Use case 1
In order to take advantage of the opportunity presented by the expansion of IoT connectivity services, airlines will need to upgrade their existing systems to provide enhanced data that must be transmitted over industrial grade IoT networks to air traffic control centres. By combining data from different IoT sources, additional benefits can be obtained (for example, an aircraft encountering turbulence can relay this information via SWIM to other airspace users to avoid the area).
While the automation enabled by IoT technologies enables more efficient operations, it also introduces new requirements for the information security of the commercial aerospace industry. Since the use of airspace as a general open architecture IoT information system in the future, the organization of active information exchange between peripheral users, and conducting of commercial operations in the airspace entails a number of risks associated with theft of information, deliberate distortion of information or accidental loss of information, which can lead to catastrophic consequences associated with air crashes, loss of airline reputation and\or loss of profit.
TELEMETRY will enable assessment of IoT devices used in aerospace scenarios, where the IoT devices are considered as devices at the edge, transmitting data to a central cloud via SWIM, and the interaction between the different actors represents a “supply chain” of information exchange. Based on the results of the tools, system integrators will be able to mitigate potential security vulnerabilities and risks by implementing appropriate measures. Antonov will deploy TELEMETRY in laboratory conditions, emulate IoT devices that collect relevant information (such as vibration, temperature, pressure, etc) using the Digital Twin emulation environment (T4.3) and run controlled experiments where baseline situations will be determined without TELEMETRY, and the improvements of the TELEMETRY tools and techniques will be evaluated. Specifically, using the test tools developed during the TELEMETRY project, the compliance of integrated IoT aerospace systems with RTCA DO-178 and EUROCAE ED-12 for software and RTCA DO-274 and EUROCAE ED-80 for hardware will be assessed, including analysis detecting external threats and anomalous behaviour effective management of access to the information system; API testing of server instances and impact & risk of cyberattacks on interconnected components of complex IoT based aviation systems.
Use case 2
Smart factories often consist of a mix of SW and HW components from different vendors and different time periods (e.g. 15 year old machines and software components are integrated into abrand new manufacturing execution system). Those systems all have their own firmware and managing systems, and they are often tied to outdated and unmaintained software platforms (e.g. Windows XP, Windows NT, Windows 10, Linux).
The business need is to simplify the monitoring of such a heterogeneous environment to ensure reliability and trustworthiness of those complex systems. In such an environment as described above, it is a challenge to maintain overall system security when machines have firmware, for which the original vendor does not provide security updates anymore or when the machine’s maintenance software only runs on long retired platforms like Windows XP.
Integrating such components, which may have known and unpatched security flaws, into the smart factory network would lower the overall network security. Currently, this is mostly addressed with complex and highly manual means like sub-networking and/or firewalls. Furthermore, with the increasing amount of smart components that are deployed in a factory, the more systems have to be monitored for potential malicious behaviour (e.g. “phoning home”) or kept on the latest patch level by the administrator. Missing just one of them could compromise the whole factory and expose personal and proprietary data. Furthermore, the application of best practices of IoT security in a manufacturing environment described in standardisation and regulation bodies like IEC, NIST and EU cyber resilience act will be considered.
TELEMETRY tools would greatly help smart factory operators to take timely actions and keep their (inevitably) heterogeneous networks safe, via automated detection and risk management at component and network level. We will evaluate TELEMETRY’s ability to automate the process of network security maintenance by automatically detecting (and mitigating) increased risk levels due to human or software malice or malfunction. We will deploy the TELEMETRY tools in the Nokia test lab (the so-called “Factory in a Box – FiAB), which provides a laboratory with a smart factory environment (including a 5G campus network) and data centre capacity for the integration of all partners software components. We will run controlled experiments to evaluate the TELEMETRY tools comparing their effectiveness to a baseline situation without them, examining aspects such as catch-rate of known vulnerabilities, speed of detection, false-positive rate, accuracy of risk assessment and applicability of recommended controls. The expected tools for automatic detection include Component & System Level Anomaly Detection, Risk Analysis, and automatic IoT update. The expected testing tools for evaluation include service level cybersecurity testing and IoT device fuzzing tools. Where feasible the Black Box approach will be applied.
Use case 3
Telco ICT devices, in particular network and IoT devices such as core/access elements or IoT devices, play a fundamental role in any network infrastructure, due to the massive number of users served, the amount of data transported, or the characteristics of the underlying services.
Consequently, the security level provided by those devices is a priority for all the involved stakeholders: manufacturers, telco operators, governments, and end users. Moreover, the introduction of 5G represents a quantum leap for Telco industry. Massive IoT and related Machine Type Communications (MTC) represents an important business opportunity for the Telcos to provide additional specific security solutions to their customers. On the other hand, if not well addressed and managed, IoT will also pose huge new challenges to data governance in terms of privacy and security or both: the customers/citizens and the Telco critical infrastructures. Billions of Things can be powerful tools which cyber criminals can use for attacks (DDoS, Phishing, Privacy violations, etc.). The specific focus for this use case is domestic networks protected by Home Gateways (covered by ETSI TS 103 848). Home Gateways are at the border between the Telco networks and the customer’s devices (PC, Smartphone, IPTV, Camera, Alexa, sensors, etc), hence are often exploited by attackers to enter the user’s home network, but consumer-grade routers are low-cost devices, less likely to be viewed as worthy of continued maintenance and the need for keeping the device’s price affordable might limit the overall verification process. The Fraunhofer Institute analysed 127 routers for private use developed by seven different large vendors selling their products in Europe [Weidenbach 2020] finding an impressive number of vulnerabilities, lack of updates, and a lack of exploit mitigations. Given that the gateway is vulnerable, there is a clear need not only to protect the gateway itself, but also the IoT (and other) devices on the home network it protects.
TELEMETRY methodologies and tools will help several stakeholders in current Telco ecosystems and will support (e.g. router) vendors during self-assessment testing activities, to collect evidence about the security provided by their products and support Telco Operators by checking the security level of the technologies acquired. Independent and accredited testing laboratories can also benefit from these technologies, increasing the efficacy of certification processes and collecting additional evidence about the security level of tested products. TELEMETRY solutions consider the intended target use case scenario to increase the fidelity of results via testing of components in realistic contexts such as emulated home networks. The TIM use case will evaluate the TELEMETRY tools in the Home Gateway context with a testbed simulating a real environment. The Digital Twin Emulation Environment will be evaluated in order to simulate/emulate a complete domestic IoT device scenario, including the Gateway and the internet as emulated attack routes. Within this environment, TELEMETRY tools will be evaluated to identify security issues terms of at least time to detect and quality of results. We will evaluate the TELEMETRY Toolbox and the Secure deployment to assess automation of testing phases, speed of tools setup and ease of use. Finally we will evaluate the TELEMETRY risk assessment approach at both device and system level. From this testing, we will determine methodologies (including test metrics) that can assist vendors. In all evaluations, we will compare a baseline situation without TELEMETRY to an enhanced situation where TELEMETRY is deployed.