America's National Science Foundation has noticed the dodgy security surrounding the Internet of Things, and has splashed US$6 million in two grants to improve, umm, things.

The grants to examine “cyber-physical systems” (CPS), awarded in partnership with Intel, have gone to the University of Pennsylvania's Insup Lee to work on “security and privacy-aware cyber-physical systems”, and to Philip Levis at Stanford, who is working on end-to-end IoT security.

The U-Penn grant will look at autonomous vehicles (including internal and external vehicle networks), the smart-connected medical home, and medical device interoperability.

Lee hopes his outputs will include attack detection, ways to ensure that IoT systems recover from attacks quickly, lightweight cryptography, control designs, data privacy, and an “evidence-based framework for CPS security and privacy assurance”.

The Stanford group is looking at the software architecture for the Internet of Things, with the goal “to make it possible for two developers to build a complete, secure, Internet of Things applications in three months.”

The architectural model includes:

A distributed model controller, with different models defining the data the application generates and stores, and how data moves;

A common “embedded gateway cloud” architecture; and

End-to-end security provided by encryption from the IoT device to the end user device; and

A broad “software-defined hardware” model to help developers create more secure devices: “The data processing pipeline can be compiled into a prototype hardware design and supporting software as well as test cases, diagnostics, and a debugging methodology for a developer to bring up the new device”. The Stanford research hints at a role for homomorphic encryption in IoT security, in which software can perform operations on data without decrypting it: “Servers can compute on encrypted data, and many parties can collaboratively compute results without learning the input”, the project page states. In separate projects, the NSF is also funding research into smart home privacy (at the University of Massachusetts Amherst), secure algorithms (at Missouri University of Science and Technology), and a “provably safe” autonomous vehicle project at Pennsylvania State University. ®