As homes fill with smart TVs, lights, kettles and even smart toys, concerns are rising about security.
From talking teddy bears to car security systems to healthcare devices such as pacemakers, there is concern that hackers may too easily access and exploit our private data.
A key strategy for improving Internet of Things (IoT) cybersecurity is for device manufacturers to build more robust security into the design of their devices, so they come to market without security gaps that hackers can easily exploit.
The new project, which links Edinburgh Napier cybersecurity experts and Keysight Technologies, will make it easier to test if interconnected devices and networks are secure against hacking attacks.
This in turn could be translated into identifiable security standards for IoT devices.
The project is supported by CENSIS, the Innovation Centre for Sensor and Imaging Systems which brings together academia and industry to work on industry challenges and opportunities around sensor systems and IoT.
Edinburgh Napier’s Professor Bill Buchanan said: “The biggest thing holding back the development of the Internet of Things is security – specifically, concerns about the vulnerabilities of devices, the ease of hacking them, and the consequences of such hacks.
“In healthcare, for example, IoT could transform the way we monitor people’s health and manage conditions like asthma. But security concerns are holding back wider adoption of smart devices. Only if we can improve confidence in IoT security can we realise the potential of smart technology.”
The 12-month project will see Edinburgh Napier and Keysight using data analytics to identify vulnerabilities that could put IoT devices at risk.
The project will focus on ‘side channels’ – the tell-tale electromagnetic, power and acoustic signals that hackers can eavesdrop on, and use to crack encryption codes on the device.
The project team, led from the Edinburgh Napier side by Dr Owen Lo, will use the data they gather to put together a test framework that manufacturers and designers could use to evaluate the vulnerabilities of different devices.
The development of automated vulnerability testing using Keysight’s PathWave platform will make it more feasible for manufacturers to rigorously test connected devices at every point in the design workflow from concept through production prototypes.
These tests could in turn be used to develop a formal industry framework for testing IoT devices for a range of risks and vulnerabilities, and even to develop minimum standards for different types of IoT devices and hardware.
It means that rather than vulnerabilities being exposed once devices are already on the market or in use, manufacturers would identify and deal with security issues at, for example, prototype stage.
Dr Stephen Milne of CENSIS said: “Strong cybersecurity is a prerequisite for the successful integration of sensor and imaging systems and IoT technology. So CENSIS is supporting IoT security by design – whereby engineers and manufacturers build gold-standard IoT security into devices from the outset.
“By developing a reference model for IoT cybersecurity testing, this project could help to strengthen the security armoury of every connected device, whether it’s a consumer or business device, or part of the national infrastructure.”
The collaboration between CENSIS, Keysight Technologies and Edinburgh Napier builds on an earlier project which developed algorithms to identify leakage of cryptographic keys.
This follow-on project develops that work, putting together an IoT security ontology that defines the attack surface and tests that can be performed on it.
Doug Carson, Solutions Consultant at Keysight Technologies, said: “It’s in all of our interests that the Internet of Things is secure – it’s not just about someone hacking your smart TV, but about protecting our critical national infrastructure – transport networks, communications networks and manufacturing supply chains.”