Periodic Reporting for period 3 - ERATOSTHENES (Secure management of IoT devices lifecycle through identities, trust and distributed ledgers)
Okres sprawozdawczy: 2024-03-01 do 2025-03-31
The growth of IoT deployment and the contemporary advancements of network technologies will lead to even higher penetration of IoT devices in every aspect of human life. This will undoubtedly create a huge attack surface and consequently generate cascading cybersecurity risks in the upcoming years. Nevertheless, the heterogeneity of the IoT landscape is extremely challenging to establish a trustworthy environment among diverse devices and hampers the efforts to manage them under a holistic framework. ERATOSTHENES aims to solve critical obstacles considering “Security of Things” as core to the future IoT success. The project envisions to develop a decentralized and contextual Trust and Identity Management Framework for resource-restricted IoT environments following a self-sovereign approach. The project intends to enable the automated lifecycle monitoring of the devices, strengthening trust, identities, and resilience in the entire IoT ecosystem, supporting the enforcement of the EC cybersecurity directives.
The main objectives of ERATOSTHENES project are the following:
1. Trust Framework and a Reference Architecture to ensure end-to-end trust and identity management in distributed IoT networks, suited for resource-restricted environments, critical and industrial applications
2. Lightweight, distributed, and dynamic Trust Manager to enhance the trust in large-scale distributed networks of heterogeneous IoT devices covering each layer and cross-layer of the network
3. Decentralised, scalable, efficient and privacy preserving IoT identity management to conciliate the requirements of self-sovereignty and privacy preservation in a distributed, interoperable and transparent trust model, including self-encryption/decryption schemes and IoT identity recovery
4. Lifecycle management and the overall governance layer of the trust network on novel Distributed Ledger Technologies and a hybrid consensus protocol. Implement Smart Contracts for enforcing access policies and sharing trustworthiness within the network guaranteeing their transparency, integrity, authenticity, and authority. Design of Inter-ledger Cyber-Threat Information Sharing, and automated Recovery Solutions based on a multi-layer approach
5. Integrate and Validate the approach through real-world pilots
6. Deliver knowledge via dissemination and capacity building
The main objectives of ERATOSTHENES project are the following:
1. Trust Framework and a Reference Architecture to ensure end-to-end trust and identity management in distributed IoT networks, suited for resource-restricted environments, critical and industrial applications
2. Lightweight, distributed, and dynamic Trust Manager to enhance the trust in large-scale distributed networks of heterogeneous IoT devices covering each layer and cross-layer of the network
3. Decentralised, scalable, efficient and privacy preserving IoT identity management to conciliate the requirements of self-sovereignty and privacy preservation in a distributed, interoperable and transparent trust model, including self-encryption/decryption schemes and IoT identity recovery
4. Lifecycle management and the overall governance layer of the trust network on novel Distributed Ledger Technologies and a hybrid consensus protocol. Implement Smart Contracts for enforcing access policies and sharing trustworthiness within the network guaranteeing their transparency, integrity, authenticity, and authority. Design of Inter-ledger Cyber-Threat Information Sharing, and automated Recovery Solutions based on a multi-layer approach
5. Integrate and Validate the approach through real-world pilots
6. Deliver knowledge via dissemination and capacity building
WP1 - WP1 produced the security and privacy threats for IoT applications and ecosystems (D1.1) refinement of pilots and use case definitions, collection of requirements (D1.2) definition and analysis of the components and interaction flows (D1.3) and ERATOSTHENES Blueprint – Final Architecture (D1.4).
WP2 - In P1, a first viable working version of the initial three technological enablers was created incl. their technical integration (PoC). During P2, WP2 concluded the : Updated Threat Modelling Module (D2.3) Automatic deployment language and tools for trust agents (D2.4) Trusted Execution of TBM on IoT/Edge Devices (D2.5) Interoperability layer with legacy infrastructure (D2.8) Automated Recovery Mechanism of Trust Manager and Broker (D2.6) IoT Network Enrolment mechanism (D2.7) and period 3 concluded the Final Version of Dynamic Trust Management and Agents (D2.9).
WP3 - In P1 WP3 has designed a component diagram detailing the interfaces between the components involved in providing the decentralised IdM services. In P2, WP3 produced the first DLT-based IoT Identity Manager (D3.4) Physical Unclonable Functions (D3.6) Updated identity and access manager (D3.5) Identity Recovery Mechanism (D3.7). In P3it concluded into the Final Version of Decentralized Identity Management (D3.8).
WP4 - In P1, the design and initial development of the DLT-based trust framework system was realised incl. the Smart Contracts. During P2 it produced: DLT-based Trust Framework (D4.1) Secure deployment and registration of IoT devices (D4.2) Inter-ledger platform (D4.3) Federated threat analysis (D4.4) Intrusion detection for IoT (D4.5) Trust Network, Smart Contracts and Interledger platform (D4.6) AI Threat Analysis Models and Intrusion Detection for IoT (D4.7). In P3, WP4 concluded: Final DLTbased Trust Framework and AI threat analysis models (D4.8) and Security information sharing for Lifecycle Security of IoT (D4.9).
