Secure solutions for the Internet of Things

Internet of Things (IoT) devices play a key role in ensuring the resilience of networks and keeping data private and secure. But, the increasing trend in the complexity of cybersecurity threats brings a need for more robust security frameworks for IoT devices and networks.

To address this issue, the European Commission presented a comprehensive Cybersecurity Strategy for the Digital Decade in December 2020, outlining a path towards a widespread Internet of Secure Things.

The security cluster of IoT projects addresses the shortcomings of devices and networks. It do so by developing secure and modular frameworks that can be integrated in new and existing solutions for assisted living, healthcare, manufacturing, food supply, energy, and transport. This cluster consists of 8 projects, amounting to €40 million (around €5 million each) in EU funding.

The cluster has produced noteworthy results in target sectors. Although the applications are specialised, the open-source modular development approach used by the projects allows the modules to be reused in other solutions for a broader spectrum of applications.

Projects

SecureIoT: Predictive Security for IoT Platforms and Networks of Smart Objects

SecureIoT is a joint effort of global leaders in IoT services and cybersecurity to secure the next generation of decentralised IoT systems. These span multiple networks of smart objects, implementing a range of open security services.

SecureIoT designed predictive security services in line with leading edge reference architectures for IoT applications, which serve as a basis for specifying security building blocks at both the edge and the core of IoT systems. SecureIoT provides security data collection, monitoring and predictive mechanisms, which offer integrated services for risk assessment, compliance auditing against regulations and directives (General Data Protection Regulation, Directive on security of network and information systems, ePrivacy Directive), and developer support.

SecureIoT’s services were challenged in market-driven scenarios in areas like smart manufacturing and mobility. Their deployments were based on openly available IoT services and the partner community of platforms. In a use case on smart living, SecureIoT demonstrated the time taken to detect attacks in IoT-enabled robotics. With 80% of these socially assistive robots’ critical assets found in a security knowledge base, it took SecureIoT less than 10 seconds to effectively detect anomalies and under 5 minutes for a risk assessment.

SEMIoTICS: Smart End-to-end Massive IoT Interoperability, Connectivity and Security

SEMIoTICS developed a pattern-driven framework, building on existing IoT platforms to guarantee secure and semi-autonomic behaviour in industrial IoT applications. These patterns encoded the dependencies between security, privacy, dependability and interoperability of individual smart objects.

SEMIoTICS supported cross-layer adaptation, including smart objects, networks and clouds, addressing autonomic behaviour at field (edge) and infrastructure (backend) layers. To address the complexity and scalability needs within horizontal and vertical domains, SEMIoTICS developed programmable networking and semantic interoperability mechanisms. Its practicality was validated using three use cases in healthcare, renewable energy and smart sensing.

The consortium consisted of stakeholders in European industry, SMEs and academia, covering the whole value chain of IoT, local embedded analytics and their programmable connectivity to the cloud with security and privacy.

ENACT DevOps

The DevOps movement advocates a set of software engineering tools to ensure a quality of service whilst evolving complex systems and fostering rapid innovation cycles and ease of use. DevOps has been widely adopted in the software industry, but there is no complete support for trustworthy IoT systems today.

ENACT established platform enablers to allow DevOps into the realm of trustworthy IoT systems, enriching it with security and resilience, taking into account challenges related to collaborative actuation. It also facilitated the integration of these concepts to leverage DevOps for existing and new IoT platforms like FIWARE, SOFIA and TelluCloud.

This was accomplished by developing current DevOps techniques to support the operation of IoT systems, providing a set of mechanisms to ensure trustworthiness. Through this, ENACT provided a DevOps framework for smart IoT Systems.

In a use case on intelligent transport, ENACT assessed the use of IoT in train integrity control. Here the infrastructure and resources used are expensive and the planning is time-consuming. The use of rail systems were optimised, following security and safety directives due to critical and strategic characteristics of the domain, assuring the proper transportation of cargo or passengers and avoiding any accidents.

IoT Crawler

Launched in February 2018, IoTCrawler concentrated on interoperability across platforms, reconfigurable solutions for integrating data and services, privacy-aware and secure algorithms, and mechanisms for crawling, indexing, and searching in IoT systems.

IoTCrawler provided demonstrations with a focus on Industry 4.0, smart communities and smart energy, providing impact through research, innovation and technology advancement. The project addressed open challenges and issues in crawling, discovery, indexing, semantic integration and security for an IoT ecosystem.

The project carried out anomaly detection in a water management use case. The analysis of data collected by smart meters can personalise feedback to customers, prevent water waste and detect critical situations. In utility companies, anomaly detection is often neglected or done by a technician who cannot check all the metres due to the volume of data generated. In this scenario, IoTCrawler examined two methods for time series anomaly detection to see which best suits for water consumption.

