Cyber-Trust: Safeguarding IoT
The explosive development of the concept of the Internet of Things (IoT) is accompanied by an unprecedented revolution in the physical and cyber world. Smart, always-connected devices provide real-time contextual information with low overhead to optimise processes and improve how companies and individuals interact, work, and live. An increased number of businesses, homes and public areas are now starting to use these intelligent devices. The number of interconnected IoT devices (wide-area and short-range IoT connections) in use worldwide has already exceeded 8.6 billion since 2018 and is expected to grow to 22 billion by 20243.
On one side, the IoT devices offer extended features and functionality; on the other side, their security level is still low, with well-known weaknesses and vulnerabilities, which provide cybercriminals the opportunity to easily evade systems and eventually create backdoors into organisations’ infrastructures.
Cyber-Trust is an innovative cyber-threat intelligence platform which aims to gather, detect, and mitigate sophisticated attacks, securing the ecosystem of IoT devices. The project is built around four pillars: Key proactive technologies such as zero-day vulnerability discovery and sharing; Cyber-attack detection and mitigation on IoT devices (tampering and network/DoS attacks); distributed ledger technologies (DLT) to considerably reduce the ability of hackers to tamper with legacy IoT devices; and Interactive situational awareness and control to augment the infrastructure’s operator capabilities in tackling risks and emergencies.
Most security issues arise from devices with flawed design or poor configuration, which allows attackers to compromise them2; tools, such as Shodan and IoTSeeker, can be easily used to discover such vulnerable devices. This raises the important question of how large-scale exploitation of such vulnerabilities can be prevented, considering the IoT devices’ limited capacity to secure themselves as they cannot be equipped with operating systems or the multitude of security mechanisms available on systems with higher resource availability. Moreover, software update mechanisms to fix the vulnerabilities and update configuration settings is often overlooked by manufacturers, vendors, and others on the supply chain.
In addition, even if such a functionality is given, there is often no efficient way to patch those devices, and the possibility to add new vulnerabilities exists. Many lists of “best practices” have been developed to address these issues. Building and managing vulnerability profiles, possibly with the involvement of manufacturers5, could assure consumers that security and privacy issues are addressed seriously. Realising this is far from trivial, the blockchain may prove to be ideal towards this direction.
In the project, we further advanced the current state-of-the-art on various areas such as the identification and linkage of cyber-threat exploits across different platforms by deploying and adjusting to our context a number of sophisticated methods and tools, ranging from graph mining and anomaly detection mechanisms relying on machine learning, to the adoption of a permissioned blockchain to define a privacy-preserving framework for achieving trusted, decentralised coordination and transaction processing between IoT devices4.
Blockchain solutions have recently been proposed for both intrusion detection and forensic evidence applications1, since in both cases blockchain can solve issues pertaining to trust, integrity, transparency, accountability, and secure data sharing. To address the issue of trust establishment, the design of a blockchain-based solution for securing IoT devices and their transactions is not straightforward. In most cases, an IoT device’s available resources are highly constrained, whilst there is a need for performing transactions at high speed. These requirements call for efficient blockchain solutions; key design factors that determine both their security and performance, in the context of the IoT, are briefly presented below.
Focusing on the blockchain, the project is utilising HyberLedger Fabric to build an independent Root of Trust (RoT) that allows the IoT devices to defend against sophisticated cyber-attacks, like Advanced Persistent Threats (APTs). This is achieved by storing the update history of an IoT devices’ integrity state in the distributed ledger, since the primary advantage of using the blockchain for integrity is that there are no keys to be compromised.
The main assumptions under which such mechanisms are secure is the transparency of the data stored on the blockchain and the utilisation of a cryptographically strong hash algorithm whose fingerprint is included in the blockchain1. The choice of HyperLedger Fabric was not random as well; the key advantage of HyperLedger for Cyber-Trust is the private channel feature that allows to partition the data added on the blockchain. Due to the criticality of the stored data, only users that have subscribed to a channel should be able to access its content.
Another asset of HyperLedger is its scalability which is an important factor if we consider that the ecosystem of Cyber-Trust is estimated to be 22bn IoT device by 20243. The technology used needs to have a high transaction throughput and for that reason Kafka is used in HyperLedger to propagate transactions having previously been validated by smart contracts. Kafka acts as a queue inside the central peer of the permissioned distributed ledger, which is run by a trusted host, most likely, the Cyber-Trust back-end; using a queue like Kafka, removes any single point of failure due to the centralisation of the system. Due to having adopted a private blockchain, which can be controlled by a smart contract and a central ordering service, we may assume that the nodes are unlikely to be malicious (but still take measures to prevent any dishonest behaviour). The mechanism used is close to a proof of Authority consensus.
Cyber-Trust and its results will prove to be valuable in fostering solutions offering built-in resilience, which will help stakeholders to better protect their assets against (and recover from) large-scale advanced cyber-attacks. Thus, positive impact will be generated not only for European citizens and small and medium-sized enterprises (SMEs), but also for Critical Information Infrastructures (CIIs), law enforcement agencies (LEAs), and computer security incident response teams (CSIRTs) with the following key aspects: improved knowledge concerning the detection and mitigation of large-scale cyber-attacks targeting at critical infrastructures, improved solutions for the acquisition of forensic evidence, innovative tools for easily embedding cyber-security in future technologies and products, and most importantly, increased trust in using the services being offered by IoT platforms.
[/font][/size]
source:https://www.openaccessgovernment.org/cyber-safeguarding-iot-trust-blockchain/68392/