The European Commission strives to achieve industrial leadership in ICT through the Horizon 2020 programme. Devices connected to the Internet of Things (IoT) play a key role in ensuring the robustness and resilience of networks and keeping your data private and secure.
Nevertheless, the increasing trend in the complexity and sophistication of cybersecurity threats highlights the need for even more robust and resilient security frameworks for IoT devices and the networks of which they are a part. To effectively address this issue, the Commission recently presented a comprehensive Cybersecurity Strategy for the Digital Decade, in which it foresees an evolutionary path towards a widespread Internet of Secure Things.
The IoT Security cluster of projects aims to address the shortcomings of current devices and networks. It does so by developing secure, robust and modular frameworks that can be deployed and integrated into new and existing solutions for a broad range of application areas. These include assisted living, healthcare, manufacturing, food supply, energy, and transportation, to name a few. The security cluster consists of eight projects, amounting to almost €40 million (around €5 million each) in EU funding. The last of the running projects are scheduled to finish by late April 2021, having been launched in January 2018.
The cluster has already produced noteworthy results in their target sectors, and although the applications chosen are specialised, the modular development approach used by the projects allows the modules to be reused and integrated in other solutions for a broader spectrum of possible applications.
The choice of an open-source approach by many of the projects is paramount to building industrial trust on the solutions developed (open-source code is easier to audit), and inviting further developments through general contributions from the open-source developer community. This is particularly important when considering that IoT device and network security is still very much a developing market.
SecureIoT is a joint effort of global leaders in IoT services and cybersecurity to secure the next generation of dynamic, decentralised, IoT systems. These span multiple IoT platforms and networks of smart objects, through implementing a range of predictive IoT security services.
SecureIoT has designed predictive security services in line with leading edge reference architectures for IoT applications, which serve as a basis for specifying security building blocks at both the edge and the core of IoT systems. IT provide concrete implementations of security data collection, security monitoring and predictive security mechanisms, which are the basis for offering integrated services for risk assessment, compliance auditing against regulations and directives (GDPR, NIS, ePrivacy) as well as support to IoT developers based on programming annotations.
The services are open and based on the Security-as-a-services (SECaaS) paradigm. The SecureIoT services were challenged in market-driving scenarios and use cases in the areas of smart manufacturing, smart mobility and smart living. Their deployments were based on both enterprise-scale globally available IoT services and the partners' community open source platforms.
As part of its explotation strategy, SecureIoT integrates a multi-sided market platform in order to offer SECaaS and to allow the integration of additional security mechanisms in its ecosystem. In a use case on smart living, SecureIoT demonstrated how much time it can take to detect attacks in IoT-enabled robotics. With 80% of these socially assistive robots' critical assets found in a security knowledge base, it took SecureIoT less than 10 seconds to detect any anomalies and under 5 minutes for a risk assessment, demonstrating the effectiveness of the service in question.
SEMIoTICS developed a pattern-driven framework, building on existing IoT platforms, to enable and guarantee secure and dependable actuation and semi-autonomic behaviour in IoT and Industrial IoT applications.
Patterns encoded proven dependencies between security, privacy, dependability and interoperability (SPDI) properties of individual smart objects and corresponding properties of orchestrations involving them. The SEMIoTICS framework supported cross-layer intelligent dynamic adaption, including heterogeneous smart objects, networks and clouds, addressing effective adaption and autonomic behaviour at field (edge) and infrastructure (backend) layers, based on intelligent analysis and learning.
In order to address the complexity and scalability needs within horizontal and vertical domains, SEMIoTICS developed and integrated smart programmable networking and semantic interoperability mechanisms. The practicality of this approach was validated using three diverse usage scenarios in the areas of healthcare (focusing on human-centric IoT), renewable energy, and smart sensing (covering both Iot and Industry IoT), offered through an open application programming interface.
