Secure Interoperable Full-Stack Internet of Things for Smart Home

SIFIS-Home will provide a multi-level secure, accountable and privacy-aware framework for improving resilience by enforcing and managing application/service security and data protection, as well as for managing in a security-aware manner the smart services typical of a Smart Home environment.

SIFIS-Home will achieve the overall aim by addressing the following technical objectives (with each implemented by their corresponding work package):

Objective 1: SIFIS-Home will provide an adaptive, intuitive, user friendly and extensible set of secure programming interfaces for developers of Smart Home secure applications and services, which allow the exploitation of the SIFIS-Home framework in its full potential.

Objective 2: SIFIS-Home will perform research activities on code security and privacy issues by proposing IoT specific metrics and conformance labels for code security and privacy, which will also result in tools for software assessment, aimed at helping developers to write secure and SIFIS-Home compliant application code.

Objective 3: SIFIS-Home will provide novel secure communication and management methods and services, as open software components and privacy-friendly building blocks for Smart Home application scenarios.

Objective 4: SIFIS-Home will adopt a fully privacy-aware approach for data management, and will accordingly design novel privacy-preserving data analysis techniques for smart services that provide transparent security services to identify and tackle misbehaviours and intrusion attempts without hindering users’ privacy.

Objective 5: SIFIS-Home will propose, design, implement, and deploy an architectural model and smart home services designed to ensure verifiable data security at all times.

Objective 6: SIFIS-Home will deliver a real-life pilot use case, based on an interconnected Smart Home environment.

Objective 7: SIFIS-Home will actively disseminate and exploit the project results and will engage in activities devoted to standardize such results.

By the end of the project, the following main results and work had been achieved.

WP1 Distributed System Architecture
o The initial architecture requirements were reported in deliverable D1.1.
o All use cases and requirements for the SIFIS-Home framework and architecture were reported in deliverable D1.2.
o The first version of the SIFIS-Home architecture and SIFIS-Home framework was released and published in deliverable D1.3.
o The final version of the SIFIS-Home architecture and SIFIS-Home framework was released and published in D1.4.

WP2 Guidelines and Procedures for System and Software Security and Legacy Compliance
o The preliminary developer guidelines were reported in deliverable D2.2.
o The initial report on legal and ethical aspects was submitted in deliverable D2.6.
o New developer tools (weighted-code-coverage, sifis-generate) were implemented and maintained.
o Toolset and best practices were validated using the wot-rust development as a testbed.

WP3 Network and System Security
o Security solutions were designed and developed. These include: i) methods and protocols to ensure end-to-end secure CoAP communications also within groups; ii) methods and protocols for establishing and provisioning security keying material, with particular reference to the key establishment protocol EDHOC and its use for CoAP and OSCORE; iii) methods for the (automatic) notification of revoked access grants in the context of the standard ACE-OAuth framework.
o An analysis and feedback on architecture requirements and goals - which provides a brief, high-level overview of the technical security solutions under development in WP3 - was reported in deliverable D3.1.

WP4 Privacy-Aware Analytics for Security and Services
o The initial design and development of privacy aware analytics for secure services was reported in deliverable D4.2.
o Developed new analytics and improvement of speech recognition performance using the Whisper model.
o Integrated analytics into the Data Analysis Toolbox.
o Refined a model based on Semantic Web technologies and Petri Networks for addressing inconsistencies in high-level security policies.

WP5 Integration, Testing and Demonstration
o Three test beds were defined: a simulated one, a physical one for the SIFIS Home network, and also a special testbed to validate network security solutions from WP3. The live and simulated testbed were deployed on a server hosted by CNR.
o A first version of SIFIS-Home testbed was reported in deliverable D5.1.
o A first version of SIFIS-Home security architecture implementation was reported in deliverable D5.2.
o A final version of SIFIS-Home testbed was reported in deliverable D5.3.
o A final version of the SIFIS-Home security architecture implementation was reported in deliverable D5.4.

WP6 Smart Home Use Case
o 19 smart home use cases were defined and successfully tested using a physical testbed with the SIFIS-HOME framework.
o Web of Things (WoT) compliant firmware was implemented for DoMO WiFi actuators.
o SIFIS-HOME NSSD Manager was developed for interacting with home devices.
o A VPN solution was implemented for remote access to home service.
o A mobile application was created for managing SIFIS-Home network functionalities and a web server application for initializing new smart devices in the network.

WP7 Dissemination, Standardization and Exploitation
o Published 15 journal articles, 11 conference papers, and articles in 3 news journals (Wired IT, RaiNews 24, Sky Italy).
o Attended the IoT Solutions World Congress & Cybersecurity Congress in Barcelona in early 2023.
o Participated in 19 industrial meetings focused on dissemination and exploitation, including keynote speeches and panel discussions.
o Organized and participated in three academic workshops (ETAA 2021, ETAA 2022 and SECSOFT 2022) and five seminars with both academic and industrial audiences.
o Participated in several IETF general meetings, Working Group interim meetings and related Hackathon /testing events.
o In August 2022, the OSCORE profile of the Authentication and Authorization for Constrained Environments (ACE) framework was published as RFC 9203, setting it as a Proposed Standard.
o The ACE Working Group adopted both the EDHOC (Ephemeral Diffie-Hellman Over COSE) and OSCORE profiles of ACE as a formal document in November 2022, indicating progress in secure communications protocols.
o Throughout 2022 and 2023, there were multiple requests for publication of standards related to the ACE framework, including key management for OSCORE groups and notifications for revoked access tokens, highlighting ongoing developments in secure IoT communications.
o By August 2023, the EDHOC key establishment protocol was approved for publication as a Proposed Standard.

The SIFIS-Home project made relevant progress with respect to the current state of the art concerning a set of technologies required for implementing the functionality of a Smart Home system. To this end, the SIFIS-Home project enhanced the Security in the Internet of Things through the development of a resilient framework implementing Dynamic Distributed Intrusion Detection, Intrusion Prevention and Accountability and Software Fault and Vulnerability Detection and Mitigation. This development employed Secure Languages and Cybersecurity Coding Best Practices, and performed proper Software Security Measurements in order to guarantee the framework security.