Opendata, web and dolomites
  1. home
  2. trasparenza
  3. open h2020
  4. eliot pro
  5. reports

Report

Teaser, summary, work performed and final results

Periodic Reporting for period 1 - ELIoT Pro (KEEPING YOUR CONNECTED SMART DEVICES PROTECTED AGAINST HACKERS AND CYBER ATTACKS)

Teaser

ProlemWe are witnessing a technology race against cyber criminals to keep IoT systems and their users safe.The most vulnerable targets include smart cars, homes, production plants, cities and their infrastructure. New technologies, with the Internet of Things in the...

Summary

Prolem
We are witnessing a technology race against cyber criminals to keep IoT systems and their users safe.The most vulnerable targets include smart cars, homes, production plants, cities and their infrastructure. New technologies, with the Internet of Things in the avantgarde, are exponentially increasing the number of the weak points and targets for cyber-attacks. Phishing and social engineering attacks targeting user credentials are equal to 80% of all cyber-threats. Passwords and credentials are also being used by users and devices in IoT networks.
Hijacking of the connected car by cybersecurity experts within one research project with use of stolen credentials clearly showed connected cars’ vulnerabilities. It demonstrated how such an event could be a danger to the car, the driver himself and also to city traffic and other people, if potentially used for a terrorist attack. Smart cars are also vulnerable to cloning and relay attacks that allow thieves to steal a car with the use of a laptop and a hardware that can be easily and legally purchased online.
Hackers can gain access to a smart building network through unsecured IoT devices such as light-bulb. It is again a problem of using credentials: users’ but also devices’.
Also, cities are introducing “smart systems” to better manage various operations that include surveillance, security and rescue services, traffic and public transportation management, lighting, energy and utility services. Most of the simple devices used in IoT systems have very limited computational power, memory capabilities and suffer from energy consumption restrictions. As the vast majority of the simple end-point devices are unable to run encryption algorithms or cybersecurity tools, they are left unsecured and may already be presenting a serious risk to IoT systems and consequently to entire cities and their populations.
All these problems are due to the fact that Human to Machine and Machine to Machine interaction is usually not secure.

Solution
ELIoT Pro is designed to provide a solution to above described threats as a complete, end-to-end solution addressing Cybercrime issues and satisfying Cybersecurity Compliance requirements for IoT networks.
ELIoT Pro’s Human-to-Machine authentication component eliminates the problem of stolen passwords or any other static credentials. Addressing Machine-to-Machine secure authentication and encrypted communication problem, ELIoT Pro’s Lightweight Encryption provides a solution removing the use of password or any type of static credentials also in Machine-to-Machine communication.
ELIoT Pro provides an equally high level of security to all types of IoT devices regardless of their memory/computational power limits. ELIoT Pro’s Lightweight Encryption introduces an entirely new „language” of communication and encryption of the transmitted data understandable for even for the simplest IoT devices.
ELIoT Pro also provides device and network performance monitoring and anomaly detection with use of a Rules Engine. This component is a data analytics element which is responsible for monitoring the performance of single devices as well as of the entire network, predictive maintenance, servicing scheduling, malfunction detection and alerts.

The objectives are:
• to create a universal cybersecurity system providing strong user authentication that is both secure easy to use,
• protection of devices and an entire IoT network in the form of a password-free and credential-free authentication between connected devices,
• to provide Lightweight Encryption that can encrypt communication between all types of IoT devices regardless of their computational capabilities, size of memory or energy consumption limitations,
• to provide security to users of the IoT devices and networks by a behavior and performance monitoring system that is able to detect devices’ and systems’ malfunctions and anomalies with use of the Rules Engine.

Work performed

Within the first year of the project the most crucial elements of the ELIoT Pro system had been developed and delivered. The Lightweight Encryption, Machine to Machine secure communications component was added to the Cyberus Key Human to Machine secure communications component, securing all levels of IoT device communication. Lightweight Encryption had been tested and proven to be extremely competitive against AES 128 and AES 256 encryption standards and its advantage over Public Key Infrastructure. Lightweight Encryption had also proved its unique ability of operating with significantly lower computation, memory and energy consumption requirements.
The original Cyberus Key user authentication platform has been upgraded to provide secure authentication of human users in the IoT voice-controlled environments. ELIoT Pro has been integrated with Amazon’s Alexa Dot smart-speaker IoT hub.
ELIoT Pro had also been tested and demonstrated its resilience to the most critical attacks at the IoT systems: Denial of Service, cloning attacks, Man in the Middle attacks.
Additional authentication factors in Human-to-Machine authentication process had been added.
ELIoT Pro had been also integrated with the Tesla open API to demonstrate its potential to provide easy and secure login to the smart car VPN and an operation confirmation mechanism using especially designed secure communication channels.
Fully functional demo interfaces and ELIoT Pro mobile apps for iOS and Android platforms had been publicly released as part of the project’s deliverables.
The ELIoT Pro Rules Engine had been created and demonstrated its capabilities of IoT device monitoring and reacting in case of malfunction, to prevent an affected device from providing accessing and corrupting an IoT network.

Final results

ELIoT Pro is so far the most comprehensive, end-to-end cybersecurity solution for IoT networks. No other system provides simultaneous protection of users, devices and data. The unique approach of ELIoT Pro eliminates passwords and static credentials providing secure and easy authentication in Human-to-Machine and Machine-to-Machine communication. ELIoT Pro provides a cutting-edge Lightweight Encryption algorithm that is uniquely designed to encrypt data transferred between all kinds of IoT devices. ELIoT Pro is the only system to provide crucial performance data of IoT devices and networks to all the stakeholders with the use of its Rules Engine. This will have a significant impact on the security, maintenance, servicing, performance and effectiveness of the IoT networks.
ELIoT Pro is providing an as yet unseen level of security in IoT networks, regardless of their type and industry. It is a solution for smart homes, cars, factories and cities – preventing not only regular cyber-crimes targeted at data or identity theft but also against potential acts of terror made possible by the proliferation of IoT.
ELIoT Pro provides technology features that are exactly in line with the most recent and projected legislative initiatives designed to implement cybersecurity requirements for IoT systems, both in Europe and in the US. Among them are: EU Cybersecurity Act – ENISA (EU); S.B.327 - Security of Connected Devices (US); Content of Premarket Submissions for Management of Cybersecurity in Medical Devices (US); Code of Practice for Consumer IoT Security (UK).
ELIoT Pro also has a significant impact on how users can safely benefit from shared economy services providing a very much needed security layer for them.

Website & more info

More info: http://cyberuslabs.com.