Group Scholars SREP 2022 Complete Summer Research Experiences

IoT House LogoAs the summer of 2022 comes to a close, two gifted incoming IU freshmen participating in the
Groups Scholars STEM Summer Research Experience Program (SREP) are finishing their summer research projects at the  Security and Privacy in Informatics, Computing, and Engineering (SPICE) center’s Internet of Things (IoT)  The culmination of weeks worth of research, these students presented the results of their efforts during the week’s Research Symposium poster session at Wells Library.

The SREP program is a residential experience for incoming students accepted into the Groups Scholars program to engage in unique STEM research projects over the summer before starting their first year at IU. Each student is matched with an IU research mentor to provide education, guidance, and direction working on their project. Every summer students a number of  SREP students are paired with IoT House researchers and provided center resources to explore technical and human centered issues regarding vulnerability and security with IoT devices.

As project manager and research mentor, Joshua Streiff, explains:

“SPICE hosts several students each summer. This summer we had two students working on real world problems and experiencing the research process.”

Groups Scholar Davionte’ Thornton, explored security and privacy issues related to bluetooth based consumer products. Focussing on health and sports related devices, Davionte’ chose to see if he could use simple bluetooth scanning software to identify and track wearers. Selecting a sample set of common smart watches, wireless earbuds, and a bicycle computer, he set out to see if he could locate, connect to, and uniquely identify devices over unauthenticated Bluetooth Low Energy (BLE) channels using only a free bluetooth scanner.  

As he states, 

“Tracking individuals through their bluetooth devices presents serious security concerns.”

His research found 75% of devices were connectable without authentication, and that 50% shared unique identifiers such as serial numbers which make tracking viable. While ranges on these devices were relatively short, 250 feet or less, the tracking was performable through physical barriers and concealment. His detailed results were covered in his research poster, Bluetooth Tracking: Are You Being Tracked From Your Bluetooth Devices?.

Group Scholar Shawn  Miles, researched if he could produce an inexpensive educational tool that could be used with K-12 students allowing them to safely target and hack over a closed network using standard ethical hacking software. Basing his system on a single Raspberry Pi, he was able to build an access point that students could attach to as a closed network in which the Raspberry Pi ated also as the network target. Students would be able to do network reconnaissance, device port scanning, and attempt at breaching the target to find critical information in the form of flags to capture. 

Teaching cybersecurity concepts and skills needs parameters and space as Shawn explained,

“It is important to give students a safe space to hack ethically.”

His system also provides a second layer of gameplay as it performs the same functions as a honey pot, gathering connection information on the attaching devices. This allows student students to begin to learn about Intrusion Defense Systems (IDS) and how they might be implemented in a counter hacker role.  His research poster was titled Safe Safecracking: Creating Honeypots for Education and envisioned a variety of expansions on the system that could be easily implemented for K-12 educational outreach. 

In addition to working diligently on their research projects, the SREP students had the opportunity to participate in fun events on campus. For it’s part, the IoT house hosted an open house for all group scholars students in which they explored practical device and network hacking as well as lock picking challenges.  As Streiff remarks,

“We hope to show these students many of the opportunities that IU, SPICE, and the IoT House have to offer them not only to build their skills and confidence, but in the hopes of seeing them return to do future research.”