Security and safety have long been two different technical fields with little relation to each other. Security on one hand has been mostly related to either malicious stealing of computer system data (hacks) or unintentional mistakes when dealing with confidential data. The main focus of safety and in particular “functional safety” on the other hand has been on the unintentional technical failure of electric/electronic systems, e.g. a break of cables or human errors at design time of a system. Whereas security has been mostly relevant in the IT world, functional safety has had its stronghold in industrial domains for engineering of machines.

These paradigms have changed recently when safe systems got connected to the outside world. Safe systems suddenly became attackable. Even though most consumer IoT devices are not safety-relevant, first effects are already visible. Examples are recent hacks of connected cars, where hackers even were able to threaten people by accessing the car brakes. It is evident that a rethinking must take place and new systems must be designed in a new way.

AT&T observed a 458% increase in IoT hacks the last two years. In SCOTT we focus on IoT applications for e.g. vehicles, airplanes and rail and the intention is to cover a broad spectrum of typical IoT devices, from home environment, to automotive towards more industrial airplanes and railway with highest safety and security standards. While the unavailability of the Internet or a cellular network may result in some annoyed users and lost productivity, a large scale compromise of IoT devices may lead to loss of lives and large scale user impacts.

Since IoT devices cover such a wide range, SCOTT does not try to find one all-encompassing solution that fits all, but our objective is to identify key needs for each IoT application that we have in the consortium, harmonize commonalities and leave room for specific needs e.g. airplanes. The high-level objective of this project is to secure IoT devices and justify the trust the users put into them.

The objective of this Technology Line is to find solutions or extend existing solutions for IoT security and safety.

In particular, the Technology Line will implement or provide:

  • Communication security tools for IoT devices using various communication protocols (use case dependent)

  • Secure remote management and access software e.g. for malfunction detection, updates, patches

  • Secure authorized cloud access

  • Protection software against personal data leakage in generation, storage, transport of data in IoT focus points (depending on use case)

  • Flexible security and privacy architecture that allow pre-processing of data depending on use case e.g. gateway support, end-device capability

  • Software tools that must support the privacy and security pre-processing

  • Privacy preserving data analytics software and tools

  • Integrated safety and security development approaches

  • Protection against cybersecurity attacks

This will be implemented and demonstrated in WP23.

The achieved privacy and security has to be quantified to avoid home-cooked security approaches. This is of special importance for IoT where some IoT devices may be connected for 20 years and robust security is essential. We will focus in our project on wireless communication, but therein take several access possibilities into account.

The objectives of SCOTT in terms of measureable indicators are (see also Figure):

  • Integrated Safety and Security Development
  • SCOTT Security Core
  • SCOTT Security Library
  • Out of Band Security
  • Dependable Wireless Sensor Network
  • Safety for critical traffic infrastructures
  • M2M Safety critical applications via Satcom
  • Safety for critical traffic infrastructures
  • Integrated Safety and Security Development
  • Trust Anchor and Trust Indicator for ES and smart sensors
  • End-to-end assured QoE for heterogeneous service traffic
  • Real-time Configuration of Secure Zones
  • Routing and Scheduling for real-time WSN
  • Reliable Wireless Multi-hop Communications
  • Reliable Wireless PHY and MAC
  • PHY Layer Security
  • Hardware-supported Security Mechanisms

The delivery of the building blocks can be measured. They are either software or reports/guidelines. The high level main objective is that they will enable the different use case and provide synergies inside the project of at least 20%-30%.