Periodic Reporting for period 2 - SecureIoT (Predictive Security for IoT Platforms and Networks of Smart Objects)
Período documentado: 2019-07-01 hasta 2020-12-31
The main goal of the SecureIoT project is to introduce, validate and promote a novel approach to the security of IoT applications, which emphasizes a timely, predictive and intelligent approach to the identification and mitigation of security threats and incidents. One of the main characteristics of this approach is its ability to deal with smart objects, while at same time supporting security interoperability in scenarios that involve multiple IoT systems and platforms with diverse security capabilities. In order to achieve this ambitious target, the SecureIoT project has identified and has been working towards the following objectives:
• Architect an Open End-To-End Security Framework for IoT Services Involving Multiple IoT Platforms and Smart Objects with Embedded Intelligence and (Semi)Autonomous Behaviour
• Provide Adaptive Data Collection Services for Security Monitoring of IoT Entities at Multiple Levels (Devices, Edge Nodes, Cloud)
• Provide Data Driven Mechanisms for Predicting and Anticipating the Security Behaviour of IoT components - Enable proactive vulnerabilities identification through analysis across All levels of an IoT system
• Analyse & Harmonize trust relationships and security Policies of Diverse IoT Platforms and Ecosystems (Including Smart Objects) - Enable enhanced situational-awareness and correlation of data sets across domains
• Implement and Provide Open SECaaS (Security-as-a-Service) services over the SecureIoT framework, including Security Risk Assessment, Security Compliance Audits and Developers’ Support
• Challenge and showcase SecureIoT innovations through various Use cases and Usage Scenarios in High Impact Applications with Clear Market Relevance
• Introduce and Validate Business Models for Security-as-a-Service for IoT services Spanning Multiple Platforms and Ecosystems
• Establish and Sustain a Market Platform of Threat models and IoT Security policies for different Use Cases in Various Application Domains
Based on these use cases, more detailed scenarios deemed very susceptible to and impacted heavily by security attacks were elaborated and a set of requirements with respect to security, privacy and trust were derived and were eventually mapped to components, functionalities and interfaces in the SecureIoT platform. These covered the whole lifecycle of security support from the collection, sharing and processing of security information at various levels of IoT systems, to the reasoning and early identification/prediction of security incidents, their assessment and mitigation. In addition, to support the ever-increasing need for compliance against regulations and directives, components to support this have been developed. To further foster the “by design” security of IoT applications, components to help developers design secure applications have been accounted for, while a wealth of security information that can help taking well-reasoned and effective decisions is also imported and leveraged. Acknowledging that IoT systems cannot be viewed in isolation but in many cases need to interact, cross-platform security support has also been put in place through security and privacy policies definition and alignment.
These identified components and supported functionalities were developed, tested and evaluated during the three use cases. On a side-track to ensure long-term viability of the project’s solutions, the project continuously audited its architecture and solutions to ensure that there were not any legal or regulatory issues that would prevent them from reaching the market; also a market platform has been implemented that will be used as an exploitation catalyst beyond the project duration by creating and maintaining an active community evolving around the project’s and other third-party security solutions.
As an outcome of the project, SecureIoT first established and extended a strong and solid “know-how”, which then started being leveraged for development and implementation of platform components that support the objectives set out by the project. In addition to the use case validation, this has also led to a number of publications, which together with the participation in numerous events has ensured that the work of SecureIoT has been made very visible to relevant communities and stakeholders and useful feedback from this exposure has also been taken on board to guide further research directions.
By achieving its objectives and offering its developed solutions and know-how through the market platform, SecureIoT will lower the security, privacy and data protection barriers to IoT adoption, through alleviating relevant concerns for applications involving smart objects. In this way, it will facilitate their acceptance by end-users and subsequently their wider uptake and use.