are beneficial both educationally and professionally. Our mission is to create a fun environment to be both informed and educated in what is desired in potential candidates for cyber security careers.

C^3: CTF Competition Club

The goal of C^3 CTF Competitions Clubs is to create, promote, and support student participation in CTF competitions around the world while providing opportunities to students who seek to further develop their knowledge of security, computer science, and engineering beyond the classroom.

Women in Cybersecurity

WiCyS is the only non-profit membership organization with national reach that is dedicated to bringing together women in cybersecurity from academia, research, and industry to share knowledge, experience, networking, and mentoring.

IoT House Research Lab

Our Mission

IU's Hacker House for the Internet of Things & Cybersecurity

Our researchers

Our publications

Privacy Perceptions

Global Crime

PKI

Standard, best practices, research directions

Private information retrieval

Threat Analysis and defenses

Device analysis and defenses

IoT device isolation

Machine learning

Privacy Perceptions

Enhanced research infrastructure

Research dissemination beyond education

Broadening participation

Education outreach

Diversity in research participation

Mobile and devices

Authentication

Affiliated Centers

SPICE

CDCC

Student Clubs

Luddy School of Informatics, Computing, and Engineering resources and social media channels