by Odins,
Within the context of the REWIRE project, ODINS leads the Smart City Use Case, aiming to address the current and emerging challenges of cybersecurity and connectivity among urban “Smart” infrastructures. In a world where numerous interconnected IoT devices interact for critical services and infrastructure management, such as traffic control or energy efficiency management, the need for safeguarding a secure environment, against threats, is required for the protection of the whole ecosystem. REWIRE framework manages to provide a holistic security approach during the whole life cycle, from design phase to runtime, while guaranteeing the confidentiality, integrity and availability of data, which represent the essential elements for maintaining both efficiency and cybersecurity in a Smart Cities, dynamic and complex environment.
Status of Constrained Security
The case of constrained security raises concerns as long as, we delegate the security to lower layers of the TCP/IP stack we find that typical low-power communication technologies, like LPWANs integrate vendor-specific security mechanisms, tailored to their radio characteristics. For this reason, and despite the main benefits they offer, such as low power consumption, long range, and low-cost communication characteristics security in LPWANs is limited to the communication among the centralized architecture component of its star-of-stars topology.
More importantly, the LPWAN security mechanisms only manage to address security from the end-device to the centralized server that manages the network. To this end, when authorized users or third parties try to access the message contents, this is secured only among the user browser and cloud platform. Hence, LPWAN designs do not manage to address the end-to-end security needs and requirements, as well as the privacy of message transmissions. For example ,by default, vendors and administrators of LPWANs can access the contents of every transmitted message in plain text. As a consequence, clients can not guarantee the use of third-party LPWAN deployments without giving away the contents of their communications.
On the other hand, there is also the application layer. Constrained Application Protocol (CoAP) is a protocol optimized for IoT devices that uses UDP to minimize resources, unlike HTTP. Although it is standardized, ensuring its security remains also a major challenge. Several protocols are seeking to become the standard for securing communications in IoT environments, ensuring confidentiality, integrity and availability.
REWIRE Framework within Smart Cities Processes
In the context of Smart Cities, processes such as device onboarding to the network and remote software upgrades are critical to the efficient and secure operation of urban systems. Device onboarding refers to the process by which new devices, such as sensors and cameras, are integrated into the city network to start sending and receiving data. This process is crucial to ensure that the city’s infrastructure, such as the traffic light system, can function optimally and adapt to new needs or changes in the urban environment. However, device onboarding often faces significant challenges in terms of security. Lack of adequate protections can allow malicious actors to interfere with the network, thus compromising the operation of critical systems.
Moreover, another critical process in the case for Smart Cities, is considered the remote software update. This process allows system administrators to update the software of distributed devices, without the need for physical intervention. Since, Smart Cities typically have a large number of connected devices, these updates are often one-to-many, i.e., one specific update is distributed to multiple devices simultaneously. This feature of the process increases complexity and risk, as a compromised update can affect numerous devices at the same time, amplifying the potential impact of any attack. In the case of systems such as traffic light control, a remote update can be a valuable tool for introducing improvements or correcting vulnerabilities. However, remote updating also presents risks, when it is not implemented with adequate security measures. An attacker compromising an upgrade can introduce malware or exploit vulnerabilities, putting public safety and service efficiency at risk.
The relevance of protecting these processes becomes evident when considering the key values and the potential impact on human life, safety in mobility domain and the facilitation of life. For example, a traffic light that is not functioning properly due to a compromised update or a device that has been improperly integrated into the network can cause serious traffic accidents.
Traffic control systems depend on secure and reliable communication to ensure that traffic lights change at the right times and that traffic status information is accurate and timely. The safety of these processes is crucial to maintaining the integrity and efficiency of urban infrastructures and thereby protecting the lives of citizens.
In order to apply the REWIRE framework in Smart Cities, a scenario based on a traffic intersection has been deployed. This environment allows testing of both the device onboarding process and the remote software update.
Stay tuned on the REWIRE Project Use Cases for real-world cybersecurity applications here.