During the second period of the project, significant work has taken place to deliver the integrated version of the SecureIoT platform which aims at providing security support to IoT systems and applications. Towards this end, a set of 3 diverse use cases were put executed and validated, not only matching the interests and daily business of project partners, but also calling inherently for substantial security features. These use cases covered also a broad range of diverse areas in the IoT domain, ranging from the industry environment (including the supply chain) to the connected vehicles environment and socially assistive robots for autism and elderly rehabilitation environment; all critical ecosystems with different characteristics and needs (e.g. types of IoT devices and data) to also prevent the SecureIoT approach from being locked to a specific vertical domain, rendering it of limited usefulness.
Based on these use cases, more detailed scenarios deemed very susceptible to and impacted heavily by security attacks were elaborated and a set of requirements with respect to security, privacy and trust were derived and were eventually mapped to components, functionalities and interfaces in the SecureIoT platform. These covered the whole lifecycle of security support from the collection, sharing and processing of security information at various levels of IoT systems, to the reasoning and early identification/prediction of security incidents, their assessment and mitigation. In addition, to support the ever-increasing need for compliance against regulations and directives, components to support this have been developed. To further foster the “by design” security of IoT applications, components to help developers design secure applications have been accounted for, while a wealth of security information that can help taking well-reasoned and effective decisions is also imported and leveraged. Acknowledging that IoT systems cannot be viewed in isolation but in many cases need to interact, cross-platform security support has also been put in place through security and privacy policies definition and alignment.
These identified components and supported functionalities were developed, tested and evaluated during the three use cases. On a side-track to ensure long-term viability of the project’s solutions, the project continuously audited its architecture and solutions to ensure that there were not any legal or regulatory issues that would prevent them from reaching the market; also a market platform has been implemented that will be used as an exploitation catalyst beyond the project duration by creating and maintaining an active community evolving around the project’s and other third-party security solutions.
As an outcome of the project, SecureIoT first established and extended a strong and solid “know-how”, which then started being leveraged for development and implementation of platform components that support the objectives set out by the project. In addition to the use case validation, this has also led to a number of publications, which together with the participation in numerous events has ensured that the work of SecureIoT has been made very visible to relevant communities and stakeholders and useful feedback from this exposure has also been taken on board to guide further research directions.
