IoTAC

Kuaban G, Gelenbe E, Czachórski T, Czekalski P. 2023. Modelling the Energy Performance of Off-Grid Sustainable Green Cellular Base Stations. MASCOTS 2023.

Mon, 23 Oct 2023 10:11:02 +0000

Conference:
31st International Symposium on the Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS 2023)
16-18. October 2023
Stony Brook University, Stony Brook, NY, USA

Authors:
Kuaban G, Gelenbe E, Czachórski T, Czekalski P.

Abstract:

There is a growing awareness of the need to reduce carbon emissions from the operation of mobile networks. The massive deployment of ultra-dense 5G and IoT networks will significantly increase energy demand and put the electricity grid under stress while also driving up operational costs. In this paper, we model the energy performance of an off-grid sustainable green cellular base station site which consists of a solar power system, Battery Energy Storage (BESS) and Hydrogen Energy Storage (HESS) system, and various types of macrocells, microcells, picocells, or femtocells, with broadband optical or microwave transmission systems, and other electrical and electronic systems (air conditioner, power converters, and controllers). We propose diffusion-based models of the charging and discharging processes of the energy storage systems, and obtain the probability of charging them to their full capacities during the day and completely discharging them at the end of each day. We also investigate the impact of design parameters such as the mean charging rate and the mean discharging rate on the probability densities of charging BESS and HESS to their full capacities during the day and of completely discharging them before the end of each night period.

The post Kuaban G, Gelenbe E, Czachórski T, Czekalski P. 2023. Modelling the Energy Performance of Off-Grid Sustainable Green Cellular Base Stations. MASCOTS 2023. appeared first on IoTAC.

Deliverable D7.4 Summative Evaluation and Lessons Learnt

IoTAC — Thu, 28 Sep 2023 20:58:15 +0000

Download

Deliverable 7.4 describes the challenges, gains, and learnings: (1) on the security modules side, during development and integration; and, (2) on the pilot sites, during deployment, testing, and assessment of the validation results.

Please note that the European Commission has not approved yet this deliverable.

The contents of the deliverable reflect only the project Consortium’s view and the Commission is not responsible for any use that may be made of the information it contains.

The post Deliverable D7.4 Summative Evaluation and Lessons Learnt appeared first on IoTAC.

IoTAC Project Newsletter No. 9

IoTAC — Thu, 31 Aug 2023 20:57:18 +0000

This is the last newsletter of the IoTAC project covering the period between June and August 2023. The project has been successfully completed and reached its goals by validating the secure IoTAC platform in 4 different service environments.

To the Newsletter No. 9

The post IoTAC Project Newsletter No. 9 appeared first on IoTAC.

Press Release – Project Closing

IoTAC — Thu, 31 Aug 2023 10:08:23 +0000

The H2020 IoTAC project has been successfully completed

The consortium of industrial actors, research groups and academia from seven European countries designed and implemented a security platform for IoT architectures.

31. August 2023 – The Security by Design IoT Development and Certificate Framework with Front-end Access Control (IoTAC) project has reached its goals and came to an end with the successful completion of its four demonstration programs.

The project implemented an IoT security platform comprising the combination of multiple, flexibly configurable security modules – access control, attack detection, honeypot, runtime monitoring system, data repository & dashboard, and an internet gateway – and validated its operation and performance in four close-to-real-life pilot operations. The pilots have been organized in different industry and consumer domains – Prosumer cell, Connected car, Drone operation, and Smart home – to be able to assess the platform performance and limitations under various conditions and requirements.

The pilots have set numerous KPIs comprising security and performance metrics. The goal was to measurably increase the protection of the service environment without compromising the operational performance of the services. After a number of iterations all the modules and the combined platform not only met but exceeded the original expectations and during the course of actions the architecture and related integration requirements have also been substantially simplified.

After the successful completion of the project, the consortium partners will continue improving the technology and will jointly exploit the project results with the support of the IoTAC Association – formed by the project partners – that will coordinate all related activities.

