IoT Security and Privacy Lab

Research Focus

Expanding the transparency and control of IoT devices by examining the state of security and privacy within Internet-of-Things (IoT) ecosystems.

Developing novel attack vectors for IoT
Identifying systemic design failures in IoT
Examining means for better transparency in IoT
Leveraging IoT for security education

Publications

TJ OConnor, Dane Brown, Jasmine Jackson, Suzaan Schmeelk, Bryson Payne. Compete to Learn: Toward Cybersecurity As A Sport. In The Journal of Cybersecurity Education Research and Practice (JCERP), Kennesaw, GA, June 2023 [bib] [pdf]
Parth Ganeriwala, Anubhav Gupta, Daniel Campos, Siddhartha Bhattacharyya, TJ OConnor, Adolf Dcosta, Modeling Internet-of-Things (IoT) Behavior for Enforcing Security and Privacy Policies. In Computing Conference 2023, London, UK, June 2023. [pdf]
Ahmed Alhazm, Khulud Alawaji, and TJ OConnor. MPO: MQTT-Based Privacy Orchestrator for Smart Home Users. In Computers, Software, and Applications Conference (COMPSAC), Virtual Event, July 2022. IEEE. [bib] [pdf]
TJ OConnor, Carl Mann, Tiffanie Petersen, Isaiah Thomas and Chris Stricklan. Toward an Automatic Exploit Generation Competition for an Undergraduate Binary Reverse Engineering Course. In Innovation and Technology in Computer Science Education (ITiCSE), Dublin, Ireland, July 2022. ACM. [bib] [pdf]
TJ OConnor. HELO DarkSide: Breaking free from katas and embracing the adversarial mindset in cybersecurity education. In Special Interest Group on Computer Science Education (SIGCSE), Providence, RI, March 2022. ACM. [bib] [pdf]
Ahmed Alhazmi, Ghassen Kilani, William Allen, and TJ OConnor. A replication Study for IoT Privacy Preferences. IEEE Conference on Omni-Layer Intelligent Systems (COINS). August 2021 [bib] [pdf]
TJ OConnor, Dylan Jesse, and Daniel Camps. Through the Spyglass: Toward IoT Companion App Man-in-the-Middle Attacks. USENIX Cyber Security Experimentation and Test Workshop (CSET). August 2021. [bib] [pdf]
Daniel Campos, TJ OConnor. Towards Labeling On-Demand IoT Traffic. USENIX Cyber Security Experimentation and Test Workshop (CSET). August 2021. [bib] [pdf]
TJ OConnor, Chris Stricklan. Teaching a Hands-On Mobile and Wireless Cybersecurity Course. ACM Innovation and Technology in Computer Science Education (ITiCSE). June 2021. [bib] [pdf]
Chris Stricklan, TJ OConnor. Towards Binary Diversified Challenges For A Hands-On Reverse Engineering Course. ACM Innovation and Technology in Computer Science Education (ITiCSE). June 2021. [bib] [pdf]
Blake Janes, Heather Crawford, and TJ OConnor. Never Ending Story: Authentication and Access Control Design Flaws in Shared IoT Devices. IEEE Security and Privacy SafeThings Workshop. May, 2020. [bib] [pdf] (Also received Bug Bounty From Google)
TJ OConnor, William Enck, and Bradley Reaves. Blinded and Confused: Uncovering Systemic Flaws in Device Telemetry for Smart-Home Internet of Things, Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec). May, 2019. [bib] [pdf](Best Paper WiSec, 2019)

Datasets

Labeled Dataset of IoT Traffic from Towards Labeling On-Demand IoT Traffic is available now. [Github Link]
- Please cite the dataset using: [bib] [pdf]
Attacks presented in Through the Spyglass: Toward IoT Companion App MiTM Attacks [Github Link]
- Please cite the dataset using: [bib] [pdf]
Labeled Dataset of IoT Malware from Toward a Labeled Dataset of IoT Malware Features [Github Link]

Awards

Office of Naval Research: Educational Approaches and Curriculum to Engage and Educate a More Diverse Cybersecurity Workforce $746,929.
Office of Naval Research: Multidisciplinary Approach to Internet-of-Things (IoT) Cybersecurity Research $249,946.

