TACK: Attack-Resistant Internet of Things Networks
Project Status: set-up
Start Date: June 2019
End Date: May 2022
Budget (total): 5789 K€
Effort: 45.5 PY
Name: Thiemo Voigt
Company: RISE SICS AB
E-mail: thiemo.voigt(Replace this parenthesis with the @ sign)ri.se
RISE Research Institutes of Sweden AB, Sweden
ASSA ABLOY AB, Sweden
Husqvarna AB, Sweden
LumenRadio AB, Sweden
Yanzi Networks AB, Sweden
Ajou University, Korea
Seoul National University, Korea
Security Platform, Korea
VTT Technical Research Centre of Finland Ltd., Finland
Wirepas Ltd, Finland
The Internet of Things (IoT) was expected to enable applications of utmost societal value, such as energy-efficient buildings, smart cities, intelligent grids, and next-generation healthcare. Such a promise is only partly fulfilled. The more demanding and critical applications, that is, those with strict dependability requirements, still fall short of expectations. These applications require sensor data and actuation commands to be delivered in a timely fashion and with high reliability, while the battery-powered devices must last for a pre-defined amount of time, often in the order of years. Despite the IoT developments and corresponding standardization efforts, such as 802.15.4, RPL, 6TiSCH and CoAP, all we can provide right now are soft guarantees in benign environments.
Simultaneously, we witnessed a tremendous increase in attacks on the Internet infrastructures. For instance, IoT devices were hacked and used as a source of a DDoS attack by the Mirai botnet. The attack targeted DNS services, and successfully took down a number of major Websites for almost a full day in October 2016. IoT networks of embedded devices are even more vulnerable than the existing (wired) Internet infrastructure, since they usually communicate wirelessly and at a much lower output power than other devices (such as WiFi) in the same frequency band which makes them more vulnerable to e.g. jamming attacks. Furthermore, due to their resource constraints, these devices cannot run the most sophisticated cryptography algorithms and other defenses against attacks. The challenge is thus to provide guarantees IoT networks not only under benign circumstances but also in more challenging situations, for example, when IoT networks are under attack. Other related challenges include exposure to hard radio environments and cross-technology interference, whose solutions need to be reconciled with the use of resource-constrained operating systems. Solving these challenges would enable a new class of critical IoT applications that significantly advance the guarantees currently provided by the best-effort nature of present-day IoT networks.
In this project we will provide more robust IoT communication by exploiting frequency and technology diversity combined with novel network scheduling approaches. We will provide physical layer security, attack prevention and detection by performance and interference monitoring, as well as anomaly detection shared between resource-constrained devices and the edge cloud. Furthermore, we will harden IoT OSes by exposing hardware-level protection mechanisms, such as ARM TrustZone, at the system and application programming interface and by improving software security with the help of fuzzing techniques, a technique to find bugs that has not been employed for resource-constrained IoT devices.
We will evaluate and validate our developed concepts through several challenging use cases that address critical applications areas that require high reliability, timeliness, and scalability even in harsh conditions and that function to a developer-defined extend even when being under attack.