Project Key Facts

Full Name: IOTAC: Security by Design IOT Development and Certificate Framework with Frontend Access Control
Contract No.: H2020 – 952684
Start date: 01 September 2020
Duration: 36 months
EU Contribution: € 5 million
Coordinator: Atos Hungary Ltd

Project Partners

France
Airbus Defence & Space SAS

Germany
Deutsche Telekom Security GmbH
QuanTag IT Solutions GmbH
FhG FOKUS
Technische Universität Berlin

Greece
Centre for Research and Technology-Hellas

Hungary
Atos Hungary Ltd.
Budapest University of Technology and Economics
SafePay Systems Ltd.

Luxembourg
Netcompany-Intrasoft

Poland
Institute of Theoretical and Applied Informatics

Spain
Fundacion Tecnalia Research & Innovation
Kaspersky Lab S.L.

Contact
Tamás Nagy
Atos Hungary Ltd.
Email: tamas.nagy@atos.net

The post Press Release – Project Closing appeared first on IoTAC.

Gelenbe E, 2023. Electricity Consumption by ICT: Facts, trends, and measurements. ACM Ubiquity, Volume: 2023, Issue: August

Wed, 30 Aug 2023 20:45:02 +0000

Download

Journal:
ACM Ubiquity, Volume: 2023, Issue: August

Authors:
Gelenbe E.

Abstract:

This paper considers key issues surrounding energy consumption by information and communication technologies (ICT), which has been steadily growing and is now attaining approximately 10% of the worldwide electricity consumption with a significant impact on greenhouse gas emissions. The perimeter of ICT systems is discussed, and the role of the subsystems that compose ICT is considered.
Data from recent years is used to understand how each of these sub-systems contribute to ICT’s energy consumption. The quantitatively demonstrated positive correlation between the penetration of ICT in the world’s different economies and the same economies’ contributions to undesirable greenhouse gas emissions is also discussed. We also examine how emerging technologies such as 5G, edge computing, and cryptocurrencies are contributing to the worldwide increase in electricity consumption by ICT, despite the increases in ICT efficiency, in terms of energy consumed per bit processed, stored, or transmitted. The measurement of specific ICT systems’ electricity consumption is also addressed, and the manner in which this consumption can be minimized in a specific edge-computing context is discussed.

The post Gelenbe E, 2023. Electricity Consumption by ICT: Facts, trends, and measurements. ACM Ubiquity, Volume: 2023, Issue: August appeared first on IoTAC.

Key aspects of the IoTAC project

Andras Vilmos — Wed, 30 Aug 2023 19:04:31 +0000

The H2020 IoTAC (Security by Design IoT Development and Certificate Framework with Front-end Access Control) project was launched on the 1^st of September 2020 with the objective to design, implement, and validate a complex security architecture for the protection of IoT service environments. The relevance of this objective did not diminish during the past years at all, as cybercrime is constantly increasing, inflicting heavy financial and societal damages for businesses and citizens alike.

The project started with the elaboration of the security baseline, listing, and prioritizing all potential threats and related protection measures that the planned security architecture needs to fend off and implement.

The architecture design work resulted in a service platform comprising a secure IoT router and several loosely coupled configurable components – access management system, attack detector, honeypot, runtime monitoring system, and a common data repository with a dashboard – which provide comprehensive protection against a wide range of the most common attacks. The design principle was to establish a system that is flexible, simple to deploy and operate, and can provide high-level protection without the need for highly skilled security professionals for its management, which is in short supply. The target audience for the platform is SMEs and private operators who have started to realize the need for high-level security but lack the necessary expertise for the operation of complex systems.

The IoTAC platform

Implementation of the modules took over a year and was assisted by a sophisticated DevSecOps environment as well as a security-by-design monitoring tool. The purpose of this environment is to ensure high-level code quality, the early detection of potential vulnerabilities, and a seamless continuous development and deployment process.

