Secure-IC establishes new references to secure the Internet of Things

Secure-IC, the rising leader and only global provider of end-to-end cybersecurity solutions for embedded systems and connected objects today announced that its collaboration with b<>com[1] has led to the establishment of a new reference base securing new technologies in LPWAN or 5G networks.

The Internet of Things (IoT) refers to billions of objects connected to each other and to the network, which exchange data on a daily basis. The rise of IoT is a phenomenon that holds great promise for society by introducing new uses and new services in many sectors such as transportation, industry, health, etc.

However, mass deployments of connected objects and wireless networks are bound to fail if they are not supported by a comprehensive security approach that would include sophisticated system management, authentication services for connected objects, commissioning and upgrades, and monitoring of the data exchanged to ensure integrity and confidentiality. Indeed, more and more advanced cyber-attacks exploit configuration problems or vulnerabilities to take control of these objects and, for instance, to impersonate someone else, to steal information or to modify the exchanged data.

Attacks have been successfully carried out on almost all wireless communication standards in recent years (LoRaWAN, 4G, Wifi, Bluetooth, etc.).

SECURING COMMUNICATIONS AND IoT SYSTEMS

In order to meet these new challenges, the research work led by b<>com and conducted in collaboration with Secure-IC has made it possible to remove technological barriers in the field of long-range and low-power networks for the Internet of Things.

With expertise in embedded cybersecurity and a commitment to advancing a relevant normative framework, Secure-IC’s teams were focused on the security aspects.

The main objective of the collaboration between the different partners (b<>com, Centrale-Supélec, the École Nationale Supérieure des Sciences Appliquées et de Technologie de Lannion, Orange, TDF and Secure-IC) was to identify ways to secure IoT communications and systems by developing an efficient management system for these systems (which are themselves managing entire fleets of connected devices). The results of the partnership between the two entities are applicable to the market of connected objects intended to be deployed in the field over large time periods (generally more than ten years) and with limited connectivity requirements in terms of bandwidth. Those results enable to improve existing communication technologies and to deploy innovative technologies for monitoring and analyzing security breaches, as well as the implementation of adequate countermeasures.

Beyond the scientific and technological advances, this collaboration aims to support the changes brought by the Internet of Things towards new reference systems that are essential for their security.

MODEL THE THREATS TO BETTER IMPLEMENT THE APPROPRIATE COUNTERMEASURE

Secure-IC has tackled various issues such as physical attacks (electrical, mechanical stimulation, jamming) and/or logical attacks (protocol attacks, software compromise, etc.) threatening IoT systems. Secure-IC has established a comprehensive threat model coupled with a set of countermeasures to secure Internet of Things devices, including:

  • The exhaustive analysis of the vulnerability of LPWA networks and the categorization of the most probable attacks (risks and associated impacts and elaboration of attack trees) allowing to provide preventive measures and new implementations at the hardware level so that connected objects will be more resistant to physical attacks,
  • The development of a security qualification and monitoring tool combining prediction, detection and remediation capabilities,
  • The development experimentation helped unfold the different attack scenarios, verify the immunity of the tested networks and implement a set of countermeasures in an LPWAN and 5G context.

The collaboration with b<>com, of which Secure-IC has been a member since its creation in 2012, continues and the architecture put in place is now entering the industrialization phase. This next step consists in particular in establishing an IoT and 5G network monitoring system to detect attacks, at an early stage, in 5G and tomorrow, 6G contexts.

 

[1] b<>com is a private Technology Research Institute that explores, designs and delivers innovations to companies that want to accelerate their competitiveness through digital.