SDIoTSec 2025

Workshop on Security and Privacy in Standardized IoT (SDIoTSec)

Co-located with NDSS 2025 »

Consumers increasingly rely on IoT products to manage essential aspects of daily life, including home safety, health, recreation, and personal convenience. Design and implementation practices of IoT devices are known to be heterogeneous, with vendor-specific protocols, designs and developments for device access, communication, and security management. This diversity poses significant challenges to both IoT security and consumer usability. In response, the emergence of IoT standards aims to address these issues. Notable examples include the Matter open-source project, a major industry collaboration that provides a unified standard for IoT design and implementation, simplifying development for manufacturers and enhancing device compatibility for consumers. Additionally, the IoT Labeling Program of the Federal Communications Commission (FCC) seeks to establish security standards for manufacturers.

Any security and privacy problems in IoT standards and standardized IoT practices can be easily inherited by real IoT products of many manufacturers. This workshop aims to promote research that investigates and evaluates the foundational role of IoT design standards and their implementations (open-source and closed source) for the security, privacy, and trustworthiness of IoT systems. The IoT industry, open-source community and academia are expected to develop and apply practical, rigorous security and privacy measures to ensure that IoT standards and standardization processes are both well-designed and properly implemented.


Call for Paper

We invite researchers and practitioners to submit original research papers for the second Workshop on Security and Privacy in Standardized IoT (SDIoTSec 2025). The aim of this workshop is to bring together experts from academia, industry, open-source community, governments to discuss and address security and privacy challenges emerging in standardized IoT design and implementations and their real-world deployments. The expected impacts include significantly eliminating security and privacy threats in both the design and implementation space of IoT.

Scope and Topics of Interest

The research should be related to emerging IoT standards (such as Matter, IoT Cybersecurity Labels, SBOM, CBOM, HBOM or any supply chain standards/regulations), or common IoT design and implementation ("common" means shared by multiple vendors). The research is related to security, privacy, safety, and governance of IoT systems.

Specific topics of interests include but are not limited to the following:

The PC will select a best paper award for work that distinguishes itself in advancing the security, safety, and privacy of standardized IoT design and implementation.

Submission Instructions

Submitted papers must be in English, unpublished, and must not be currently under review for any other publication. Submissions must be a PDF file in double-column NDSS format (https://www.ndss-symposium.org/ndss2025/submissions/call-for-papers/). We accept (1) regular papers with up to 8 pages, (2) short papers or work-in-progress papers with up to 4 pages. The page limits does not include bibliography and well-marked appendices, which can be up to 2 pages long. Note that reviewers are not required to read the appendices or any supplementary material. Authors should not change the font or the margins of the NDSS format. The review process is double-blind. (Papers must be submitted in a form suitable for anonymous review: no author names or affiliations may appear on the title page, and papers should avoid revealing authors’ identity in the text.) All papers must be in Adobe Portable Document Format (PDF) and submitted through the web submission form via Hotcrp (submission link below).


Submission Website »

Important Dates (AoE Time)


Paper submission December 6, 2024 (AoE, UTC -12) December 13, 2024 (AoE, UTC -12)
Paper Notification January 7, 2025
Camera-ready paper January 24, 2025
Workshop February 24, 2025


Publication and presentation

All papers will be published by the Internet Society with official proceedings. At least one author of each accepted submission will register and present at the workshop. Authors are responsible for obtaining appropriate publication clearances. We are expecting to hold an in person conference and that authors will be able to travel to the conference to present their paper, but will make allowances for remote presentation in cases where all authors of a paper have legitimate reasons they are unable to attend in person.


Program


February 24 (Monday)



07:00 AM - 05:30 PM | Registration
07:30 AM - 09:00 AM | Breakfast
09:00 AM - 09:05 AM | Opening remarks
09:05 AM - 10:00 AM | Keynote talk by Prof. Gene Tsudik (University of California, Irvine)
Speaker: Dr. Gene Tsudik Distinguished Professor of Computer Science, University of California, Irvine

Bio: Gene Tsudik is a Distinguished Professor of Computer Science at the University of California, Irvine (UCI). He obtained his Ph.D. in Computer Science from USC. Before coming to UCI in 2000, he was at the IBM Zurich Research Laboratory (1991-1996) and USC/ISI (1996-2000). His research interests include many topics in security, privacy, and applied cryptography. Gene Tsudik was a Fulbright Scholar and a Fulbright Specialist. He is a fellow of ACM, IEEE, AAAS, IFIP, and a foreign member of Academia Europaea. From 2009 to 2015, he served as the Editor-in-Chief of ACM TOPS. He received the 2017 ACM SIGSAC Outstanding Contribution Award, the 2020 IFIP Jean-Claude Laprie Award, the 2023 ACM SIGSAC Outstanding Innovation Award, the 2024 Guggenheim Fellowship and the 2024 NDSS Test-of-Time Award. He has no social media presence.

