The Internet and mobile revolution is transforming our world and changing our lives by forming a massive ecosystem where interconnected devices and services collect, exchange and process data in order to adapt dynamically to a context to offer a variety of services. With all the benefits originating from the use of IoT technology, also come a range of ever-increasing challenges and security threats including data manipulation, data theft, and cyber-attacks.
The threats and risks related to the Internet of Things devices, systems and services are of manifold and they evolve rapidly. With a great impact on citizens’ safety, security and privacy, the threat landscape concerning the Internet of Things is extremely wide and evolves rapidly. Hence, it is important to understand what needs to be secured to develop sophisticated security measures to protect the IoT infrastructure. Information (or data) lies at the heart of an IoT system, feeding into a continuous cycle of sensing, decision making, and actions. Since IoT, and particularly ACTIVAGE LSP, is seen as a key enabler for creating new AHA (Active and Healthy Ageing) services and improving overall quality of life, users need to have trust and confidence about their data being secured and protected, therefore, making the cybersecurity of IoT systems an essential part.
ACTIVAGE has defined and developed an end–end security and privacy methodology for AHA-IOT applications and services in order to identify the right solutions to secure the ACTIVAGE architecture and its corresponding nine Deployment sites and protect the personal data from potential malicious cyber-attacks and threats. This methodology further provides common definitions, methods and repeatable processes to analyze and address all potential threats in terms of cybersecurity and privacy that might occur during the exploitation phase of the project. The objective is twofold: to bring an awareness of the security risks to the stakeholders involved in each deployment site and the provision of solutions/recommendations – concerning the technologies and services to be deployed for security and privacy of the IoT infrastructure.
The whole process takes into account:
- Typical cybersecurity and privacy risks due to the IoT context.
- DSs particularities in terms of cybersecurity needs (e.g. data relevance).
- Relevance and effectiveness of cybersecurity and privacy mechanisms already foreseen by the DSs security managers.
- An end-to-end security and privacy impact analysis performed in order to provide actionable recommendations. In this work, the ACTIVAGE architecture is divided into four layers (domains): device, gateway, cloud and application. The security and privacy analysis is performed throughout the entire system starting from the device domain to the application domain. It also considers the overall system life cycle, i.e. the analysis process is applied not only for the operation phase but also at configuration, installation, maintenance and removal phases.
- The outcomes are in the shape of guidelines and framework related to the cybersecurity and privacy aspects. The security risk analysis is conducted at each layer of an IoT system and its deployment procedure.
Next Figure shows the main steps constituting the Security methodology developed for ACTIVAGE.
Contribution of each Deployment site on the following aspects:
- A detailed architecture/topology of the deployment site where the assets constituting the different Domains (Device, Gateway, Cloud and Applications) can be identified as well as the end-to-end data flows.
- The answers to the security questionnaires elaborated in order to perform the security risk assessment.
- The elaboration of the Data Protection Impact Assessment (DPIA) in order to perform the privacy risk assessment.
- The interaction with the Deployment sites through their security and privacy representatives in these activities to facilitate the communication and coordination.
In ACTIVAGE, the experimentations will involve around 7,000 users across 9 Deployment Sites (DSs). A Deployment site is a city or a region in the European Union in where a full large-scale pilot is set. 9 DSs are distributed in the following 7 EU countries and their(s) associated cities or regions:
- Spain (Galicia, Madrid and Valencia).
- Italy (Region Emilia Romagna).
- Greece (Atica, Central Greece and Thessaloniki-Central Macedonia regions).
- France (Isère).
- Germany (Weiterstadt and Rodgau (Hesse), Treuchtlingen and Bad Grisbach (Bavaria)).
- United Kingdom (Leeds).
- Finland (Turku, Tampere, Oulu and Helsinki).
Challenges and lessons learnt
The ACTIVAGE consortium has a great concern when it comes to the security and privacy related challenges and an opportunity to resolve these issues with the help of large-scale validation and testing. Platforms using public communication infrastructure will interconnect many IoT devices, which are inherently weakly secured. Several services will process confidential data by requiring control over the propagation of access control in the spirit of the General Data Protection Regulation (GDPR), a primary law regulating how companies/organizations protect EU citizens’ personal data.
ACTIVAGE activities contribute into mainly two areas:
- Technological – a secure large-scale deployment of connected objects.
- Societal – related to the project context, which is to create a smart environment for the ageing well of elderly people allowing the collection of sensitive personal data.
On Security Guidelines
The first version of the security end-to-end recommendations for each Deployment site and for the components of AIOTES has been achieved. These recommendations are the results of the set of the following activities
- Definition of the Security methodology based on the STRIDE/DREAD methodology.
- Definition of the set of ACTIVAGE security requirements / questionnaires elaborated for each of the IoT Domains considering the architecture/topology defined by the different DSes.
- Security requirements assessment (risk analysis) of each component belonging to the different Domains: Device, Gateway, Cloud and Application for each DSes.
- Identification of components with vulnerabilities, and after applying a risk strategy, identification of the countermeasures (recommendations) to reduce the risks.
- A Security cartography was performed, following the assessment per Domain including the correspondent associated components for each of the nine DSes.
- Finally, a general STRIDE thread summary was performed per Domain including all the DSes assessments and recommendations.
On Privacy Guidelines
The work performed in this activity is the following:
- Definition of the Privacy methodology based on the GDPR.
- Analysis of the data flows of the 9 DS.
- Description of DPIA concept as a key methodology element introduced in the GDPR. Investigation of the different existing methodologies for performing a DPIA.
- Start the elaboration of DPIAs for each Deployment site.
- Analysis of GDPR to identify the articles requiring specific implementations in the AIOTES architecture.
- Analysis of several “security and privacy use cases” as potential candidates to be implemented using Blockchain in the AIOTES architecture and the DSes of ACTIVAGE.
This work resulted to the development of a Security methodology based on the STRIDE approach, applied to each DS of ACTIVAGE by providing recommendations for improving their security. The results obtained from this work have led to the first lessons learned. Some limitations were discovered and additional work will be done for its improvement.
Complementary work is been carried out in order to find technical solutions for addressing the recommendations. This work concerns, for instance, the security improvement of the Raspberry PI gateway used in at least 4 of the 9 DSes. The adopted solution is based on a hardware component (Secure Element) from STMicroelectronics.
The elaboration of the DPIA of the 9 Deployment sites will be achieved in order to perform their Privacy Analysis and Recommendations and the ACTIVAGE data management strategy.