WP5 - In P1, the integration roadmap was developed. P2 included the Preparatory Activities and Deployment Planning (D5.2) Pilot 1 – PoC Evaluation (D5.3) Interim Report of Piloting Activities and Impact Assessment (D5.6) Updated System integration (D5.5) Pilot 1 – Mid-term results (D5.7) and Pilot 3 – Mid-term results (D5.9). In P3 the following tasks concluded all WP activities including the: Final Integrated Version of ERATOSTHENES (D5.10) Summary of Pilot Activities (D5.11) and Summary of Cybersecurity Exercises and Trainings D(5.12).
WP6 - Progress involved the dissemination material design, development and implementation of the dissemination and communication plan as well as concrete dissemination and communication activities such as attending to conferences, publications in journals and capacity building to ensure knowledge exchange and transferability of results.
WP7 – This WP was active from the very beginning of the project formulating the methodologies, procedures and processes that will be followed throughout the project’s lifetime. Several meetings were organised, boosting the discussions between the consortium on the developments and the action items.
WP8 - All Ethics related deliverables which are required to comply with the existing EU regulations and directives were prepared and submitted in the EC.
WP2 - In P1, a first viable working version of the initial three technological enablers was created incl. their technical integration (PoC). During P2, WP2 concluded the : Updated Threat Modelling Module (D2.3) Automatic deployment language and tools for trust agents (D2.4) Trusted Execution of TBM on IoT/Edge Devices (D2.5) Interoperability layer with legacy infrastructure (D2.8) Automated Recovery Mechanism of Trust Manager and Broker (D2.6) IoT Network Enrolment mechanism (D2.7) and period 3 concluded the Final Version of Dynamic Trust Management and Agents (D2.9).
WP3 - In P1 WP3 has designed a component diagram detailing the interfaces between the components involved in providing the decentralised IdM services. In P2, WP3 produced the first DLT-based IoT Identity Manager (D3.4) Physical Unclonable Functions (D3.6) Updated identity and access manager (D3.5) Identity Recovery Mechanism (D3.7). In P3it concluded into the Final Version of Decentralized Identity Management (D3.8).
WP4 - In P1, the design and initial development of the DLT-based trust framework system was realised incl. the Smart Contracts. During P2 it produced: DLT-based Trust Framework (D4.1) Secure deployment and registration of IoT devices (D4.2) Inter-ledger platform (D4.3) Federated threat analysis (D4.4) Intrusion detection for IoT (D4.5) Trust Network, Smart Contracts and Interledger platform (D4.6) AI Threat Analysis Models and Intrusion Detection for IoT (D4.7). In P3, WP4 concluded: Final DLTbased Trust Framework and AI threat analysis models (D4.8) and Security information sharing for Lifecycle Security of IoT (D4.9).
WP5 - In P1, the integration roadmap was developed. P2 included the Preparatory Activities and Deployment Planning (D5.2) Pilot 1 – PoC Evaluation (D5.3) Interim Report of Piloting Activities and Impact Assessment (D5.6) Updated System integration (D5.5) Pilot 1 – Mid-term results (D5.7) and Pilot 3 – Mid-term results (D5.9). In P3 the following tasks concluded all WP activities including the: Final Integrated Version of ERATOSTHENES (D5.10) Summary of Pilot Activities (D5.11) and Summary of Cybersecurity Exercises and Trainings D(5.12).
WP6 - Progress involved the dissemination material design, development and implementation of the dissemination and communication plan as well as concrete dissemination and communication activities such as attending to conferences, publications in journals and capacity building to ensure knowledge exchange and transferability of results.
WP7 – This WP was active from the very beginning of the project formulating the methodologies, procedures and processes that will be followed throughout the project’s lifetime. Several meetings were organised, boosting the discussions between the consortium on the developments and the action items.
WP8 - All Ethics related deliverables which are required to comply with the existing EU regulations and directives were prepared and submitted in the EC.
ERATOSTHENES ambition is to provide core cybersecurity features that will be adopted by IoT/ICT manufactures as baseline elements in production of devices and throughout their lifetime. ERATOSTHENES aims to create high impact and significant reduction in several cybersecurity incidents in the IoT domain (devices, fog nodes and networks) through its holistic approach in distributed trust management and digital identity. In technical terms ERATOSTHENES ambition is targeted towards inclusion of modern cyber security identity and privacy management framework into modern IoT/ICT implementations devising, implementing and deploying/validating its novel distributed, collaborative, automated, efficient, auditable, yet privacy-respectful framework including trusted security and privacy intended to dynamically and holistically manager the lifecycle of IoT devices, strengthening trust, identities, privacy and resilience in the entire IoT ecosystem, supporting the enforcement of the EU legislative framework. Integration and deployment of its framework on actual industrial cases will not only increase its technological readiness (TRL) but pave the way for automated trust and identity and recovery solutions for IoT. With regards to the expected impacts ERATOSTHENES aims to provide core cybersecurity features to be adopted by manufactures as baseline elements in the production of devices and throughout their lifetime and to create high impact and significant reduction in several cybersecurity incidents in the IoT domain through its holistic approach in distributed trust management and digital identity. The project will support a more efficient and lower cost implementation of NIS directive.