The 12-month project will use data analytics to identify vulnerabilities that could put embedded devices in smart cities at risk
Leading cyber-security professionals in Scotland are spearheading a new initiative to make it easier to test if interconnected devices and networks are secure including the embedded devices used in smart infrastructure and smart cities.
The project involves cyber-security experts at Edinburgh Napier University and Keysight Technologies and is supported by the Innovation Centre for Sensor and Imaging Systems (Censis) which brings together academia and industry to work on industry challenges and opportunities around sensor systems and the Internet of Things (IoT).
According to Edinburgh Napier University’s professor Bill Buchanan, an expert on cyber-security, threat analysis and cryptography, the biggest thing holding back the development of the IoT is security – specifically, concerns about the vulnerabilities of devices, the ease of hacking them, and the consequences of such hacks.
A key strategy for improving IoT cyber-security, therefore, is for device manufacturers to build more robust security into the design of their devices, so they come to market without security gaps that hackers can easily exploit.
“In healthcare, for example, IoT could transform the way we monitor people’s health and manage conditions like asthma. But security concerns are holding back wider adoption of smart devices,” said Buchanan, who is also lead academic on the project.
“Only if we can improve confidence in IoT security can we realise the potential of smart technology.”
With this new 12-month project, Edinburgh Napier University and Keysight will be using data analytics to identify vulnerabilities that could put IoT devices at risk. The project will focus on ‘side channels’ – the tell-tale electromagnetic, power and acoustic signals that hackers can eavesdrop on, and use to crack encryption codes on the device.
The project team, led from the Edinburgh Napier side by Dr Owen Lo, will use the data they gather to put together a test framework that manufacturers and designers could use to evaluate the vulnerabilities of different devices.
The development of automated vulnerability testing using Keysight’s PathWave platform will, reportedly, make it more feasible for manufacturers to rigorously test connected devices at every point in the design workflow from concept through production prototypes.
These tests could in turn be used to develop a formal industry framework for testing IoT devices for a range of risks and vulnerabilities, and even to develop minimum standards for different types of IoT devices and hardware.
It means that rather than vulnerabilities being exposed once devices are already on the market or in use, manufacturers would identify and deal with security issues at, for example, prototype stage.
“Strong cyber-security is a prerequisite for the successful integration of sensor and imaging systems and IoT technology. So Censis is supporting IoT security by design – whereby engineers and manufacturers build gold-standard IoT security into devices from the outset,” added Dr Stephen Milne of Censis.
“By developing a reference model for IoT cyber-security testing, this project could help to strengthen the security armoury of every connected device, whether it’s a consumer or business device, or part of the national infrastructure. It could also help to put Scotland at the forefront of IoT cyber-security testing.”
If you like this, you might be interested in the following:
Survey: Blockchain for smarter cities: Where’s the action?
SmartCitiesWorld is undertaking a global survey which looks at the level of understanding that blockchain can have on smart city services.
IoT network could transform public services
Capita is proposing the roll-out of an Internet of Things capability across Scotland’s SWAN public sector network infrastructure
IoT helps to tackle infrastructure corrosion
A university spin-out and CENSIS are joining forces in a project that uses sensors to detect problems under insulation