Project Coordinator (EU) :
Asvin GmbHCountry of the EU Coordinator :
GermanyOrganisation Type :
SMEProject participants :
Team members of asvin GmbH (EU)
Mirko Ross, Role: Project Coordinator
Rohit Bohara, Role: Tech Lead
Team members of ECU (US)
Ciprian Popoviciu, Role: Tech Lead
State of US partner :
North CarolinaPhysical Unclonable Functions for Identification of Large Scale distributed IoT Assets
Experiment description
asvin has developed a secure bootstrapping process for IoT devices with the amalgamation of Physical Unclonable Functions (PUF), Distributed Ledger Technology (DLT), and Extensible Authentication Protocol (EAP). The main objective of the project is to stress test asvin solution using the high computing resources facilitated by testbeds situated in the Europe and US.
An experiment with iterative approach will be executed, exploring the impact of different variables such as network bandwidth, package loss rate. The project aims to verify, validate, and improve asvin’s bootstrapping solution. In each iteration of the experiment, solution's configuration parameters will be tweaked to improve the performance, find the weak links, and corner cases. The experiment will address primarily the call topic Discovery and Identification technologies, but it also overlaps with the topics Decentralized Data Governance and Privacy and Trust enhancing technologies.
In the experiment this process will be tested under real cross atlantic conditions using the US BRIDGES testbed for stressing the architectures and protocols by variable network connections (bandwidth, connectivity, package loss rate) and variable conditions for IoT endpoints and nodes. The BRIDGES testbed, funded by the Office of Advanced Cyberinfrastructure (OAC), International Research and education Network Connections (IRNC) (Grants: 202922, 202918) is a particularly good fit for this test because it intrinsically meant to facilitate transAtlantic research collaboration, it provides both transport and edge-computing resources and it offers the flexibility to dynamically adjust the testbed based on needs.
Results will be used for iterative optimization of nodes and device settings to improve scalability, reduce latencies and remove points of failures for the automated IoT Bootstrapping process based on PuF identification and distributed processing. asvin will publish results under open science (cc) licence and open source.
Implementation plan :
The experiment will be executed via three experimental platforms:
- BRIDGES (East Carolina University, US) establishes a high-performance networking testbed connecting the United States and Europe with data centers in New York, Washington, Amsterdam and Paris. The BRIDGES serves as a fully virtualized cyber-infrastructure architecture. The testbed will develop, deploy, demonstrate, and analyze foundational virtualization changes to incorporate Cyberinfrastructure (CI) and advanced networked services. BRIDGES will link EU research facilities directly to US facilities by constructing a 100 Gbps network ring spanning the North Atlantic. BRIDGES has the explicit purpose to facilitate collaborative global experiments across a common, contiguous, seamless and fully federated network research infrastructure. BRIDGES will provide the baseline testbed infrastructure in the experiment: operating ledger nodes, peering the LO-CoAP-EAP protocol traffic between IoT devices and ID ledger repositories during the bootstrapping process.
- Virtual Wall (imec, Ghent, Belgium) enables virtualization through docker containers (e.g. using Kubernetes to scale up). Multiple operating systems are supported, e.g. Linux (Ubuntu, Centos, Fedora), FreeBSD. Network impairment (delay, packet loss, bandwidth limitation) is possible on links between nodes and is implemented with software impairment. Virtual Wall will be used to scale up the IoT devices for bootstrapping by digital twins via the BRIDGES network architecture, ledger nodes and to simulate disturbance in connectivity between ledger and edge nodes.
- asvin IoT hardware testbed (Stuttgart, Germany) is providing an IoT hardware testbed to run PUF based fingerprinting for device identification. The testbed allows the inclusion of multiple hardware platforms (pycom, ESP32, arduino, raspberry PI) for generating IoT edge nodes and images for digital twins for the virtual wall scale experiment. The US side East Carolina University will provide the same IoT hardware testbed setting for peer validation of the experiment settings, hard- and software configuration and data analytics.
