Increased cybersecurity in a connected world
Our houses have become increasingly connected to the internet. Televisions, fridges, air conditioning systems and even lawnmowers can send us information and be controlled remotely from our mobile phones. When we get in the car, our satnav systems help us to avoid traffic jams in real time. “A few years ago, only our home computers would have been connected to the internet,” notes CYBER-TRUST project coordinator Dimitris Kavallieros from the Center for Security Studies in Greece. “Now we have smart homes, smart industry and smart cities.” This explosion in what is called the internet of things (IoT) has made life better for millions but has also introduced new security challenges. Smart meters for example have been hacked, enabling criminals to steal electricity. Most everyday smart devices simply lack the computational resources to prevent cyberattacks. “Consumers are not technical experts,” says project team member George Kokkinis, also from the Center for Security Studies. “They shouldn’t have to go into IoT systems to ensure that they are secure.”
Protecting connected lives
The CYBER-TRUST project sought to develop a cyberthreat detection and mitigation platform. The project began by identifying technologies advanced enough to protect all IoT devices in a house or place of business, but simple enough to be used by anyone. “Our idea was that IoT devices could be supervised by a universal CYBER-TRUST system,” explains Kokkinis. “This would protect our privacy by sending alerts if a security breach were detected and provide advice to users.” Privacy-preserving network monitoring and advanced virtual reality-based visualisation techniques were developed in order to detect potential threats. Intelligent ways of isolating devices under attack were also investigated. The project also sought to create stronger links between users, internet service providers (ISPs) and police. After a hack for example, ISPs could be alerted at the same time as users, and in some cases the police could be automatically informed. “We applied blockchain technology to collect evidence of hacking,” adds Kavallieros. “The advantage of blockchain technology is that evidence becomes tamper-proof, which is useful if a case ends up in court. Law enforcement authorities provided us with input as to how they would like to be engaged in this field.”
Open-source approaches
The modular approach taken by the project means that some technologies are closer to market than others. Network attack identification and blockchain technologies for example are highly advanced. “An important challenge in protecting IoT devices has been that the computational resources required are high,” says Kavallieros. “For me, the key success of this project has been the open-source approach we took. Our tools and technologies are available at the CYBER-TRUST Repository, for the whole scientific community to download and build on.” Kokkinis agrees that this is an important legacy of CYBER-TRUST. “We have put forward solutions that can now be further exploited by industry,” he remarks. “Given the boom in IoT technology, there is lots of commercial potential in developing tools to protect users.” To move forward, both Kokkinis and Kavallieros would like to see investment made in open-source test beds. This would enable research institutions, universities and businesses to more cost-effectively trial new technologies. “This would be fantastic for European researchers,” concludes Kokkinis. “And ultimately, everyone will benefit from better secured IoT devices, without having to worry about being hacked.”
Keywords
CYBER-TRUST, internet, IoT, cyberthreat, security, ISPs, computational