Award last edited on: 11/8/2023

Sponsored Program
Awarding Agency
Total Award Amount
Award Phase
Solicitation Topic Code
Principal Investigator
Panagiotis Kintis

Company Information

Voreas Laboratories Inc (AKA: VLI)

1321 Oaklawn Avenue Ne
Brookhaven, GA 30319
   (678) 469-6406
Location: Single
Congr. District: 04
County: DeKalb

Phase I

Contract Number: N/A
Start Date: 11/1/2021    Completed: 5/31/2024
Phase I year
Phase I Amount
Direct to Phase II

Phase II

Contract Number: HR001122C0042
Start Date: 11/1/2021    Completed: 5/31/2024
Phase II year
Phase II Amount
Internet of Things (IoT) devices, ranging from common household objects to medical assets and industrial equipment have enabled a wide range of attractive use cases through their feedback loops of sensing and actuating. Their low cost and promise of automation has resulted in skyrocketing adoption, with projections placing the total number of IoT devices in the tens of billions by 2023. From a security and network-management perspective, IoT devices are single-purpose, Internet-connected computers that expand the boundaries of networks and increase their attack surface, through their sheer number as well as the difficulty of managing a medley of different hardware and network protocols, with varying levels of outdated software. These vulnerable IoT devices have already been abused for spying upon their users as well as creating botnets that can launch record-breaking DDoS attacks. In this project, we propose to design, implement, and evaluate IoTPanorama, a scalable system for the passive identification of IoT devices. Unlike typical reconnaissance approaches that involve active scanning, IoTPanorama can detect the presence of IoT devices by analyzing the by-product communications that these devices already perform, as part of their normal operation. Namely, our system takes advantage of DNS resolutions and NetFlow records to create device-specific signatures that can then be used to identify IoT devices, even when origin-obfuscating technologies (such as NATs) are in place. We propose methods to not only detect IoT devices, but also their status, differentiating between benign IoT devices, IoT devices that have been orphaned, and those that have been already compromised. In addition to the aforementioned passive identification techniques, IoTPanorama will support non-intrusive methods for passive-to-active hand-offs that cause IoT devices to contact designated monitoring servers (as opposed to external systems trying to contact the IoT devices), enabling IoTPanorama to derive fine-grained device signatures and, if/when necessary, mitigate compromised devices.