Periodic Reporting for period 1 - ERATOSTHENES (Secure management of IoT devices lifecycle through identities, trust and distributed ledgers)
Período documentado: 2021-10-01 hasta 2022-11-30
The growth of IoT deployment and the contemporary advancements of network technologies will lead to even higher penetration of IoT devices in every aspect of human life. This will undoubtedly create a huge attack surface and consequently generate cascading cybersecurity risks in the upcoming years. Nevertheless, the heterogeneity of the IoT landscape is extremely challenging to establish a trustworthy environment among diverse devices and hampers the efforts to manage them under a holistic framework. ERATOSTHENES aims to solve critical obstacles considering “Security of Things” as core to the future IoT success. The project envisions to develop a decentralized and contextual Trust and Identity Management Framework for resource-restricted IoT environments following a self-sovereign approach. The project intends to enable the automated lifecycle monitoring of the devices, strengthening trust, identities, and resilience in the entire IoT ecosystem, supporting the enforcement of the EC cybersecurity directives.
The main objectives of ERATOSTHENES project are the following:
1. Design a Trust Framework and a Reference Architecture to ensure end-to-end trust and identity management in distributed IoT networks, suited for resource-restricted environments, critical and industrial applications
2. Design and develop a lightweight, distributed, and dynamic Trust Manager to enhance the trust in large-scale distributed networks of heterogeneous IoT devices covering each layer and cross-layer of the network
3. Design a decentralised, scalable, efficient and privacy preserving IoT identity management to conciliate the requirements of self-sovereignty and privacy preservation in a distributed, interoperable and transparent trust model, including self-encryption/decryption schemes and IoT identity recovery
4. Build the lifecycle management and the overall governance layer of the trust network on novel Distributed Ledger Technologies and a hybrid consensus protocol. Implement Smart Contracts for enforcing access policies and sharing trustworthiness within the network guaranteeing their transparency, integrity, authenticity, and authority. Design of Inter-ledger Cyber-Threat Information Sharing, and automated Recovery Solutions based on a multi-layer approach
5. Integrate and Validate the approach through real-world pilots to assess its effectiveness and organize hands-on training through realistic cybersecurity exercises
6. Deliver knowledge via dissemination and capacity building, supporting the enforcement of the Cybersecurity Act and standardization activities and build a robust exploitation plan and market positioning
The main objectives of ERATOSTHENES project are the following:
1. Design a Trust Framework and a Reference Architecture to ensure end-to-end trust and identity management in distributed IoT networks, suited for resource-restricted environments, critical and industrial applications
2. Design and develop a lightweight, distributed, and dynamic Trust Manager to enhance the trust in large-scale distributed networks of heterogeneous IoT devices covering each layer and cross-layer of the network
3. Design a decentralised, scalable, efficient and privacy preserving IoT identity management to conciliate the requirements of self-sovereignty and privacy preservation in a distributed, interoperable and transparent trust model, including self-encryption/decryption schemes and IoT identity recovery
4. Build the lifecycle management and the overall governance layer of the trust network on novel Distributed Ledger Technologies and a hybrid consensus protocol. Implement Smart Contracts for enforcing access policies and sharing trustworthiness within the network guaranteeing their transparency, integrity, authenticity, and authority. Design of Inter-ledger Cyber-Threat Information Sharing, and automated Recovery Solutions based on a multi-layer approach
5. Integrate and Validate the approach through real-world pilots to assess its effectiveness and organize hands-on training through realistic cybersecurity exercises
6. Deliver knowledge via dissemination and capacity building, supporting the enforcement of the Cybersecurity Act and standardization activities and build a robust exploitation plan and market positioning
Throughout the reporting period (M1-M14) the work performed per Work Package is as follows:
WP1 - During the reporting period major efforts have been devoted towards the studying of security and privacy threats in the context of the targeted IoT applications and ecosystems, resulting in the publication of deliverable D1.1. Refinement of pilots and use case definitions, as well as the collection of requirements, resulted in the publication of D1.2. Definition and analysis of the components and interaction flows of the initial Eratosthenes architecture, resulted in the publication D1.3. Coordination and support was provided to the startup of technical work packages and continuously monitored the impact of technical developments. WP2 - In the first iteration, a first viable working version of the initial three technological enablers (trust manager and broker, threat modeling and risk assessment, and deployer of trust agents) was created and their technical integration has been accomplished in the delivery of the first project proof-of-concept (PoC). WP3 - During this first period, WP3 has focused on the identification of all the functionality developed by the different tasks included in this WP. It also identified the different interactions with the components developed in the WP3. With these results, the WP3 has designed a component diagram detailing the interfaces between the different components involved in providing the decentralised IdM services. WP4 - Throughout the reporting period, the design and initial development of the DLT-based trust framework system was realised by taking into consideration the specificities from each component involved in the ERATOSTHENES technical architecture. In addition, the development of the Smart Contracts in order to store and share created trust scores were developed. WP5 - Under this WP the overall integration methodology and plan including all technical components in different settings and environments was developed. The integration roadmap was developed; in addition, all integration tools were properly set up and configured. The proof of concept including all critical components of the technical solution and acting as the Minimum Viable Product of the project was developed and was reported in D5.1. WP6 - The main progress in this work package involves the initial dissemination material design and creation, the development and implementation of the dissemination and communication plan as well as concrete dissemination and communication activities such as attending to conferences, publications in journals and capacity building to ensure knowledge exchange and transferability of results.WP7 – This WP was active from the very beginning of the project formulating the methodologies, procedures and processes that will be followed throughout the project’s lifetime. Several meetings were organised, boosting the discussions between the consortium on the developments and the action items. WP8 - All Ethics related deliverables which are required to comply with the existing EU regulations and directives were prepared and submitted in the EC.
