NEST-project CyberSecIT

Security and privacy of software-driven IoT systems.

The Internet of Things (IoT) is an integral part of our everyday lives. IoT devices are everywhere: heart pacemakers, smart home appliances, baby monitors, fitness armbands, and cars. There are also industrial and military use cases such as surveillance cameras, industrial and military robots, and large-scale IoT systems like smart cities.

By connecting internet-connected components to different online services, IoT services help users manage their digital lives. Unfortunately, the power of IoT tools can be abused by attackers and users often lack sufficient control to prevent attacks.

IoT apps access sensitive user location, fitness information, the content of private files, or private feeds from social networks, as depicted in Figure 1. This sensitive information can be compromised by insecure or buggy apps. A major challenge is addressing the security and privacy of IoT apps. This is the focus of the CyberSecIT project.

CyberSecIT will develop a practical, secure and privacy-enhancing solution regaining control for end-users and companies over their IoT ecosystems while enjoying all the benefits that come from automated data analysis and autonomous privacy-preserving security monitoring.

Figure 1: Connecting triggers and actions

Long-term Impact

CyberSecIT’s ambition is to result in both long-term and impactful benefits for the research community and direct benefits for the Swedish industry in general and the project’s industrial partners. The impact will include:

  • Research impact via publications in top-tier scientific venues, keynotes at prestigious forums, and international collaborations with top universities;
  • Educational impact via courses in popular PhD summer schools, MOOCs, and the project’s own summer school;
  • Industrial impact via real-life demonstrators and standardization activities on the IoT security within W3C and IRTF; and
  • Societal impact in line with the strategic need for securing computing systems is identified in Sweden’s national cybersecurity strategy
  • WASP impact via high-entropy hotspot activities, strengthening the WASP Cluster on Security for Autonomous Systems, and offering a CyberSecIT summer school to the WASP Graduate School.

The CyberSecIT project addresses two core challenges at the heart of IoT security:

  • Automation, enabled by software
  • Autonomy, enabled by machine learning technologies

This approach will result in a novel decentralized platform for automated validation and secure deployment of IoT applications based on fine-grained access control, multi-party computation, and confidential computing.

This project aims at protecting IoT services from breaches, enabling rich functionality and utility without compromising security and privacy. The aim is to enable practical and secure solutions while enjoying the benefits of third-party code integration and intelligent use of data analytics.

The project is lead by the main PI, Prof. Andrei Sabelfeld, Chalmers University of Technology. The co-PIs are Prof. Simone Fischer-Hübner, Chalmers University of Technology, Prof. Vicenç Torra, Umeå University, and Prof. Musard Balliu, KTH. The industrial/public-sector partners are Ericsson AB, ICA Gruppen AB, City of Stockholm.

CyberSecIT’s multi-disciplinary nature will trigger valuable synergies with related projects and activities across the focus areas and WASP sites.

Possessing complementary expertise in the disciplines of security, privacy, IoT, software, AI, and Human-Computer Interaction, CyberSecIT is in a unique position to leverage principles of programming languages, software security, applied cryptography, and big data privacy for practical and usable IoT applications.

CyberSecIT will result not only in novel and high-impact research but also in innovative and utilizable platforms for software-driven IoT. CyberSecIT will result in high-entropy hotspot activities available to the entire WASP-affiliated research community. These activities will boost the WASP Cluster on Security for Autonomous Systems in a variety of ways, by organizing joint workshops and seminars and opening up for new collaborations.

In collaboration with the cluster and the WASP graduate school, we will organize a summer school for WASP PhD students in the multi-disciplinary areas of CyberSecIT. Moreover, we will cooperate with the Swedish IT Security Network for PhD students (SWITS), led by Fischer-Hübner, by holding joint research seminars and inviting WASP researchers.

Scientific Presentation

Unfortunately, the power of IoT applications can be exploited by attackers. IoT applications access sensitive user location, fitness information, the content of private files, or private feeds from social networks. This sensitive information can be compromised by insecure or buggy applications. For example, third-party application makers can publish malicious applications to exfiltrate the users’ private information images, videos, SMSes, emails, contact numbers, voice commands, and locations.

Since the interaction between services is materialized on the cloud-based IoT platform via the Internet, IoT applications are susceptible to attacks by the cloud attacker and malicious platforms. Moreover, a malicious user or service may have access to the services of an IoT application, by being part of the user’s audience of a social media post or simply by being able to send emails to the user.

CyberSecIT’s overarching objective is to develop a practical, secure and privacy-enhancing solution regaining control for end-users and companies over their IoT ecosystems while enjoying all the benefits that come from automated data analysis and autonomous privacy-preserving security monitoring.

The chosen approach consists of multiple tracks.

  • We will develop a novel decentralized platform for automated validation and secure deployment of IoT applications based on fine-grained access control, multi-party computation, and confidential computing.
  • We will design usable, secure, and privacy-enhancing user permission management systems empowered by machine-learning technologies.
  • We will enable secure aggregation in mutually distrusting environments and boost autonomy through machine learning technologies.
  • We will build demonstrators showcasing the potential of these technologies in real-life contexts, in collaboration with Ericsson, ICA Gruppen, and the City of Stockholm.

CyberSecIT’s multi-disciplinary nature will trigger valuable synergies with related projects and activities across the focus areas and WASP sites. This project will collaborate with the SSF Framework Project WebSec: Securing Web-driven Systems (lead by Sabelfeld) on leveraging the web platform for securing IoT applications.

The project will benefit from Fischer-Hübner’s participation in the EU H2020 PAPAYA and EU H2020 CyberSec4Europe projects on privacy-enhancing ML, usable privacy, and security, as well as the SSF SUR-PRISE project on IoT security and privacy solutions.

The work on secure and private AI will be a catalyst for WASP-related activities led by Prof. Torra, Wallenberg Chair in AI, Umeå University, on privacy and information security. There will be a collaboration with Torra’s projects on data privacy (2 PhDs) and federated learning (2 PhDs).

The project will leverage Balliu’s involvement in the research centers CASTOR, CDIS, and Digital Futures at KTH Royal Institute of Technology, to collaborate on the topics of WP1 and WP4. Three PhDs, funded by these centers and VR, will contribute with their research on secure IoT orchestration and software security.

Read News and More

Project Website at Chalmers

Contact

Andrei Sabelfeld

Professor, Department of Computer Science and Engineering, Chalmers University of Technology

Send Email

Read more

Subscribe to our newsletter

The WASP newsletter gathers news, recent activities and upcoming events within the program.

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. View more
Cookies settings
Accept
Privacy & Cookie policy
Privacy & Cookies policy
Cookies list
Cookie name Active
The WASP website wasp-sweden.org uses cookies. Cookies are small text files that are stored on a visitor’s computer and can be used to follow the visitor’s actions on the website. There are two types of cookie:
  • permanent cookies, which remain on a visitor’s computer for a certain, pre-determined duration,
  • session cookies, which are stored temporarily in the computer memory during the period under which a visitor views the website. Session cookies disappear when the visitor closes the web browser.
Permanent cookies are used to store any personal settings that are used. If you do not want cookies to be used, you can switch them off in the security settings of the web browser. It is also possible to set the security of the web browser such that the computer asks you each time a website wants to store a cookie on your computer. The web browser can also delete previously stored cookies: the help function for the web browser contains more information about this. The Swedish Post and Telecom Authority is the supervisory authority in this field. It provides further information about cookies on its website, www.pts.se.
Save settings
Cookies settings