Petras awards £3.6m to tackle IoT security

  • August 11, 2021
  • Steve Rogerson

The UK government’s Petras National Centre of Excellence has awarded £3.6m for 18 research projects to institutes across the UK to tackle cyber security at the edge of the internet.

These projects look to answer social and technical cyber-security questions of edge devices and systems, while considering issues such as privacy, ethics and trust in these technologies. These include security in the home, critical national infrastructure (CNI), agriculture, healthcare and wellbeing, and cashless payments.

“IoT, AI and machine learning technologies present society and the UK economy with great opportunities, but to realise their full potential they must be developed and adopted safely and securely,” said Jeremy Watson, Petras director. “I am delighted to announce eighteen new research projects that look to tackle cyber-security challenges through collaborative research excellence between academia and the public and private sectors.”

UK digital infrastructure minister Matt Warman added: “The need for cutting-edge cyber security has never been greater and this significant investment will help keep people and businesses secure online so we can build back safer from the pandemic. We have a world-leading cyber sector which plays a crucial role protecting the country and our digital economy, so it is vital we continue to see investment of this kind to help tackle the ever-evolving cyber security challenge.”

Health and wellbeing devices, for example diagnostic and monitoring sensors for identifying chronic diseases, can confer knowledge and autonomy to end users over managing their health. They also promise to alleviate some of the mounting pressures in the healthcare sector created by issues such as ageing populations and funding demands. What is crucial in realising the potential to consumers and the healthcare sector is ensuring security, privacy and trust in these systems.

The CyFer project examines the cyber security, privacy, bias and trust in female-oriented technologies focussing on fertility tracking apps and IoT devices. Fertility apps have millions of users and IoT devices are starting to boom, predicted to reach $50bn by 2025. These technologies gain user-entered data and take body measurements via sensors. By collecting a vast amount of data and processing them through algorithms, these technologies assist in managing reproductive and sexual health, and give scientists more insight into people’s bodies.

“The lack of dedicated standardisation around this intimate data leads to careless industrial practices, putting the users at serious risk,” said Maryam Mehrnezhad from Newcastle University, who is in charge of the CyFer project. “In CyFer, we take a multi-dimensional approach and conduct user and system studies. Our results will inform the next generation of femtech enabling the millions of users to improve the quality of their lives without any risk and fear.”

The Hipster project, led by Daniel Prince at Lancaster University, is working with expert software developers in health IoT to address the trust, security and privacy needs of their systems in most cost-effective way. Its critical objective is to mitigate breaches of trust, security and privacy in these systems, otherwise the risk of undermining trust, resulting in their lack of adoption, can ultimately discourage further life improvements.

IoT and AI technologies can supply benefits to farmers and the agricultural sector. They facilitate real-time monitoring of crop and livestock, reduce waste and costs, achieve a more sustainable environmental impact, as well as reach a higher productivity with a smaller workforce. The market for smart agriculture is rapidly growing, as IoT devices are set to become more ubiquitous. As the adoption of digital technologies at the farm level grows, so do cyber-security threats due to an increase in attack surfaces.

The Farm project addresses adoption in agritech by defining a new digital-twin framework based on models enabling multiscale runtime analysis, dynamic forecasting and process optimisation.

Farm project lead Michele Sevegnani at Glasgow University said: “Models will explain and guide interventions in unanticipated runtime behaviours therefore providing mathematical foundations for key autonomous aspects such as graceful degradation and anticipatory adaptation in the face of faults, cyber attacks and other challenges. Our research will be motivated by two use cases provided by our partners – an automated turmeric farm by Quanta Computer, and a smart collar system for cow monitoring by Afimilk.”

The uptake of smart home devices is on the increase and has been accelerated with people spending more time at home. The Covid-19 pandemic saw consumer behavioural changes such as an increase in purchases of touchless appliances to reduce germ spread.

Smart home devices are becoming more affordable and offer consumers benefits such as remote control of home functions, energy efficiency savings and enhanced security features. However, smart home devices are not siloed and, while they connect to wider systems and networks across industries and sectors, they also bring new cyber-security areas of concern.

Existing research on power grid security mainly focuses on utility-side cyber attacks and the associated scada system security. In contrast, the cyber threats posed by end-user appliances on power grid operations have received little attention.

This challenge is investigated by the Power-Sprint project, led by Subhash Lakshminarayana at the University of Warwick, which looks into the security challenges of such convergent systems. It focuses on cyber threats posed by end-user appliances on power grid operations.

The PrivIoT project seeks to prevent potential digitally enabled harm from the convergence of home devices with wider IoT systems. This aim is achieved by providing end users effective tools around privacy, security and personal safety. The project focuses on the UK government’s smart meter rollout with home IoT devices, smart meters and demand-side management technologies.

This project is a collaboration between the universities of Northumbria, Royal Holloway, Manchester and Nottingham, and includes Otaski Energy, Toshiba and CybSafe as non-academic partners who will drive different aspects of the project.

