HP IoT security study and RERUM’s view

In today’s interconnected world new services and products are being developed for providing “smart” applications to the people and improving their lives. Although the benefits of the Internet of Things (IoT) have been well acknowledged for many years now, only lately the focus has been given on the security and privacy of the interconnected devices. In a world where the number of devices that are collecting data from the environment is increasing exponentially, the respective security concerns have not been addressed adequately.

An interesting thing is that recently, the number of reports raising security and privacy concerns for the IoT is also increasing. For example, HP recently published a research study regarding the security and privacy of the IoT. The findings showed (among others) that:

  1.  90% of the devices collected at least one piece of personal information
  2.  70% of the devices used unencrypted network services
  3.  80% of the devices used (or allowed) poor authentication with weak passwords and poorly protected credentials.

RERUM aims to address (among others) those three concerns with significant progress beyond the state of the art. Most IoT-related projects did not focus on the devices up until now, giving more importance on the vrtualization of the devices and their interconnectivity on the virtual world. on the contrary, RERUM, acknowledging the fact that most security and privacy issues of the IoT originate from the devices, aims to embed such security mechanisms on the hardware constrained sensor devices.

For addressing issue (1) above, RERUM aims to enhance the IoT frameworks with a “privacy-by-design” approach, which means that the devices will gather only the necessary information for each service without any personal information of the users. Even if there is a need to gather personal information, it will not be allowed to be sent to unauthorized people/devices. Furthermore, when the information will travel outside the RERUM domain, it can be cleaned from any personal identifiers, so that it can’t be linked with other information and mapped to the individuals. Of course this won’t mean that the information will not be transferred outside of the RERUM domain. The idea is not to design a very restricted intranet, from which no information will be extracted. RERUM will on the other hand design the system so that the information will travel to only the authorized users. Furthermore, these users will only get the exact info they need according to the service they request and their access/privacy policies and not something more that can be used for some other purpose later on. However, RERUM will not magically remove all private linkable information, but it will ensure that the users and the applications will only get the information they are authorised to get and nothing more that could be used to be linked with other data for extracting private user information.

As an example we can give the traffic monitoring use case, which will utilize information from users’ mobile phones (among others). This can be implemented in various ways, i.e. the mobile phones can send their exact GPS coordinates with their id at any given moment (clearly not privacy preserving), the coordinates can be sent anonymised (but linked with other data can reveal the id of the users),  the mobile phones can give speed info at some areas (still not privacy preserving), aggregation of data can also be used (but what happens if only one user is moving on the street?), etc. RERUM has a clear view on how to make a privacy preserving-by-design traffic monitoring system — stay tuned in the next period to see the updates.

For addressing issues (2) and (3), RERUM aims to develop extremely lightweight protocols for encrypting the transmissions of the information of the devices and these protocols will be adaptive to work on various devices according to their technical capabilities and according to the services they provide. For example, in sensor applications Compressive Sensing can be utilized as a simple approach of both compressing and encrypting data with very good reconstruction accuracy (and security). However, in very resource limited devices it is difficult to implement the technique because it normally requires a large encryption/compression key that should be stored in the flash and can’t be stored in the RAM or  changed at run-time (thus it makes it susceptible to attacks). RERUM has a clear approach for developing lightweight encryption techniques, i.e. an adaptive and extremely lightweight CS-based encryption mechanism that will be tailored to the needs of the devices and the service requirements for reconstruction error — and since it does compression it saves transmission energy! — please read our published papers and stay tuned for next updates! Furthermore, secure boostraping of credentials will ensure that whenever there is a need to change the credentials on the devices, this will be done in a secure way, without allowing third parties to acquire the new keys.

RERUM is an ambitious project aiming to enhance the reliability of the IoT so that it can be widely adopted by the citizens – stay in touch for more updates in the future and be sure to monitor the public deliverables.

RERUM demo in FORTH’s Marie Curie Open Day

On July 3rd 2014 a “Marie Curie Open Day” was organised at the premises of FORTH in Heraklion, Greece. The event was organised as part of the dissemination and publicity activities of the Marie Curie projects MESH-WISE and SOrBet. The event was split into two parts, one with invited tutorials and one with demonstrations.

