Overview

The CRITISEC project develops security services and standards for edge networks in critical infrastructures allowing to connect edge networks to control and production systems in a secure way. Use cases focused on are Energy distribution, Smart cities, Critical communication, Critical Logistics, Identity Management and distributed ledgers. The core idea of the CRITISEC project is to develop novel security products, services and standards for edge networks in critical infrastructures, where the edge networks are a heterogeneous set of networks connected to the edge of a core production network. The challenges that CRITISEC addresses are:

  1. the heterogeneity of the edge networks and of the systems they are connected to;
  2. the scale of the edge networks, that can be composed of huge numbers of (resource-constrained) devices, so requiring efficient and highly scalable security solutions;
  3. the predominant presence of open/shared platforms, where multiple applications share access to a common network of edge devices;
  4. the presence of legacy devices and platforms, for which secure update procedures are often scarce, if any.

Approach

The CRITISEC project performs research in the following novel technology areas related to security in critical infrastructures, and will develop corresponding innovative security mechanisms and solutions:

  • The use of AI for threat analysis, and mitigation strategies.
  • The use of open ledgers (blockchain) to confirm trustworthiness of sensor data in open networks.
  • End-to-end security and application isolation in open platforms.
  • Identity and Access Management for constrained devices (e.g. sensors and actuators) connected to critical infrastructures via edge networks.
  • Secure end-to-end (group) communication methods efficiently supporting large-scale deployments.
  • Security Lifecycle Management, including secure firmware upgrade and management.

These areas are of strategic relevance for infrastructure providers, since their production systems are exposed to increasing threats, especially through Advanced Persistent Threat (APT) actors and criminal elements looking for cyber-blackmailing opportunities. Such attackers have a potential to significantly disrupt core production systems, both affecting the economic viability of the provider and disrupting important societal services. Currently attacks often go unnoticed under a long period of time, so worsening their effect. Moreover, attackers that penetrate some seemingly unrelated part of a company’s IT system often have the possibility to move laterally into the core production system.

The use cases addressed are:

  1. Energy distribution
  2. Smart cities
  3. Critical communication and Small IoT
  4. IoT for Critical Logistics
  5. Identity Management for Iot
  6. IoT and distributed ledgers

The use cases are demonstrated in five application examples:

  • Energy Distribution
  • Smart City
  • Critical Communication
  • Secure End-to-end Group Communication
  • Secure and Automated Device On-boarding

Main results

The main results of this project are novel security standards, solutions, products and services that can be used by providers of critical infrastructures to secure edge networks connected to their production systems. This reduces the risk of malicious service disruption and preserve availability, reliability and safety in provisioning of societal services.

The main results include:

  • IETF standards and advanced standard proposals, concerning lightweight protocols for secure end-to-end communication and access control for IoT devices
  • Integration and testing of the OSCORE protocol in several IoT platforms
  • AI based application security for edge computing
  • AI based network security
  • Solutions to use blockchain and open ledgers for IoT device management
  • A 5G security surveillance system

Impact

The CRITISEC project results have a great impact on several areas in the IoT market.

First, the IETF standards proposed by CRITISEC - including OSCORE and Group OSCORE - are implemented in several solutions from CRITISEC partners and used to improve the end-to-end security of critical IoT networks. The solutions are implemented in several real world use cases by the project partners The AI based application security module for edge computing is integrated into a disaster management solution to improve the application security but will also be available for general introduction into edge computing.

The AI based network security device will improve the security of IoT network and allow the early detection of threats.