The IoT has come to us faster than we think. IoT was given birth in the late 10´s, when the threshold was crossed to connect more objects than people on the Internet, as a result of a progressive evolution in previous years. This event caused the industry, homes and society of the European Union to increase the security risks that accompany this new hyper-connected technological world, second by second. Attacks on the content and service quality of the IoT platforms can have economic, energetic and physical security consequences that go beyond the lack of traditional security of the Internet, and far beyond the various threats that are arisen. Nowadays, the data are the main asset of a business, the data are vital; if they fall into the wrong hands, the consequences can be enormous.The IoT devices are so present in our day to day that they can be a danger for the security of the data, since the devices connected to the Internet can have deficiencies such as: users and access passwords by default and without mechanisms that force the user to change them for safer ones; web pages of control and configuration insecure or accessible remotely; lack of customization in security settings, among others. This default make it easier the data collection for cybercriminals looking for this type of device as an entry point to the company’s networks or to other points of the network that are more protected. Due to the entire process of digital transformation in which companies or organizations are immersed, attacks against computer security have increased. Because of this, the importance of cybersecurity has increased in the last decade as a consequence of an increase in cyberattacks, helping us to take the necessary precautions to protect information.
As a result of the increase in demand from service businesses related to cybersecurity, the SerIoT project was born, funded by the European Union’s Horizon 2020 research and innovation program.
This project began on January 1, 2018 and will end on December 31, 2020, having duration of three years with a total budget for execution of € 4,999,083.75.The consortium will be composed by the main European actors in the field of Internet of Things, bringing together the most important European technology companies such as DT/T-Sys (T-Systems) and ATOS, with highly competitive SMEs such as HIS, HOPU, GRUVENTA, HIT and ATECH and leading European research organizations worldwide such as CERTH, JCR, TUB, ICCS, IITIS-PAN and TECNALIA and universities such as UESSEX and TUB.This project aims to optimize the security of information on IoT platforms and networks in order to recognize suspicious patterns, evaluate them and, finally, decide on the detection of a possible evasion of security, privacy in a comprehensive and cross (ie, platforms and IoT devices, computer security tools that allow detecting attacks, SDN routers and operator controllers) with the purpose of offering a secure platform that can be used to deploy platforms, security protocols and networks anywhere.SerIoT plans to use Blockchain technology for the validation of users and recording of cyber attacks, defined by Marc Andreessen as a ledger of digital events that allows information about data transfers in a secure, publically verifiable and efficient way. All transactions or data transfers do not require any intermediary because they are distributed in intelligent nodes, which register and validate the information of the different blocks. The information can only be updated based on the consensus of the majority of the system participants and cannot be removed from the blockchain.The reason for which it is planned to use the properties of this technology is to help improve the deficiencies that the IoT presents, helping to maintain an unchanging record of the history of smart devices, as well as improving the security and confidence of the messages through the use of smart contracts. This cutting-edge technology has already been introduced by some companies to the field of IoT.The network created by SerIoT will be unique. With this measure, it will generate significant savings by unifying all SerIoT services with a more agile, flexible and integrated organizational model, and also portable, benefiting from services anywhere in the world due to the implementation of networks in different parts of the territory, what will make it possible to lead the success of Europe in the Internet of things. SerIoT will be installed, implemented and validated in emerging areas (for example, Smart Transportation, Surveillance, flexible manufacturing and industry 4.0, as main business areas). These advances will be evaluated on both individual lab test-beds which in a european scenario through UEssex and demonstrated his applicability with the use cases develop by industry partners, for example Gruventa, Telecom Innovation Laboratories, Hypertech innovations. Among the cases of use of the project, we can find:
- Surveillance: focused on the operation of the system, on the transmission of data from surveillance networks, as well as patented social networks. The sensitive information that affects personal data, covered by legislation, will be protected against unauthorized access.
- Smart Transportation Systems in Smart Cities (ITS): analysis and definition of security solutions. The main concept is to integrate information technology, electronics, wireless communications technology, sensors and navigation systems such as Global Navigation Satellite Systems in order to allow data transmission.
- Flexible manufacturing system: will deal with flexible manufacturing systems (Industry 4.0) which refer to a sophisticated approach to allow the connected industry to create value and new business models.
- Food supply chain: will provide end-to-end security through communication channels, in a food chain scenario, by addressing device authentication mechanisms, detection and prevention of denial of service attacks, as well as detection precocious interruption of IoT devices.
Among the general aims to be achieved with the implementation of this project are:
Provide new means of understanding threats
Provide new means to understand the existing and emerging threats that are targeting the IoT-based economy and the citizen network, and to research and analyse how Blockchain can contribute to improve IoT solutions. Moreover, understand how to solve the knowledge problems of IoT and blockchain.
Provide the prototype honeypots
Provide the prototype implementation of a computer security tool to be the aim of the attacker and be able to know all details of same, achieving adapt to any IoT platform across domains (for example, embedded mobile devices, Smart homes/Smart cities).
Implement the prototype SDN (Software Defined Networking)
Implement the corresponding prototype of smart SDN routers for the dynamic detection of suspicious/high-risk paths, and re-plan and re-programme the routing paths of the information transmissions in IoT networks over secure and preferable connections, supporting, among others, the interference of the human approach.
Implement the use of Blockchain technology
Introduce an extra physical layer dedicated to security for the manufacturing of existing IoT platforms and devices in order to offer a secure architecture. Explore the introduction of Blockchain as a security and privacy-preserving layer for IoT.
Optimize the security
Optimize the information security in IoT networks in a holistic, cross-layered manner that will be based on dynamic and distributed processing of variable complexity by single network components, as well as on a centrally located server/controller that will have the main control of the network and will collect, aggregate and appropriately merge the transmitted data and produced metadata.
Develop of system for detection of threats
Use and develop the appropriate technologies, so as to implement an efficient and robust decision support system on the controller side for the detection of potential threats and abnormalities, including a competent package of comprehensive and intuitive analytics and the generation of escalating mitigation strategies according to the severity of the detected threat.
Safety function monitors and validators
Introduce a methodology and tools for the different design-oriented monitors to be able to identify the different inputs of IoT devices as valid or not, by characterising their behaviour.
Improvement of interconnection
Improve the interconnection of heterogeneous devices by speeding up the communication processes and by selecting the optimal routing for the transmitted information in terms of both security and duration of process.