Abstract: IoT devices are increasingly popular and ubiquitous in numerous everyday settings. They sense and actuate the environment using a wide range of analog peripherals. They are often deployed in large numbers and perform critical tasks. It is no surprise that they represent attractive targets for various attacks. Recent history shows that few lessons were learned from well-known attacks and IoT devices are still commonly compromised via both known attacks and zero-day exploits. Alas, the worst is yet to come. This talk will consider several reasons for the current state of affairs in IoT (in)security and motivate research on actively secure and formally assured operation of IoT devices. This direction is both important and timely since common sense dictates that it is better to be prepared for a disaster that never comes than to be unprepared for the one that does.
10:00 AM - 10:20 AM | Poster session with coffee break
Poster: Securing IoT Edge Devices: Applying NIST IR 8259A to a Realtime Animal Detection System
Rahul Choutapally, University of the Pacific; Konika Reddy Saddikuti, University of the Pacific; Solomon Berhe, University of the Pacific

Poster: Understanding User Acceptance of Privacy Labels: Barriers and Enhancements
Jingwen Yan, Clemson University; Mohammed Aldeen, Clemson University; Jalil Harris, Clemson University; Kellen Grossenbacher, Clemson University; Aurore Munyaneza, Texas Tech University; Song Liao, Texas Tech University; Long Cheng, Clemson University

Poster: FORESIGHT, A Unified Framework for Threat Modeling and Risk Assessment in Robotics and IoT
ChaeYoung Kim, Seoul Women's University; Kyounggon Kim, Naif Arab University for Security Sciences

10:20 AM - 11:15 AM | Keynote talk by Dr. May Wang (Palo Alto Networks)
Speaker: Dr. May Wang

Dr_May_Wang

Bio: Dr. May Wang is the Chief Technology Officer for IoT Security at Palo Alto Networks, where she leads innovation in AI-driven cybersecurity solutions. She is the co-founder of Zingbox, the industry’s first AI-powered IoT security company, which was acquired by Palo Alto Networks in 2019. Before founding Zingbox, Dr. Wang served as a Principal Architect in the Cisco CTO Office. Dr. Wang holds a Ph.D. in Electrical Engineering from Stanford University and has received numerous accolades, including being recognized as the 2023 AI Entrepreneur of the Year by VentureBeat.

Talk: The AI-Cybersecurity Nexus - Opportunities, Challenges, and Solutions Artificial Intelligence (AI) is revolutionizing cybersecurity, offering enhanced threat detection, proactive prevention, and streamlined response mechanisms. In this keynote, we will explore how AI is reshaping the cybersecurity landscape, especially IoT security, enabling faster incident resolution, more intuitive security tools, and greater overall efficiency. We will share key insights into what works, what doesn’t, and lessons learned from real-world implementations. However, while AI strengthens cybersecurity, it also introduces new vulnerabilities—adversarial AI, automated cyberattacks, and novel threat vectors that traditional defenses struggle to address. We will examine these emerging risks and the evolving tactics of malicious actors who leverage AI against security systems. Finally, this session will present actionable solutions to mitigate AI-driven threats, including fighting AI with AI, platformization, precision AI, adaptive defense strategies, responsible AI deployment, and the integration of AI with human intelligence to create more resilient security frameworks. Join us as we navigate the AI-cybersecurity nexus and chart a course toward a safer digital future.

11:15 AM - 12:00 PM | Paper presentation session: Security and Privacy in IoT standards, protocols and implementations
SecuWear: Secure Data Sharing Between Wearable Devices
Sujin Han, KAIST; Diana A. Vasile, Nokia Bell Labs; Fahim Kawsar, Nokia Bell Labs, University of Glasgow; Chulhong Min, Nokia Bell Labs

Analysis of Misconfigured IoT MQTT Deployments and a Lightweight Exposure Detection System
Seyed Ali Ghazi Asgar, Texas A&M University; Narasimha Reddy, Texas A&M University

Privacy Preserved Integrated Big Data Analytics Framework Using Federated Learning for Intelligent Transportation Systems
Sarah Kaleem, Prince Sultan University (PSU); Awais Ahmad, Imam Mohammad Ibn Saud Islamic University (IMSIU); Muhammad Babar, Prince Sultan University (PSU); Goutham Reddy Alavalapati, University of Illinois, Springfield

Optimizing Trust-Centric Authentication in Matter-enabled IoT Devices with PUF and PKI
Chandranshu Gupta, IIT Jammu; Gaurav Varshney, IIT Jammu

WIP: Towards Privacy Compliance by Design in the Matter Protocol
Yichen Liu, Indiana University Bloomington; Jingwen Yan, Clemson University; Song Liao, Texas Tech University; Long Cheng, Clemson University; Luyi Xing, Indiana University Bloomington

IoT Software Updates: User Perspectives in the Context of NIST IR 8259A
S. P. Veed, S. M. Daftary, B. Singh, M. Rudra, S. Berhe, University of the Pacific; M. Maynard, Data Independence LLC; F. Khomh, Polytechnique Montreal

mmProcess: Phase-Based Speech Reconstruction from mmWave Radar
Hyeongjun Choi, Korea University; Young Eun Kwon, Korea University; Ji Won Yoon, Korea University.

12:00 PM - 12:10 PM | Best Paper Award and Closing Remarks
12:10 PM | Lunch

Venue

SDIoTSec '25 is co-located with the Network and Distributed System Security (NDSS '25) on Feb. 24th, 2025 in San Diego, California.


Organizing Committee



Workshop Co-chairs

L. Jean Camp (Indiana University Bloomington, USA)

Luyi Xing (Indiana University Bloomington, USA)



Publicity Chair

Yue Xiao (IBM Research)



Program Committee

Berkay Celik (Purdue University)

Long Cheng (Clemson University)

Jayati Dev (Comcast, Inc.)

Josiah Dykstra (Rail of Bits)

Robert J. Erbes (Idaho National Laboratory)

Hongxin Hu (University at Buffalo, the state university of New York)

Yan Jia (Nankai University)

Hyungsub Kim (Indiana University Bloomington)

Sophie Stephenson (University of Wisconsin-Madison)

Haoqiang Wang (Chinese Academy of Sciences)

Jianliang Wu (Simon Fraser University)

Yue Xiao (IBM Research)

Ziming Zhao (Northeastern University)




Contacts

Contact SDIoTSec 2025 chairs at: SDIoTSec@gmail.com.