The completed platform has been validated in four different IoT domains to demonstrate its versatility and adaptability to the various service requirements. The Prosumer cell operation, the Connected car, and Drone operation pilots represented industrial IoT requirements, and the Smart home operation is a consumer environment. At each of these pilots, a different configuration of the platform was deployed and integrated, demonstrating the versatility of the IoTAC platform. Each of the pilot operators was defining performance and security targets, KPIs, that the IoTAC system needed to meet, or exceed. The objective was to increase the security level of the protected environments without interfering with the operation and degrading the quality of service. After a tedious iterative process, by the end of the project, it can be claimed that the deployed architecture at every pilot location not only met but exceeded the initial expectations.

This was the result we aimed for, but it was not something that could be guaranteed, as much of the technology used was truly novel and the integration of the security functions may have carried unanticipated challenges.

Besides improving the security posture of the pilot operations, the technology developers also greatly benefitted from this exercise. These partners not only developed new tools, but also gained first-hand experience from the deployment, integration, and operation of the platform and their individual modules, could remove previously undetected errors, and could also perform improvements both on the operating capabilities of the modules as well as on the service set up, and provisioning procedures.

The IoTAC project has also actively supported standardisation, by working with ISO and ETSI.
The project was using the ISO/IEC 30141 architecture reference model as its underlying guide for the IoTAC architecture and eventually prepared a security extension for the document. The recommendations are related to WG3 IoT Foundational Standards and have been submitted to the working group. If accepted, it would result in a contribution to the newly planned ISO/IEC 30149 document instead of the ISO/IEC 30141 Ed. 2. The publication of the second edition of ISO/IEC 30141 and ISO/IEC 30149 is expected in 2024 at the earliest.
The IoTAC project has actively participated in the work of the ETSI Technical Committee to contribute to the development of ETSI deliverables. Specifically, the project has been involved in the Working Group TST. As part of the project’s engagement, two work items have been initiated. The first document is a Technical Specification (TS) titled “IoT security module testing,”. The second document is a Technical Report (TR) titled “IoT security architecture conformity,”. A publication of both documents TS 103 942 and TR 103 946 is expected in a few weeks and will be publicly available.

IoTAC has actively communicated and disseminated project results via various channels. Project partners published 10 scientific journal papers, one book, presented 20+ papers at academic conferences, and made presentations at several industry events. We published 55 insight posts on the IoTAC homepage. The project exhibited together with sister projects from the same call at the 2023 Barcelona Cybersecurity Congress where the results of our work have been presented to a broader industry audience.

Barcelona Cybersecurity Congress

The project organized the EuroCyberSec 2021 Workshop, publishing the proceedings in a Springer-published book. The organisation of the annual online IoT Day workshops in April has been the most relevant communication achievement of the IoTAC project. Starting in 2021 with presentations of 3 H2020 IoT projects, by 2023 it grew to a large international event with the participation of multiple standard developing organisations, multinational companies, and also the US NIST, focusing on the impact of the new European Cyber Resilience Act, with over 140 participants.

The project has been completed but the work does not stop here. The IoTAC partners have established the IoTAC Association with the purpose to support and coordinate the forthcoming exploitation activities of the project results. It is expected that in a couple of years, the IoTAC platform will become a sought-after niche technology.

The post Key aspects of the IoTAC project appeared first on IoTAC.

The roadmap of FEAM, the Front-end Access Management system

Andras Vilmos — Thu, 24 Aug 2023 08:57:29 +0000

Secure User authentication online has always been a major challenge. Now the problem seems to be solved with Verifiable Credentials. These credentials represent information in digital form which can be found in physical documents. They provide flexibility, and convenience, but above all more protection and privacy for their holders, when they need to identify themselves online. These credentials are digitally signed which makes them tamper-resistant and instantaneously verifiable, as well as support selective disclosure which lets users share only the minimum amount of data necessary for proving specific claims.

