Addressing Cybersecurity of the Internet of Things with PETRAS
PETRAS, the UK’s Internet of Things (IoT) Research Hub, has today announced 15 new projects that will explore how society can benefit from the power of interconnected devices (the IoT) while remaining safe, secure and resilient.
With an increase in high-profile cybersecurity attacks, cyber risk and the public’s perception of these issues have been highlighted. The new projects will analyse the potential social, economic, and security implications of a future where a large proportion of the world’s physical devices are interconnected, and shared data influences the operation and actions of devices in our environment.
The projects will explore social and technical aspects of the IoT, addressing specific knowledge gaps relating to cybersecurity across an extensive range of applications, including medical devices, home automation and public infrastructure.
One of the projects will look at IoT for healthcare and explore how security can be embedded within devices so small they can be implanted within the human body. The tiny size of these devices restricts their computing resources, potentially compromising security design: it’s therefore imperative to identify ways of ensuring security.
Another project will study issues arising from IoT in public spaces. Public acceptability of IoT is paramount for its successful implementation. Lead researcher of this project, Prof. Klaus Moessner of Surrey University, said: “The IoT is already revolutionising how we interact with connected objects in our personal spaces. This work will look at offering personalised interactions with our surroundings in public spaces. For this type of technology to be accepted we must also identify potential pitfalls and risks and mitigate for them, enabling public trust in this technology”.
All the projects will be led by universities from across the UK and each will be undertaken with strong industry collaboration. The projects are funded by the PETRAS Research Hub, as part of the Government-funded IoT UK research and innovation programme, as well as Lloyds Register Foundation, industry and public sector organisations. Collectively, the projects’ funding totals over £2m. The PETRAS hub is a three-year funded programme announced in January 2016. The 15 projects announced today are in response to an open call run by the hub between December 2016 and March 2017.
Discussing the work of the hub and the impact it will have on the future of IoT, Prof. Jeremy Watson CBE, President of the Institute of Engineering and Technology and Director of the PETRAS research hub, said: “Very soon there will be four times more smart and connected devices on the earth as there are people. We must therefore bring the social, economic and security implications of such a world to the forefront of research, innovation and development. These projects do just that, paving the way for a resilient, connected UK at the forefront of Internet of Things development.”
IoT Security for Healthcare (SeNTH +)
Lead: Prof. G-Z. Yang, Imperial College London | Partners: Intel Health and Life Sciences
IoT for healthcare is one of the fastest growing sectors in the healthcare industry with wearable and implantable sensors varying from hydration sensing wristbands to drug emitting stents. This project aims to develop autonomous security that can be deployed in a healthcare setting within miniaturised devices where computational resources are limited, it will also investigate fail-safe mechanisms for reliable sensing and data integrity.
BotThings: Modelling the potential impact of IoT boosted botnet attacks
Lead: Dr G. Stringhini, UCL | Partners: National Cyber Crime Unit
(Supported by Lloyd’s Register Foundation)
The Mirai botnet, 21 Oct 2016, was a wakeup call to the security communities. The continued threat of such botnets where IoT devices are maliciously controlled by a third party is only increasing. This project will observe current IoT botnets in order to simulate potential future botnet threats and study the vulnerabilities recently identified in IoT devices. Through this a UK-wide strategy to counteract the threat from IoT botnets will be produced.
Developing a Consumer Security Index for Domestic IoT devices
Lead: Prof. S. Johnson, UCL | Partners: Which?, Met Police, UCL Dawes Centre for Future Crime, The Behavioural Insights Team
Many Domestic IoT devices lack fundamental security with no basic password functionality or the use of default credentials (often listed on cybercrime forums). There is little incentive for manufacturers to consistently design security into devices and consumers are not provided with simple information to help them assess the security of devices. This project will develop a Consumer Security Index, similar to the traffic light system used for nutrition of food products, and encourage its use to incentivise manufacturers to improve IoT device security.
