Exploring cybersecurity’s new frontier with Telecommunication Systems Institute
The largest and most populous of the Greek islands, Crete is also home to IntellIoT partner Telecommunication Systems Institute, whose researchers contribute trust-based algorithms that can discriminate between legitimate and malicious participants in IoT environments.
TSI will also work towards developing the interoperability box for IntellIoT’s Hypermedia multi-agent system (HyperMAS), and offer distributed ledger technology, including smart contracts deployed to increase the resilience of IoT systems. Next Generation IoT spoke to TSI’s experts Babis Savvakos and Vasilis Amourgianos about their hopes, dreams and fears related to the research and innovation project as the wider IoT space.
What excites you most about working with IntellIoT and what do you think are the main challenges you will face?
Babis Savvakos: I am excited to be working on a state-of-the-art, pioneering project. We will mostly be working on the security aspects of the project, ensuring that we have trustworthy communicating devices.
There’s a lot of new ground to cover. Even the collaboration between so many industrial and academic partners might prove to be something that requires a lot of work. There are a lot of new things that we will develop together, and this will of course bring interesting challenges.
Vasilis Amourgianos: Yes, some technological challenges revolve around the interoperability between several technologies that everyone is bringing to this project. For example, in our case, we have our trust-based networking security solutions from the University of Aalborg – who are dealing with distributed ledger technologies – and collaborate in order to provide a common framework. We have to make sure they are compatible with their own solutions. The technologies must all be integrated so they are part of the whole system. That will be a big challenge.
In the case of HyperMAS, we have to develop the Interoperability box that will allow communication between different types of devices. In this case, too, we will have to cooperate with other partners to see which devices we will adopt, and how they will communicate, and how our own solution will be part of the HyperMAS system.
IntellIoT is a consortium of thirteen partners. What have you already learnt about collaboration at such a scale?
Babis Savvakos: It is still quite early in the project, and we are still trying to figure out how each partner is working and the specifics of the technologies that they are contributing so that we can collaborate with them and produce a final coherent framework.
What makes TSI perfect for IntellIoT and the specific tasks that you have to perform?
Babis Savvakos: We provide security solutions which is a critical part of any system of this kind. We are not the only partners focusing on security. Sphynx and the University of Aalborg are also on board. The risk of cyberattacks in all use cases is very real and something that you have to be ready for, with proper detection and mitigation mechanisms and strategies to react.
Take the case of manufacturing, as an example. A potential cyberattack can create serious issues in the production lines triggering severe financial disasters (there are many reported cases that the losses in such cases amount to millions of euros) and there can even be risks to the physical safety of the workers or the end clients.
Another concern that we have to watch out for is the confidentiality of information and its relation to the user in the system. Consider the medical use case for example: patient data are strictly confidential and have to be protected from any unauthorised access (that is, anyone except the patient and their physician).
What kinds of threats are you hoping to protect the users of this future technology from?
Vasilis Amourgianos: We aim to provide security at several levels: from protecting the information flow in the user system so that external entities cannot access sensitive information to preventing malfunctioning or rogue equipment to bring the system to a potentially dangerous state and to detecting, isolating and defending against external malicious attacks.
We are going to provide solutions that aim to build a network of trust among the nodes that participate in the IoT system. Continuous operation with acceptable behaviour strengthens the trust among the nodes, however, deviations (which can be attributed to different kinds of sources, e.g. a malfunctioning sensor that provides erroneous measurements or a compromised node that creates suspicious network traffic) reduce it. When certain thresholds are met, warnings are triggered and corrective actions are taken both in a centralised and a distributed way.
What aspect of the manufacturing use case are you most excited to work on?
Babis Savvakos: Personally, I think it revolutionises how production works. As of now, each company has its own production line for a specific product –or even if they outsource that production line, it has to be built for that specific product.
What we are trying to create at IntellIoT is a production line that can be dynamically reconfigured to manufacture different products from many different customers in a flexible, individualised and shared way, enabling manufacturing at any scale (down to lot size one). Being able to participate in such a malleable manufacturing environment and initiate even very small scale production that exactly meets your needs is revolutionary.
I think being able to reduce, or even completely cut the cost of creating the custom product line is something that hasn’t –to my knowledge– been done up until now. And I think, being part of such an event, is very important.
One of the struggles you have is in trying to bring latency down so that all these machines can work together. How will that be achieved?
Babis Savvakos: There are two aspects to latency: network and computation. We aim to extensively use 5G networks as an enabler to achieve fast, low latency and reliable communications in the deployed IoT solutions. And we plan to reduce the latency on the compute front by bringing all computations closer to where they are needed. This is the so-called edge computing, which means that most of the computation that is needed in the system is carried out near the premises (e.g. the factory floor) and not in some remote location where a server or cloud infrastructure is available. This reduces significantly the overall latency by reducing the communication and communication overhead.
In manufacturing, a robot might need some information at a very specific time (or within a strict timeline). So, latency is very important– it can mainly be achieved by the 5G infrastructure and by performing as many computations as we can near that robot. Our own solutions will try to minimise the threats of such communications while keeping the benefits of secure transfers.
What will your main contributions to IntellIoT be?
Babis Savvakos: We are contributing to IntellIoT in two key technologies: the Distributed Intrusion Detection System and Moving Target Defense control mechanism. These two technologies aim to detect a potential threat and react in order to protect the system from a malicious or misbehaving node. Both systems will have to work in such a way as to minimise latencies and overheads as well as preserve the operation of the overall IoT deployment even in the presence of an ongoing attack.
Vasilis Amourgianos: The intrusion detection system will monitor the behaviour of the different nodes of the IoT network and create profiles of that behaviour. If some node misbehaves, then we generate a warning specifying the problem and activate a defence mechanism that provides different levels of actions to mitigate the attack (that is why it is called a moving target defence system). The defence system also informs the human operator to take measures against the problem, in case it cannot be solved automatically or a different course of action is desired.
So this is where the human-in-the-loop comes in?
Vasilis Amourgianos: Yes, we can only identify and mitigate attacks to protect the system but cannot take actions for events that need manual intervention. For example, suppose that an attacker sends a malicious plan to the manufacturing equipment (an actual security scenario for use case three in the project). That plan will generate abnormal behaviour and the security components will have to detect it, prevent any damages and notify the human-in-the-loop to take action and check what’s wrong. The system cannot know if the plan it has received is malicious or if it was simply an error in configuration.
Similarly, at the network level, a network configuration might be wrong, so a system administrator might need to reconfigure the connection correctly. Another example is a device that malfunctions — we will be able to identify such a problem, but fixing it is not possible at the software automatic level. So in that case we would have to notify the human-in-the-loop to take action.
How do you feel about operating at this IoT frontier?
Vasilis Amourgianos: It is both scary and exciting. It is very interesting for sure. It is a fairly new field of research, and participating in it gives us many opportunities. We can possibly create solutions that are new in the field — and not simply make something that already exists better. And that is very important for us. It gives us a reason to focus and to work.
Babis Savvakos: I totally agree with Vasilis. I’d just like to add that one more contribution of TSI is not security-related. That is what we call the interoperability box, which handles the communication between heterogeneous devices. In other words, we are going to create this part of the system that enables a common way for devices that employ different sets of communication protocols to communicate.
***
Join us on May 25th for the #InDataWeTrust meetup, during which - along with experts and specialists from IntellIoT, Startup Colors and meetup.ai community - we will be exploring the security and privacy challenges of IoT and AI applications, and discussing how modern technology can be used to address trust concerns. Registration link here.
For more materials and updates regarding the IntellIoT project, subscribe to our newsletter.