How might an open IoT ecosystem that facilitates experimentation with applications and user experience, ensures privacy and security, and develops systems that guarantee interoperability look and work?

SC Faculty and Researchers

Yuvraj Agarwal

Lujo Bauer

Lorrie Cranor

Norman Sadeh

The number of IoT-connected devices is expected to grow to 21 billion by 2020 , presenting a major market opportunity for established hardware and software vendors across the world, in addition to spawning new entrepreneurship opportunities. These companies are working on producing IoT devices, software, and services to develop an interconnected world.

But while numerous commercial and academic programs focus on building IoT systems, it’s clear that for any IoT stack to be widely adopted, it must be open—without a singular organization claiming ownership. We must involve the community with the IoT’s design, development, and deployment—that means truly open source development, as exemplified by Linux and Android. We also believe that an IoT stack must provide immediate value to anyone wanting to deploy and use it, without requiring substantial integration work upfront. Practically, this means that it must provide important first-class features such as robust machine learning, easy end-user programming, security, and privacy.

To that end, our research team developed the GIoTTO stack, an open source infrastructure intended to support the construction, maintenance, and use of IoT-enabled environments. We formed our team at CMU shortly after Google held an open call for proposals on the Open Web of Things. We responded and received the lead award on what is now known as the IoT Expedition, which includes partners at Cornell Tech, the University of Illinois, and Google. The IoT Expedition’s goals match those of GIoTTO, and the project has adopted GIoTTO as its software infrastructure. Each partner will contribute to and build on GIoTTO to demonstrate its value through a series of living laboratories at each site.

While the vision of an IoT-enabled future is enormously compelling, there are several key challenges must be addressed before it can become a reality. These challenges are related to three critical questions, which the our team hopes to answer:

  1. How can we build an IoT infrastructure that is safe, secure, and private from the ground up?

    Safety implies that IoT devices won’t do anything unexpected or unintended. Security implies that IoT devices only allow authorized entities, whether computer programs or humans, to access their services. Privacy implies that IoT devices don’t access or leak private user data either directly or indirectly without a clearly defined, and verifiable, purpose being presented to and accepted by users.


  2. How can we leverage the huge amount of data being collected by sensors embedded in all objects?

    This calls for machine learning and data analytics to be integrated at every level from sensors and actuators to end users.


  3. How can we enable end users of varying technical ability to manage, interact with, and even control and program IoT-enabled environments?

    For the IoT to be truly pervasive, IoT systems must be accessible to end users, or they might be discarded along with the multitude of other technologies that showed much promise only to be ignored after deployment.

We are proud to be working with the following faculty from across Carnegie Mellon:
Anind Dey (CMU HCII)
Chris Harrison (CMU HCII)
Jason Hong (CMU HCII)
Anthony Rowe (CMU ECE)
Mahadey Satyanarayanan (CMU CSD)

Learn More About This Project

  • Related Research ​Personalized Privacy Assistant Read More
  • Related Research ​Devices for Activity and Health Tracking Read More