Physical Unclonable Functions for Identification of Large Scale distributed IoT Assets

---

Implementation plan :

The experiment will be executed via three experimental platforms:

1. BRIDGES (East Carolina University, US) establishes a high-performance networking testbed connecting the United States and Europe with data centers in New York, Washington, Amsterdam and Paris. The BRIDGES serves as a fully virtualized cyber-infrastructure architecture. The testbed will develop, deploy, demonstrate, and analyze foundational virtualization changes to incorporate Cyberinfrastructure (CI) and advanced networked services. BRIDGES will link EU research facilities directly to US facilities by constructing a 100 Gbps network ring spanning the North Atlantic. BRIDGES has the explicit purpose to facilitate collaborative global experiments across a common, contiguous, seamless and fully federated network research infrastructure. BRIDGES will provide the baseline testbed infrastructure in the experiment: operating ledger nodes, peering the LO-CoAP-EAP protocol traffic between IoT devices and ID ledger repositories during the bootstrapping process. 
    
2. Virtual Wall (imec, Ghent, Belgium) enables virtualization through docker containers (e.g. using Kubernetes to scale up). Multiple operating systems are supported, e.g. Linux (Ubuntu, Centos, Fedora), FreeBSD. Network impairment (delay, packet loss, bandwidth limitation) is possible on links between nodes and is implemented with software impairment. Virtual Wall will be used to scale up the IoT devices for bootstrapping by digital twins via the BRIDGES network architecture, ledger nodes and to simulate disturbance in connectivity between ledger and edge nodes.
    
3. asvin IoT hardware testbed (Stuttgart, Germany) is providing an IoT hardware testbed to run PUF based fingerprinting for device identification. The testbed allows the inclusion of multiple hardware platforms (pycom, ESP32, arduino, raspberry PI) for generating IoT edge nodes and images for digital twins for the virtual wall scale experiment. The US side East Carolina University will provide the same IoT hardware testbed setting for peer validation of the experiment settings, hard- and software configuration and data analytics.

Impacts :

Existing solutions on automated setup and maintenance of IoT networks, are mainly focused on closed, non-interoperable software for exclusive hardware. Such solutions require specialized “know-how” for end users and operate on centralized services in private servers making them vulnerable for cyber-attacks such as identity spoofing, privilege escalation and  DDoS. Current solutions do not support secure, trusted, open, sustainable and common management of heterogeneous infrastructures (e.g. IoT devices from different vendors). Beyond state-of-art, the main innovations are:

1. Secure fingerprinting of IoT Devices by creating Identities based on Physical Unclonable Functions (PUF) (TRL 4) for Identification of Assets
    
2. Secure Bootstrapping of LO-CoAP-EAP built with Internet standards for secure setup of IoT devices. (TRL4)
    
3. Identity Management, Trust and Authentication with support of decentralized Peer-to-Peer distributed ledger nodes: High resilience against DDoS attacks by decentralized distribution of encrypted identities. (TRL4)

The experiment will support asvin’s efforts to strengthen and optimize the architecture and solution by identifying weak elements on scaling and use the results to optimize the solution architecture and configuration in iterative test and development cycles.

Impacts:

• Enhanced EU – US cooperation in Next Generation Internet, including policy cooperation: The project will further promote and cement the existing EU–US partnership. The key NGI technologies are emphasized in the project which are equally important for the Europe and US in building up next generation infrastructure. The consortium partners will also enjoy increased cooperation as project goes on. The project will exploit the best talents of EU-US and the result of the project will serve as an excellent example for future cooperation between the EU and US. Indeed, the US partner, who is involved in the development of a large scale IOT infrastructure expressed interest in further collaboration and use of the asvin solution to secure its infrastructure.
• Reinforced collaboration and increased synergies between the Next Generation Internet and the Tomorrow's Internet programmes: During out project discussions, we have identified one more key security feature for the next generation internet. The US partner has extensive experience with IPv6 infrastructure and the EU partner with the security of IoT devices. We aspire to integrate both technologies. We would like to collaborate beyond this project. Therefore, we can certainly claim the project will lead to further collaboration.
• Developing interoperable solutions and joint demonstrators, contributions to standards: The project will address a critical security feature for IoT devices. The project integrates standard distributed and decentralised technologies such as IPFS, DLT, EAP. The experiment setup, procedures and outcomes will be well documented and made publicly available Therefore, it will be easy for interested parties to implement and integrate the solution. A joint dissemination activity will also be performed to reach out developer and research communities to adopt and standardised the secure bootstrapping process.
• An EU - US ecosystem of top researchers, hi-tech start-ups / SMEs and Internet-related communities collaborating on the evolution of the Internet: The project brings in together one of the best performing SME of the Europe and the top research-oriented university from the US. It is a perfect recipe to convert an innovative research idea into a real-world product. The consortium partners will share the best practices of both the fields. In the joint adventure, multiple activities will be carried out throughout the duration of the project. The collaboration might lead to exchange of researchers for internship or PhD. The dissemination and exploitation activities will include joint publication and participation in tech conferences.

Results :

The experiment generated large amount of data about the secure bootstrapping and FUOTA processes. This data was collected and monitoring during the experiment. It was utilized to make the processes efficient and resilient by:

• Finding weak links
• Improving the performance
• Optimisation
• Scalability

 

Future Plan :

We executed the experiment in iterative manner using high computing resources to stress asvin secure bootstrapping and OTA firmware distribution services. The experiment execution on US side had hurdle because of Covid pandemic disruptions in deployment of BRIDGES testbed. Consequently, we could not run the experiment on US BRIDGES testbed. Nevertheless, the experiment was performed on asvin hardware testbed and Fed4FIRE+ Virtual Wall testbed.

The experiment generated humungous amounts of data about the technical services. During the experiment, the data was stored in time series database and later analysed to get insights about the bootstrapping and FUOTA services. We got exceptional results out of the experiment. It has helped us to improve the performance of the tested services. Partners have also performed substantial variety of dissemination activities. It included social posts, blogs,
conferences, webinars, whitepaper, and case studies.

In future, both partners will spread the word further about the tested technologies, used testbeds and NGI project activities. We have also agreed to continuing the EU – US partnership with research projects.

 

Expected TRL at experiment completition :

6

NGI related Topic :

Decentralised data governance - experimentation of results

Call Reference :

3