Impacts :
Existing solutions on automated setup and maintenance of IoT networks, are mainly focused on closed, non-interoperable software for exclusive hardware. Such solutions require specialized “know-how” for end users and operate on centralized services in private servers making them vulnerable for cyber-attacks such as identity spoofing, privilege escalation and DDoS. Current solutions do not support secure, trusted, open, sustainable and common management of heterogeneous infrastructures (e.g. IoT devices from different vendors). Beyond state-of-art, the main innovations are:
- Secure fingerprinting of IoT Devices by creating Identities based on Physical Unclonable Functions (PUF) (TRL 4) for Identification of Assets
- Secure Bootstrapping of LO-CoAP-EAP built with Internet standards for secure setup of IoT devices. (TRL4)
- Identity Management, Trust and Authentication with support of decentralized Peer-to-Peer distributed ledger nodes: High resilience against DDoS attacks by decentralized distribution of encrypted identities. (TRL4)
The experiment will support asvin’s efforts to strengthen and optimize the architecture and solution by identifying weak elements on scaling and use the results to optimize the solution architecture and configuration in iterative test and development cycles.
Impacts:
- Enhanced EU – US cooperation in Next Generation Internet, including policy cooperation: The project will further promote and cement the existing EU–US partnership. The key NGI technologies are emphasized in the project which are equally important for the Europe and US in building up next generation infrastructure. The consortium partners will also enjoy increased cooperation as project goes on. The project will exploit the best talents of EU-US and the result of the project will serve as an excellent example for future cooperation between the EU and US. Indeed, the US partner, who is involved in the development of a large scale IOT infrastructure expressed interest in further collaboration and use of the asvin solution to secure its infrastructure.
- Reinforced collaboration and increased synergies between the Next Generation Internet and the Tomorrow's Internet programmes: During out project discussions, we have identified one more key security feature for the next generation internet. The US partner has extensive experience with IPv6 infrastructure and the EU partner with the security of IoT devices. We aspire to integrate both technologies. We would like to collaborate beyond this project. Therefore, we can certainly claim the project will lead to further collaboration.
- Developing interoperable solutions and joint demonstrators, contributions to standards: The project will address a critical security feature for IoT devices. The project integrates standard distributed and decentralised technologies such as IPFS, DLT, EAP. The experiment setup, procedures and outcomes will be well documented and made publicly available Therefore, it will be easy for interested parties to implement and integrate the solution. A joint dissemination activity will also be performed to reach out developer and research communities to adopt and standardised the secure bootstrapping process.
- An EU - US ecosystem of top researchers, hi-tech start-ups / SMEs and Internet-related communities collaborating on the evolution of the Internet: The project brings in together one of the best performing SME of the Europe and the top research-oriented university from the US. It is a perfect recipe to convert an innovative research idea into a real-world product. The consortium partners will share the best practices of both the fields. In the joint adventure, multiple activities will be carried out throughout the duration of the project. The collaboration might lead to exchange of researchers for internship or PhD. The dissemination and exploitation activities will include joint publication and participation in tech conferences.
Results :
The experiment generated large amount of data about the secure bootstrapping and FUOTA processes. This data was collected and monitoring during the experiment. It was utilized to make the processes efficient and resilient by:
- Finding weak links
- Improving the performance
- Optimisation
- Scalability
Future Plan :
We executed the experiment in iterative manner using high computing resources to stress asvin secure bootstrapping and OTA firmware distribution services. The experiment execution on US side had hurdle because of Covid pandemic disruptions in deployment of BRIDGES testbed. Consequently, we could not run the experiment on US BRIDGES testbed. Nevertheless, the experiment was performed on asvin hardware testbed and Fed4FIRE+ Virtual Wall testbed.
The experiment generated humungous amounts of data about the technical services. During the experiment, the data was stored in time series database and later analysed to get insights about the bootstrapping and FUOTA services. We got exceptional results out of the experiment. It has helped us to improve the performance of the tested services. Partners have also performed substantial variety of dissemination activities. It included social posts, blogs,
conferences, webinars, whitepaper, and case studies.
In future, both partners will spread the word further about the tested technologies, used testbeds and NGI project activities. We have also agreed to continuing the EU – US partnership with research projects.