The Internet of Energy Things: supporting peer-to-peer energy trading and demand side management through blockchains. (P2P-IoET)
Lead: Prof. D Shipworth, UCL | Partners: Siemens, UKPN
The rapid rise of local and community based renewable energy generation, combined with the rollout of smart meters, breakthroughs in IT , and electricity grid congestion is bringing about radically new collaborative economy business models in energy. In response, people are beginning to trade energy locally. Distributed ledger (blockchain) technologies are used to authenticate and track ownership of energy production, consumption, and demand-side response ensuring each unit of energy is securely and transparently accounted for. This project will lay the ground work for such systems in the UK – analysing the regulatory, security, engineering and societal requirements for their acceptability.
Security Risk Assessment of IoT Environments with Attack Graph Models
Lead: Dr E. Lupu, Imperial College London | Partners: Building Research Establishment,
Unlike more traditional computing systems IoT environments bring together the physical, human and cyber aspects of a system. Each can be used to compromise the other, and each can equally contribute towards monitoring and protecting the other. This project will investigate how to analyse threats that propagate across different aspects of a system and how graphical representation can be used to improve risk assessment in such environments, particularly focusing on smart-buildings as a case-study.
Resolving Conflicts in Public Spaces
Lead: Prof K. Moessner, University of Surrey | Partners: Rail Delivery Group, Rail Safety and Standards Board
IoT has the ability to transform our interaction with public spaces and public infrastructures, offering personalised services and experiences, e.g. using in situ displays to guide users through rail interchanges or an airport. However, reliability of public data sources, and issues such as prioritisation of displays and actuators must be addressed. This project will analyse these tensions and identify the potential threats caused by malicious actuation/misinformation.
Respectful Things in Private Spaces: Investigating Ethical Data Handling for Very Personal Devices
Lead: Prof. Sir N. Shadbolt, University of Oxford |Partners: BT
In highly private spaces, the information that IoT devices collect is likely to be very sensitive. This project looks at empowering end-users with smart tools that will help them to understand, make informed decisions about, and exert effective control over, the data collection activities of devices. It will also identify methods to enable more ethical, and preference-respecting data processing
Value of Personal Data in IoT
Lead: Dr A. Skatova, Prof. C. Maple, University of Warwick | Partners: MET Police, BT, Britisgh Gas Which?, Digital Catapult
Data is key to IoT, with personal data being shared, linked and used for the provision of IoT services. This project seeks to understand how consumers perceive the value of different types of personal data. It seeks to explore whether understanding this subjective value can enable companies to harness economic value from personal data while preserving consumers’ rights to privacy.
Lead: H. Boyes, Prof. C. Maple, University of Warwick | Partners: EDF Energy
This project will develop a Code of Practice (CoP) to be adopted by energy suppliers and manufacturers of devices that link the Smart Meter Home Area Network (HAN) and the Consumer HAN. This project will identify technical and security issues that need to be addressed with such a connection. The creation of this CoP will enable innovation while maintaining integrity, security and operation of the HAN and also assist in increasing public trust in such devices.
Hybrid Engagement Architecture Layer for Trusted Human-Centric IoT
Lead: Prof. W. Hall, University of Southampton | Partners: CityVerve, Southampton City Council, Siemens, Zooniverse
This project focuses on integrating humans into the IoT ecosystem. The project will investigate and experiment with how and where crowdsourcing can be used within an IoT ecosystem in order to improve trust, user-driven privacy, and provide better human-driven data sharing mechanisms. By using the crowd we wish to build up trust, privacy, & data sharing capabilities in an open and transparent way.
Resilience and security in Low Power IoT
Lead: Dr M. Rio, UCL | Partners: IBM UK
Low power sensors with long range communication will be critical to the IoT vision. However such sensors bring their own security concerns. This project will create, implement and deploy in London a low-power IoT network that will increase network resilience and security, protecting against denial of service attacks. This network will make use of a high density of novel connection points (gateways) to gain sensor positioning while preserving privacy, without GPS and with the ability to work indoors.
