CHARIOT will advance state of the art by providing a design method and cognitive computing platform supporting a unified approach towards Privacy, Security and Safety (PSS) of IoT Systems, that places devices and hardware at the root of trust, in turn contributing to high security and integrity of industrial IoT. More specifically, for each of the PSS ‘imperatives’, a highly innovative approach is proposed as follows:
- A Privacy and Security Protection method building on concepts from state-of-the-art Public Key Infrastructure (PKI) technologies, to enable the coupling of a pre-programmed private key deployed to IoT devices with a corresponding private key on Blockchain system for the purposes of affirming and approving valid transactions.
- A Blockchain ledger in which categories of IoT physical, operational and functional changes are both recorded and affirmed/approved through a combination of coupling a cognitive engine and private key hashing between the cognitive engine and IoT devices to authorise change and, likewise, invalidating any and all other changes whether malicious or otherwise. Such a ledger provides a compelling journal and audit log from which, through machine learning, past patterns can be used as a basis to highlight present anomalies and inconsistencies and, in turn, halting execution in situations where transactions and workflows deviate from established patterns of behaviour.
- A fog-based decentralised infrastructure for Firmware and Operational Security integrity checking that leverages a Blockchain ledger to enhance physical, operational and functional security of IoT systems, such as actuation, deactivation, transactions of all types including business process workflows and their associated business logic.
- An accompanying IoT Safety Supervision Engine providing a novel solution to the challenges of securing IoT data, devices and functionality for new and existing industry-specific safety critical systems.
- A Cognitive System and Method with accompanying supervision, analytics and prediction models that encapsulates these latter capabilities, with the end goal of high fidelity security and integrity of Industrial IoT.
- New methods and tools for static code analysis of IoT devices, resulting in more efficient secure and safer IoT software development and V&V.
The Business Innovation Agenda
In recent years, Cloud Computing and Internet of Things (IoT) have been rapidly advancing as the two fundamental technologies of the “Future Internet” concept. Different IoT systems are designed and implemented according to the IoT domain requirements, typically not taking into consideration issues of openness, scalability, interoperability, and use case independence. This leads to a variety of new potential risks concerning information security and privacy, data protection and especially safety. Consequently, securing data, objects, networks, infrastructure, systems and people in IoT will have a prominent role in the research and standardization activities over the next several years.
However, critical systems of all types were typically devised prior to wide-spread adoption of IoT and have not been designed (or redesigned) to cope with the unique safety issues that arise with the integration with high volumes and varieties of IoT devices and platforms. Therefore, there is an urgent need for next generation cognitive IoT platforms that can enable the creation of intelligent IoT applications with intelligent shielding and supervision of privacy, cyber-security and safety threats, as well as complement existing IoT systems in non-intrusive ways and yet help guarantee robust security by placing devices and hardware as the root of trust.
The CHARIOT Research and Innovation Focus
CHARIOT will advance state of the art by providing a design method and cognitive computing platform supporting a unified approach towards Privacy, Security and Safety (PSS) of IoT Systems, that places devices and hardware at the root of trust, in turn contributing to high security and integrity of industrial IoT. More specifically, CHARIOT will develop the following:
- Public Key Infrastructure to enable coupling of a pre-programmed private key deployed to IoT devices with a corresponding private key on Blockchain
- A Block-chain ledger in which IoT’s physical, operational and functional changes are both recorded and affirmed/approved
- A fog-based decentralized infrastructure for Firmware Security integrity checking
- IoT Safety Supervision Engine for securing IoT data, devices and functionality in new and existing industry-specific safety critical systems.
- A Cognitive System and Method with accompanying supervision, analytics and prediction models
- New methods and tools for static code analysis of IoT devices
The fundamental question that CHARIOT systems architecture aims to address is how safety-critical-systems should be securely and appropriately managed and integrated with a fog network made up of heterogeneous IoT devices and gateways. The answer to this question is realised through the combination of the CHARIOT Open IoT Cloud Platform and the CHARIOT IoT Privacy, Security and Safety Supervision Engine (IPSE).
CHARIOT will leverage existing open IoT platforms and architectures to provide a secure, scalable and interoperable IoT platform for the development of cognitive and integration components, including IPSE. IPSE will interface with this platform adapting autonomously to the changing cyber-physical topology created as heterogeneous IoT devices and safety critical systems interface in complex industrial settings. The enterprise componentry, which will be designed and developed in CHARIOT will seamlessly interface with any IoT platform, gateway and edge devices in a plug and play way, by using specifically engineered software adaptors designed for ease of integration, and by leveraging the APIs exposed by the IoT platforms and gateways as appropriate. CHARIOT will apply the necessary state of the art security, privacy and safety policies from end-to-end, such that the IoT ecosystem can act proactively and in a predictable manner against such threats, with a specific focus on Firmware, Operational, Control, Physical and Functional security.
CHARIOT will test and validate Industrial IoT safety in three Living Labs (LLs) addressing different industrial areas in IoT safety: in transport (rail and airports) and in buildings. The LLs will be used to demonstrate the capabilities of the proposed approach and provide compelling and representative industry use cases with associated test data that will effectively demonstrate an integrated end-to-end application for how the broader CHARIOT approach to security, privacy and safety will be applied in different industry-representative contexts at enterprise scale.
LL1 – Rail: Trenitalia
The primary objective of LL1 is to enhance the safe operation of the Italian railways service. The global passenger traffic expected to double by 2020, the railway industry worldwide faces pressure to improve the passenger experience. To passengers, that might mean improved on-time performance, more on-board amenities, and more timely information. For railway operators, however, the most important part of the experience is getting passengers safely to their destinations. The purpose of LL1 is the reduction of risk to passengers and personnel, the compliance with appropriate regulations, and the creation of a safe and efficient operating environment in the railways.
LL2 – Buildings: IBM Ireland Campus
The purpose of LL2 is to enable the continued IoT evolution of the IBM technology campus from a set of individual “automated/smart” buildings into to a truly cognitive IoT environment that provides a safer and more efficiently managed working environment for all IBM staff, customers and visitors and also to use the knowledge gained to help drive advancements in Cognitive IoT to a global scale by reflecting it in IBM products and services.
LL3 – Airport: Athens International Airport
Apart from physical threats such as acts of terrorism, airports are becoming increasingly more vulnerable to cyber threats which in the near future may replace physical terrorism or be combined during an orchestrated attack. Combined cyber and physical attacks on airports can have devastating consequences. Traditional IT infrastructure such as servers, desktops, and network devices used in airports are sharing connections and networks with other systems used in areas such as mission critical systems i.e. baggage handling, environmental control, access control, and life critical such as fire control and airfield lighting systems. LL3 aims at addressing safety of airport Infrastructures, enhancing protection of Athens airport’s facilities from physical and cyber threats. To achieve this, CHARIOT will enhance airports capability on early detection/prediction of hazardous situations, in parallel with reduction in false positive alarms that disrupt airport operations.