Category Archives: Allgemein

aCtive sEcurity foR connecTed devIces liFecYcles (CERTIFY)

We are delighted to announce that CERTIFY project has been selected for funding under European Union’s Horizon CL3 Increased Cybersecurity 2021 and Swiss State Secretariat for Education, Research and Innovation (SERI). It is a multi-partner project which aims to provide Internet of Things (IoT) security lifecycle management. CERTIFY will detect and respond to a wide spectrum of attacks, in a collaborative/decentralized fashion. It is 36 months long project. We had the project kickoff meeting on 20 to 21 October 2022 in University of Murcia, Spain.

Partners

It is a consortium project which includes 6 SMEs, 4 industrial partners, 2 universities, and 1 research institute from 8 various countries in Europe.

SNPartner NameCountry
1Universidad De MurciaSpain
2Trust UpItaly
3STMicroelectronics SRLItaly
4Engineering – Ingegneria Informatica SPAItaly
5Digital Worx GmbHGermany
6United Technologies Research Centreireland LimitedIreland
7Advanced Laboratory on Embedded Systems SRLItaly
8Red Alert LabsFrance
9The Ubiquitous Technologies CompanyGreece
10AIR Institute – Deep tech labSpain
11European Cyber Security OrganisationBelgium
12Universität ZürichSwitzerland
13modum.io AGSwitzerland

Objectives

The CERTIFY project has following objectives

  • Cybersecurity awareness for IoT-enabled environments through a multi-stakeholder sharing of threats and mitigations
  • Secure reconfiguration and maintenance of customizable embedded devices by means of open hardware primitives and services
  • Perform security operational management based on bootstrapping and monitoring of attacks and malicious behaviours
  • Runtime security compliance and continuous certification methodology via objective metrics
  • Foster knowledge delivery via wide dissemination, capacity building and supporting standardization activities. Build a robust exploitation plan to boost ROI by optimizing current and future EU cybersecurity capabilities
  • Industrial validation of the CERTIFY framework in IoT ecosystems

Our Contribution

The project has been structured in 7 work packages (WP) and 3 pilots. Each work package clearly defined objective, tasks, and deliverables. Each project partner will contribute in various tasks. Digital Worx is involved in all work packages. We are the leader of WP6 which focuses on community engagement and sustainability. Additionally, we are leader of task T2.3 Testing, Refinement and Validation and Pilot 2 Smart Micro-Factories. In the pilot, we will install and configure retrofitting sensors in an industrial setting, perform risk assessment, and secure them through their life cycle. In the task 2.3, we will identify validation scenarios and acceptance criteria based on pilot assessment. It will be utilized to validate the technical components and their integration to deliver high quality software. Moreover, digital worx will contribute in developing and deploying secure IoT environments, IoT device inventory, lifecycle support, secure bootstrapping and intrusion detection solution.

IoTrust Architecture

The IoTrust framework is designed by keeping security and innovation at the core. It consists of 7 main components as shown in the figure above. Each components is developed to handle specific set of tasks in the framework. The fundamental features of IoTrust project are secure bootstrapping, over the air firmware update and trust monitoring. All other services are built around these features. The IoTrust components are following.

End-Device

It is a small form-factor hardware which sits on the edge of an IoT network. It consists of microcontroller, memory, input/output peripherals, communication modules etc. In the IoTrust architecture, an End-Device will be used to collect, format, and send sensor data to a server. The End-Device shall incorporate at least a LoRaWAN capable module to guarantee a set networking of features.

Gateway

A Gateway provides last-mile LoRaWAN radio access to the end-devices. It is an edge component at the end of the LoRaWAN network infrastructure. A gateway is a multi-channel high performance LoRa transceiver module that can receive, process, and send several LoRa packets simultaneously using different spreading factors on various channels. Communications’ security is provided through the LoRaWAN message encryption, as defined by the protocol specification. This scheme is employed in communications to and from the End-Device and the Network Server.

Network Server

The Network Server is part of the LoRaWAN back-end infrastructure. It represents the central hub of all communications from and to LoRaWAN end-devices. It aims to hide the Physical (PHY) and Medium Access Control (MAC) layer details of the LoRaWAN protocol to the components that need to communicate with end-devices. The Network Server will manage all the low-level details to guarantee secure and reliable delivery of messages to and from the LoRaWAN infrastructure.

IoT Controller

The IoT Controller plays the role of authenticator in the Authentication, Authorisation, and Accounting (AAA) architecture. The End-devices perform the bootstrapping process. This process includes an authentication and key agreement stage. Once the device successfully authenticates itself, session keys are shared with the device in order to securely perform the regular operation tasks.

