Periodic Reporting for period 2 - CYBER-TRUST (Advanced Cyber-Threat Intelligence, Detection, and Mitigation Platform for a Trusted Internet of Things)
Reporting period: 2019-05-01 to 2021-07-31
The security problems arising, in Internet of Things (IoT) ecosystems, from the flawed design of legacy hardware and embedded devices, the lack of processing and storage capacity (among other) allows cyber-criminals to easily compromise these devices and launch large-scale attacks towards critical cyber-infrastructures or intercept personal data. The Cyber-Trust project aims to develop an innovative cyber-threat intelligence gathering, detection, and mitigation platform which will safeguard heterogenous ecosystems of IoT devices. To achieve this goal, Cyber-Trust will follow interdisciplinary approach in order to capture the different phases of such emerging threats, before, at the time and after known or unknown vulnerabilities have been exploited by cyber-criminals.
The Cyber-Trust platform, enhances the safety and security of the digital assets of citizens (e.g. Smart Homes, wearable devices, baby monitor, thermostat, mobile devices etc.) and organisation’s infrastructure (e.g. smart building, sensors and actuators).
Furthermore, as most of these devices, hold and transmit a huge amount of personal and sensitive data, through multiple heterogenous networks, the protection and early warning of the users (e.g. EU citizens) regarding the state of the devices is of the highest importance.
Cyber-Trust platform is successfully addressing the aforementioned challenges, which is undoubtedly a matter of high importance, since the IoT systems applied in all the aspects of our daily life.
The Cyber-Trust platform, enhances the safety and security of the digital assets of citizens (e.g. Smart Homes, wearable devices, baby monitor, thermostat, mobile devices etc.) and organisation’s infrastructure (e.g. smart building, sensors and actuators).
Furthermore, as most of these devices, hold and transmit a huge amount of personal and sensitive data, through multiple heterogenous networks, the protection and early warning of the users (e.g. EU citizens) regarding the state of the devices is of the highest importance.
Cyber-Trust platform is successfully addressing the aforementioned challenges, which is undoubtedly a matter of high importance, since the IoT systems applied in all the aspects of our daily life.
Major technical, operational, and exploitation advancements were achieved and depicted in 56 high-quality deliverables over the course of the project's 39 months. To form the basis for Cyber-Trust research and tool development, the consortium conducted extensive desktop research into current and emerging cyber-attack trends, as well as identifying similar solutions from private industry and research projects. 82 use cases and 205 end-user requirements were identified.
Cyber-Trust was composed by 14 core components, Visualisation Portal, DLT Service, Monitoring Service, Cyber-Defense Service, Cyber-Trust Management System, Cyber-Trust Registration Module, eVDB Administration Module, eVDB Sharing Service, Crawling Service, Smart Gateway Agent, Smart Device Agent, Intelligent Intrusion Response System, Network Architecture and Assets Repository and the Profiling Service based on modular architecture (RCDA).
Each of the four main end-users of Cyber-Trust, Internet Service Providers, ICT Administrators, Smart-Home Owners, and Law Enforcement Agencies had a dedicated User Interface (UI), with access to different set of tools and capabilities. A 3D Virtual Reality User Interface was developed. Within the project 41 KPIs were identified, measured and met.
Two pilot demonstrations and eight end-user-oriented questionnaires were created to evaluate the Cyber-Trust platform employing a plethora of cyber-attacks (more than 20 different attacks).
The dissemination and exploitation activities resulted in numerous achievements. Starting with dissemination activities, all KPIs were met, as shown below.:
• Based on MATOMO analytics, 11.495 users visit the website
• Around 900 followers in social media
• Delivery of 11 website blogposts
• Creation of 3 Cyber-Trust brochures for highlighting projects outcomes; 3 brochures were promised
• A total of 47 scientific publications
• 9 workshops were organized or co-organised with other EU projects
• Publication of 10 press releases
• Participation and presentation of Cyber-Trust project in 30 industry and business events, conferences, panels, webinars, and technical meetings.
