National research project for a secure Internet of Things
Devices that are connected to the internet, such as self-driving cars and intelligent thermostats, pose an increasing threat to our privacy and security. Protecting against this requires a fundamental approach that is urgently needed. A national research project comprising more than 45 parties - universities, companies, NGOs and government – and led by Eindhoven University of Technology will be conducting research into this approach in the coming years by combining technical research with legal and criminological approaches. The project is being subsidized to the tune of almost 10 million euros by the Netherlands Organization for Scientific Education (NWO) within the framework of the Dutch National Research Agenda. Researchers Tobias Fiebig, Carlos Ganan and Michel van Eeten from the faculty of TPM are involved in the project.
From an internet that consists purely of connected computers, an internet is created at a rapid pace to which devices are connected, such as cars, books or refrigerators, but also sensors, smart home systems and complete power plants. This Internet of Things is expected to contain 75 billion connected devices worldwide by 2030. Given that there is little control over its development, the size of the technology entails a major security risk.
According to Sandro Etalle, professor of cyber security at Eindhoven University of Technology, we have reached a turning point in history. "If we do nothing now, we run the risk of being overwhelmed by technology that we cannot oversee or control and that will completely undermine our privacy and cyber security." As a solution, current ad hoc security methods such as virus scanners or firewalls are no longer adequate, says Etalle. " To get a grip on this problem we need a systematic approach with rules for the design and management of IoT systems."
Etalle leads the research project ‘An Internet of Secure Things - INTERSECT’ with more than 45 affiliated institutions and companies that aim to provide the first impetus for "a blueprint" for the design, security and management of IoT systems. Because universities, government, business and NGOs are coming together in the project, the approach can be approached technically as well as legally and criminologically. This can also be used to investigate a wide range of applications, including health, energy, mobility and smart cities.
The TPM faculty will focus on two themes. Firstly on governance of safe and unsafe devices. Which companies introduce them to the market? Where do we find unsafe devices that are misused by attackers? Who is responsible and which economic incentives drive them? This project builds on research with telecom and ICT provider KPN and other providers carried out by Carlos Ganan. In it consumers with devices that have been hacked are informed and assisted in solving the problem on a large scale. The second theme deals with safe configuration of devices for users, such that they are not unintentionally confronted with unsafe situations. This follows up on research of Tobias Fiebig into behaviour of users and administrators in dealing with these devices and the mistakes made in the process.
The INTERSECT project is receiving almost 10 million euros within the Dutch National Research Agenda program: Research on Routes through Consortia (NWA-ORC). In addition to TU/e, the following institutions and companies are involved:
Universities, research institutions and colleges: VU University Amsterdam, Radboud University Nijmegen, Delft University of Technology, University of Twente, Tilburg University, Dutch Crime and Law Enforcement Center, Fontys University of Applied Sciences, Leiden University of Applied Sciences, Amsterdam University of Applied Sciences, TNO.
Government: Ministry of the Interior.
Organizations: Consumers' Association, Stichting Internet Domeinregistratie Nederland (SDIN)
Companies: BDO Advisory, Brainport Development, Bosch Security Systems, Centric, Compumatica secure networks, Fourtress, ICT Automation, Océ-Technologies, Omron Europe, Oracle, Philips, Qbit Cyber Security, Secura, Siemens, Signify, Simac Technique, SURFnet, Synopsys , Technolution, Verum Software Tools.
The goal of the Dutch National Research Agenda (NWA) is to solve urgent social problems by bringing scientists, companies and NGOs together. The topics have been suggested by the Dutch public. This year’s budget for the 17 NWA projects is 61 million euros.
Photo: Eindhoven University of Technology