Authentication Server

The AAA architecture has been proposed by standardisation organisation, such as IETF, to provide a scalable solution to security management tasks in heterogeneous IoT ecosystems, especially those employing long-range wide-area networks. The authentication server employs EAP, a flexible solution that supports several methods, with various degrees of performance
requirements for each End-Device.

IoT Agent

The IoT Agent is a MQTT client which subscribes to the topics exposed by the MQTT broker running in the Network Server. At the heart of MQTT are the MQTT broker and clients. The data sent by the end-devices is received by the Network Server over LoRaWAN, which is in turn dispatched using MQTT messages. Each message is posted in a device-specific application reception topic. IoT Agent forwards the device metadata and sensor data to the asvin platform. It does it over HTTPs using REST API end-points. The IoT Agent acts as a bridge between the Network Server and the asvin Platform

asvin Platform

It is a Platform as a Service (PaaS) to facilitate over the air security patches for IoT devices using novel decentralized and distributed technologies. The asvin Platform provides a complete solution for device, security patches and rollout management. It is comprised of 4 components.

  1. IPFS
  2. Blockchain
  3. Customer Platform
  4. Version Controller

Innovations of the IoTrust

The IoTrust project will achieve its objectives by designing, developing and integrating a novel bootstrapping protocol, peer to peer distributed storage protocol, distributed ledger technology and inventive trust monitoring algorithm. The main innovations of the IoTrust are following.

  1. Secure Bootstrapping of LO-CoAP-EAP built with Internet standards for secure setup of IoT devices.
  2. Trust Monitoring: Human-centric trust report of IoT devices to simplify the maintenance decisions making of inexpert end-users for achieving cost effective and sustainable IoT infrastructure.
  3. Decentralized Peer-to-Peer Reprogramming: High resilience against DDoS attacks by decentralized distribution of encrypted firmware, configurations and patches based on peer-to-peer IPFS networks.
  4. Trusted layer for IoT Networks: DTL-based privacy-enhanced storage and IDs management to identify IoT devices and calculate their trust scores.

The core technologies used in the IoTrust are following.

Low-Overhead CoAP-EAP

It integrates the use of Authentication, Authorization and Accounting (AAA) infrastructure, the Extensible Authentication Protocol (EAP) Constrained and Constrained Application Protocol (CoAP).

IPFS

Interplanetary File System (IPFS) is distributed system for storing and accessing files. It will be utilized to store firmware files and security patches of IoT devices.

Hyperledger Besu

Device and firmware metadata information will be stored in a distributed ledger. Hyperledger Besu will be utilized for this task. It is an open-source Ethereum client developed under Linux Foundation.

LoRaWAN

It is Low Power Wide Area (LPWA) networking protocol designed to wirelessly connect battery operated devices. The end devices in the IoTrust framework will communicate using LoRaWAN protocol.

Mitassist Assistent €“ Effektive Unterstützung bei der Therapie psychischer Erkrankungen.

Die Stuttgarter Nachrichten berichten über unser Projekt Mitassist in Zusammenarbeit mit der Uni Göttingen.

Hier geht es zum Link : https://www.stuttgarter-nachrichten.de

mitassist

 

In Zusammenarbeit mit Chefarzt Knut Schnell der Universitätsklinik Göttingen entwickelte digital worx den Mitassist Assistent.
Ziel des Mitassist Assistent ist es Patienten mit psychischen Erkrankungen im Alltag zu unterstützen und Ärzten wichtige Informationen zur Therapieentscheidung zu liefern.

Mitassist ist eine Manschette, ausgestattet mit Sensoren, die am Unterarm getragen wird.
Kontinuierlich messen die Sensoren Stress-und Stoffwechselparameter, Bewegungsmuster, Schlafprofil und Muskelspannung und können so wichtige Hinweise liefern auf die Verfassung der Patienten.
Verhaltensänderungen werden dem Patienten über ein intuitives Feedbacksystem mitgeteilt und bietet dem Patienten Lösungsvorschläge, die vor ab mit dem Therapeuten abgestimmt wurden.

Insgesamt sieben Projektpartner ermöglichen die Umsetzung des Mitassist Assistent.
Mit dabei Telepaxx Medical Archiving Gesselschaft. Über deren Server werden die sensiblen Daten vollverschlüsselt um die Datensicherheit zu gewährleisten.

 

Why we need more trust and security in the Internet of Things

asvin - secure update distribution and management for Internet of Things

By the rise of up to 20-30 billion connected devices with in the next 2 years the Internet of Things (IoT) industries is in more need of product reliability.

This includes the demand to keep IoT products safe during their lifetime. Today this is already a big challenge. With more and more devices at the edge it will become a huge challenge. IoT Edge devices have no direct TCP / IP connection to the Internet. But vendors and service operators needs to patch and update them to keep this sensors and actors operable and safe. As most of the 20-30 billion devices will be at the edge, we need reliable solutions. A mass of unpatched and unsecure edge devices will be a massive problem for a working and secure infrastructure.