Verifiable credentials are frequently stored decentralized, sometimes in digital wallets of the users. There are numerous projects underway both in the US (e.g. mobile driving licence – mDL) and globally (e.g. ICAO, EU Digital Identity Wallet) to provide users, citizens with a digital means to securely identify themselves. Related technologies have also been standardized (e.g. ISO, 3WC, OpenID).

Authentication and Authorisation usually go hand-in-hand, authentication is a precondition of authorisation and is still decentralized, digital authorisation is practically non-existent though such a solution could have at least the same, but potentially even more benefits than Verifiable Credentials.

The Front-End Access Management (FEAM) technology of SafePay stores the user credentials, access rights in a secure element at the user side. This secure storage may even be shared with Verifiable Credentials of the User, may be a SIM card or embedded secure element of a smartphone, may be a Trusted Execution Environment (TEE), or even a cloud-based secure storage facility (Card Farm). FEAM relies on the concept of OAuth and uses the same signed access tokens but provides independence from central authorisation systems. As a result of the decentralized architecture, communication overhead is substantially reduced, single point of access failure is removed and user profiling by external parties is prevented. Additional major benefit of the technology is that it provides identical transaction procedure and the same high-level security for both online and offline transactions. The fact that FEAM uses the same type of access tokens (JWT) as OAuth supports its introduction to a large, deployed user base. The technology can also be simply integrated into poorly protected legacy environments without any modifications to the business procedures, communication protocols.
The technology is validated in diverse service environments including connected cars, smart home, prosumer cell operation, and drones. The solution has been adapted to various communication protocols and presently supports REST, TCP, UDP, and MQTT channels. FEAM also provides flexibility with respect to its topology as it can be operated both on-premises as well as in the cloud.

FEAM will not stop here, the next step in its evolution will be the introduction of device authorisation. In this concept, a built-in secure enclave (TPM chip, TEE, iSIM) will store those functions which the device may perform. These functions will be defined by the manufacturers – possibly in the form of MUD files – and customized by the operators of the device. The resulting architecture will prevent the overtaking of IoT devices and using them for malicious activities which happened in the past in the case of large-scale DDoS attacks. This internal control of operation will not only become a new security-by-design feature but will also provide a second line of defense against taking over IoT devices. In this scenario it will not be enough any longer to break the usual username and password or similar protection but to misuse the device also its secure element should be compromised otherwise it will not be possible to alter the intended operation.

With its unique architecture, FEAM opens a whole new approach to user and device authorisation, but whenever possible it uses existing industry standards and best practices. In the development process ongoing industry initiatives are actively monitored to ensure that the solution will be future-proof and will be able to satisfy upcoming, novel requirements.

You can watch a short video about the transaction flow here.

The post The roadmap of FEAM, the Front-end Access Management system appeared first on IoTAC.

Kalouptsoglou I, Siavvas M, Ampatzoglou A, Kehagias D, Chatzigeorgiou A, 2023. Software vulnerability prediction: A systematic mapping study. Information and Software Technology, Vol. 164, 2023.

Mon, 21 Aug 2023 18:48:29 +0000

Download

Journal:
Information and Software Technology, Vol. 164, 2023.

Authors:
Kalouptsoglou I, Siavvas M, Ampatzoglou A, Kehagias D, Chatzigeorgiou A.

Abstract:
Context: Software security is considered a major aspect of software quality as the number of discovered vulnerabilities in software products is growing. Vulnerability prediction is a mechanism that helps engineers to prioritize their inspection efforts focusing on vulnerable parts. Despite the recent advancements, current literature lacks a systematic mapping study on vulnerability prediction.
Objective: This paper aims to analyze the state-of-the-art of vulnerability prediction focusing on: (a) the goals of vulnerability prediction-related studies; (b) the data collection processes and the types of datasets that exist in the literature; (c) the mostly examined techniques for the construction of the prediction models and their input features; and (d) the utilized evaluation techniques.
Method: We collected 180 primary studies following a broad search methodology across four popular digital libraries. We mapped these studies to the variables of interest and we identified trends and relationships between the studies.
Results: The main findings suggest that: (i) there are two major study types, prediction of vulnerable software components and forecasting of the evolution of vulnerabilities in software; (ii) most studies construct their own vulnerability-related dataset retrieving information from vulnerability databases for real-world software; (iii) there is a growing interest for deep learning models along with a trend on textual source code representation; and (iv) F1-score was found to be the most widely used evaluation metric.
Conclusions: The results of our study indicate that there are several open challenges in the domain of vulnerability prediction. One of the major conclusions, is the fact that most studies focus on within-project prediction, neglecting the real-world scenario of cross-project prediction.

