Join the M-Sec Project for its final Webinar showcasing the initial results of its multi-layered architecture. It’s Cross Layer will be on the spotlight as our researchers will present a cybersecurity framework for end-to-end management in smart cities
The M-Sec Project was born with the main goal of developing a framework that provides security and integrity of data traffic, end to end, from the device to the Cloud and to the application in a secure and transparent way. The main motivational factor arose from the fact that many data sources in the IoT and smart city domain may contain sensitive information that raises issues on privacy and data protection.
The objective of this Webinar is, thus, to present a cybersecurity framework for end-to-end management in smart cities. This framework aims to integrate cybersecurity for heterogeneous environments such as IoT, cloud and end users. In the spirit of cyber resilience, it automates certain tasks related to cybersecurity in order to better inform and react better in the event of suspicious events. In the scope of M-Sec’s multi-layered architecture, this framework can be identified as the Cross Layer.
So far, a set of Webinars have been organized between October and December 2020, showcasing the initial results achieved in other layers of the M-Sec solution – Cloud, IoT, Applications, etc. On the 10th of February, between 9am and 10h30am CET (Brussels Time), through Zoom, our experts Mathieu Gallissot, research engineer, and Radhouene Azzabi, Security R&D Engineer at CEA France (Le Commissariat à l’énergie atomique et aux énergies alternatives), will present fact-based objective information on their research on the Cross Layer of M-Sec.
In order to further understand the importance of this layer in the scope of the M-Sec solution and for fighting cyber-attacks, we have interviewed our two experts who will be joining us next Wednesday. According to them, the M-Sec Cross Layer solution “intends to provide the many layers of M-Sec with a common security backend. This common security backend intends to provide classical authentication, accounting, authorization services but also value-added features such as auditing, anonymization and attestation. The goal is to enable smart-city integrators to leverage an all-in-one security framework. This framework handles both devices, infrastructure and end-users reducing the vulnerabilities related to misconfiguration or misalignment of security policies among various actors. It enables to automate security rules both related to cyber-security and to privacy regulations such as GDPR in Europe or PIPA in Japan.”
So why is the M-Sec Cross Layer so important in the scope of the M-Sec solution? “M-Sec provides four layers related to IoT devices, Cloud, Marketplace and applications for the end-users. Those four layers are inequivalently fitted while regarding cybersecurity. Indeed, IoT devices have low power and computing resources, have real time constraints and are located in public spaces while in the other hand servers have physical access control and lot of computing resources to serve encryption algorithms. Each layer handles cybersecurity accordingly to first manage targeted attacks. But at the end, something has to link these layers, for example what shall be done at the cloud layer and application layer when a denial-of-service (DoS) attack is detected on an IoT device? Or how to preserve user’s privacy from administrators in such a wide system?”. For our researchers, this is why the Cross Layer is one of the most important ones in the M-Sec architecture.
In what way improvements in the cross layer of the M-Sec solution will improve people’s lives in hyper-connected smart cities? The key-word behind the M-Sec security-manager is trust. We believe trust is game-changing in our modern societies and that without trust, smart-cities may never be accepted by citizens. M-Sec confirms this belief through its use cases addressing important societal challenges. Having secured layers is not enough to provide trust, we needed to go further and make sure that each layer works altogether in a secured manner. This enables to support the NIST cybersecurity framework that supports 5 points regardless of the layer: Identify, Protect, Detect, Respond and Recover
But what have been the implementation challenges so far, regarding this layer of the M-Sec technology?According to our experts, “Security for IoT devices is an emerging topic in comparison with standard ICT techniques. One major challenge is the lack of resources in embedded device to support cybersecurity functions, not only encryption but also regarding integrity of the device and intrusion detection. With the help of M-Sec partners, we have been able to implement enough security technology with a good cost/protection ratio in order to have retrofittable secured devices. Another challenge was regarding remote attestation for the integrity of the devices. Even though the trusted Computing group have specified guidelines in its publication, we couldn’t find any reference implementation and decided to implement our own. This is the “glue” that enables to link IoT device security with Cloud security.”
In the near future, our M-Sec researchers expect to leverage the functionalities of the security manager by implementing cross-layer privacy management as specified by the GDPR such as notification of breach and others. They “would like also to leverage the auditing and attestation capabilities in order to compute self-repair mechanism for devices and networks under attack”. An enourmous undertaking, but one that we are confident our experts will be willing to do!
The Webinar will be held in Zoom, through the following link: https://us02web.zoom.us/j/81051643617. It is free of charge, although registration is appreciated.