Secure Updates for Internet of Things with asvin.io

Secure Updates for Internet of Things with asvin.io

That€™s what we are working on asvin.io. It€™s our mission to make the IoT safe beyond the edge. For IoT vendors and operators we are providing an easy to implement solution, which enables secure patch and update distribution through the application stack: from software version control system to cloud distribution and gateways forwarding to edge devices. In this stack, trust and security is provided by Blockchain and encryption layers. We are strongly committed to open source and we believe, that this is the only way to provide a transparent secure stack and sustainable solution during IoT product lifetime.

Our journey into trusted and secure Internet of Things has just begun. We all in IoT Industries are producers and consumers as well. Let€™s make our IoT future safe. asvin.io is one building block.

This article has been originally posted on asvin.io website

Forcing Blockchain to be compliant with GDPR is no solution

GDPR and Blockchain

The General Data Protection Regulation (GDPR) is now enforced. This has major impacts towards Blockchain and Distributed Ledger technology. In general: these technologies are not compliant to some certain demands of the GDPR.

The World Economic Forum titles in a statement €œWill GDPR block Blockchain?€. And unfortunately, I have to agree yes, it might will.

Let me state in some words, why we need to force adjustments on GDPR regulations towards to blockchain and distributed ledger technologies. And why it€™s absurd attempting backwards fixing to force GDPR compliance on that technologies.

The core of Blockchain: Trust and Resilience

Blockchain technology and Distributed Ledgers (DLT) power is based in resilience and trust. Both is created by the distribution principle, where nodes are storing transaction in their ledger and consents between ledgers is needed to determine if the transaction is valid. As nodes location can (and should) be scattered, it€™s hard to answer the question on which geolocation data is stored and proceeded in the Blockchain network and by that which jurisdiction is to be effective.

For large public chains in case of doubt: everything and everywhere.

Additional the main principle of building trust inside the Blockchain makes it impossible to delete written transaction. Also updating existing transactions can€™t be done, since they are immutable. Therefore, the demand of GDPR on the right to delete data is not directly representable in these cryptographic principles.

The demand to erase data in GDPR is allegeable from a €œpre Blockchain€ area, where state of technology was the storage of data in relational or object based databases – or more advanced in cloud storages. Deleting data in such architectures is a feasible demand. But blockchain principle of data treatment was not on the radar, when European legislation was formulating the GDPR. Blockchain is a €œyoung€ but highly accelerating technology, started in 2008 below the €œradar€ of legislation stakeholder groups debates. And it€™s a perfect example that technology can leapfrogs ahead regulation and leaves legislators behind.

Why €œHASHING€ is not the answer for GDPR compliance

The situation is absurd. We have a powerful technology, but by basic architecture principle it€™s not compliant to the demands of the GDPR. The industries answer is €œhotfixes€ on Ledgers, where personal data is involved. One popular recommendation is not storing personal data but €œhashed€ relations in the chain. This means that no personal data is stored in the Ledger and by that the system is compliant to GDPR €“ as there is no more need to erase personal data.

But on the other hand, you need to link the Blockchain proceeded hash to data sets outside the ledger. This must be done by tying the hashes to datasets on relational or object-oriented databases. Of course, we can do €“ but basically this workaround weaken the trust and resilience level of the system. Compromising the data in the linked databases is compromising the Blockchain trust level. When the data relation has been changed the testify by €œhashed€ Blockchain records is useless. You need no Blockchain procedures for testifying the trust and integrity of data and transactions in such architectures with relational dependencies. You can remove the Blockchain part of such system but you keep the same level of trust and resilience. Blockchain in terms of trust and resilience makes no sense on such GDPR compliance workaround architecture.

We can adjust Blockchain by GDPR workarounds but will lose the fundamental advantages of this technology. Or we can adjust the GDPR.

It€™s our challenge force the right actions.

EU-Projekt IoT Crawler: Startschuss an der Universidad de Murcia

IoT Crawler - EU Horizon2020 Research and Innovation Action

Mit einem zweitätigen Kick-off an der südspanischen Universidad de Murcia startete jetzt ein ehrgeiziges EU-Forschungsprojekt. Im Projekt €žIoT Crawler€œ arbeiten Spezialisten aus ganz Europa an einer IoT-Suchmaschine, die ein €šGoogle für das Internet der Dinge€˜ werden soll.

