The Internet of Things (IoT) was expected to enable applications of utmost societal value, such as energy-efficient buildings, smart cities, intelligent grids, and next-generation healthcare. Such a promise is only partly fulfilled. The more demanding and critical applications still fall short of expectations. These applications require sensor data and actuation commands to be delivered in a timely fashion with high reliability, while the battery-powered devices must often last for years.
Simultaneously, we witnessed a tremendous increase in attacks on the Internet infrastructures. For instance, IoT devices were hacked and used as a source of a DDoS attack by the Mirai botnet in October 2016. IoT networks of embedded devices are even more vulnerable than the existing Internet infrastructure, since they usually communicate wirelessly and at a much lower output power than other devices such as WiFi, which makes them more vulnerable to, e.g., jamming attacks.
Furthermore, due to their resource constraints, these devices cannot run the most sophisticated cryptography algorithms and other defences against attacks. The challenge is thus to make IoT networks maintain their functionality not only under benign circumstances but also in more challenging situations; for example, when IoT networks are under attack or exposed to harsh radio environments and cross-technology interference. Solving these challenges enables a new class of IoT applications that provide a certain Quality of Service (QoS) even under attacks.
While there exist commercial products for WiFi networks such as Cisco’s Wireless Intrusion Prevention System, similar tools are missing for the more resource-constrained IoT networks. Note that such tools are not easily adapted to many IoT scenarios due to the resource-constraints of the IoT devices and in particular to IoT mesh networks. In addition, mechanisms to mitigate attacks and sustain QoS under severe circumstances cannot be just adapted from the less resource-constrained world for the same reasons.
Our major innovations towards this goal include more robust IoT communication, attack detection and mitigation by performance and interference monitoring as well as smart algorithms leveraging a tight integration with a smart edge. Training data for learning the best strategies will be collected primarily in our testbeds and deployments. Furthermore, we will ensure the privacy of sensed data. We will evaluate and validate our developed concepts through several challenging use cases that address critical application areas which adhere to stated QoS levels when being under attack. This way, STACK will enable more demanding and critical IoT applications than the “best effort” applications that can be deployed today.
The STACK consortium consists of partners from four countries (Sweden, Romania, South Korea and Turkey) divided in problem owners (two world-leading Swedish companies, ASSA ABLOY, Husqvarna and Turkcell), solution (SMEs from all countries) and knowledge providers. For the problem owners and solution providers, providing secure products and solutions is not only a competitive advantage but it is a must since customers do not accept non-secure solutions anymore and companies not being able to deliver secure solutions are deemed be out of business soon.