Why TRUSTI whill change the game for IoT cybersecurity
News from the lab
With the Log4j security flaw still fresh in our memories, our TRUSTI research project couldn’t start at a more relevant time. As from March 2022, Televic GSP will join forces with other Internet of Things experts to develop a highly coveted solution for secure remote software updates in large-scale distributed IoT infrastructures. A challenging task with far-reaching improvements for cybersecurity across global industries.
With great power comes great responsibility
As the rail industry benefits from a fully-fledged interconnected Internet of Trains with device-laden vehicles and innovative technology, there’s also a downside to the otherwise gainful story: the IoT increases the risk of becoming the target for cybercriminals.
With Televic GSP’s passenger information, bogie mounted control and monitoring systems contributing largely to the railway’s safety, a compromised system imposes threats not only to cybersecurity, but potentially also to passenger safety.
“That’s why it’s critical to secure each of our devices and systems against malicious attacks”, says Steven Lauwereins, research lead at Televic GSP. “We’re already investing heavily in state-of-the-art hardware and software security configurations, for example with our update management module in LiveCoM Suite, our PIS management platform. But in the current reality of Internet of Things, we need to go above and beyond to guarantee the highest security level at all times.”
End-to-end IoT device security: no trivial task
However pressing the need for a cybersecurity management system in IoT infrastructures, enabling end-to-end protection for devices encompassing such a network remains a tough nut to crack – also in rail environments.
According to Steven, this has multiple reasons: “Each fleet has a unique network with sometimes as many as 40 different devices of variable compute strength in a single vehicle. These need to operate over a long period of time, typically 15 to 20 years, which implies continuous software updates. Add to the equation the fact that we’re generally not in direct contact with our devices, since they’re widely distributed and many parties are involved in the device management process – from Televic GSP, to train builders, holders, and operators.”
“Also, as the recent Log4j breach painfully underlined once again, a network is only as secure as its weakest link. If, for instance, a basic alarm panel or sensor with a simple micro-controller isn’t adequately protected, it’s vulnerable to hackers probing, gaining entry to the network and potentially compromising the entire system.”
TRUSTI: deciphering the cybersecurity enigma
To avoid vulnerabilities, security is not a one-time exercise. Continuous effort is needed during the entire lifecycle of an IoT infrastructure. Regular security updates are indispensable, and protecting the integrity of these updates is the challenge Steven and the TRUSTI research team are up against.
Steven: “Televic GSP has teamed up with Hydroko and Quicksand, companies also operating within the IoT space, plus three university research groups at KU Leuven: COSIC, DistriNet@Leuven and DistriNet@Gent. As from March 2022, we’ll join forces in the TRUSTI project to develop a full lifecycle management solution for secure remote software updates in large-scale heterogeneous IoT infrastructures.
Focus on 3 major technological advances
The complex details required to build a chain of trust for secure updates inside IoT networks are still largely unknown today. By focusing on three major technological advances, TRUSTI aims to deliver a best-in-class system for IoT cybersecurity in the next two years.
1. Trust establishment within IoT devices and networks
“We’ll develop a solid and trusted computing base to be deployed on all devices in the field where software, updates and decryption keys can run in ‘a safe zone’. Since it’s simply unfeasible for large-scale IoT networks to allocate a single key to every device, building a reliable encryption chain with an intelligent hierarchy of keys is the logical and necessary next step to allow updates to be distributed securely.”
2. Secure software distribution
“One of the main targets of this research component is setting up a PKI (Public Key Infrastructure) for access control and secure communication between the back-end system and IoT devices to block nonsecure inroads into our software. With trains being subject to unreliable network connections, for example when there is no internet connection available in a certain area or a particular update is too large to be sent over LTE, we still need to be able to manage who can install which update on a specific IoT device at an approved moment in time. This requires signed and encrypted update packages.”
3. Security management and monitoring
“To maintain the trust level of IoT devices throughout their lifecycle, an efficient method is required to continuously verify the validity of the entire trust chain. To achieve that goal, we’ll enhance existing back-end solutions for remote device management and develop new technologies and services to clear up current IoT hurdles in this field.”
Belgian project, global cross-industry impact
The research project’s results will provide Televic GSP with invaluable insights and resources to further improve and streamline LiveCoM Suite’s security standards. But the findings of TRUSTI are expected to ripple extensively throughout other industries and applications as well.
“A full security lifecycle management system, where trust is established and maintained, reduces risks and provides peace of mind across IoT networks in industries such as e-health, logistics, agriculture, smart cities, and many more.
The TRUSTI project will contribute to the broader goal of realizing a secure digitalized society, in which the novel opportunities of IoT technology can be safely harnessed”, Steven concludes.