HP IoT security study and RERUM’s view

In today’s interconnected world new services and products are being developed for providing “smart” applications to the people and improving their lives. Although the benefits of the Internet of Things (IoT) have been well acknowledged for many years now, only lately the focus has been given on the security and privacy of the interconnected devices. In a world where the number of devices that are collecting data from the environment is increasing exponentially, the respective security concerns have not been addressed adequately.

An interesting thing is that recently, the number of reports raising security and privacy concerns for the IoT is also increasing. For example, HP recently published a research study regarding the security and privacy of the IoT. The findings showed (among others) that:

  1.  90% of the devices collected at least one piece of personal information
  2.  70% of the devices used unencrypted network services
  3.  80% of the devices used (or allowed) poor authentication with weak passwords and poorly protected credentials.

RERUM aims to address (among others) those three concerns with significant progress beyond the state of the art. Most IoT-related projects did not focus on the devices up until now, giving more importance on the vrtualization of the devices and their interconnectivity on the virtual world. on the contrary, RERUM, acknowledging the fact that most security and privacy issues of the IoT originate from the devices, aims to embed such security mechanisms on the hardware constrained sensor devices.

For addressing issue (1) above, RERUM aims to enhance the IoT frameworks with a “privacy-by-design” approach, which means that the devices will gather only the necessary information for each service without any personal information of the users. Even if there is a need to gather personal information, it will not be allowed to be sent to unauthorized people/devices. Furthermore, when the information will travel outside the RERUM domain, it can be cleaned from any personal identifiers, so that it can’t be linked with other information and mapped to the individuals. Of course this won’t mean that the information will not be transferred outside of the RERUM domain. The idea is not to design a very restricted intranet, from which no information will be extracted. RERUM will on the other hand design the system so that the information will travel to only the authorized users. Furthermore, these users will only get the exact info they need according to the service they request and their access/privacy policies and not something more that can be used for some other purpose later on. However, RERUM will not magically remove all private linkable information, but it will ensure that the users and the applications will only get the information they are authorised to get and nothing more that could be used to be linked with other data for extracting private user information.

As an example we can give the traffic monitoring use case, which will utilize information from users’ mobile phones (among others). This can be implemented in various ways, i.e. the mobile phones can send their exact GPS coordinates with their id at any given moment (clearly not privacy preserving), the coordinates can be sent anonymised (but linked with other data can reveal the id of the users),  the mobile phones can give speed info at some areas (still not privacy preserving), aggregation of data can also be used (but what happens if only one user is moving on the street?), etc. RERUM has a clear view on how to make a privacy preserving-by-design traffic monitoring system — stay tuned in the next period to see the updates.

For addressing issues (2) and (3), RERUM aims to develop extremely lightweight protocols for encrypting the transmissions of the information of the devices and these protocols will be adaptive to work on various devices according to their technical capabilities and according to the services they provide. For example, in sensor applications Compressive Sensing can be utilized as a simple approach of both compressing and encrypting data with very good reconstruction accuracy (and security). However, in very resource limited devices it is difficult to implement the technique because it normally requires a large encryption/compression key that should be stored in the flash and can’t be stored in the RAM or  changed at run-time (thus it makes it susceptible to attacks). RERUM has a clear approach for developing lightweight encryption techniques, i.e. an adaptive and extremely lightweight CS-based encryption mechanism that will be tailored to the needs of the devices and the service requirements for reconstruction error — and since it does compression it saves transmission energy! — please read our published papers and stay tuned for next updates! Furthermore, secure boostraping of credentials will ensure that whenever there is a need to change the credentials on the devices, this will be done in a secure way, without allowing third parties to acquire the new keys.

RERUM is an ambitious project aiming to enhance the reliability of the IoT so that it can be widely adopted by the citizens – stay in touch for more updates in the future and be sure to monitor the public deliverables.

RERUM demo in FORTH’s Marie Curie Open Day

On July 3rd 2014 a “Marie Curie Open Day” was organised at the premises of FORTH in Heraklion, Greece. The event was organised as part of the dissemination and publicity activities of the Marie Curie projects MESH-WISE and SOrBet. The event was split into two parts, one with invited tutorials and one with demonstrations.

RERUM was invited to participate in the event and show a demo to the attendees. Dr. Alexandros Fragkiadakis presented the demo “Compressive Sensing based gathering of temperature measurements from sensor devices”. The idea of the demo is to show the implementation of a mechanism for jointly compressing and encrypting measurements using Compressive Sensing on the Zolertia Z1 devices. In this respect, the transmitted measurements are simultaneously compressed and encrypted with a single key, using a lightweight mechanism that runs on the devices. In the figure below you can see Dr. Fragkiadakis presenting the demo.

In the TV screen three charts are depicted. The top chart shows the actual real time temperature data that are gathered from the devices. The middle chart shows the reconstructed (decompressed and decrypted) measurements at the server. The low chart shows the reconstruction error which is much less than 1% in our case. We  have to note here that we used a 50% compression, which means that we sent 50% less measurements, which reduces significantly the energy consumption on the sensor device.

 

IMG_20140703_173622

RERUM @ IoT Week

RERUM will have a strong participation in the IoT Week that will be held in London June 16-20.

RERUM was invited and will participate in the following sessions, mainly trying to address the project’s objective for security and privacy by design in the IoT:

1) IERC Activity Chain 1 – IoT Open Platforms  (June 17th, 11:30 – 15:30)

2) JRC, European Commission, IERC – Trusted Internet of Things (June 17th, 16:00 – 17:30)

3) IoT Forum – Semantic Interoperability; Security, Privacy, Trust & the ARM (June 18th, 09:15 – 17:30)

4) BUTLER consortium – IoT user’s experiences: engagement, expectations and concerns (June 18th, 09:15 – 13:00)

5) ALMANAC consortium – IoT Technologies for Smart Cities (June 18th, 10:00 – 11:00)

 

come meet us in the IoT week!

 

RERUM @ GWS2014: best paper award @ WirelessVitae

RERUM had a strong participation at the Global Wireless Summit (GWS) that was held at Aalborg, Denmark, May 11-15, 2014.

Four project papers were presented at the conference, 3 of them from FORTH and one from LiU.

The papers received very good comments from the audience and initiated nice discussions.

The highlight was the WirelessVitae 2014 “best paper award” that was awarded to the paper entitled “Energy efficient collection of spectrum occupancy data in wireless cognitive sensor networks, written by George Stamatakis, Elias Tragos and Apostolos Traganitis of the Foundation for Research and Technology Hellas (FORTH).

IMG_20140512_232228

The figures below depict the presentation of one of the papers by Dr. Alexandros Fragkiadakis of FORTH.

20140513_16291820140513_163842

For an up-to date list of RERUM papers, please visit http://ict-rerum.eu/publications/papers/.

RERUM at SNOW 2014

RERUM was present at the 5th Nordic Workshop on System and Network Optimization for Wireless (SNOW) that was held in Are, Sweden 2-4 April 2014.

A RERUM promotional poster was presented at the conference by LiU and FORTH, attracted several participants and triggered various discussions around the IoT, its potential for smart city applications and what the project can do to enhance the trustworthiness of the IoT world.

RERUM would like to thank the organizers for giving us a chance to present our project at the workshop.

20140404_170206_LLS