Security requirements of any IT system are diverse and complex. In IoT, due to its cyber-physical and massively distributed nature, such requirements are even more numerous and inter-related. Security needs encompass not only the IT side – communications, data stores, analytics, and access – but also physical security of the edge elements. Creation of a security layer without understanding the specific requirements from such layer and the respective value of each requirement does not seem to be cost-effective. The objectives of this work package are to i) research the IoT Security needs, ii) investigate the malicious events, and map the severity and the probability of attacks, iii) to build a value map of the potential security components and services. In addition the work package will investigate the state-of-the-art of IoT security, in academic research as well as in commercial offerings and start-up trends. Special care will be given to existing and emerging standards and regulatory requirements. This WP will serve as the guidance mechanism of SerIoT that will ensure that the project impact is maximized in terms of end user value. The investigation will be based on the needs that the SerIoT use case partners will provide, but also on open sources and in terviews with external (to SerIoT) parties in order to build a case for industry cases that are not represented in the consortium.

IoT platforms are a major target of attackers, and the increasing complexity and dynamicity of SDN-based platforms, compounded by the subtlety of today’s attacks, make it very hard to secure IoT platforms with dynamic flow control. The objective of this WP therefore is to develop a novel architecture-centric approach towards the formal security and safety analysis of IoT frameworks based on SDN. In particular, the objectives are related to: i) Architectural modelling of SerIoT Overall IoT framework and end-to-end specifications, ii) Formal specification of behavioural-properties for the IoT to be used to detect and mitigated attacks, iii) Formal analysis of global security properties of SerIoT IoT architecture & use cases, iv) Incremental verification of flow rule correctness in SDN-based IoT with dynamic path modification, v) Automated synthesis of run-time traffic monitors from application-dependent security policy architectures and vi) Automated security and penetration testing of IoT components (e.g. secure router) and interconnection.

WP3 will design, implement and test a secure network infrastructure for the IoT based on (1) a Software Defined Network (SDN) infrastructure and SDN-Controller with online cognitive security surveillance and reporting, and with dynamic path modification to enhance security (2) with secure routers having flow reporting from all ports including back-doors. The SDN will offer traceable traffic flows and routing patterns. The SDN-Controller will first be specified in the high-level declarative language selected in T2.1 (for ease of verification of the design), and then implemented in a standard low-level language for execution on a portable and open Linux platform.

This WP will deal with the research and development of a cross-layer data collection infrastructure, as far as the information generated by IoT devices (WP8) and the SerIoT honeypots (WP5) are concerned and their interconnection through IoT-enabled routers (WP3) for both effective information transmission and data aggregation for analysis. Another pillar of this WP will concern the delivery of advanced IoT monitoring mechanisms, which will enable the analysis via processing, the identification and the prediction of abnormal patterns across different layers. Both lightweight (running on IoT devices & honeypots) and advanced anomaly detection techniques (executing on routers and honeypots) will be considered supporting the i) early identification of behavioural change detection IoT devices and ii) situational awareness for the identified intrusions and root cause analysis for attack patterns. Towards supporting decision making in intrusion detection analysis (short-term) and mitigation strategies (short and mid-term), both unsupervised and supervised techniques will be developed, whereby the former will focus on self-detection mechanisms on device- and router- level, while the latter will be supported by advanced multi-modal visualization algorithms.

WP5 will design and implement a prototype that is capable of analysing network traffic and detect anomalies in it. Based on the study of several criteria (most used, ease of implementation, etc.) platform is selected. Then the requirements of virtualized honeypot, trying to detect as many anomalies in network traffic are analysed.