RERUM was invited to participate in the event and show a demo to the attendees. Dr. Alexandros Fragkiadakis presented the demo “Compressive Sensing based gathering of temperature measurements from sensor devices”. The idea of the demo is to show the implementation of a mechanism for jointly compressing and encrypting measurements using Compressive Sensing on the Zolertia Z1 devices. In this respect, the transmitted measurements are simultaneously compressed and encrypted with a single key, using a lightweight mechanism that runs on the devices. In the figure below you can see Dr. Fragkiadakis presenting the demo.

In the TV screen three charts are depicted. The top chart shows the actual real time temperature data that are gathered from the devices. The middle chart shows the reconstructed (decompressed and decrypted) measurements at the server. The low chart shows the reconstruction error which is much less than 1% in our case. We  have to note here that we used a 50% compression, which means that we sent 50% less measurements, which reduces significantly the energy consumption on the sensor device.

 

IMG_20140703_173622

RERUM’s 4th Plenary Meeting

RERUM’s 4th meeting took place at FORTH in Heraklion at the end of June and beginning of July, with a very strong attendance from all partners. The three days of the meeting were packed with very fruitful and interesting discussions!

At the end of day three the partners of RERUM connected with 2 other EU projects related with Smart Cities (MESH-WISE / SOrBet) in a joint session. The goal was to identify common areas between the three projects and possibilities for cooperation.

RERUM identified itself as able to provide the other projects with guidelines on how to build more secure and privacy preserving architectures. MESH-WISE presented itself as a promising solution for providing optimized performance in wireless mesh networking within urban areas that could possibly help RERUM in the lower layers networking solutions. SOrBet proposed to assist RERUM in the area of building automation systems and in the trials, since the SOrBet partners have an existing automation system that can be used.

In general, the three projects have identified common areas and will continue the close cooperation in the future.

RERUM @ ACNS 2014 in Lusanne

RERUM will be present at the ACNS conference. Henrich Pöhls will attend the 12th International Conference on Applied Cryptography and Network Security taking place from 10th of June till 13th of June in Lausanne (Swiss) and present results from RERUM.

He will present the paper ‘On Updatable Redactable Signatures’ authored by H. C. Pöhls and K. Samelin in a presentation on Friday 13th of June.

Henrich C. Pöhls @ ACNS 2014 in Lausanne

Henrich C. Pöhls @ ACNS 2014 in Lausanne

The paper is about so called redactable signatures, which allow removing parts from signed documents. In RERUM we gathered the state-of-the-art of malleable signature schemes and our analysis of security models revealed that the existing models do not capture the possibility that the signer can “update” signatures, i.e., add new elements. Neglecting this in the model, the models would tolerate that third parties can generate forgeries if they are given access to an update oracle. Moreover, the analysis showed that there are constructions which permit creating a signature by merging two redacted messages, if they stem from the same original. Again the short coming of previous models is that this is not explicitly described. The paper presents an adjusted definition that captures both possibilities. Moreover, the paper presents a provably secure construction in the standard model, which makes use of a novel trapdoor-accumulator.

For an up-to-date list of RERUM’s academic publications including DOI links, please visit the papers page.

RERUM @ IoT Week

RERUM will have a strong participation in the IoT Week that will be held in London June 16-20.

RERUM was invited and will participate in the following sessions, mainly trying to address the project’s objective for security and privacy by design in the IoT:

1) IERC Activity Chain 1 – IoT Open Platforms  (June 17th, 11:30 – 15:30)

2) JRC, European Commission, IERC – Trusted Internet of Things (June 17th, 16:00 – 17:30)

3) IoT Forum – Semantic Interoperability; Security, Privacy, Trust & the ARM (June 18th, 09:15 – 17:30)

4) BUTLER consortium – IoT user’s experiences: engagement, expectations and concerns (June 18th, 09:15 – 13:00)

5) ALMANAC consortium – IoT Technologies for Smart Cities (June 18th, 10:00 – 11:00)

 

come meet us in the IoT week!

