Setting Up an IoT Device

For this assignment, you are to do a complete system design for setting up an IoT device.

You have:

• A device, with
• No screen
• Some number of LEDs
• Some number of buttons
• WiFi only
• Space for a printed label no larger than 6 cm²
• An "honest but curious" vendor—the code works as proclaimed, with no intentional backdoors
• A smartphone with an app installed
• No hubs—the Thing speaks directly to a vendor server
• The enemy is an ordinary hacker who may be targeting the owner; however, don't worry about intelligence agency-level attacks

The goal is to set up the Thing so that only the owner's phones—more than

one; think partners or other family members!—can talk to the device.

You must:

• Describe the setup process
• Describe the "lost phone" process
• Describe the "add another phone" process
• Describe the "factory reset" process, erase everything and start fresh
• Minimize the number of buttons and LEDs, since those cost money
• Maximize usability (yes, I know that this can be in conflict with the previous requirement…)
• Pay due regard to privacy
• Describe any residual attacks that your design does not prevent

This is a technical design, not a short memo to management. There is no length limit (which is not a suggestion that this is a 20-page paper!).

Hint: many devices can turn their WiFi interfaces into temporary access points that phones can talk to. (My camera does this.)

Note: you may make other reasonable assumptions, but you have to state them explicitly, probably in a short section up front. If in doubt about the reasonableness of some assumption, contact me.

As always, this homework must be submitted via Courseworks as a PDF file.