Periodic Reporting for period 1 - TELEMETRY (Trustworthy mEthodologies, open knowLedgE & autoMated tools for sEcurity Testing of IoT software, haRdware & ecosYstems)
Reporting period: 2023-09-01 to 2025-02-28
TELEMETRY will provide trustworthy tools that enable the continuous assessment of heterogenous, interlinked components & systems that constitute IoT ecosystems (interconnected IoT devices with hardware, software, services and communications infrastructure). Addressing all aspects of their lifecycle, the TELEMETRY holistic methodology and toolkit incorporates testing for component development, testing & monitoring for component integration into systems, testing & monitoring for operation of systems.
TELEMETRY will deliver advances in cybersecurity testing and runtime monitoring through the use of novel machine learning models and algorithms for real-time anomaly detection; dynamic risk assessment to simulate likelihood and severity of threat consequences; reputation management and privacy-preserving data sharing across independent entities (e.g. supply chains), IoT device emulation and analysis environment and lightweight approaches for trusted updates; all of which that promotes a cycle of continuous improvement and assurance across design and runtime phases.
TELEMETRY will leverage 3 example use cases representing diverse, complex IoT ecosystems and IoT supply chains in aerospace, smart manufacturing and telecommunications domains to drive the design and validation of the proposed tools and methodologies. This will lead to significant improvements with respect to accuracy of threat and vulnerability detection, response time and cost of testing and verification of IoT ecosystems. TELEMETRY will promote open source and knowledge sharing through engagement with relevant communities throughout the project for consultation, dissemination and exploitation of its results.
TELEMETRY will deliver advances in cybersecurity testing and runtime monitoring through the use of novel machine learning models and algorithms for real-time anomaly detection; dynamic risk assessment to simulate likelihood and severity of threat consequences; reputation management and privacy-preserving data sharing across independent entities (e.g. supply chains), IoT device emulation and analysis environment and lightweight approaches for trusted updates; all of which that promotes a cycle of continuous improvement and assurance across design and runtime phases.
TELEMETRY will leverage 3 example use cases representing diverse, complex IoT ecosystems and IoT supply chains in aerospace, smart manufacturing and telecommunications domains to drive the design and validation of the proposed tools and methodologies. This will lead to significant improvements with respect to accuracy of threat and vulnerability detection, response time and cost of testing and verification of IoT ecosystems. TELEMETRY will promote open source and knowledge sharing through engagement with relevant communities throughout the project for consultation, dissemination and exploitation of its results.
As a summary the main results of the TELEMETRY project achieved in the first reporting period are outlined as follows:
WP1 collected the requirements, specified the TELEMETRY reference architecture and instantiated three exemplary use cases from different domains (aviation, smart manufacturing and telecommunication) providing real data respectively DUT/SUT. An initial set of TELEMETRY tools have been deployed in the testbeds. All the context is summarized in D1.1.
WP2 has undertaken work to understand the nature and purposes of Indicators, authored a conference paper on the subject and delivered D2.2 on Indicators.
WP3 generated the first version of most of the tools, conducted initial in-lab testing of tools features and performances and summarized the results in D3.1 and D3.2.
WP4 improved the TELEMETRY reference architecture documented in WP1, defined and created an initial set of TELEMETRY methodologies and testing workflows and defined the interfaces between the TELEMETRY tools. A first prototype dashboard for security insights delivered by the tools was deployed and documented in D4.3.
WP5 successfully established TELEMETRY’s brand identity, launched communication channels, issued newsletters, press releases, and scientific publications, promoted results through events and media, engaged stakeholders via a dedicated workshop, and initiated exploitation planning focused on commercialisation.
WP6 was driving the setup and initialisation of the TELEMETRY project and setup the organisational and technical infrastructure. WP6 delivered also D6.1 (Project Management Handbook and Quality Assurance Plan), D6.2 (Data Management Plan, interim version) and the 1st project amendment. It incorporated risk-mitigation measures due to the situation of the project partners from Ukraine.
