Abstract: Computer networks have undergone and continue to experience a major transformation, whereby billions of low-cost devices are being connected to the network to provide additional functionality and better user experience. Unlike traditional network devices, these devices, collectively known as the ``Internet of Things'' (IoT), typically have very limited computational, memory, and power resources . These IoT devices became a major security concerns, both due to human factors and to technical challenges in deploying security mechanisms on devices with low resources. The number and diversity of IoT devices creates a huge attack surface that is often exploited by attackers to launch large-scale attacks, sometimes exploiting well-known vulnerabilities.
This talk will highlight the security concerns of IoT devices from a networking perspective and explore how to secure IoT devices using whitelists, in which communication between a device and an endpoint is prohibited unless that endpoint appears in the corresponding whitelist.
Bio: David Hay is an Associate Professor with the Rachel and Selim Benin School of Computer Science and Engineering, Hebrew University, Jerusalem, Israel. He received the B.A. (summa cum laude) and Ph.D. degrees in computer science from the Technion—Israel Institute of Technology, Haifa, Israel, in 2001 and 2007, respectively. In addition, he was with IBM Haifa Research Labs, Haifa, Israel; Cisco Systems, San Jose, CA, USA; the Electronic Department, Politecnico di Torino, Turin, Italy; and the Electrical Engineering Department with Columbia University, New York, NY, USA. In 2010, he co-founded (with Prof. Brembler-Barr) the DEEPNESS lab, focusing on deep packet inspection in next-generation network devices. He has served as a technical program committee member of numerous networking conferences, and since 2018 serves as en editor of ACM/IEEE Transactions on Networking. His research interests are in computer networks—in particular, network algorithmics, packet classification, deep packet inspection, network survivability and resilience, software-defined networking, network-function virtualization, and various aspects of network security.