Category Archives: Allgemein

IoTrust Architecture

The IoTrust framework is designed by keeping security and innovation at the core. It consists of 7 main components as shown in the figure above. Each components is developed to handle specific set of tasks in the framework. The fundamental features of IoTrust project are secure bootstrapping, over the air firmware update and trust monitoring. All other services are built around these features. The IoTrust components are following.

End-Device

It is a small form-factor hardware which sits on the edge of an IoT network. It consists of microcontroller, memory, input/output peripherals, communication modules etc. In the IoTrust architecture, an End-Device will be used to collect, format, and send sensor data to a server. The End-Device shall incorporate at least a LoRaWAN capable module to guarantee a set networking of features.

Gateway

A Gateway provides last-mile LoRaWAN radio access to the end-devices. It is an edge component at the end of the LoRaWAN network infrastructure. A gateway is a multi-channel high performance LoRa transceiver module that can receive, process, and send several LoRa packets simultaneously using different spreading factors on various channels. Communications’ security is provided through the LoRaWAN message encryption, as defined by the protocol specification. This scheme is employed in communications to and from the End-Device and the Network Server.

Network Server

The Network Server is part of the LoRaWAN back-end infrastructure. It represents the central hub of all communications from and to LoRaWAN end-devices. It aims to hide the Physical (PHY) and Medium Access Control (MAC) layer details of the LoRaWAN protocol to the components that need to communicate with end-devices. The Network Server will manage all the low-level details to guarantee secure and reliable delivery of messages to and from the LoRaWAN infrastructure.

IoT Controller

The IoT Controller plays the role of authenticator in the Authentication, Authorisation, and Accounting (AAA) architecture. The End-devices perform the bootstrapping process. This process includes an authentication and key agreement stage. Once the device successfully authenticates itself, session keys are shared with the device in order to securely perform the regular operation tasks.

Authentication Server

The AAA architecture has been proposed by standardisation organisation, such as IETF, to provide a scalable solution to security management tasks in heterogeneous IoT ecosystems, especially those employing long-range wide-area networks. The authentication server employs EAP, a flexible solution that supports several methods, with various degrees of performance
requirements for each End-Device.

IoT Agent

The IoT Agent is a MQTT client which subscribes to the topics exposed by the MQTT broker running in the Network Server. At the heart of MQTT are the MQTT broker and clients. The data sent by the end-devices is received by the Network Server over LoRaWAN, which is in turn dispatched using MQTT messages. Each message is posted in a device-specific application reception topic. IoT Agent forwards the device metadata and sensor data to the asvin platform. It does it over HTTPs using REST API end-points. The IoT Agent acts as a bridge between the Network Server and the asvin Platform

asvin Platform

It is a Platform as a Service (PaaS) to facilitate over the air security patches for IoT devices using novel decentralized and distributed technologies. The asvin Platform provides a complete solution for device, security patches and rollout management. It is comprised of 4 components.

  1. IPFS
  2. Blockchain
  3. Customer Platform
  4. Version Controller

Innovations of the IoTrust

The IoTrust project will achieve its objectives by designing, developing and integrating a novel bootstrapping protocol, peer to peer distributed storage protocol, distributed ledger technology and inventive trust monitoring algorithm. The main innovations of the IoTrust are following.

  1. Secure Bootstrapping of LO-CoAP-EAP built with Internet standards for secure setup of IoT devices.
  2. Trust Monitoring: Human-centric trust report of IoT devices to simplify the maintenance decisions making of inexpert end-users for achieving cost effective and sustainable IoT infrastructure.
  3. Decentralized Peer-to-Peer Reprogramming: High resilience against DDoS attacks by decentralized distribution of encrypted firmware, configurations and patches based on peer-to-peer IPFS networks.
  4. Trusted layer for IoT Networks: DTL-based privacy-enhanced storage and IDs management to identify IoT devices and calculate their trust scores.

The core technologies used in the IoTrust are following.

