TOPIC 2: Security by design models, e.g., lightweight crypto schemes and authentication frameworks designed for mobile IoT devices & edge nodes
TOPIC2 Patron: TEI
TERMINET is a system that is being designed to be foundationally secure, in order to ensure the necessary security of data and privacy. The term Security and Privacy by Design is used to describe the design creation approach, where security and privacy are incorporated into every part of the system, starting from the design and including the specifications, management and operation of the system, and the business plan. As IoT is a relatively new field that keeps growing exponentially, having security principles laid at the very foundation of a system is of the utmost importance.
Most IoT devices can be connected to the internet and have a UID, thus making them accessible online, summing up to a lot of different attack vectors that are also interconnected.
Thus a gateway to different kinds of sensitive data will be formed and the case of breaching must be avoided at all costs. Some common tactics regarding the secure by design principle are a) minimising attack surface, b) having just enough privileges, depending on the user and c) defence in depth.
TERMINET will opt to leverage technologies such as:
- attestation modelling to assess potential security risks and attack vectors of the entire architecture and attempt to minimise them,
- distributed and decentralised blockchain to incorporate a trusted environment for business transactions as well as enterprise level privacy
- ensuring the appropriate privileges to users, system administrators etc
- having all components incorporating security mechanisms in order to make it harder to breach and to have a higher overall level of defence in each layer.
The digitalisation of Industries has created a multitude of security requirements for the IoT and in such a diversified context, TERMINET project is providing an end-to-end approach to the security management aiming at enforcing security and privacy in the IoT, while simultaneously building strong identities and maintaining trust.
Privacy and security present important qualities for each system handling data and they should be maintained for the entirety of the data life cycle (e.g. collection, usage, storage, dissemination or destruction) to comply with the relevant legislation.
In TERMINET, data handling processes will be implemented by taking into consideration each of this privacy protection stages in a dynamic and proactive manner.
There are requirements to be followed as action for each stage of the data life cycle.
In more specific terms, the data beneficiary should be informed when his/her data is processed (transparency). So, appropriate information has to be provided to individuals about the data collection and its purpose, whereas individuals have to provide their consent after they are given the full information transparently.
The data beneficiary should be provided agency over the processing of their personal data (rights to data beneficiary), by making available a mechanism to capture consent and managing privacy preferences on the usable personal data. Personal data should be kept to a minimal amount as much as possible (personal data minimization), where the required data must be defined before their collection to reduce the collection of not useful information.
Personal data and their interrelations should not be accessible by unauthorised personnel and privacy should be protected by hiding techniques, e.g. encryption, identity masking techniques, secure file sharing techniques, either while stored or transferred. Access control mechanisms (e.g. authentication) must be used to access and process the data. Privacy-preserving computations and searchable encryption should be used whenever possible.
Given the option, personal data should be processed in separate compartments in a distributed fashion, supported by decentralised storage and analytics. Local anonymization should be used whenever possible.
As the diversity of IoT services and the number of connected devices continue to increase, the dynamic set of threats to IoT systems constitute a fast dynamic scenario, on which TERMINET system aims to deploy mechanisms for preserving security and privacy operations, for all the many foreseen TERMINET use cases.
To cope with these threats, it is required to provide a security and identity management solution that is able to manage and orchestrate the IoT components horizontally (from device to service and service user) and vertically (from hardware to application).
In addition to this, the ability to address both security and identity from the IoT device all the way across the complete service life cycle is essential.
Upon the security and privacy requirements that the architectural components in the E2E TERMINET architecture are required to manage, the trustworthiness of the provided user services depends on how the user actors govern identities and data, security and privacy, and the degree to which they comply with the agreed policies and regulations. The combination of the security and identity functions is important for defining the trust level.
For example, hardware-based trust does not help if the application does not make use of it. A fully trusted application does not help if the communication cannot be trusted.
An E2E approach is therefore essential to ensure trust among all actors across the system. The E2E purpose of TERMINET architecture is to ensure the security and privacy of IoT services, protect the IoT platform system itself and prevent IoT devices from becoming a source of attacks against other systems, either directly attached or just interconnecting.
Security can be provided among the layers of the architecture regarding both connectivity and application.
Depending on connectivity type, security controls such as mutual authentication and encryption of data in transit can be provided at the connectivity level. On top of connectivity, security is provided at the application level from device to cloud, based on identification and access management functions and application security policies. Application-level security can be independent of or dependent on (federated with) the connectivity level security.
As a complementary measure, vertical security from hardware to application can be used in every layer of the architecture to provide hardware-based root of trust, ensuring the integrity of the domain.
In each layer, the domains are built on trusted hardware and software. As a better measure for trust anchoring, when the use case requires absolute integrity in the execution environment, trust can be anchored to hardware.
The domains include security and privacy functions to handle identity and access management, data protection and right to privacy, network security, logging, key and certificate management, and platform/infrastructure security (including virtualization security and hardware-based root of trust).
For critical IoT services, the level of security functions must be set high in accordance with the risk management results and service provider security policies. For less critical IoT services, a lower level may be sufficient.