SDIoTSec 2025
Workshop on Security and Privacy in Standardized IoT (SDIoTSec)
Co-located with NDSS 2025 »
Consumers increasingly rely on IoT products to manage essential aspects of daily life, including home safety, health, recreation, and personal convenience. Design and implementation practices of IoT devices are known to be heterogeneous, with vendor-specific protocols, designs and developments for device access, communication, and security management. This diversity poses significant challenges to both IoT security and consumer usability. In response, the emergence of IoT standards aims to address these issues. Notable examples include the Matter open-source project, a major industry collaboration that provides a unified standard for IoT design and implementation, simplifying development for manufacturers and enhancing device compatibility for consumers. Additionally, the IoT Labeling Program of the Federal Communications Commission (FCC) seeks to establish security standards for manufacturers.
Any security and privacy problems in IoT standards and standardized IoT practices can be easily inherited by real IoT products of many manufacturers. This workshop aims to promote research that investigates and evaluates the foundational role of IoT design standards and their implementations (open-source and closed source) for the security, privacy, and trustworthiness of IoT systems. The IoT industry, open-source community and academia are expected to develop and apply practical, rigorous security and privacy measures to ensure that IoT standards and standardization processes are both well-designed and properly implemented.
cfp anchor
Call for Paper
We invite researchers and practitioners to submit original research papers for the second Workshop on Security and Privacy in Standardized IoT (SDIoTSec 2025). The aim of this workshop is to bring together experts from academia, industry, open-source community, governments to discuss and address security and privacy challenges emerging in standardized IoT design and implementations and their real-world deployments. The expected impacts include significantly eliminating security and privacy threats in both the design and implementation space of IoT.
Scope and Topics of Interest
The research should be related to emerging IoT standards (such as Matter, IoT Cybersecurity Labels, SBOM, CBOM, HBOM or any supply chain standards/regulations), or common IoT design and implementation ("common" means shared by multiple vendors). The research is related to security, privacy, safety, and governance of IoT systems.
Specific topics of interests include but are not limited to the following:
- Novel attacks
- Privacy-enhancing techniques
- Problems related to heterogeneous IoT design and practices
- Case studies or analysis of emerging Federal IoT standards including SBOM and FDA approval requirements
- Formal methods to find attack vectors or for defense
- AI/ML/NLP based methods for analysis of specifications
- Program analysis on implementation of Matter, or other standard implementation of IoT systems
- End-user facing problems
- Problems in real-world adoption of IoT-standard design and implementations
- Policies or governance issues related to Matter or emerging IoT standards
- Surveillance and censorship related to Matter or emerging IoT standards
- Anonymity and pseudonymity related to Matter or emerging IoT standards
- Case studies and real-world experience related to Matter or emerging IoT standards
The PC will select a best paper award for work that distinguishes itself in advancing the
security, safety, and privacy of standardized IoT design and implementation.
Submission Instructions
Submitted papers must be in English, unpublished, and must not be currently under review for any other publication. Submissions must be a PDF file in double-column NDSS format (https://www.ndss-symposium.org/ndss2025/submissions/call-for-papers/). We accept (1) regular papers with up to 8 pages, (2) short papers or work-in-progress papers with up to 4 pages. The page limits does not include bibliography and well-marked appendices, which can be up to 2 pages long. Note that reviewers are not required to read the appendices or any supplementary material. Authors should not change the font or the margins of the NDSS format. The review process is double-blind. (Papers must be submitted in a form suitable for anonymous review: no author names or affiliations may appear on the title page, and papers should avoid revealing authors’ identity in the text.) All papers must be in Adobe Portable Document Format (PDF) and submitted through the web submission form via Hotcrp (submission link below).
Submission Website »
Important Dates (AoE Time)
Paper submission | December 6, 2024 (AoE, UTC -12) |
Paper Notification | January 7, 2025 |
Camera-ready paper | January 24, 2025 |
Workshop | February 24, 2025 |
Publication and presentation
All papers will be published by the Internet Society with official proceedings. At least one author of each accepted submission will register and present at the workshop. Authors are responsible for obtaining appropriate publication clearances. We are expecting to hold an in person conference and that authors will be able to travel to the conference to present their paper, but will make allowances for remote presentation in cases where all authors of a paper have legitimate reasons they are unable to attend in person.
venue anchor
Venue
SDIoTSec '25 is co-located with the Network and Distributed System Security (NDSS '25) on February 23, 2025 in San Diego, California.
organization anchor
Organizing Committee
Workshop Co-chairs
L. Jean Camp (Indiana University Bloomington, USA)
Luyi Xing (Indiana University Bloomington, USA)
Publicity Chair
Yue Xiao (IBM Research)
Contacts
Contact SDIoTSec 2025 chairs at: SDIoTSec@gmail.com.