 

RERUM @ GWS2014: best paper award @ WirelessVitae

RERUM had a strong participation at the Global Wireless Summit (GWS) that was held at Aalborg, Denmark, May 11-15, 2014.

Four project papers were presented at the conference, 3 of them from FORTH and one from LiU.

The papers received very good comments from the audience and initiated nice discussions.

The highlight was the WirelessVitae 2014 “best paper award” that was awarded to the paper entitled “Energy efficient collection of spectrum occupancy data in wireless cognitive sensor networks, written by George Stamatakis, Elias Tragos and Apostolos Traganitis of the Foundation for Research and Technology Hellas (FORTH).

IMG_20140512_232228

The figures below depict the presentation of one of the papers by Dr. Alexandros Fragkiadakis of FORTH.

20140513_16291820140513_163842

For an up-to date list of RERUM papers, please visit http://ict-rerum.eu/publications/papers/.

RERUM AT ENISA ANNUAL PRIVACY FORUM (AFP’14)

Prof. Joachim Posegga from UNI PASSAU will attend the 2nd edition of the Annual Privacy Forum, jointly organized by the European Union Agency for Network and Information Security (ENISA), EC DG CONNECT and as local organizer the Systems Security Laboratory (SSL) of the University of Piraeus. The event will take place on 20thand 21st of May 2014 in Athens.

He will participate in the panel discussion on “Data Protection in the EU — risks and vulnerabilities, market and policy solution” taking place on the second day, 21st of May 2014, at 12:00. The panel discussion will discuss these risks and vulnerabilities. Furthermore, it explores market and policy solutions to the perceived lack of privacy and security of networks and devices.  What is the role of research? What should companies do?  standards? mandatory requirements?

RERUM sees security and in particular privacy as crucial for Europe and that it can be a competitive advantage. Hence, the technology should follow the principle of privacy by design, e.g. collecting data only if absolutely necessary. RERUM will exemplify this technical approach for the IoT.

RERUM at SNOW 2014

RERUM was present at the 5th Nordic Workshop on System and Network Optimization for Wireless (SNOW) that was held in Are, Sweden 2-4 April 2014.

A RERUM promotional poster was presented at the conference by LiU and FORTH, attracted several participants and triggered various discussions around the IoT, its potential for smart city applications and what the project can do to enhance the trustworthiness of the IoT world.

RERUM would like to thank the organizers for giving us a chance to present our project at the workshop.

20140404_170206_LLS

 

RERUM @ IEEE WCNC 2014 Workshop on Internet of Things Communications and Technologies

Henrich Pöhls will attend the IEEE WCNC 2014 Workshop on Internet of Things Communications and Technologies in Istanbul on Sunday, 6th of April.

He will give a keynote on ‘Integrity — A short tour around technical and legal definitions and the impact of integrity’ and present the joint paper of RERUM’s challenges and the overview of intended building blocks.

He will also present the paper ‘RERUM: Building a Reliable IoT upon Privacy- and Security-enabled Smart Objects’ that was written by Henrich Pöhls (University of Passau, Germany), Vangelis Angelakis (Linköping University, Sweden), Santiago Suppan, Kai Fischer (Siemens AG, Germany), George Oikonomou (University of Bristol, UK), Elias Tragos (Institute of Computer Science, FORTH, Greece), Rodrigo Diaz Rodriguez (Atos, Spain), Theodoros Mouroutis (Cyta Hellas, Greece).

 

Important political commitment to the ‘Internet of Things’

Prime minister David Cameron has announced that the UK government will spend an extra £45m on funding the development of “Internet of Things” technology.

This pledge by the prime minister came at the opening of the 2014 CeBIT technology trade fair in Hannover Germany and will more than double the funds available to UK technology firms working on everyday devices that can communicate over the internet.

“I see the Internet of Things as a huge transformative development – a way of boosting productivity, of keeping us healthier, making transport more efficient, reducing energy needs, tackling climate change,” he said.

Analysts say the Internet of Things could transform daily life. US research firm Gartner predicts there will be nearly 26 billion devices connected to the Internet of Things by 2020. (BBC News)

http://www.bbc.com/news/business-26504696