by Sascha Hackel, Martin Schneider and Ramon Barakat (Fraunhofer FOKUS)
The Horizon 2020 European research project IoTAC [L1] enhances IoT security through a multi-layered approach using best practices, standards and research findings. Its technology includes privacy-friendly access-control mechanisms, ML-based attacked detection, and security-by-design methodology. Additionally, IoTAC provides developers and service providers with SDKs and APIs to seamlessly integrate the framework.
The IoTAC project [L1] complements innovative security features to enhance the Internet of things (IoT) security at both the architecture and application levels based on the ISO/IEC 30141 IoT reference architecture [L2]. It integrates security, safety, resilience, trust and privacy as cross-domain functions and has two development tracks: one extends the IoT architecture with functional features, and the other designs the IoTAC Software Security by Design and Security Assurance Model platforms. Both tracks meet in the assessment and validation procedure of IoT platforms and software applications.
Functional Security Modules
The IoTAC project develops several runtime modules to enhance the security of IoT systems. One of these modules is the front-end access management, which includes a privacy-friendly user authentication and authorisation using secure elements such as chip cards and secure tokens. This approach enables a decentralised operation, with user credentials stored in a secure element for improved privacy and security. The architecture also supports real-time issuance and management of credentials, making it easier to modify and revoke them as needed.
Another module is the IoT-enabled honeypots, used to attract potential attackers and monitor their behaviour to understand attack patterns and adopt appropriate security measures. The honeypot consists of two layers, one visible to attackers and another dedicated to analysing their behaviour. The system uses lightweight and advanced anomaly-detection techniques to detect behavioural changes in IoT devices to identify potential intrusions.
The security gateway module is enhanced with attack detection and prevention (ADP) and checkpointing features. The ADP mechanisms are developed based on deep learning, emphasising the adoption of advanced algorithms such as deep dense random neural networks to achieve better predictive performance with lower computational resources. Checkpointing is used to introduce new security countermeasures and restart the protected system from a safe operating point established at the most recent checkpoint.
The runtime monitoring system (RMS) collects security-related data from monitored IoT components or applications in real-time and stores it for further processing. The collected data is used to detect patterns of abnormal behaviour through analytics algorithms. The RMS features lightweight monitoring probes responsible for data collection and publishing to the monitoring platform. The probe management is facilitated by an internal probe registry that maintains probe information and status and enables probe creation, reconfiguration and discovery.
Finally, the project also includes an AI-based attack detection module that uses the auto-associative random neural network (AARNN) to provide highly accurate attack detection of major botnet attacks. Botnet attacks pose a significant threat to IoT systems, inducing compromised nodes and taking down specific nodes and links between devices and servers that process data. This technique’s training protocol relies on normal traffic patterns, without requiring data regarding all possible attack patterns that the network may encounter, making it more efficient than other attack-detection approaches.
The extended ISO/IEC 30141 domain-based reference model is presented in Figure 1, where newly introduced IoTAC functional modules are introduced.
Figure 1: Extended ISO/IEC 30141 reference model (high-level view).
Testing Phase Methodology
As cybersecurity threats continue to evolve, software-development teams need to prioritise security testing early in the software-development life cycle. Many security breaches in software systems are due to security vulnerabilities that originate in the implementation or third-party libraries used.
The European IoTAC project is incorporating test and security strategies into the DevSecOps life cycle, an extension of the DevOps life cycle. Functional tests are executed in the DevOps pipeline based on the functional description of the application to evaluate functionality and detect faults in implementation early.
To identify a suitable set of test cases, methods and techniques, random testing, equivalence partitioning, boundary value analysis and model-based testing can be used. While functional tests ensure that software behaves as it should, security testing is needed to examine systems or applications for existing vulnerabilities.
Security testing requires the definition of dedicated security requirements, derived from multiple sources, including regulatory compliance or organisational security policies, risk analysis, and security guidelines and standards, like the OWASP Application Security Verification Standard (ASVS) [L3].
Two approaches can be used to identify security vulnerabilities: static application security testing (SAST), and dynamic application security testing (DAST). SAST is a white-box approach that analyses source code for known vulnerability patterns, while DAST is a black-box approach that tests an application in its running state by executing simulated attacks.
The IoTAC project aims to integrate both SAST and DAST, in addition to functional testing, into the DevSecOps pipeline to detect vulnerabilities early and at lower costs, leading to a more secure system before deployment. The specification of the described approach is also published at European level by the European Telecommunications Standards Institute (ETSI) within the Technical Committee (TC) Methods for Testing and Specification (MTS) [L4].
By prioritising security testing early in the software-development life cycle and integrating automated security testing into the DevSecOps toolchain, the IoTAC project aims to provide and establish processes for the successful deployment of security-by-design approaches, increasing the security of IoT applications.
Security Validation Process
The IoTAC project seeks wide adoption of its architecture and platform, with a security-validation process that includes conformance and security testing. Figure 2 illustrates the proposed security validation process, which follows the EN 17640 standard for cybersecurity evaluation methodology of ICT products [L5]. This standard provides a minimum set of evaluation activities and evidence required for certification, reducing the burden on manufacturers.
The security-validation process involves three roles: the manufacturer who initiates the process, the evaluation facility that performs the assessment, and the validation authority that makes the certification decision based on the evaluation results. The IoTAC project aims to contribute to the European Cybersecurity Skills Framework, specifically to the development of an IoT cybersecurity certification scheme as part of ENISA’s future roadmap.
The IoTAC project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement no 952684.
Links:
[L1] https://www.iso.org/standard/65695.html
[L2] https://iotac.eu/
[L3] https://owasp.org/www-project-application-security-verification-standard/
[L4] https://portal.etsi.org/webapp/WorkProgram/Report_WorkItem.asp?WKI_ID=66187
[L5] https://www.cencenelec.eu/news-and-events/news/2022/eninthespotlight/2022-10-27-new-en-17640-helps-evaluate-the-cybersecurity-of-ict-products/
Please contact:
Sascha Hackel, Fraunhofer FOKUS, Germany
Martin Schneider, Fraunhofer FOKUS, Germany