WP1 collected the requirements, specified the TELEMETRY reference architecture and instantiated three exemplary use cases from different domains (aviation, smart manufacturing and telecommunication) providing real data respectively DUT/SUT. An initial set of TELEMETRY tools have been deployed in the testbeds. All the context is summarized in D1.1.
WP2 has undertaken work to understand the nature and purposes of Indicators, authored a conference paper on the subject and delivered D2.2 on Indicators.
WP3 generated the first version of most of the tools, conducted initial in-lab testing of tools features and performances and summarized the results in D3.1 and D3.2.
WP4 improved the TELEMETRY reference architecture documented in WP1, defined and created an initial set of TELEMETRY methodologies and testing workflows and defined the interfaces between the TELEMETRY tools. A first prototype dashboard for security insights delivered by the tools was deployed and documented in D4.3.
WP5 successfully established TELEMETRY’s brand identity, launched communication channels, issued newsletters, press releases, and scientific publications, promoted results through events and media, engaged stakeholders via a dedicated workshop, and initiated exploitation planning focused on commercialisation.
WP6 was driving the setup and initialisation of the TELEMETRY project and setup the organisational and technical infrastructure. WP6 delivered also D6.1 (Project Management Handbook and Quality Assurance Plan), D6.2 (Data Management Plan, interim version) and the 1st project amendment. It incorporated risk-mitigation measures due to the situation of the project partners from Ukraine.
During the first period of the TELEMETRY project the project partners achieved already significant results with respect to beyond state of the art. An indicative overview is provided here.
- 2 project partners developing anomaly detection tools for component and system level could achieve an significant accuracy increase of their ML models based on the real live data provided by the use cases. component and systme level
- During the first reporting period 10 out of at least 19 planned TELEMETRY tools have been already implemented in at least one of the three real world use cases, coming from the telecommunication, aviation and smart manufacturing sector. These developments will lead to new vulnerability analysis capabilities for practitioners via automated TELEMETRY tools.
- An auditable data infrastructure is in place providing a trusted mechanism to facilitate distributed sharing of testing, verification and securityrelated information.
- Design and implementation of the SBOM tool that generates a list of software packages (libraries) a component uses, and mapping these to any known vulnerabilities associated with the corresponding library versions, producing a list of relevant CVEs
- A prototype dashboard has been developed and released, and a working instance has been deployed and is currently being tested in UC3. In the current release of the toolkit, all TELEMETRY tools use the Auditable Data Interface (ADI), SIEA, and a Kafka instance as interfaces for transferring indicators. The components of the toolkit and interfaces are containerized, enabling easy deployment in various environments and ensuring readiness for integration with the secure TELEMETRY configuration and deployment scheme.
- Project partner KUL has started to designs and implement the cryptographic for secure updates of components & systems, including protocols and MAC algorithms.
- 2 project partners developing anomaly detection tools for component and system level could achieve an significant accuracy increase of their ML models based on the real live data provided by the use cases. component and systme level
- During the first reporting period 10 out of at least 19 planned TELEMETRY tools have been already implemented in at least one of the three real world use cases, coming from the telecommunication, aviation and smart manufacturing sector. These developments will lead to new vulnerability analysis capabilities for practitioners via automated TELEMETRY tools.
- An auditable data infrastructure is in place providing a trusted mechanism to facilitate distributed sharing of testing, verification and securityrelated information.
- Design and implementation of the SBOM tool that generates a list of software packages (libraries) a component uses, and mapping these to any known vulnerabilities associated with the corresponding library versions, producing a list of relevant CVEs
- A prototype dashboard has been developed and released, and a working instance has been deployed and is currently being tested in UC3. In the current release of the toolkit, all TELEMETRY tools use the Auditable Data Interface (ADI), SIEA, and a Kafka instance as interfaces for transferring indicators. The components of the toolkit and interfaces are containerized, enabling easy deployment in various environments and ensuring readiness for integration with the secure TELEMETRY configuration and deployment scheme.
- Project partner KUL has started to designs and implement the cryptographic for secure updates of components & systems, including protocols and MAC algorithms.