Media & Interviews

Florida Weekly published a story about the impact of security on IoT devices in the future [Link]
Space Coast Daily published a story about the FITSEC first place finish at the 2022 Fall NCL Game. [Link]
Space Coast Daily published a story about Chandler Hake, who is in the Cyber Ops Concentration. [Link]
Space Coast Daily published a story about the FITSEC second place finish at the 2022 Spring NCL Game. [Link]
Brevard Business News Story about Dr. OConnor's leadership of the US Cyber Games [Link]
Florida Tech Article about our work bringing cybersecurity education to K-12 [Link]
Congressional Record Congratulating FITSEC's win at National Cyber League Team Tournament [Link]
Florida Tech Article about FITSEC Win at National Cyber League Team Tournament [Link]
Scythe Post about Risk of Supply Chain From IoT Devices (Dr. OConnor) [Link]
Florida Tech Article about IoT Companion App Vulnerabilities [Link]
Washington Post Article about US Cyber Games (Dr. OConnor) [Link]
Capitol.Com Article about Cybersecurity Summit (Dr. OConnor) [Link]
Dr. OConnor named as US Cyber Games Head Coach [Link]
WESH Interview about the cyber attack on Carnival Cruise (Dr. OConnor) [Link]
CybserScoop Interview about Amazon Sidewalk [Link]
Fox35 Interview about the DarkSide Ransomware attack on Colonial Pipeline (Dr. OConnor) [Link]
Fox35 Interview about Water Treatment Plant Compromise (Dr. OConnor) [Link]
Fox35 (Second) Interview about Water Treatment Plant Compromise (Dr. OConnor) [Link]
Washington Post Story about IoT S&P Lab [Link]
Florida Today Story about IoT S&P Lab [Link]
Interview with REFirm Labs about Camera Backdoor Discovery (Dr. OConnor) [Link]
ITSP Magazine Podcast about our IoT S&P Lab (Dr. OConnor & Dan Campos) [Link]
DeviceSecurityIO Interview abouat the state of IoT Security (Dr. OConnor) [Link]
Florida Tech Story about IoT S&P Lab and FITSec Team (Josh Connolly & Dr. OConnor) [Link]

Vulnerability Disclosures

CVE-2021-33559 : Kangaroo Privacy Camera (Unauthenticated remote access)
CVE-2021-31793 : NightOwl Doorbell Camera Vulnerability (WDB-20-V2 WDB-20-V2_20190314)
CVE-2020-28713 : NightOwl Smart Doorbell Vulnerability (Firmware Version 20190505)
CVE-2020-28998 : Geeni Doorbell Camera Vulnerability (GNC-CW013 Firmware 1.8.1)
CVE-2020-28999 : Geeni Doorbell Camera Vulnerability (GNC-CW013 Firmware 1.8.1)
CVE-2020-29000 : Geeni Doorbell Camera Vulnerability (GNC-CW013 Firmware 1.8.1)
CVE-2020-29001 : Geeni (Multiple Devices, Firmware versions 2.7.2, 2.9.5, 2.96)

News

2023

Excited for our students (Dylan Jessee, Curtice Gough, Louie Orcinolo, and Alex Schmith) that took 5th place at the CyberSEED tournament.
Our https://research.fit.edu/fitsec/ held our internal Big Brother Capture the Flag Competition hosted on https://fitsec.ctfd.io Excited this year to build a custom docker container to provide the competitors with the challenges and all the tools to succeed. You can ``docker pull tjoconnor/bb-ctf`` to see the challenges and try them out!
Dr. OConnor presented at the Controlled Unclassified Information Conference in Melbourne, FL.
Excited for our students (Stephen Brustowicz, Dylan Jessee, Alexander Schmith, Curtice Gough, and Blake Janes) won the Saint Leo University Capture the Flag cybersecurity tournament this weekend, including a $3,500 cash prize sponsored by Imperium Data.
Dr. OConnor was asked/accepted to serve on the Organizing Committee for the ACM Special Interest Group in Computer Science Education (SIGCSE) 2024 Conference in Portland, Oregon.

