The goal of the NEST project CyberSecIT is a secure and well-functioning IoT that poses no threat to users’ personal privacy. “We have collected the most prominent experts in this field in Sweden and I’m convinced that we can make a difference,” says Andrei Sabelfeld, who is leading the initiative.
“Data from connected devices and services contains a lot of sensitive information, and the challenge we are facing is to contribute to an IoT that brings all of its advantages while at the same time remaining secure and protecting users’ privacy,” says Andrei Sabelfeld, professor of information security at Chalmers, and responsible for one of the nine multidisciplinary research initiatives in NEST, under the auspices of WASP.
The Internet of Things, abbreviated as IoT, makes it possible to bring devices in smart homes on-line, such as heating boilers, door locks, building alarms, lighting, and ventilation windows. The devices come from different manufacturers and use different systems to get on-line. All information needs to be protected to prevent it being accessed by unauthorised actors. This is true also of smart cities where, for example, it will be possible to use road signs to indicate which route is the fastest, make sure that vehicles from the emergency services are given free passage, and redirect traffic when there is a risk that levels of pollutants rise to unacceptable levels.
“We plan to analyse different platforms and focus on the software that controls them. We will use techniques such as program analysis, cryptography and machine learning to develop solutions for secure IoT platforms,” says Andrei Sabelfeld.
The research team is facing several challenges. One of these is centralisation: the systems currently in use are placed in only a few cloud systems, which contain too much information.
“It’s too easy to get at sensitive data. And the systems must not be too complex for users, who are growing increasingly tired with having to click on cookie messages all the time,” says Andrei Sabelfeld.
Newly developed software is the key to solving the problems associated with ensuring that the elements in a heterogeneous mix of large and small systems work together securely, independently of the protocol and underlying systems used. Furthermore, software components from independent providers will be analyzed.
The goal of one subproject is to create what is known as “confidential computing”.
The systems should be able to process data, without accessing individual values. So it should be possible, for example, to see who is close to an accident and can provide help, without violating personal privacy and revealing exact positions.
NEST is an acronym for “novelty, excellence, synergy and team”. Each NEST will receive SEK 20 million for five years, and projects have been selected with the aid of an international committee. The CyberSecIT team consists of Andrei Sabelfeld, professor of information security and applied cryptography; Professor Simone Fischer-Hübner, Chalmers, expert in privacy security; Professor Musard Balliu, KTH, who works on the attack and defence of IoT platforms; and Professor Vicenç Torra from Umeå University, who holds a Wallenberg Chair professorship in AI security. It is planned to recruit up to four doctoral students and one postdoc.
The CyberSecIT project was awarded funds in the spring of 2022, and the first doctoral students will be in place at the beginning of October, when work on the project will begin in earnest. The project is planning the use of demonstrators to be developed in collaboration with Ericsson, ICA and Stockholm Municipality. These will show how it is possible to create autonomous IoT units without compromising security or personal privacy.
“We are happy to be working with highly skilled industrial partners, and we hope that they will provide use cases that we can work with, testing our ideas and investigating what works,” says Andrei Sabelfeld.
Published: October 10th, 2022