• Publication of 6 newsletters
• Two videos were produced
The activities for defining the final exploitation strategy and business plan include:
• The introduction and selection of most suitable exploitation scenarios from organisation’s perspective
• Identification of all aspects related to exploitation of the Cyber-Trust project outcomes
• The finalisation of IPR and knowledge
• Model of joint Ownership Agreement
• Comprehensive market analysis followed by key exploitable results
• Identification of initial price and financial aspects are also provided
• Exploitation book
Cyber-Trust was composed by 14 core components, Visualisation Portal, DLT Service, Monitoring Service, Cyber-Defense Service, Cyber-Trust Management System, Cyber-Trust Registration Module, eVDB Administration Module, eVDB Sharing Service, Crawling Service, Smart Gateway Agent, Smart Device Agent, Intelligent Intrusion Response System, Network Architecture and Assets Repository and the Profiling Service based on modular architecture (RCDA).
Each of the four main end-users of Cyber-Trust, Internet Service Providers, ICT Administrators, Smart-Home Owners, and Law Enforcement Agencies had a dedicated User Interface (UI), with access to different set of tools and capabilities. A 3D Virtual Reality User Interface was developed. Within the project 41 KPIs were identified, measured and met.
Two pilot demonstrations and eight end-user-oriented questionnaires were created to evaluate the Cyber-Trust platform employing a plethora of cyber-attacks (more than 20 different attacks).
The dissemination and exploitation activities resulted in numerous achievements. Starting with dissemination activities, all KPIs were met, as shown below.:
• Based on MATOMO analytics, 11.495 users visit the website
• Around 900 followers in social media
• Delivery of 11 website blogposts
• Creation of 3 Cyber-Trust brochures for highlighting projects outcomes; 3 brochures were promised
• A total of 47 scientific publications
• 9 workshops were organized or co-organised with other EU projects
• Publication of 10 press releases
• Participation and presentation of Cyber-Trust project in 30 industry and business events, conferences, panels, webinars, and technical meetings.
• Publication of 6 newsletters
• Two videos were produced
The activities for defining the final exploitation strategy and business plan include:
• The introduction and selection of most suitable exploitation scenarios from organisation’s perspective
• Identification of all aspects related to exploitation of the Cyber-Trust project outcomes
• The finalisation of IPR and knowledge
• Model of joint Ownership Agreement
• Comprehensive market analysis followed by key exploitable results
• Identification of initial price and financial aspects are also provided
• Exploitation book
Cyber-Trust is an innovative platform, deriving from the integration of different technological components, in order to cope with complicated cyber threats targeting heterogenous IoT systems (e.g. smart homes).
Cyber-Trust system consists of the components, modules and services progressing beyond the SOTA in the cyber-threat intelligence gathering, detection and mitigation framework.
To achieve these objectives, technological solutions and current trends regarding cyber-security and attacks have been analyzed, experts in the field of ICT, cyber-security, LEAs (cybercrime and digital forensic investigators) and blockchain have been consulted and tested the integrated platform. The results proved the capability of the Cyber-Trust platform. During the 2nd pilot we had 33 participants from diverse groups (ISP, LEAs, IoT/Smart Home, Administrators). More specifically twelve from the ISP group, five LEAs, three administrators and thirteen IoT/Smart Home owners. The satisfaction rate was between 74 to 96.2 percentage (well above the project’s KPI-70 percent).
To measure the impact of the platform, the consortium measured 41 KPIs from which 33 were technical oriented, measuring the capabilities of the components and platform as am integrated solution. To efficiently measure most of the KPIs a plethora of attacks were employed:
• Mirai Attack
• Zero-day Attack
• Zitmo Attack
• BlackEnergy
• Zeus + another 10 malware families
• Java-RMI backdoor
• distcc_exec backdoor
• UnrealIRCD backdoor
• Web Tomcat exploit
• Ruby DRb code execution
• Hydra FTP brute force
• Hydra SSH brute force
• Vsftpd exploit
• SMTP User Enumeration
• NetBIOS-SSN
Also, using PCAP files generated from the physical Smart Home of the SPEAR which contains various IoT devices, multisensorial network, PhotoVoltaic system of 10kW for energy production and net metering services the Cyber-Trust platform was tested without any prior testing/training on the data produced by the physical smart home. Five attacks were deployed, Brute force, Fuzzing, DoS-Flooding, Unauthorized access and Function enumeration. Four out of five attacks were successfully identified while three out of five attacks were successfully blocked.
