SDIoTSec 2025

Workshop on Security and Privacy in Standardized IoT (SDIoTSec)

Co-located with NDSS 2025 »

Consumers increasingly rely on IoT products to manage essential aspects of daily life, including home safety, health, recreation, and personal convenience. Design and implementation practices of IoT devices are known to be heterogeneous, with vendor-specific protocols, designs and developments for device access, communication, and security management. This diversity poses significant challenges to both IoT security and consumer usability. In response, the emergence of IoT standards aims to address these issues. Notable examples include the Matter open-source project, a major industry collaboration that provides a unified standard for IoT design and implementation, simplifying development for manufacturers and enhancing device compatibility for consumers. Additionally, the IoT Labeling Program of the Federal Communications Commission (FCC) seeks to establish security standards for manufacturers.

Any security and privacy problems in IoT standards and standardized IoT practices can be easily inherited by real IoT products of many manufacturers. This workshop aims to promote research that investigates and evaluates the foundational role of IoT design standards and their implementations (open-source and closed source) for the security, privacy, and trustworthiness of IoT systems. The IoT industry, open-source community and academia are expected to develop and apply practical, rigorous security and privacy measures to ensure that IoT standards and standardization processes are both well-designed and properly implemented.


Call for Paper

We invite researchers and practitioners to submit original research papers for the second Workshop on Security and Privacy in Standardized IoT (SDIoTSec 2025). The aim of this workshop is to bring together experts from academia, industry, open-source community, governments to discuss and address security and privacy challenges emerging in standardized IoT design and implementations and their real-world deployments. The expected impacts include significantly eliminating security and privacy threats in both the design and implementation space of IoT.

Scope and Topics of Interest

The research should be related to emerging IoT standards (such as Matter, IoT Cybersecurity Labels, SBOM, CBOM, HBOM or any supply chain standards/regulations), or common IoT design and implementation ("common" means shared by multiple vendors). The research is related to security, privacy, safety, and governance of IoT systems.

Specific topics of interests include but are not limited to the following:

The PC will select a best paper award for work that distinguishes itself in advancing the security, safety, and privacy of standardized IoT design and implementation.

Submission Instructions

Submitted papers must be in English, unpublished, and must not be currently under review for any other publication. Submissions must be a PDF file in double-column NDSS format (https://www.ndss-symposium.org/ndss2025/submissions/call-for-papers/). We accept (1) regular papers with up to 8 pages, (2) short papers or work-in-progress papers with up to 4 pages. The page limits does not include bibliography and well-marked appendices, which can be up to 2 pages long. Note that reviewers are not required to read the appendices or any supplementary material. Authors should not change the font or the margins of the NDSS format. The review process is double-blind. (Papers must be submitted in a form suitable for anonymous review: no author names or affiliations may appear on the title page, and papers should avoid revealing authors’ identity in the text.) All papers must be in Adobe Portable Document Format (PDF) and submitted through the web submission form via Hotcrp (submission link below).


Submission Website »

Important Dates (AoE Time)


Paper submission December 6, 2024 (AoE, UTC -12)
Paper Notification January 7, 2025
Camera-ready paper January 24, 2025
Workshop February 24, 2025


Publication and presentation

All papers will be published by the Internet Society with official proceedings. At least one author of each accepted submission will register and present at the workshop. Authors are responsible for obtaining appropriate publication clearances. We are expecting to hold an in person conference and that authors will be able to travel to the conference to present their paper, but will make allowances for remote presentation in cases where all authors of a paper have legitimate reasons they are unable to attend in person.


Venue

SDIoTSec '25 is co-located with the Network and Distributed System Security (NDSS '25) on February 23, 2025 in San Diego, California.


Organizing Committee



Workshop Co-chairs

L. Jean Camp (Indiana University Bloomington, USA)

Luyi Xing (Indiana University Bloomington, USA)



Publicity Chair

Yue Xiao (IBM Research)




Contacts

Contact SDIoTSec 2025 chairs at: SDIoTSec@gmail.com.