Periodic Reporting for period 1 - SECANT (SECurity And privacy protectioN in Internet of Things devices)
Período documentado: 2021-09-01 hasta 2022-08-31
The main goal of SECANT is to deliver a holistic framework for cyber security risk assessment for enhancing the digital security, privacy, and personal data protection in complex ICT infrastructures by placing an automated threat detection platform addressed to CERTs/CSIRTs that can identify threats and attacks, while promoting the situational security awareness as a priority within complex ICT infrastructures, such as the healthcare ecosystem. The SECANT platform will enhance the capabilities of organizations’ stakeholders and enable industrial participants to make informed and context-aware decisions regarding cybersecurity, privacy and data protection risks by implementing: (a) collaborative threat intelligence collection, analysis and sharing; (b) innovative risk analysis specifically designed for interconnected nodes of an industrial ecosystem; (c) cutting-edge trust and accountability mechanisms for data protection; and (d) security awareness training for more informed security choices. The proposed solution’s effectiveness and versatility will be validated in four realistic pilot use case scenarios reflecting different real-life business cases applied in the healthcare ecosystem.
From 1 Sept 2021 to 31 August 2022 progress has been made in the following areas:
* Requirements Analysis, Use Cases and Architecture Design: The Consortium elicited the end-users’ and technical requirements, defined the pilot use cases and produced the initial version of the SECANT architecture. An analysis of the state of the art has been made. We identified the individual components, modules, and tools of SECANT, as well as their mean of validation. Four deliverables have been submitted and three milestones have been achieved.
* Cyber Security Risk Assessment in Connected ICT Ecosystems: During this period, work has been focused on defining the internal architecture and functionalities for each risk assessment component as well as detailed activity and sequence flow diagrams showing both internal functionalities and interactions with the rest of the components of the platform. In parallel, additional subcomponents were introduced to cover better the requirements such as the TVIA internal services and the monitoring agent to facilitate the multi-level monitoring of threats. All tasks in this area have started and progressed with the literature review, technical specifications, interactions and interfaces with the rest of work packages, as well as with the creation of early working versions for demonstration of some components.
* Trusted and Secure Data Sharing: The main advances have been focused on the specification of the components (Trusted and accountability module (TAM), Privacy Toolkit and Decentralized Identity Management (DIM)), specification of their interaction with the other elements in the platform and early implementation of the components. Internal Architectures for these components and functionalities have been specified, and UML flow diagrams have been created. Multiple back end upgrades to IOTA's "integration services" (IS) have been implemented to improve usability and security of the service, the IS are a key component of the TAM as they allow easy access to the IOTA ledgers features. Specification and implementation of the Universal decentralised ID register that will allow interoperable DID management across different ledgers, user stories and data flow have been also developed for the DIM. The API functionality has been rolled into a subcomponent known as the "Data Common Securer" (DCS); Analysis of the actual communication protocols between the end-users' devices to integrate the DCS API's has been performed. The privacy toolkits architecture, including the syntax and the security model and cryptography scheme has been defined.
* SECANT End-User Applications and Training: Work has start on developing security awareness training methodologies and platform relevant to healthcare professionals and clients and to setup virtualised cyber range platform and healthcare-related scenarios including a user interfacing dashboard (for security professionals). Functional and non-functional requirements for these tools have been defined as well as the architecture and the relation between the components and with the others elements of the platform. An initial version of the chatbot app and CSTM has been developed, and a mock-up integration between the Secant End-User Application, CSTM and the Chatbot app. The Cyber range tool has been selected and instantiated. Lastly, it has been produced the initial design of the SECANT Dashboard, including the selected technology stack, technical specifications, the internal tool architecture, the interfaces, and the UI blueprint.
* Dissemination, Communication and Exploitation: the SECANT consortium collectively developed 5 parallel axis: a) means to communicate the project by setting up a webpage, producing marketing material etc, b) means to disseminate the project through participation in international conferences or publishing articles, c) coordination with other parties in order to create some clustering activities, d) producing an exploitation plan in order to prepare the SECANT’s result for the market and e) preparing the standardization procedure of the SECANT’s products.
* Requirements Analysis, Use Cases and Architecture Design: The Consortium elicited the end-users’ and technical requirements, defined the pilot use cases and produced the initial version of the SECANT architecture. An analysis of the state of the art has been made. We identified the individual components, modules, and tools of SECANT, as well as their mean of validation. Four deliverables have been submitted and three milestones have been achieved.