This work package deals with development of privacy solutions for the SerIoT framework close to its leaves, namely for IoT devices and access networks. One of the main features of IoT is the increased coupling between the computing and networking devices (e.g., access nodes, sensors and actuators) and the physical environment. However, moving from a special purpose IoT network to increased coupling with the Internet framework, provides greater ubiquity and universality, but also increases both security and privacy risks. For example the proliferation of wireless devices with ubiquitous presence is expected to worsen the issue of privacy due to the current design of the link-layer and lower layer protocols, which usually expose information such as implicit names and identifiers that reveal the users’ identity. Even in the cases, where traffic is encrypted, statistical analysis of the traffic can provide information on the user’s behaviour, and the nature of the content. Although the IP protocol needs to be used, the manner in which control is conducted needs to be redefined, as proposed in WP3. However, in addition, the SDN framework can be exploited to conceal important information from un-trusted parties, and to reveal proper information to authorized or trusted parties. For instance, a security breach in IoT devices which are used in contexts such as Healthcare or Intelligent Transport Systems can generate serious safety risks. For example, a malicious attacker that hijacks an IoT node which is connected to the CAN bus in-vehicle network, can interfere with braking system of the vehicle.
As a consequence, it is important to design solutions at the IoT device and access layer, which are minimize the related security and privacy risks. In addition, these solutions should support the higher layers of the SerIoT framework to provide timely information, and can improve the capabilities of the higher levels such as the Analytics module through faster detection that occurs at the lower levels. This WP will therefore focus on the following tasks:

• Develop a policy-based framework (PBF) to be implemented in IoT devices and other elements of the SerIoT framework, such as the SDN-Controller, in order to enable and enforce policies for the usage of personal data and prevent security and privacy risks.
• Extend the SDN-Controller for supporting privacy protection by coordinating the implementation of custom routing policies across multiple IoT routers that support the control of the collection and flow of data from (and to) IoT devices. This extension will be supported by the PBF described above.
• Develop authentication and identification solutions for a wide range of IoT devices, including the ones with very limited processing capabilities. The correct identification and authentication of the IoT devices and access network components is important to support the proper functioning of the SDN-Controller.
• Develop algorithms based on statistical analysis of the Radio Frequency signals emitted by IoT devices and access nodes, to identify security and privacy vulnerabilities and mitigate them.

The main objective of WP7 is the definition of the development framework towards optimum coding and integration of all architectural elements comprising SerIoT IoT ecosystem. The core goal is to provide the necessary mechanisms and environment for the delivery of a fully functional security & privacy framework in the IoT era, enabling seamless provisioning of IoT services in the respective end-to-end ecosystem. In particular the core objectives of the WP are:

• Definition of the overall development framework (virtual testing environment, application development to support data collection and pilot realization) towards the delivery of a fully functional SerIoT end-to-end framework.
• Define overall Acceptance Test plans (for all individual components) & execute System Acceptance Testing in an iterative manner (SAT).
• Establishment of test-beds & virtual prototyping environment for the early validation of the SerIoT technologies in close-to-real operational IoT network environments.
• Integration of the system architectural elements across all layers (physical, transport & communication, network, application,etc.) foreseen in SerIoT.

The core objectives of WP8 are: i) to install the SerIoT technologies in the foreseen large-scale infrastructures (DT/T-Sys., OASA, ATOS and the ones to be supported through open calls), using real-world and innovative scenarios (i.e. Flexible Manufacturing Systems-DT/T-Sys., Effective Maintenance of transportation vehicles of public use-OASA, illegal and unwanted activities in the Transport domain-OASA, etc.) and ii) to perform an extensive evaluation of the project outcomes, considering technical aspects, user experience (both end-users/citizens & industrial providers of future IoT Applications based on SerIoT ecosystem).

This WP aims at (1) raising public awareness of project achievements among the key user groups and stakeholders in the IoT era, the scientific community and the general public; (2) facilitating sharing of knowledge inside the Consortium and establishing the projects’ communication & dissemination methodology; (3) developing a business plan for the project tangible outcomes including cost-benefit & cost effectiveness analysis for all project exploitable foreground; (4) identification of challenges and gaps in ongoing IoT standardization process and provision of targeted mandates for improving current IoT-related standards.

The core objectives of this WP are: (1) To coordinate the technological and scientific orientation of the project, to ensure the delivery of the project on time and within the budget and that the project maintains its relevance towards the objectives, (2) To guarantee high-quality standards at all levels and to guarantee the accomplishment of the objectives, (3) To manage resources, monitor the overall project performance and manage risks, ethics, and contingencies, (4) To establish appropriate relationships and communication channels with the funding actors as well as between consortium partners.

The objective is to ensure compliance with the ‘ethics requirements’ set out in this work package.