by Dr. Stylianos Kazazis, UBITECH Rewire
Nowadays, trust is the fundamental requirement that needs to be achieved in order to serve as the solid basis for building added value defence mechanisms that will enhance the security posture of IoT environment. With every line of code, the cyber-security risk to edge devices increases, making the need for improved security measures, secure software and firmware upgrades and certification mechanisms, among all stakeholders, imperative. To tackle IoT devices’ security challenges, REWIRE provides an advanced cybersecurity solution capable of protecting the entire lifecycle of such devices (deployment, bootstrapping, operation, update, and decommissioning) leveraging verification for different aspects (crypto, firmware) and runtime assurance.
In this context, REWIRE reduces potential cyber security threats by offering a 4-layered security sandbox comprising a toolchain that can efficiently safeguard and assess the trustworthiness level of an edge device throughout its entire lifecycle. This is achieved by defining and leveraging advanced and lightweight attestation mechanisms, enabling in turn the establishment of trust relationships in next generation Systems-of-Systems based on trust assertions and indisputable evidence.
The REWIRE framework will incubate cryptographic schemes and constructions capturing all the critical activities of the IoT device to be performed during runtime; from the secure device on-boarding and bootstrapping to the secure communication with other devices and the activity of distributing software updates in a secure way, with minimal assumptions regarding the underlying hardware. In addition, REWIRE will implement a security-driven verification and validation workflow, combining strong cryptographic proofs by-design, strengthening the assurance of their low-level arithmetic computations using theorem proving approaches, while creating the necessary evidence by the system operation, for the requirements not captured in models or analytical proofs.
In order to promote the dynamic and runtime trust assurance in such heterogeneous environments, REWIRE will design a lightweight, customisable and formally verifiable software-based trust anchor (such as a Trusted Execution Environments (TEE)) that can act as the root of trust, facilitating remote attestation protocols by offering the necessary cryptographic enablers. At firmware and software level, security threats can be effectively suppressed through the envisioned novel automated firmware validation and verification mechanism that can capture all possible exploits and compromises in an efficient manner.
Finally, REWIRE will offer a blockchain overlay that facilitates the secure, auditable recording and sharing of the threat intelligence data, among the distributed IoT devices, actors, and back-end systems, and data regarding the security patching and update process. It will combine Federated Learning, diverse types of Smart Contracts, blockchain-based oracles and customizable TEE to perform decentralized, trustworthy, authenticated, traceable and transparent-but-secure data sharing, providing a certification and auditing “all-in-one” platform. The blockchain will not only be utilised for secure and fully trusted auditing and certification process of IoT devices, but for secure on- and -off chain data sharing, and AI-based misbehaviour detection.