SecureIoT: blocking cyberattacks on connected objects

An EU project dedicated to the Internet of Things

SecureIoT, an EU project that was given funding as part of the H2020 programme, came to an end in December 2020. The project was allocated a total budget of close to €5m over two years, bringing together fourteen partners from eight different European countries. Its aim was to be able to predict and anticipate the behaviour of digital systems based on the Internet of Things in order to boost security and develop IT tools that would make using such systems more reliable. Through researchers from the Resist project team, Inria Nancy - Grand Est shared its expertise with Intrasoft, the Belgian IT company that was coordinating the project, and their other contributors from the worlds academia and industry.

The Internet of Things, which involves enabling dialogue between digital systems that fulfil a wide range of functions (such as pressure and speed sensors, automated machines, robot arms, etc.) within a more complex whole, is a rapidly-evolving sector

…explains Jérôme François, an Inria researcher and member of Resist. “These connected objects form a fully-fledged IT network, which operates in a way that is more open, more dynamic and more flexible than a conventional network. However, the more rigid architecture of conventional networks does make them better at fending off attacks. IoT [networks] must exchange large quantities of data from their environment in order to provide users with a service, leaving them potentially more vulnerable.”

From apps to industry 4.0, and from driverless vehicles to companion robots

Making sure that IoT networks are secure is a key consideration for companies looking to use them in the context of “industry 4.0” (or “the factory of the future”, which will be connected and versatile). This ranges from driverless vehicles to companion robots, which are used with children with autism to stimulate communication.

“These were the use cases we looked at as part of the SecureIoT project, which was interested in the deployment of robust IT security. There were four components to the project: supporting cybersecurity audits for components used by IoT networks; developing ways of controlling access to networks of connected objects; and devising new IT architectures that would be better at dealing with intrusions or attacks”, explains Jérôme François.

The contribution made by the institute concerned the fourth component of the project, which was also the most ‘upstream’. Since being set up in 2018 Resist has studied a wide range of IT security techniques. “Our expertise is broad, and is centred around three main areas: collecting data on a network, i.e. at what level to observe its functioning; analysing this data in order to detect an ongoing attack and to anticipate how it might evolve; and putting defence mechanisms in place, perhaps by reconfiguring the network in real-time in order to limit the impact of an attack or to counter it completely”, explains Jérôme François.

Process mining: an innovative approach to cybersecurity

More specifically, Resist is interested in what is known as process mining. How this family of techniques might be applied to IoT security was the subject of PhD research carried out by Adrien Hemmer, a member of Resist. Financed as part of SecureIoT, this research was supervised by Isabelle Chrisment and Rémi Badonnel, respectively a professor and a lecturer at Télécom Nancy.

“Process mining involves analysing the ‘normal’ operating data for an IoT network. For a driverless vehicle this might be information on a car's direction or speed or on its different IT components. This data is then analysed, factoring in the context the network is operating in, such as driving conditions, for example, whether or not the road is straight. This enables us to detect any ‘abnormal’ behaviour that could indicate an attack”, explains Jérôme François.

For this the researchers used a generic modelling technique: Petri nets. Employing the data used to describe a process, such as how IT systems operate, Petri nets enable IT engineers to build a virtual image of this process in ‘nominal’ operating conditions. By confronting this abstract representation with the data from a real-time observation, it then becomes possible to detect any inconsistencies.

“Unlike neural networks, which are closed models of systems, Petri nets are easy to interpret: they can be used to understand abnormal situations, which could indicate an attack, and to devise ways of countering them, such as reconfiguring the system, for example”, explains Jérôme François.

Results accessible to a wide community

Tested on the project’s use cases, the solutions developed by Adrien Hemmer proved just as effective as any other for detecting and predicting attacks - particularly in industrial systems, such as those found in industry 4.0. Hemmer’s research led to a paper being published in the prestigious journal Transactions on Network and Service Management, while other research helped to build a knowledge base, including all vulnerabilities identified so far. Available online, this knowledge base is targeted at those working in cybersecurity.

It is through this type of project that Inria is able to step up its EU strategy. For SecureIoT's partners, meanwhile, and for Resist, the experience proved to be a fruitful one. “Working with manufacturers gave us the opportunity to test the methods we had developed against real-life examples. Through SecureIoT we developed expertise in process mining and expanded our knowledge of technological barriers linked to the Internet of Things. This should enable us to come up with new research subjects or new services, something we are looking into with the launch of a start-up”, concludes Jérôme François.