“We are very excited to be involved in this project, which takes a socio-technical approach to minimise the security and privacy harms that can arise from combining multiple, novel, connected technologies in the home,” said PrivIoT project lead James Nicholson at Northumbria University. “We will be looking to truly understand the technical landscape of concrete threats before exploring how best to communicate these to citizens and encourage open discussions among communities. Finally, we will explore tools that support citizens’ understanding of these harms while also allowing them to control data flows.”

Cyber security of the IoT in CNI industries such as transport, energy and utilities is a strategic priority for the UK government and is an area in which Petras has a strong legacy.

Looking at securing IoT systems in the utilities sector, the PSW Arms project will use AI-based technology to focus on the water sector. The project recognises the commonality of concerns across the CNI sectors, exploring the security processes for cyber-physical systems to build a generalisable approach through detailed, practical work to demonstrate the effectiveness of the approach across the CNI sectors.

PSW Arms is a collaboration between University College London, University of Warwick, Yorkshire Water and Nexor, a cyber-security service specialist in CNI security, to develop a set of proactive security capabilities to protect CNIs against existing and future cyber attacks.

PSW Arms researcher Nilufer Tuptuk said: “‘The project involves developing an AI-driven situational awareness tool that gathers data from external and internal sources to manage security, and development of a moving target defence mechanism using AI-generated randomised network settings to reduce the attack surface.”

The CoSTCMoRS project focuses on modern railwaysystems (MRSs) within the CNI domain. Here IoT is used to resolve some of the complexities of managing emerging functionalities, performance aspects and productivity needs of operators and users. The presence of these means greater potential attack surfaces in a sector where cyber attacks can mean danger to life.

Moreover, the new global payments ecosystem, including cashless payments, is the result of converging telecommunications, banking and retail industries. Cashless systems reduce some of the costs and risks associated with retail transactions, and they offer some societal benefits such as the potential to thwart tax evasion and the financing of certain illicit activities.  

At the same time, existing cashless payment systems can also undermine privacy, expose both banked and unbanked individuals to unwelcome discrimination, introduce vectors for cyber attacks, and shift the balance of control from asset owners to asset custodians.

The Fire project looks at tackling these areas of concern with a focus on digital payment systems that possess cash-like features such as accessibility, non-discrimination, privacy and custodianship on the part of owners. The proposals so far for central bank digital currency generally lack these features, but alternatives are possible.

Fire project lead Geoff Goodell at UCL said: “Modern retail payment technology creates honeypots of data that can be easily breached and emboldens criminals through its reliance upon asset custodians and high-stakes identity credentials. Through our partnership with the Bank of England, BSI and Everis UK, we seek to explore options that offer verifiable privacy, not just empty promises of data protection, and literally put control in the hands of users in the form of secure devices.”

The 18 research projects funded through Petras’ second SRF funding call are:

  • Adversarial Machine Learning on the Edge (AMLoE), Emil Lupu, Imperial College London
  • Cognitive & Socio-Technical Cyber security in Modern Railway System (CoSTCMoRS), Hongmei He, De Montfort University
  • Cyber Security & Privacy in Fertility Technologies (CyFer), Maryam Mehrnezhad, Newcastle University
  • Formal methods for Agritech Resilience Modelling (Farm), Michele Sevegnani, University of Glasgow
  • Future Infrastructure for Retail Remittances (Fire), Tomaso Aste, University College London
  • Physical Graph Based Wireless IoT Security with No Key Exchange (GraphSec), Weisi Guo, Cranfield University
  • Health IoT Privacy & Security Transferred to Engineering Requirements (Hipster), Daniel Prince, Lancaster University
  • Multimodal AI-based Security at the Edge (Maise), José Cano Reyes, University of Glasgow
  • Power Grid IoT System Protection & Resilience using Intelligent Edge (Power-Sprint), Subhash Lakshminarayana, University of Warwick
  • Privacy-preserving Data Sharing & Trading Ecosystem for Distributed Wireless IoT Networks (Pristine), Lei Zhang, University of Glasgow
  • Understanding & Mitigating Privacy risks of IoT Homes with Demand-Side Management (PrivIoT), James Nicholson, Northumbria University
  • Processes for Securing for Water Resource Management Systems (PSW Arms), Stephen Hailes, University College London
  • Preventing THErmal ATtacks (PT Heat), Mohamed Khamis, University of Glasgow
  • Regulatory & Standardisation Challenges for Connected & Intelligent Medical Devices (Reg Medtech), Irina Brass, University College London
  • Robustness-as-Traceability: Secure & Legal Calibration Workflows in IoT (Roast IoT), Shishir Nagaraja, University of Strathclyde
  • Secure Payments in Smart Environments (Spise), Ivan Martinovic, University of Oxford
  • Trustworthy, Software-Defined Cyberattack Detection & Mitigation at the Network Edge (TruSDEd), Dimitrios Pezaros, University of Glasgow
  • Increasing User trust in Mobility-as-a-Service IoT ecoSystem (Umis), Gary Wills, University of Southampton

Petras exists to ensure that technological advances in the IoT and associated systems at the edge of the internet are safely and securely developed and applied in private and public sector contexts. It does this by considering social and technical issues relating to the cyber security of IoT devices, systems and networks.