The SEMIoTICS consortium consisted of stakeholders in European industry (Siemens, Engineering, STMicroelectronics), innovative SMEs (Sphynx, Iquadrat, BlueSoft) and academic partners (FORTH, University of Passau, CTTC) covering the whole value chain of IoT< local embedded analytics and their programmable connectivity to the cloud IoT platforms with associated security and privacy.
The DevOps movement advocates a set of software engineering best practices and tools, to ensure a quality of services whilst continuously evolving complex systems and fostering agility, rapid innovation cycles, and ease of use.
DevOps has been widely adopted in the software industry, but there is no complete DevOps support for trustworthy smart IoT systems today. The goal of ENACT - Development, Operation and Quality Assurance of Trustworthy Smart IoT systems - was to establish IoT platform enablers to allow DevOps into the realm of trustworthy IoT systems. This was done taking into account the challenges related to collaborative actuation and actuation conflicts.
It also facilitated the integration of these concepts to leverage DevOps for existing and new IoT platforms like FIRMWARE, SOFIA and TelluCloud. This was accomplished by evolving current DevOps techniques to support the development and operation of smart IoT systems. As well as this, it was achieved by providing a set of novel mechanisms to ensure quality assurance and trustworthiness, such as continuous testing and deliver across IoT, edge and cloud spaces and privacy management.
Through this, ENACT has provided a DevOps framework for smart IoT Systems. In a use case on intelligent transport systems, ENACT assessed the feasibility of IoT services in the domain of train integrity control, in particular for the logistics and maintenance of the rolling stock and on-track equipment. In this domain, the infrastructure and the resources used are usually expensive and much time is spent on planning and execution. Therefore, the usage of rail systems were optimised at maximum, following security and safety directives due to the critical and strategic characteristics of the domain, assuring the proper transportation of cargo or passengers, avoiding possible accidents.
IoTCrawler concentrated on integration and interoperability across different platforms. It also focused on dynamic and reconfigurable solutions for the discovery and integration of data and services, from legacy and new systems, adaptive privacy-aware and secure algorithms, and mechanisms for crawling, indexing and searching in distributed IoT systems.
IoTCrawler has provided extensive development and demosntrations with a focus on Industry 4.0, social IoT, smart communities and smart energy, providing impact through research excellence, innovation and technology advancement. The project addresses open challenges and issues in crawling, discovery, indexing, semantic integration and security for an IoT ecosystem. The project carried out intelligent anomaly detection in a water management use case. The analysis of data collected by smart meters can help personalise feedback to customers, prevent water waste and detect critical situations. In many utility companies, anomaly detection is either neglected or done by a technician who is unable to check all smart meters just to the high volume of data that is generated.
In this use case, IoTCrawler examined two methods for time series anomaly detection to see which best suits for water consumption. The first was an ARIMA-based (Auto Regressive Integrated Moving Average) framework that selects as outliers the points that do not fit an ARIMA process, and the other was the HOT-SAX (Heuristically Order Time series using Symbolic Aggregate Approximation) technique, which represents windows of data in a discrete way and then discriminates them using a heuristic. Both approaches proved effective at detecting anomalies: 90% were found using ARIMA and 80% using HOT-SAX.
BRAIN-IoT focuses on complex scenarios where actuation and control are cooperatively supported by populations of IoT systems. The breakthrough targeted by BRAIN-IoT is to establish a framework and methodology supporting smart cooperative behavioiur in fully decentralised, composable and dynamic federations of heterogeneous IoT platforms.
BRAIN-IoT tackled business-critical and privacy-sensitive IoT scenarios subject to strict dependability requirements. In this setting, BRAIN-IoT enabled smart autonomous behaviour involving sensors and actuators cooperating in complex, dynamic tasks.
This was achieved by employing highly dynamic federations of IoT platforms, able to support secure and scalable operations for various use cases. It was backed by an open decentralised marketplace of platforms and smart features. Open semantic models were used to enforce interoperable operations and exchange of data and control features. These were supported by model-based development tools to ease prototyping and integration of interoperable solutions.