Low-Overhead CoAP-EAP

It integrates the use of Authentication, Authorization and Accounting (AAA) infrastructure, the Extensible Authentication Protocol (EAP) Constrained and Constrained Application Protocol (CoAP).

IPFS

Interplanetary File System (IPFS) is distributed system for storing and accessing files. It will be utilized to store firmware files and security patches of IoT devices.

Hyperledger Besu

Device and firmware metadata information will be stored in a distributed ledger. Hyperledger Besu will be utilized for this task. It is an open-source Ethereum client developed under Linux Foundation.

LoRaWAN

It is Low Power Wide Area (LPWA) networking protocol designed to wirelessly connect battery operated devices. The end devices in the IoTrust framework will communicate using LoRaWAN protocol.

Mitassist Assistent €“ Effektive Unterstützung bei der Therapie psychischer Erkrankungen.

Die Stuttgarter Nachrichten berichten über unser Projekt Mitassist in Zusammenarbeit mit der Uni Göttingen.

Hier geht es zum Link : https://www.stuttgarter-nachrichten.de

mitassist

 

In Zusammenarbeit mit Chefarzt Knut Schnell der Universitätsklinik Göttingen entwickelte digital worx den Mitassist Assistent.
Ziel des Mitassist Assistent ist es Patienten mit psychischen Erkrankungen im Alltag zu unterstützen und Ärzten wichtige Informationen zur Therapieentscheidung zu liefern.

Mitassist ist eine Manschette, ausgestattet mit Sensoren, die am Unterarm getragen wird.
Kontinuierlich messen die Sensoren Stress-und Stoffwechselparameter, Bewegungsmuster, Schlafprofil und Muskelspannung und können so wichtige Hinweise liefern auf die Verfassung der Patienten.
Verhaltensänderungen werden dem Patienten über ein intuitives Feedbacksystem mitgeteilt und bietet dem Patienten Lösungsvorschläge, die vor ab mit dem Therapeuten abgestimmt wurden.

Insgesamt sieben Projektpartner ermöglichen die Umsetzung des Mitassist Assistent.
Mit dabei Telepaxx Medical Archiving Gesselschaft. Über deren Server werden die sensiblen Daten vollverschlüsselt um die Datensicherheit zu gewährleisten.

 

Why we need more trust and security in the Internet of Things

asvin - secure update distribution and management for Internet of Things

By the rise of up to 20-30 billion connected devices with in the next 2 years the Internet of Things (IoT) industries is in more need of product reliability.

This includes the demand to keep IoT products safe during their lifetime. Today this is already a big challenge. With more and more devices at the edge it will become a huge challenge. IoT Edge devices have no direct TCP / IP connection to the Internet. But vendors and service operators needs to patch and update them to keep this sensors and actors operable and safe. As most of the 20-30 billion devices will be at the edge, we need reliable solutions. A mass of unpatched and unsecure edge devices will be a massive problem for a working and secure infrastructure.

Secure Updates for Internet of Things with asvin.io

Secure Updates for Internet of Things with asvin.io

That€™s what we are working on asvin.io. It€™s our mission to make the IoT safe beyond the edge. For IoT vendors and operators we are providing an easy to implement solution, which enables secure patch and update distribution through the application stack: from software version control system to cloud distribution and gateways forwarding to edge devices. In this stack, trust and security is provided by Blockchain and encryption layers. We are strongly committed to open source and we believe, that this is the only way to provide a transparent secure stack and sustainable solution during IoT product lifetime.

Our journey into trusted and secure Internet of Things has just begun. We all in IoT Industries are producers and consumers as well. Let€™s make our IoT future safe. asvin.io is one building block.

This article has been originally posted on asvin.io website

Forcing Blockchain to be compliant with GDPR is no solution

GDPR and Blockchain

The General Data Protection Regulation (GDPR) is now enforced. This has major impacts towards Blockchain and Distributed Ledger technology. In general: these technologies are not compliant to some certain demands of the GDPR.

The World Economic Forum titles in a statement €œWill GDPR block Blockchain?€. And unfortunately, I have to agree yes, it might will.