The overall outcome maximised the impact of the Cyber-trust platform against the current trend of cyber-attacks, targeting Smart ecosystems, having great potential on defending the EU citizens from becoming victims.
Thus, Cyber-Trust reached the initial goals providing a multidisciplinary and multidimensional platform which is:
• Enhance detection of sophisticated attacks, targeting IoT ecosystems
• Enhance the mitigation and response time, through automated and semi-automated means, against cyber-attacks
• Enhance the resilience of smart infrastructures against cyber-attacks
• Improve the safety, security and privacy of the EU citizen’s data
• Assisting LEAs and ISPs to tackle security incidents against IoT systems more efficiently
• Improve the time needed in order to identify and exchange data that might contain digital evidences
Finally, eleven components have been made available as Open Source through the project’s repository in GitHub (https://github.com/CyberTrustProject).
Cyber-Trust system consists of the components, modules and services progressing beyond the SOTA in the cyber-threat intelligence gathering, detection and mitigation framework.
To achieve these objectives, technological solutions and current trends regarding cyber-security and attacks have been analyzed, experts in the field of ICT, cyber-security, LEAs (cybercrime and digital forensic investigators) and blockchain have been consulted and tested the integrated platform. The results proved the capability of the Cyber-Trust platform. During the 2nd pilot we had 33 participants from diverse groups (ISP, LEAs, IoT/Smart Home, Administrators). More specifically twelve from the ISP group, five LEAs, three administrators and thirteen IoT/Smart Home owners. The satisfaction rate was between 74 to 96.2 percentage (well above the project’s KPI-70 percent).
To measure the impact of the platform, the consortium measured 41 KPIs from which 33 were technical oriented, measuring the capabilities of the components and platform as am integrated solution. To efficiently measure most of the KPIs a plethora of attacks were employed:
• Mirai Attack
• Zero-day Attack
• Zitmo Attack
• BlackEnergy
• Zeus + another 10 malware families
• Java-RMI backdoor
• distcc_exec backdoor
• UnrealIRCD backdoor
• Web Tomcat exploit
• Ruby DRb code execution
• Hydra FTP brute force
• Hydra SSH brute force
• Vsftpd exploit
• SMTP User Enumeration
• NetBIOS-SSN
Also, using PCAP files generated from the physical Smart Home of the SPEAR which contains various IoT devices, multisensorial network, PhotoVoltaic system of 10kW for energy production and net metering services the Cyber-Trust platform was tested without any prior testing/training on the data produced by the physical smart home. Five attacks were deployed, Brute force, Fuzzing, DoS-Flooding, Unauthorized access and Function enumeration. Four out of five attacks were successfully identified while three out of five attacks were successfully blocked.
The overall outcome maximised the impact of the Cyber-trust platform against the current trend of cyber-attacks, targeting Smart ecosystems, having great potential on defending the EU citizens from becoming victims.
Thus, Cyber-Trust reached the initial goals providing a multidisciplinary and multidimensional platform which is:
• Enhance detection of sophisticated attacks, targeting IoT ecosystems
• Enhance the mitigation and response time, through automated and semi-automated means, against cyber-attacks
• Enhance the resilience of smart infrastructures against cyber-attacks
• Improve the safety, security and privacy of the EU citizen’s data
• Assisting LEAs and ISPs to tackle security incidents against IoT systems more efficiently
• Improve the time needed in order to identify and exchange data that might contain digital evidences
Finally, eleven components have been made available as Open Source through the project’s repository in GitHub (https://github.com/CyberTrustProject).