WP1 - During the reporting period major efforts have been devoted towards the studying of security and privacy threats in the context of the targeted IoT applications and ecosystems, resulting in the publication of deliverable D1.1. Refinement of pilots and use case definitions, as well as the collection of requirements, resulted in the publication of D1.2. Definition and analysis of the components and interaction flows of the initial Eratosthenes architecture, resulted in the publication D1.3. Coordination and support was provided to the startup of technical work packages and continuously monitored the impact of technical developments. WP2 - In the first iteration, a first viable working version of the initial three technological enablers (trust manager and broker, threat modeling and risk assessment, and deployer of trust agents) was created and their technical integration has been accomplished in the delivery of the first project proof-of-concept (PoC). WP3 - During this first period, WP3 has focused on the identification of all the functionality developed by the different tasks included in this WP. It also identified the different interactions with the components developed in the WP3. With these results, the WP3 has designed a component diagram detailing the interfaces between the different components involved in providing the decentralised IdM services. WP4 - Throughout the reporting period, the design and initial development of the DLT-based trust framework system was realised by taking into consideration the specificities from each component involved in the ERATOSTHENES technical architecture. In addition, the development of the Smart Contracts in order to store and share created trust scores were developed. WP5 - Under this WP the overall integration methodology and plan including all technical components in different settings and environments was developed. The integration roadmap was developed; in addition, all integration tools were properly set up and configured. The proof of concept including all critical components of the technical solution and acting as the Minimum Viable Product of the project was developed and was reported in D5.1. WP6 - The main progress in this work package involves the initial dissemination material design and creation, the development and implementation of the dissemination and communication plan as well as concrete dissemination and communication activities such as attending to conferences, publications in journals and capacity building to ensure knowledge exchange and transferability of results.WP7 – This WP was active from the very beginning of the project formulating the methodologies, procedures and processes that will be followed throughout the project’s lifetime. Several meetings were organised, boosting the discussions between the consortium on the developments and the action items. WP8 - All Ethics related deliverables which are required to comply with the existing EU regulations and directives were prepared and submitted in the EC.
ERATOSTHENES ambition is to provide core cybersecurity features that will be adopted by IoT/ICT manufactures as baseline elements in production of devices and throughout their lifetime. ERATOSTHENES aims to create high impact and significant reduction in several cybersecurity incidents in the IoT domain (devices, fog nodes and networks) through its holistic approach in distributed trust management and digital identity. In technical terms ERATOSTHENES ambition is targeted towards inclusion of modern cyber security identity and privacy management framework into modern IoT/ICT implementations devising, implementing and deploying/validating its novel distributed, collaborative, automated, efficient, auditable, yet privacy-respectful framework including trusted security and privacy intended to dynamically and holistically manager the lifecycle of IoT devices, strengthening trust, identities, privacy and resilience in the entire IoT ecosystem, supporting the enforcement of the EU legislative framework. Integration and deployment of its framework on actual industrial cases will not only increase its technological readiness (TRL) but pave the way for automated trust and identity and recovery solutions for IoT.
With regards to the expected impacts ERATOSTHENES aims to provide core cybersecurity features to be adopted by manufactures as baseline elements in the production of devices and throughout their lifetime and to create high impact and significant reduction in several cybersecurity incidents in the IoT domain through its holistic approach in distributed trust management and digital identity. The project will support a more efficient and lower cost implementation of NIS directive.
With regards to the expected impacts ERATOSTHENES aims to provide core cybersecurity features to be adopted by manufactures as baseline elements in the production of devices and throughout their lifetime and to create high impact and significant reduction in several cybersecurity incidents in the IoT domain through its holistic approach in distributed trust management and digital identity. The project will support a more efficient and lower cost implementation of NIS directive.