Für die digital worx GmbH, Stuttgarter Software-Entwickler und Dienstleister im Bereich der Industrie 4.0 sowie dem Internet der Dinge, war Geschäftsführer Mirko Ross in Murcia dabei. IoT Crawler ist ein EU-Projekt mit dreijähriger Laufzeit. Das Internet der Dinge (IoT) wird laut einem Bericht von Grand View Research Inc. bereits im Jahr 2025 auf einen globalen Marktwert von 50 Milliarden USD geschätzt. Der IoT-Markt hat daher ein riesiges geschäftliches und gesellschaftliches Potenzial. Doch gibt es noch immer eine Vielzahl grundlegender Herausforderungen, die denen ähneln, die zu Beginn der Geschichte des Internets bestanden, als verschiedene konkurrierende Systeme und Plattformen ein fragmentiertes Ökosystem hervorbrachten. In IoT Crawler wird der Partnerkreis daher versuchen, diese Herausforderungen zu lösen, indem er eine Suchmaschine für das Internet der Dinge schafft, die Integration und Interaktion über verschiedene Plattformen und

Systeme hinweg ermöglicht. Zusätzlich zu der Suchmaschine werden verschiedene benutzerfreundliche Demonstrations-anwendungen in den Bereichen Industrie 4.0, Social IoT, Smart City und Smart Energy aufgebaut. Insgesamt zehn europäische Partner sind an dem ehrgeizigen Projekt beteiligt. Neben der gastgebenden Universidad de Murcia bilden die University of Surrey, die NEC Europe LTD (beide Großbritannien), die Aarhus Universitet und die Aarhus Kommune (beide Dänemark), die Siemens AG (Österreich) und die ODIN Solutions S.L. (Spanien) das Kernteam. Aus Deutschland sind neben der digital worx GmbH aus Stuttgart auch die AGT Group sowie die Stiftung Fachhochschule Osnabrück am Start.

Mirko Ross, Geschäftsführer der digital worx GmbH: €žWir freuen uns sehr und sind stolz darauf, als einer von zehn Partnern aus ganz Europa für dieses anspruchsvolle Projekt der EU ausgewählt worden zu sein. Bereits der Auftakt an der Universidad de Murcia hat gezeigt, wie Ziel führend und befruchtend die Zusammenarbeit in einem Team mit internationalen Top-Experten ist. Die kommenden drei Jahre werden hoch spannend für uns.€œ

Ein hochwertiges Laptop für die Nepalhilfe

Ãœbergabe Laptop Nepalhilfe

Manchmal kommt das Päckchen etwas später: Die Stuttgarter Software Developing Company digital worx GmbH verzichtete auf Weihnachtsgeschenke für Kunden und tat stattdessen etwas Gutes. Sie spendete dem Freundeskreis Nepalhilfe ein hochwertiges Laptop.

Dieses wurde nun, nach der Rückkehr des Freundeskreis-Vorsitzenden aus Nepal, übergeben. Die Liebe zum Bergsteigen als Ausgangspunkt: Sven Rahlfs, Geschäftsführer der digital worx GmbH und passionierter Kletterer, hatte die Idee zur Weihnachtsaktion, als er einen Vortrag von Alexander Schmidt hörte. Schmidt ist Gründer und seit mehr als 21 Jahren Vorsitzender des Freundeskreises Nepalhilfe. Und hat entsprechend viel zu berichten aus dem Land mit dem Mount Everest, dem legendären höchsten Berg der Erde im Himalaya-Gebirge. Als Rahlfs so den Freundeskreis Nepalhilfe kennenlernte, war für ihn klar: Er wollte helfen!

Der Freundeskreis Nepalhilfe e.V. (FNH) fördert und hilft notleidenden Kindern in Nepal – unabhängig von deren Geschlecht, Kasten- und Religionszugehörigkeit. Der Verein ermöglicht ihnen Unterkunft, Betreuung und Ausbildung. In Zusammenarbeit mit der nepalesischen Partnerorganisation €žForum for the Welfare of Himalayan Children€œ (FWHC) hat der Freundeskreis 1995 das Kinderprojekt gegründet. Hier finden seitdem mehr als 100 Kinder €“ Waisen, Halbwaisen und Straßenkinder €“ ein Zuhause. Bemerkenswert: 98,81 Prozent der Spenden kommen direkt den Kindern zu Gute €“ und versickern nicht etwa in Verwaltungskosten oder sonstigen Kanälen.

Für die digital worx GmbH stand schnell fest, dass es nicht einfach nur eine (Geld-)Spende sein sollte. Da lag es für eine Internet- und Software-Company nahe, dem Freundeskreis einen praktischen Helfer für die weltweite Kommunikation sowie für Vorträge zu spenden: ein brandneues Lenovo-Laptop. Nach der Rückkehr von Alexander Schmidt aus Nepal wurde das Laptop nun von den beiden Geschäftsführern der digital worx GmbH, Sven Rahlfs und Mirko Ross, übergeben.

Mehr zur Organisation: http://www.nepalhilfe.de/

1 2 3 25