2022

We are excited our paper, "Modeling Internet-of-Things (IoT) Behavior for Enforcing Security and Privacy Policies" by Parth Ganeriwala, Anubhav Gupta, Daniel Campos, Siddhartha Bhattacharyya, TJ OConnor, Adolf Dcosta was accepted in the Computing Conference 2023.
Florida Tech's Cybersecurity Team, advised by Dr. OConnor and Dr. Sudhakaran, took first at the Fall 2022 National Cyber League Team Tournament [News Story]
Dr. OConnor gave the keynote address at the Central Florida Cybersecurity Summit, discussing the labs research in IoT Security and Privacy.
Dr. OConnor presented to the Tampa Armed Forces Communications Association (Tampa, FL), discussing the labs research in IoT Security and Privacy.
Florida Tech's Cybersecurity Team, advised by Dr. OConnor, took second at the Spring 2022 National Cyber League Team Tournament [News Story] [NCL Power Rankings]
We are excited our paper, "MPO: MQTT-Based Privacy Orchestrator for Smart Home Users" was accepted in Computers, Software, and Applications Conference (COMPSAC 2022). [bib] [pdf]
Ahmed Alhazmi succesfully defended his dissertation, titled: Preserving Users' Privacy in IoT Systems Through Network-based Access Control. Ahmed will serve as an Assistant Professor at Umm Al-Qura University in Saudi Arabia.
Stian Olsen succesfully defended his thesis, titled: Toward a Labeled Dataset of IoT Malware Features.
We are excited our paper, "Toward an Automatic Exploit Generation Competition for an Undergraduate Binary Reverse Engineering Course" was accepted by ITiCSE 2022. [bib]
We recenty presented our paper, "HELO DarkSide: Breaking free from katas and embracing the adversarial mindset in cybersecurity education" at ACM SIGCSE. [bib] [pdf]
Brevard Business News published a story about Dr. OConnor's leadership of the US Cyber Games [Link]

2021

Florida Tech's Cybersecurity Team, advised by Dr. OConnor, won the Fall 2021 National Cyber League Team Tournament [News Story] [NCL Power Rankings]
Florida Tech published a press release about our work discovering vulnerabilities in IoT Companion Applications [Press Release] [cset2021oconnor]
Dr. OConnor was recently named to lead the US Cyber Games to compete in the International Cyber Competition in Athens, Greece.
The Florida Tech IoT S&P Lab was featured in the Florida Tech Spring 2021 magazine. [FloridaTech-Spr21.pdf]
The Office of Naval Researched has awarded funding Florida Tech and the IoT Security and Privacy Lab to investigate Educational Approaches and Curriculum to Engage and Educate a More Diverse Cybersecurity Workforce for $746,929.
Dr. OConnor was recently interviewed on Fox35 about the DarkSide Ransomware that attack Colonial Pipeline.
We recently reported and were assigned two new CVEs (CVE-2021-31793, CVE-2020-28713) in The Night OWL Doorbell sold at Walmart.
Excited our students placed #3 in the university team division at the National Cyber League and were ranked the #4 program in the National Cyber League Spring 21 Power Rankings.
Florida Tech recently published a news story about the success of our FITSec Cybersecurity Team and our IoT S&P Lab.
Our recent vulnerability disclosures were reported in the Washington Post and Florida Today. Read the technical details at our blog post on REFirm Labs.
We recently reported and were assigned 4 CVEs in security cameras and doorbells. See our Geeni Vulnerability Disclosures for more information. The assigned vulnerabilities including

2020

Congratulations to Josh Connolly and Blake Janes, who lead our FITSec Team to be ranked #21/300 for the Fall 2020 National Cyber League Tournament.
The Office of Naval Research has awarded funding for the Florida Tech and the IoT Security and Privacy Lab for Multidisciplinary Approach to Internet-of-Things (IoT) Cybersecurity Research for $249,946.
Congratulations to Josh Connolly, who lead our FITSec Team, to a 7th Place Finish at the Spring 2020 National Cyber League Tournament.
Congratulations to Blake Janes for being awarded a $3,133.70 bug bounty from Google!
We are happy to that we partnered with the ReFirm Labs CyberSecurity Education Program, which granted access to the ReFirms Binwalk Enterprise Platform to our students.
We are happy to announce that we partnered with the CloudShark Education Program, which granted access to the CloudShark Platform to our students.

Current Group Members

Faculty

Dr. TJ OConnor

Students

Blake Janes - MS in CS, expected Summer 23.
Kourtnee Fernalld, MS in CS, expected Summer 23.
Stephen Brustowicz - MS in CS, exepcted Summer 23.

Chris Stricklan - PhD in CS, expected Spring 24.
Curtice Gough, BS in CS, expected Spring 24.
Bobby Acha - PhD is CS, expected Spring 26.

Previous Students

Ahmed Alhazami - PhD in CE, Summer 22
Dan Campos, MS in CS, Spring 21.
Stian Olsen - MS in CS, Spring 22
Josh Connolly, BS in CE, Spring. 21
Carl Mann, BS in CS, Spring 22.
Tiffanie Petersen, BS in CS, Spring 22. (Outstanding CS Undergrad Award)
Isaiah Thomas, BS in CS, Spring 22.