The first was an ARIMA-based (Auto Regressive Integrated Moving Average) framework that selects as the points that do not fit an ARIMA process, and the other was the HOT-SAX (Heuristically Order Time series using Symbolic Aggregate Approximation) technique, which discretely represents data and discriminates it using a heuristic. Both approaches proved effective at detecting anomalies: 90% were found using ARIMA and 80% using HOT-SAX.

BRAIN-IoT: Model-based framework for dependable sensing and actuation in intelligent decentralised IoT systems

BRAIN-IoT focused on scenarios where actuation and control are supported by IoT systems. The aim was to establish a methodology supporting cooperative behaviour in decentralised composable federations of heterogeneous platforms.

BRAIN-IoT tackled business-critical and privacy-sensitive scenarios subject to strict dependability requirements. In this setting, BRAIN-IoT enabled smart autonomous behaviour involving sensors and actuators cooperating in complex tasks. This was achieved by employing IoT platforms, able to support secure and scalable operations for various use cases, backed by an open decentralised marketplace of platforms.

Open semantic models were used to enforce interoperable operations, exchange data and control features, supported by model-based development tools to ease prototyping and integration of interoperable solutions. Secure operations were guaranteed by a framework providing AAA features in distributed IoT scenarios, joint with solutions to embed privacy awareness.

The viability of the approaches was demonstrated in two use cases, namely service robotics and critical infrastructure management, as well as through various proof-of-concept demonstrations in collaboration with large-scale pilot initiatives.

SOFIE: Secure open federation for Internet everywhere

The SOFIE project created a secure and open federation architecture and framework. It used distributed ledger technologies to allow actuation, auditability, smart contracts and management of identities and encryption keys. This enabled decentralised solutions with almost unlimited scalability.

SOFIE addressed the fragmentation of IoT through federation, where any IoT platform could join by creating an adapter. Data remained in the platforms and was usable by all applications within the limits set by security policies. The project exercised privacy by design, by providing end-to-end security, key management, authorisation, accountability, and auditability. The user could retain control over their data also after the data has been stored in the cloud complying with GDPR.

SOFIE worked on existing open standards, interfaces and components, such as FIWARE, W3C Web of Things and oneM2M, selecting existing components, developing new ones, and collecting them into a framework to create administratively decentralised, open and secure business platforms.

SOFIE has demonstrated the practicality of their approach by using it in three pilots in three different sectors: the food chain, gaming, and energy markets. Three business platforms have been realised for the pilots, and the results were evaluated against the key performance indicators.

CHARIoT: Cognitive heterogenous architecture for industrial IoT

CHARIoT provided a cognitive computing platform to support a unified approach towards the privacy, security and safety of IoT systems.

Three pilot sites in Athens (Greece), Dublin (Ireland) and Venice (Italy) demonstrated realistic solutions through industry reference implementations, with the goal of demonstrating that secure, privacy-mediated and safety IoT imperatives are met; a stepping stone to the EU’s roadmap for next-generation IoT platforms.

As well as physical threats such as acts of terrorism, airports are becoming increasingly vulnerable to cyber threats, which in future may replace physical terrorism or be combined during an attack. Combined cyber and physical attacks on airports could have devastating consequences. Traditional ICT infrastructures such as servers, desktops, and networks used in airports are connected to other systems used in areas like mission critical systems (baggage handling, environmental control, access control, and fire control).

The use case at Athens International Airport addressed the safety of airport infrastructures, boosting the protection of facilities from physical and cyber threats. CHARIoT enhanced the airport’s capability of early detection and prediction of hazardous situations, in parallel with reducing false positive alarms that disrupt airport operations

SERIoT

European industry, homes and society experience IoT security risks that accompany untested technology on a daily basis. Attacks on content and quality of service of platforms can have economic, energetic and physical consequences that go beyond the traditional Internet’s lack of security on computers and mobile phones. SerIoT was key to implementing secure IoT platforms and networks, anywhere and everywhere.

The project developed an IoT framework based on an adaptive smart software defined network with secure routers, advanced analytics, and user-friendly visual analytics. SerIoT optimised the information security in platforms and networks in a holistic, cross-layered manner. Pilots tested SerIoT’s technology in various use cases. These included intelligent transport and surveillance, flexible manufacturing within Industry 4.0 and other emerging domains like food chain logistics, m-Health and energy through the smart grid. Through these technology developments and test-beds, the project delivered a unique portable software-based network that can spearhead Europe’s success in IoT.