Designing Dynamic Insurance Policies Using IoT
Lead: Prof. M. Huth, Imperial College London
(Supported by Lloyd’s Register Foundation)
This project will explore how ‘real-time’ adjustable insurance policies can be designed and managed using IoT technology. Typical examples include bike/car renting, car sharing, and courier services where there is varying level of risk. The project will look into mechanisms and models insurers would need in order to implement ‘real-time’ adjustable insurance policies.
Blockchain-empowered Infrastructure for IoT (BlockIT)
Lead: Prof. W. Hall, University of Southampton | Partners: British Gas, DSTL
(Supported by Lloyd’s Register Foundation)
This project looks how blockchain, the technology behind bitcoin, can be exploited to make the Infrastructure of IoT more resilient. This project will use blockchain to connect and coordinate IoT devices, enabling them to share their data with guarantees that their privacy will be preserved.
Identifying Attack Vectors for Network Intrusion via IoT devices & Developing a Goal-Oriented Approach to Determining Impact Across Threat Surfaces (IoT Depends)
Lead: Dr P. Burnap, Cardiff University | Partners: Airbus group
(Supported by Lloyd’s Register Foundation)
IoT devices are vulnerable to breaches from a number of types of attack – from Web application exploits to RansomWare. These attacks can affect local networks and also lead to large-scale remote attacks (e.g. DDoS). This project will identify the ways in which attacks may enter an IoT system (the vector) and the scale of the impact each method of attack can have.
Blockchain Technology for IoT in Intelligent Transportation Systems (B-IoT)
Lead: Prof. M. Huth, Imperial College London | Partners: Ordinance Survey, Wallet.Services, Pinsent Masons, Telefonica, CISCO
Huge benefits in transportation can be gained if Intelligent Transportation Systems such as automated vehicles are enabled to communicate between each other, and their surrounding infrastructure in ways that are simple, reliable, and widely acceptable for human operators. At the same time, it is imperative that the security and privacy of such communications are considered. This project will demonstrate the potential of distributed ledgers such as blockchain as a method of securing the integrity of such systems.
Notes to Editors
To speak to the researchers, please contact: Graça Garvalho, Alisdair Ritchie, or Rob Thompson, PETRAS Impact team,
E: firstname.lastname@example.org m: +44 (0) 7727 245271
PETRAS is a three year research hub, funded by the EPSRC, bringing together nine leading UK universities, (Warwick, University of Oxford, Lancaster University, University of Surrey, UCL, The University of Edinburgh, University of Southampton, Imperial College London, and Cardiff University) to explore the critical issues of Privacy, Ethics, Trust, Reliability, Acceptability, and Security (PETRAS) relating to the Internet of Things (IoT).
As part of the Government-funded IoT UK research and innovation programme (see below), The hub is receiving £9.8m funding from the Engineering and Physical Sciences Research Council (EPSRC) between 2016 and 2019, as well as £14m and participation from over 100 industrial and public sector partners. The hub was announced on the 6th January 2016 [ https://www.epsrc.ac.uk/newsevents/news/iotresearchhub/ ].
The Hub looks at both social and technological issues, bringing together research leaders, industry, the public and voluntary sectors. In bringing together this community, the research hub is able to gain a thorough understanding of PETRAS issues in terms of the needs and potentially conflicting interests of private individuals, companies and the public sector. This will enable the hub to be a leader in development and innovation; an authority and influencing voice in the cybersecurity of IoT.
About IoT UK
IoT UK is a research and innovation programme to help advance UK development of the Internet of Things, for economic and social benefit. Government (Department for Digital, Culture, Media and Sport and the Department of Health, via Innovate UK and EPSRC) is spending up to £30 million between 2015 to 2018. Industry, universities, the public sector and other partners are also making substantial cash and “in kind” contributions.
As well as the PETRAS Research Hub, IoT UK projects include the Cityverve smart city demonstrator in Manchester; health and social care projects in Surrey (dementia) and the West of England (diabetes); accelerator schemes for small IoT businesses; and help for innovators from Catapult Centres.
Follow IoTUK on Twitter @IoTUKNews