Skip to main content

Cyber security 4.0: protecting the Industrial Internet Of Things

Periodic Reporting for period 1 - C4IIoT (Cyber security 4.0: protecting the Industrial Internet Of Things)

Reporting period: 2019-06-01 to 2020-11-30

C4IIoT will design, build and demonstrate a novel and unified Cybersecurity 4.0 framework that implements an innovative IoT architecture paradigm to provide an end-to-end holistic and disruptive security enabling solution for minimizing the attack surfaces in Industrial IoT systems. C4IIoT novel cybersecurity mechanisms are carefully orchestrated across all infrastructure elements involved within an IIoT system (e.g. IIoT devices, field gateways, cloud resources) and is based upon analysis of various data flows (e.g. IIoT device data, encrypted network flows).

The objectives of the C4IIoT project are the following:
- Develop an end-to-end (edge-to-cloud) solution for prevention and protection against attacks targeting Industrial IoT infrastructures
- Offer almost real-time malicious and anomalous behavior anticipation, detection, tracking, mitigation, and end-user informing
- Realize societal and industrial opportunities in real-world settings
- Raise awareness and ensure transferability of project’s results
- Offer ready to market solutions and long-term sustainability
Some of the project highlights are:

C4IIoT platform. The specification of C4IIoT architecture as a fully integrated strategic approach that bridge many different technologies and concepts, including hardware-enabled security and protection, access control and authentication mechanisms, end-to-end encryption, and behavioral analytical models. These mechanisms enable many different properties, such as accountability, privacy-preserving, reliability and trustworthiness.

Platform integration and use cases demonstrations. The project successfully delivered the Minimum Viable Product (M12) and the first integrated version of the platform (M18), which include different modes of operations within the two real-world scenarios, namely “Smart Factory” and “Inbound Logistics”.

Raise awareness. Several different dissemination activities have been made, including the 1st C4IIoT INFODAY webinar, the 1st C4IIoT Winter School and the participation with a panel in the CONCORDIA Open Door 2020 event.

Work highlights per WP:

WP1: The work carried out led to the identification of industrial challenges, the elicitation of user requirements, the specification of the architecture, and the definition of the demonstration protocol.

WP2: The work carried out led to the development of machine learning methods that perform detection of complex anomalous and malicious behaviour, as well as to the development of secure-enabled edge nodes for the use cases of C4IIoT. For the “Smart Factory” use case, C4IIoT provides hardware security for the edge nodes in order to perform operations in a secure way, as well as to communicate securely with other components of the C4IIoT framework. For the “Inbound Logistics” use case, the focus is also on the implementation of hardware-enabled security in the edge nodes, but with an emphasis on the NB-IoT communications.

WP3: The work carried out led to the development of cloud-enabled mechanisms, including the deployment of several security tools (cloud gateway, private docker registry, private certificate authority) and the implementation of mitigation and immune reaction mechanisms across different layers, as well as the implementation of decentralized access control (DAC) prototype and its integration with identity management and secure element. In addition, the utilization of Intel SGX technology for privacy-preserving data analysis in the cloud was designed and tested.

WP4: The work carried out within this period allows us to have an operational infrastructure environment where the software modules which are part of the C4IIoT solution have been deployed supporting the realization of the C4IIoT MVP prototype (M12) and the 1st C4IIoT prototype (M18).

WP5: The work carried out led to the refinements of the pilots (getting input from WP1 results), in parallel with the integration of system modules, refined execution parameters, KPIs, evaluation parameters and guidelines for the demonstration execution. Furthermore, the finalization of the demonstration protocol was achieved, as well as the detailed validation and evaluation of the C4IIoT platform, from a usability and end-user point of view, based on the defined KPIs.

WP6: The work carried out led on providing the segmentation of the IoT and cybersecurity IoT market, as well as a business model elaborated from a business model canvas which allows to prepare the long-term sustainability. Moreover, it has identified and classified the European and international recommendations and standards that are enforced and applied in the framework, solution by solution, as well as the individual exploitation partner plans.

WP7: The goal of WP7 is to set up and maintain the administrative, financial and management infrastructure of the C4IIoT project.
WP1 provides the analysis of novel and relevant academic literature in several technological domains, as well as the integration of a large and diverse set of cybersecurity technologies in a single framework with a particular attention to a human-in-the-loop approach. It also offers the classification of all CRF assets with an emphasis on cyber-physical impact and the modelling of likely entry-points.

WP2 enables the support of hardware-enabled components allow secure access to every layer of the architecture (edge nodes, field gateways, cloud) and the use of hardware-enforced security tokens, for identity and access management. It also enables the efficient use of machine learning methods at the edge to enrich the detection of complex anomalies and malicious behavior opportunistically, via security-aware offloading mechanisms.

WP3 provides innovative components for anomaly detection using both machine- and deep-learning techniques, as well as a decentralized solution to control and restrict access to data using encryption with privacy-aware policies, enable auditability of events and policies using Hyperledger Fabric (blockchain) and verify the integrity of data. It also enables the use of Constraint Object Oriented Logic Programming paradigm to both model and search for solutions to run-time attacks on a system. Finally, it offers novel patch-oriented-testing methods that allow to focus on specific targets of binary code.

WP4 provides a platform innovation empowering C4IIoT to become a basis for building secure and trustworthy IoT ecosystems, as well as a clear and detailed image on the latest technologies (blockchain, ML/DL technologies, edge/cloud computing, Big Data etc.) which will be the basis for the expected project innovations.

WP5 has no innovation at this point.

WP6 has the goal is to highlight the innovations of the technical WPs and is not itself conducive to innovation. The main innovation for this WP resides in the federation of the roadmap for dissemination and standardisation activities with other projects in cybersecurity or similar domains.