The CYBER-TRUST project aims to develop an innovative cyber-threat intelligence gathering, detection, and
mitigation platform, as well as, to perform high quality interdisciplinary research in key areas for introducing novel concepts and approaches to tackle the grand challenges towards securing the ecosystem of IoT devices. The high level project objectives, which summarize the specific challenges of the work programme are:
- To create a new paradigm for the next generation cyber-security systems, especially suited for the IoT, that will greatly increase the capability of CIIs to counter threat actors and their methods.
- To quickly detect and effectively respond to/mitigate sophisticated cyber-attacks by advancing the current state-of-the-art of numerous existing techniques and by introducing new ones.
- To deliver advanced solutions for collecting forensic information from the defending systems in order to identify the attackers and further use it as evidence in court.
- To minimize the impact on sensitive data protection and user’s privacy of the proposed tools and methods by addressing any issues during the design and the development phases.
To reach a novel solution and achieve the high-level objectives, a number of concrete technological objectives (TO)
need to be overcome. These have been widely recognized to be the cornerstone towards securing the IoT22, but they
have also been suggested as top priority controls that organizations should implement to attain the most immediate
impact on preventing cyber-attacks.
TO1. The first technological objective is to protect the hardware and software configurations of IoT devices. The approach to be taken by the project will prevent attackers from tampering with the critical device settings by introducing the concept of device independent roots of trust (RoT) and adopting a security through transparency approach. The information
that will help validate a device’s integrity will not only be public but also distributed across the network so that no single points of failure exist, which then constitute ideal targets of DDoS and other cyber-attacks. This will allow the design of a novel framework for monitoring and controlling the configuration update procedures of IoT devices that will immediately detect any unauthorized change in their configuration and collect the necessary forensic information about such unauthorized changes.
TO2. The development of an inventory of authorized (and unauthorized) software constitutes another technological objective. Such an inventory is required in order to realise remediation techniques, issue vulnerability fixes and update configuration settings —at least for the IoT devices supporting software updates. More precisely, the project will develop a binary transparency system (BTS) proxy service to control the software distributed to an IoT device and ensure that it is an authentic and unmodified copy of a vendor’s original software. The first step in establishing this type of external control is to log all the binaries in a publicly verifiable ledger so as to detect unauthorized software and prevented it from being installed.
TO3. The third technological objective is to effectively manage hardware devices on a network so that compromised devices are denied access. Building and managing a list of all connected hardware devices in a network is at the core of the proposed approach on the cyber-security of CIIs and a prerequisite for successfully developing the envisaged blockchain-based solution for a trusted IoT ecosystem. This fact implies that any unmanaged devices will be easily identified and prevented from gaining access to critical network resources and services. In addition, thanks to the development of an advanced trust management system, devices that deviate from their expected behaviour or act maliciously, will be effectively isolated by their communicating peers.
TO4. Another key technological objective is to build a framework for efficient continuous vulnerability
assessment and remediation. CYBER-TRUST platform will provide a silo of tools to continuously acquire,
assess, and take action based on gathered cyber-threat intelligence information, and to identify vulnerabilities
(zero-day or existing ones on devices), remediate, and minimize the window of opportunity of attackers. The
implementation of remote validation (and if necessary, remediation) services as part of security mechanisms, in conjunction with the design of an enhanced vulnerability database (VDB), is expected to lead to superior vulnerability detection performance and protection of CIIs against sophisticated cyber-attacks.
TO5. The fifth technological objective is to ensure a trustworthy IoT operation and verify the behaviour of
IoT devices against security policies. To address this objective the project will implement a sophisticated framework for monitoring a device’s network behaviour in order to ensure that the generated traffic (such as the volume, protocols used, connections established, etc.) is typical for its intended use. Deviations from the expected behaviour, e.g. due to massive transmission of packets, spreading of malware, etc., will be captured by an advanced reputation management system that aims at projecting a device’s behavioural history (and information on vulnerabilities) onto an overall trust score. The decision-making process of IoT devices will be defined and thoroughly analysed to allow optimal filtering of communications and the isolation of
compromised or infected devices.
TO6. A prominent technological objective is to increase the resistance of IoT networks against DDoS attacks.
The approach to be taken by the project in order to achieve the objective involves the following complementary actions: (a) to understand and prevent the formation of IoT botnet armies; (b) to efficiently detect already formed botnets using network analytics and process the gathered data with deep learning and other cutting-edge methods and tools; (c) to design effective mitigation strategies on top of the reputation system. The efforts will rely on a game-theoretic approach for minimizing a device’s/network’s attack surface, the maintenance, monitoring and analysis of intelligence data gathered from various sources, as well as, the development of an advanced visualisation system to help cyber-security experts with easy-to-explore
information about the health status of an IoT network.
TO7. The development of tools and methods for protecting sensitive data and users’ privacy is a technological objective of foremost importance. As the project embraces a security through transparency approach for critical aspects of future IoT networks, the long-term protection of publicly available information (e.g. in public decentralized ledgers) needs to be assured. Hence, the incorporation of lightweight quantum resistant cryptographic solutions, offering long-term security against quantum-based attacks, is planned. In addition, the collection and processing of device-related information, which is needed for the monitoring and profiling mechanisms, will be designed so as to be performed in a privacy-preserving manner, adhering to the general data protection regulation (GDPR) and other EU directives and regulations.
TO8. The final technological objective pertains to the development of a cyber-security platform that goes far beyond the state-of-the-art. The CYBER-TRUST platform will be validated by implementing two proof of concept pilots by MTN and KEMEA – Cyber Crime Division of the Hellenic Police; its superiority will be shown in a number of use cases involving the discovery of unknown (zero-day) vulnerabilities, cyber-attack detection and mitigation, and forensic evidence collection.
Tackling the above objectives and delivering timely cyber-security related information to organizations (network operators, IoT service providers, LEAs, CSIRT) to protect CIIs is far from trivial. This is due to the fact that IoT devices are not only resource-constrained in terms of the available memory, storage, computational power, etc., but also in terms of the capabilities of their user interface (UI). Towards this end, the CYBER-TRUST project aims at delivering lightweight mechanisms whenever these have to be deployed at highly constrained IoT endpoint devices (e.g. for remote validation purposes) and targets at implementing security controls (e.g. monitoring features) at IoT gateways/hubs instead.