Let me state in some words, why we need to force adjustments on GDPR regulations towards to blockchain and distributed ledger technologies. And why it€™s absurd attempting backwards fixing to force GDPR compliance on that technologies.

The core of Blockchain: Trust and Resilience

Blockchain technology and Distributed Ledgers (DLT) power is based in resilience and trust. Both is created by the distribution principle, where nodes are storing transaction in their ledger and consents between ledgers is needed to determine if the transaction is valid. As nodes location can (and should) be scattered, it€™s hard to answer the question on which geolocation data is stored and proceeded in the Blockchain network and by that which jurisdiction is to be effective.

For large public chains in case of doubt: everything and everywhere.

Additional the main principle of building trust inside the Blockchain makes it impossible to delete written transaction. Also updating existing transactions can€™t be done, since they are immutable. Therefore, the demand of GDPR on the right to delete data is not directly representable in these cryptographic principles.

The demand to erase data in GDPR is allegeable from a €œpre Blockchain€ area, where state of technology was the storage of data in relational or object based databases – or more advanced in cloud storages. Deleting data in such architectures is a feasible demand. But blockchain principle of data treatment was not on the radar, when European legislation was formulating the GDPR. Blockchain is a €œyoung€ but highly accelerating technology, started in 2008 below the €œradar€ of legislation stakeholder groups debates. And it€™s a perfect example that technology can leapfrogs ahead regulation and leaves legislators behind.

Why €œHASHING€ is not the answer for GDPR compliance

The situation is absurd. We have a powerful technology, but by basic architecture principle it€™s not compliant to the demands of the GDPR. The industries answer is €œhotfixes€ on Ledgers, where personal data is involved. One popular recommendation is not storing personal data but €œhashed€ relations in the chain. This means that no personal data is stored in the Ledger and by that the system is compliant to GDPR €“ as there is no more need to erase personal data.

But on the other hand, you need to link the Blockchain proceeded hash to data sets outside the ledger. This must be done by tying the hashes to datasets on relational or object-oriented databases. Of course, we can do €“ but basically this workaround weaken the trust and resilience level of the system. Compromising the data in the linked databases is compromising the Blockchain trust level. When the data relation has been changed the testify by €œhashed€ Blockchain records is useless. You need no Blockchain procedures for testifying the trust and integrity of data and transactions in such architectures with relational dependencies. You can remove the Blockchain part of such system but you keep the same level of trust and resilience. Blockchain in terms of trust and resilience makes no sense on such GDPR compliance workaround architecture.

We can adjust Blockchain by GDPR workarounds but will lose the fundamental advantages of this technology. Or we can adjust the GDPR.

It€™s our challenge force the right actions.

EU-Projekt IoT Crawler: Startschuss an der Universidad de Murcia

IoT Crawler - EU Horizon2020 Research and Innovation Action

Mit einem zweitätigen Kick-off an der südspanischen Universidad de Murcia startete jetzt ein ehrgeiziges EU-Forschungsprojekt. Im Projekt €žIoT Crawler€œ arbeiten Spezialisten aus ganz Europa an einer IoT-Suchmaschine, die ein €šGoogle für das Internet der Dinge€˜ werden soll.

Für die digital worx GmbH, Stuttgarter Software-Entwickler und Dienstleister im Bereich der Industrie 4.0 sowie dem Internet der Dinge, war Geschäftsführer Mirko Ross in Murcia dabei. IoT Crawler ist ein EU-Projekt mit dreijähriger Laufzeit. Das Internet der Dinge (IoT) wird laut einem Bericht von Grand View Research Inc. bereits im Jahr 2025 auf einen globalen Marktwert von 50 Milliarden USD geschätzt. Der IoT-Markt hat daher ein riesiges geschäftliches und gesellschaftliches Potenzial. Doch gibt es noch immer eine Vielzahl grundlegender Herausforderungen, die denen ähneln, die zu Beginn der Geschichte des Internets bestanden, als verschiedene konkurrierende Systeme und Plattformen ein fragmentiertes Ökosystem hervorbrachten. In IoT Crawler wird der Partnerkreis daher versuchen, diese Herausforderungen zu lösen, indem er eine Suchmaschine für das Internet der Dinge schafft, die Integration und Interaktion über verschiedene Plattformen und