Overall, secure operations were guaranteed by a consistent framework proving AAA features in highly dynamic, distributed IoT scenarios, joint with solutions to embed privacy awareness and control features. The viability of the proposed approaches was demonstrated in two futuristic usage scenarios, namely Service Robotics and Critical Infrastructure Management. It was also shown through a series of proof-of-concept demonstrations in collaboration with various large-scale pilot (LSP) initiatives.
SOFIE created a secure and open IoT federation architecture and framework. The project used Distributed Ledger Technologies (DLTs), including blockchain and inter-ledger technologies. These technologies allowed actuation, auditability, smart contracts and management of identities and encryption keys. This enabled completely decentralised solutions with almost unlimited scalability.
SOFIE addressed the fragmentation of IoT through federation rather than integration. Virtually any IoT platform could join the federation by simply creating an adapter. Data remained in the respective platforms and was usable by all the applications within the limits set by applicable security and privacy policies. The project exercised security and privacy by design, by providing end-to-end security, key management, authorisation, accountability and auditability, using DLTs where applicable. The user could retain control over their data after the data had been stored in the cloud or fog in a GDPR.
SOFIE worked on existing open standards, interfaces and components, such as FIWARE, W3C Web of Things (WoT), and oneM2M. The project selected existing components, developed new ones and collected them into an IoT federation framework for creating administratively decentralised, open and secure business platforms from existing platforms.
SOFIE has demonstrated the practicality of their approach by using it in three pilots in three different sectors: the food chain, gaming and the energy market. Three business platforms have been realised for the pilots, and the results were evaluated against the key performance indicators.
CHARIoT provided a design method and cognitive computing platform supporting a unified approach towards the privacy, security and safety (PSS) of IoT systems. Three pilot sites in Athens (Greece), Dublin (Ireland), and Venice (Italy) have demonstrated realistic and compelling hetereogenous solutions through industry reference implementations at representative scale. The underlying goal was to demosntrate that secure, privacy mediated and safety IoT imperatives are collectively met, in turn delivering a key stepping stone to the EU's roadmap for the next-generation IoT platforms and services.
As well as facing physical threats such as acts of terrorism, airports are becoming increasingly vulnerable to cyber threats, which in the future may replace physical terrorism or combine with it to form an orchestrated attack. Combined cyber and physical attacks on airports can have devastating consequences. Traditional ICT infrastructures such as servers, desktops and network devices used in airports are sharing connections and networks with other systems, used in areas such as mission critical systems (baggage handling, environmental control, access control, fire control, air lighting).
The use case at Athens International Airport addressed the safety of airport infrastructures, enhancing protection of their facilities from physical and cyber threats. To achieve this, CHARIoT enhanced the airport's capability of early detection and prediction of hazardous situations, in parallel with reduction in false positive alarms that disrupt airport operations.
IoT has catapulted European industry, homes and society into the arena of security risks that accompany untested technology that manages our cyber-physical reality on a daily basis. Attacks on content and quality of service of IoT platforms can have economic, energetic and physical security companies that go far beyond the traditional Internet's lack of security, and beyond the threats posed by attacks to mobile phones.
The SERIoT project was a key step that could be used to implement secure IoT platforms and networks anywhere and everywhere. The SERIoT project developed, implemented and tested a generic IoT framework based on an adaptive smart software defined network (SDN) with verified software, secure routers, advanced analytics, and user-friendly visual analytics. SERIoT — secure and safe Internet of Things — optimised the information security in IoT platforms and networks in a holistic, cross-layered manner, based on both dynamic and distributed processing by single-network components. It was also based on a centrally located server with the main control of the network in order to collect, aggregate and fuse the relevant information.
LSPs have tested SERIoT's technology in various use cases, including intelligent transport and surveillance, flexible manufacturing within industry 4.0 and other emerging domains such as food chain and logistics, m-Health (both at home and in hopsital business scenarios) and energy through the smart grid. Through these technology developments and test-beds, the project delivered a unique portable software-based SERIoT network that can spearhead Europe's success in IoT.