The security problems arising, in Internet of Things (IoT) ecosystems, from the flawed design of legacy hardware and embedded devices, the lack of processing and storage capacity (among other) allows cyber-criminals to easily compromise these devices and launch large-scale...
The security problems arising, in Internet of Things (IoT) ecosystems, from the flawed design of legacy hardware and embedded devices, the lack of processing and storage capacity (among other) allows cyber-criminals to easily compromise these devices and launch large-scale attacks towards critical cyber-infrastructures or intercept personal data. The Cyber-Trust project aims to develop an innovative cyber-threat intelligence gathering, detection, and mitigation platform which will safeguard heterogenous ecosystems of IoT devices. To achieve this goal, Cyber-Trust will follow interdisciplinary approach in order to capture the different phases of such emerging threats, before, at the time and after known or unknown vulnerabilities have been exploited by cyber-criminals.
The proposed cyber-security platform, which is under development in the Cyber-Trust framework, will enhance the safety and security of the digital assets of citizens (e.g. Smart Homes, wearable devices, baby monitor, thermostat, mobile devices etc.) and organisation’s infrastructure (e.g. smart building, sensors and actuators).
Furthermore, as most of these devices, hold and transmit a huge amount of personal and sensitive data, through multiple heterogenous networks, the protection and early warning of the users regarding the state of the devices of EU citizens is of the highest importance.
Addressing and developing a solution regarding the aforementioned challenging areas, is undoubtedly a matter of high importance, since the IoT systems applied in all the aspects of our daily life.
During the first twelve months of the project, the achieved milestones are indicating that the progress is on schedule and for some tasks the progress is ahead of plan. In summary, although there were some differences between the proposed submission dates of the deliverables and the actual submission dates of the deliverables the overall work has been completed without actual deviations and impact against the objectives of the project.
The Cyber-Trust consortium reviewed the existing and emerging trends of cyber-attacks against networks, devices, Critical Information Infrastructures (CIIs) and IoT devices and performed desktop research for similar solutions and/or tools developed from the private industry and from research projects. Furthermore, targeted questionnaires developed based on the two domains of Cyber-Trust, Smart Home and Mobile Devices, and the use cases deriving from the two domains as well as from the analysis of technological tools and platform. The End-user Requirements were formulated based on the aforementioned information. The project also analysed the legal framework regarding data protection, cybercrime, cybersecurity and electronic evidences as all of these thematic areas fall into the scope of Cyber-Trust. The main scope of the analysis was to minimise the impact on research methodologies and development efforts by identifying issues on fundamental rights, data protection and privacy before or during the design phase. The analysis of the regulatory framework has as a main objective to guide the development of the platform so as to meet all the legal requirements.
Within the Cyber-Trust architecture, the functional and non-functional requirements defined in WP2 are translated into technical requirements providing input for the overall solution architecture and implementation, including the Cyber-Trust’s Distributed Ledger Technologies (DLT) architecture. Up to date, the active development tasks addresses the architecture of Cyber-Trust. The development of the Cyber-Trust modules and services (e.g. visualization porta, smart device agent, DLT service, crawling service, the eVDB Sharing service etc.) are on schedule.
Cyber-Trust partners successfully managed to connect all the different fields they come from and with the right cooperation and discipline achieved a highly sufficient work progress and create a unified plan that allow them to reach the achievements below:
• Delivery of high- quality deliverables (which depicted 41.07% of the total number of the project’s deliverables)
• The development of 82 detailed Use Case Scenarios based on Cyber-Trust’s two domains a) smart-home and b) mobile-devices
• Development and circulation of two (2) questionnaires for the collection of end-user requirements
• Analysis of the legal framework regarding cyber-security and forensic evidence collection
• Development of the initial Architecture of Cyber-Trust platform
• Development of the Cyber-Trust DLT architecture
• Initialization of the development of the Technical components of the platform
• Development of the first clickable User Interface (UI). The platform has three UIs, based on access role, Administrator, Law Enforcement Agent (LEA) and Internet Service Provider (ISP)
• Development of the initial exploitation strategy plan of the Cyber-Trust platform
• Participation on numerous dissemination activities (more details on WP9 deliverables):
o 6 scientific publications and 2 journal papers have been published
o 8 scientific publication have been accepted for publication
Cyber-Trust focuses on the development of a unique innovative platform, deriving from the integration of different technological components, in order to cope with complicated cyber threats targeting heterogenous IoT systems (e.g. smart homes). Cyber-Trust system consists of the architecture, components, modules and services targeting at progressing beyond the SOTA in the cyber-threat intelligence gathering, detection and mitigation framework. To achieve these objectives, technological solutions and current trends regarding cyber-security and attack have been analyzed, 82 use cases providing details regarding the envisioned functionalities of the platform have been created and experts in the field of cyber-security, blockchain and digital forensics provided extensive user requirements which were translated in technological requirements.
The current legal framework has been analyzed in order to guide the development of the individual components so as to guarantee that the Cyber-Trust platform that will be produced by the end of the project will respect and follow the applicable legal framework.
At the end of the project’s duration, Cyber-Trust targets to provide a multidisciplinary and multidimensional platform which will:
• Enhance detection of sophisticated attacks, targeting IoT ecosystems
• Enhance the mitigation and response time, through automated and semi-automated means, against cyber-attacks
• Enhance the resilience of smart infrastructures against cyber-attacks
• Improve the safety, security and privacy of the EU citizen’s data
• Assisting the Law Enforcement Agencies (LEAs) and Internet Service Providers (ISPs) to tackle security incidents against IoT systems more efficiently
o Improve the time needed in order to identify and exchange data that might contain digital evidences
More info: https://www.cyber-trust.eu/.