In the broadest sense, the term Internet of Things (IoT) encompasses everything connected to global cyberspace. IoT links smart devices, sensors, machines, computers, and software to improve data collection, processing, and analysis, benefiting and enhancing the way people work and live. However, the success of this connected world introduced by IoT will strongly depend on ensuring confidentiality, integrity, and availability of IoT solutions and data, while preventing security vulnerabilities and threats.
Security by design is an approach that ensures security controls and mechanisms are taken into account and effectively embedded during the design and development phases of new devices, applications, and solutions for IoT. This is the scope of SECURIoTESIGN.
The project tackles the potential lack of adequate cybersecurity knowledge and skills among device makers and developers, which constitute major challenges for implementing security in IoT, often resulting in neglecting this aspect in favor of innovative functionality and ease of use, as well as prioritizing speed-to-market. SECURIoTESIGN seeks to overcome these challenges by researching and delivering easy-to-use tools that can be used to enhance the development of secure IoT systems.
The project will deliver tools for several stages of the software and system engineering process, with a special focus on the planning part. This is accomplished mostly through the study of related system development cycles applied to IoT systems, and through the identification of crucial points in which security aspects and mechanisms should be taken into consideration or integrated.
For example, a security requirements elicitation tool, to be applied in the planning engineering stage, is already available, along with a tool to identify cryptographic primitives suitable for a given platform of the IoT, applicable in the development stage. A tool for semi-automated generation of software tests, applicable in the testing stage of the engineering process, is currently under development. Most of these tools will be interoperable and interact with makers and developers mostly through questionnaires. They will be packaged in a web-based framework and released as open source at the end of the project.
The first phase of this project has already been completed and implemented as the IoT Hardware Platform Security Advisor (IoT-HarPSecA) framework. The Web-based framework, designated as SAM (Security Advisory Modules), is well into development. It integrates different modules that assess the main characteristics of the future system, and presents the user with recommendations, guidelines and instructions that will allow their system to be more secure from its inception.
SAM will work as a personal security assistant that is more relatable and capable of communicating with the end-user. This is accomplished through a series of easily understandable questions that the user can answer directly. Finally, SAM is modular, allowing for integration of newly developed modules and updating existing ones, favoring its longevity in an ever evolving environment.
The SECURIoTESIGN project is funded by FCT/COMPETE/FEDER, and is currently progressing with the contributions of eight researchers at the University of Beira Interior (UBI), at the Multimedia Signal Processing lab, part of Instituto de Telecomunicações in Covilhã.