The post Kalouptsoglou I, Siavvas M, Ampatzoglou A, Kehagias D, Chatzigeorgiou A, 2023. Software vulnerability prediction: A systematic mapping study. Information and Software Technology, Vol. 164, 2023. appeared first on IoTAC.

Kuaban G, Gelenbe E, Czachórski T, Czekalski P, Tangka J. 2023. Modelling of the Energy Depletion Process and Battery Depletion Attacks for Battery-Powered Internet of Things (IoT) Devices. sensors. 2023, 23(13)

Wed, 09 Aug 2023 14:19:21 +0000

Download

Journal:
Sensors 2023, 23(13)

Authors:
Kuaban G, Gelenbe E, Czachórski T, Czekalski P, Tangka J.

Abstract:

The Internet of Things (IoT) is transforming almost every industry, including agriculture, food processing, health care, oil and gas, environmental protection, transportation and logistics, manufacturing, home automation, and safety. Cost-effective, small-sized batteries are often used to power IoT devices being deployed with limited energy capacity. The limited energy capacity of IoT devices makes them vulnerable to battery depletion attacks designed to exhaust the energy stored in the battery rapidly and eventually shut down the device. In designing and deploying IoT devices, the battery and device specifications should be chosen in such a way as to ensure a long lifetime of the device. This paper proposes diffusion approximation as a mathematical framework for modelling the energy depletion process in IoT batteries. We applied diffusion or Brownian motion processes to model the energy depletion of a battery of an IoT device. We used this model to obtain the probability density function, mean, variance, and probability of the lifetime of an IoT device. Furthermore, we studied the influence of active power consumption, sleep time, and battery capacity on the probability density function, mean, and probability of the lifetime of an IoT device. We modelled ghost energy depletion attacks and their impact on the lifetime of IoT devices. We used numerical examples to study the influence of battery depletion attacks on the distribution of the lifetime of an IoT device.
We also introduced an energy threshold after which the device’s battery should be replaced in order to ensure that the battery is not completely drained before it is replaced.

The post Kuaban G, Gelenbe E, Czachórski T, Czekalski P, Tangka J. 2023. Modelling of the Energy Depletion Process and Battery Depletion Attacks for Battery-Powered Internet of Things (IoT) Devices. sensors. 2023, 23(13) appeared first on IoTAC.

IoT malware attacks up by 37% in the first half of 2023

Anna Marton, Safepay Systems — Thu, 03 Aug 2023 11:06:50 +0000

According to the mid-year update to the 2023 SonicWall Cyber Threat Report, in the first six months of 2023, IoT malware globally was up by 37%, resulting in a total of 77.9 million attacks, compared to 57 million attacks in the first six months of 2022.

This time, the number of attacks decreased in North America by 3%, but Asia and Latin America saw three-digit growths, 170%, and 164% respectively. Regarding the countries with the highest increase and decrease, the number of IoT attacks in India was up by a staggering 311% but was down by 30% in Germany.

When it comes to industry-specific figures, the good news is that government and education both saw a decline of 73%, finance and healthcare a 60% drop, and it was only the retail sector where the number of attacks was up by 13%.

You can access the mid-year update to the 2023 SonicWall Cyber Threat Report at https://www.sonicwall.com/2023-mid-year-cyber-threat-report/.

The post IoT malware attacks up by 37% in the first half of 2023 appeared first on IoTAC.