* Cyber Security Risk Assessment in Connected ICT Ecosystems: During this period, work has been focused on defining the internal architecture and functionalities for each risk assessment component as well as detailed activity and sequence flow diagrams showing both internal functionalities and interactions with the rest of the components of the platform. In parallel, additional subcomponents were introduced to cover better the requirements such as the TVIA internal services and the monitoring agent to facilitate the multi-level monitoring of threats. All tasks in this area have started and progressed with the literature review, technical specifications, interactions and interfaces with the rest of work packages, as well as with the creation of early working versions for demonstration of some components.
* Trusted and Secure Data Sharing: The main advances have been focused on the specification of the components (Trusted and accountability module (TAM), Privacy Toolkit and Decentralized Identity Management (DIM)), specification of their interaction with the other elements in the platform and early implementation of the components. Internal Architectures for these components and functionalities have been specified, and UML flow diagrams have been created. Multiple back end upgrades to IOTA's "integration services" (IS) have been implemented to improve usability and security of the service, the IS are a key component of the TAM as they allow easy access to the IOTA ledgers features. Specification and implementation of the Universal decentralised ID register that will allow interoperable DID management across different ledgers, user stories and data flow have been also developed for the DIM. The API functionality has been rolled into a subcomponent known as the "Data Common Securer" (DCS); Analysis of the actual communication protocols between the end-users' devices to integrate the DCS API's has been performed. The privacy toolkits architecture, including the syntax and the security model and cryptography scheme has been defined.
* SECANT End-User Applications and Training: Work has start on developing security awareness training methodologies and platform relevant to healthcare professionals and clients and to setup virtualised cyber range platform and healthcare-related scenarios including a user interfacing dashboard (for security professionals). Functional and non-functional requirements for these tools have been defined as well as the architecture and the relation between the components and with the others elements of the platform. An initial version of the chatbot app and CSTM has been developed, and a mock-up integration between the Secant End-User Application, CSTM and the Chatbot app. The Cyber range tool has been selected and instantiated. Lastly, it has been produced the initial design of the SECANT Dashboard, including the selected technology stack, technical specifications, the internal tool architecture, the interfaces, and the UI blueprint.
* Dissemination, Communication and Exploitation: the SECANT consortium collectively developed 5 parallel axis: a) means to communicate the project by setting up a webpage, producing marketing material etc, b) means to disseminate the project through participation in international conferences or publishing articles, c) coordination with other parties in order to create some clustering activities, d) producing an exploitation plan in order to prepare the SECANT’s result for the market and e) preparing the standardization procedure of the SECANT’s products.
SECANT develops innovative risk analysis methodologies, which can support public/private organisations and relevant stakeholders to identify risks which may impacting the security and privacy of data. It offers real-time information sharing capabilities which facilitates cybersecurity professionals in handling and forecasting security incidents, complex attacks and propagated vulnerabilities. SECANT’s highly scalable Directed Acyclic Graph (DAG)-based ledger infrastructure introduces innovations in the field of trust and accountability and enables end-to-end integrity and protection of sensitive operational data. SECANT allows for both technologically protecting connected organisations and empowering their users towards their better protection. It also contributes towards improving the readiness and resilience of the organisations against the crippling modern cyber-threats, increasing the privacy, data protection and accountability across the entire interconnected ICT ecosystem, and reducing the costs for security training in the European market.
Once the project is more advanced and pilots start, the obtained results will allow the Consortia to evaluate the performance indicators. And with that to validate more appropriately the expected impact on aspects such as reducing the number and impact of cybersecurity incidents, the availability of comprehensive, security analytics and threat intelligence, availability of better standardisation and automated assessment frameworks and tools for CERTs/CSIRTs, and better preparedness against attacks, among others.
Once the project is more advanced and pilots start, the obtained results will allow the Consortia to evaluate the performance indicators. And with that to validate more appropriately the expected impact on aspects such as reducing the number and impact of cybersecurity incidents, the availability of comprehensive, security analytics and threat intelligence, availability of better standardisation and automated assessment frameworks and tools for CERTs/CSIRTs, and better preparedness against attacks, among others.