Systeme hinweg ermöglicht. Zusätzlich zu der Suchmaschine werden verschiedene benutzerfreundliche Demonstrations-anwendungen in den Bereichen Industrie 4.0, Social IoT, Smart City und Smart Energy aufgebaut. Insgesamt zehn europäische Partner sind an dem ehrgeizigen Projekt beteiligt. Neben der gastgebenden Universidad de Murcia bilden die University of Surrey, die NEC Europe LTD (beide Großbritannien), die Aarhus Universitet und die Aarhus Kommune (beide Dänemark), die Siemens AG (Österreich) und die ODIN Solutions S.L. (Spanien) das Kernteam. Aus Deutschland sind neben der digital worx GmbH aus Stuttgart auch die AGT Group sowie die Stiftung Fachhochschule Osnabrück am Start.

Mirko Ross, Geschäftsführer der digital worx GmbH: €žWir freuen uns sehr und sind stolz darauf, als einer von zehn Partnern aus ganz Europa für dieses anspruchsvolle Projekt der EU ausgewählt worden zu sein. Bereits der Auftakt an der Universidad de Murcia hat gezeigt, wie Ziel führend und befruchtend die Zusammenarbeit in einem Team mit internationalen Top-Experten ist. Die kommenden drei Jahre werden hoch spannend für uns.€œ

Ein hochwertiges Laptop für die Nepalhilfe

Ãœbergabe Laptop Nepalhilfe

Manchmal kommt das Päckchen etwas später: Die Stuttgarter Software Developing Company digital worx GmbH verzichtete auf Weihnachtsgeschenke für Kunden und tat stattdessen etwas Gutes. Sie spendete dem Freundeskreis Nepalhilfe ein hochwertiges Laptop.

Dieses wurde nun, nach der Rückkehr des Freundeskreis-Vorsitzenden aus Nepal, übergeben. Die Liebe zum Bergsteigen als Ausgangspunkt: Sven Rahlfs, Geschäftsführer der digital worx GmbH und passionierter Kletterer, hatte die Idee zur Weihnachtsaktion, als er einen Vortrag von Alexander Schmidt hörte. Schmidt ist Gründer und seit mehr als 21 Jahren Vorsitzender des Freundeskreises Nepalhilfe. Und hat entsprechend viel zu berichten aus dem Land mit dem Mount Everest, dem legendären höchsten Berg der Erde im Himalaya-Gebirge. Als Rahlfs so den Freundeskreis Nepalhilfe kennenlernte, war für ihn klar: Er wollte helfen!

Der Freundeskreis Nepalhilfe e.V. (FNH) fördert und hilft notleidenden Kindern in Nepal – unabhängig von deren Geschlecht, Kasten- und Religionszugehörigkeit. Der Verein ermöglicht ihnen Unterkunft, Betreuung und Ausbildung. In Zusammenarbeit mit der nepalesischen Partnerorganisation €žForum for the Welfare of Himalayan Children€œ (FWHC) hat der Freundeskreis 1995 das Kinderprojekt gegründet. Hier finden seitdem mehr als 100 Kinder €“ Waisen, Halbwaisen und Straßenkinder €“ ein Zuhause. Bemerkenswert: 98,81 Prozent der Spenden kommen direkt den Kindern zu Gute €“ und versickern nicht etwa in Verwaltungskosten oder sonstigen Kanälen.

Für die digital worx GmbH stand schnell fest, dass es nicht einfach nur eine (Geld-)Spende sein sollte. Da lag es für eine Internet- und Software-Company nahe, dem Freundeskreis einen praktischen Helfer für die weltweite Kommunikation sowie für Vorträge zu spenden: ein brandneues Lenovo-Laptop. Nach der Rückkehr von Alexander Schmidt aus Nepal wurde das Laptop nun von den beiden Geschäftsführern der digital worx GmbH, Sven Rahlfs und Mirko Ross, übergeben.

Mehr zur Organisation: http://www.nepalhilfe.de/

We are all doomed in the Internet of Things €“ and what we may can do to have a narrow escape.

IoT - Internet of Things Version 1.0

Dramatic headline. I know. First of all: don€™t panic.

As it makes sense to act headless facing the more and more unsecure landscape of the Internet of Things. The Internet of Things is defect. It€™s unsustainable by the fact of its technical, social and economical bugs in the system. And any effort trying to fix these bugs is waste of time and money.

I spent this year a lot of time on conferences discussing with developers and experts on how we can get more security into the Internet of Things. And I€™ve heard honorable recommendations. From improving the quality in the supply chain, introducing certification, training developers and raising consumers awareness on trust and privacy. All this sounds reasonable and for sure these actions can increase security and privacy in the Internet of Things. But it will not remove the increasing security and privacy problems we rush into. Let me show the dilemma on three aspects:

Broken encryption chains:
Many threats we are facing in the Internet of Things are based upon insecure applications and protocol layers. Latest by heartbleed and blueborn the possibilities of broken cryptochains have raised dramatically. Even on chip level crypto and trust concepts are broken e.g. the RSA encryption of Intels TPM chipset hack or Zigbee AES_CMM attack. On a complex Internet of Things connected environment €“ with many different things connected €“ there is a high possibility to include unsecure broken encryption in the system. Furthermore, devices with unsecure chipsets cannot be patched and in absence of alternative solutions unsecure chipsets will be still build into products. In past and future broken encryption chains will be part of Internet of Things networks.

Society dilemma on €œsafety€ vs. €œstrong encryption€:
Societies €“ especially national states – subjects to particular interests of their public stakeholders and citizens. Today proper encryption is an obstacle for intelligence and law enforcement. Which is a constrain this institutions goals to provide stable societies and advantages in nations competition. These superior goals are overriding the technical need of strong encrypted technical environments. Intelligences worldwide have been created a marketplace for Zero Date exploits. High economic incentives of intelligences by commercializing vulnerabilities is a blocker on fixing weak systems as fast as possible. Furthermore, today an arsenal of Zero Day Exploit is accumulated by institutions building advantages on their cyber weapons arsenals. That€™s why in the past and in the future security holes will be seen as a necessary requirement to gain advantages in global competition. With weak encryption security is an illusion. There is no security in the Internet of Things. Shadow broker NSA hack has shown what will happen, when Exploits will be leaked from Institutions towards cyber criminals. Wannacry is a direct result of that dilemma.

Economy and cost savings do not like security:
You are not interested in a secure environment, even if you are a stakeholder in security industries. The insecure Internet of Things is a strong economic driver for security industries. What? May you think I am silly. But keep in mind that the IoT Mirai Botnet makers Anna-Senpai have a strong background on DDoS defence industries. On a certain point of competition, they decided that a powerful DDoS weapon is enabling multiple business opportunities. Once to convince customers to choose own DDoS protection services and second the ability to earn money as DDoS stresser service provider. But also, non-criminal business activities will lead into insecurity. It€™s simply a fact, that security is an investment. In industrial production, a single product is a result of a complex supply chain with n-tier suppliers. On IoT products beginning from chipset manufacturers, microcontroller module providers up to App and Cloud software providers, all of them chained to a unique smart product. Each of them are in need of cost optimization. Each of them will keep an eye of cost effective security solutions on their particular business operation. There is no complete sight on security in the IoT supplier chain if the smart product is targeting cost sensitive markets as e.g. consumer goods.

We are doomed. What€™s the consequence?

First of all, of course we should not stop working on sustainable solutions for the problems I€™ve described above. But at all there are many facts that we should be pessimistic. So, our focus needs to be on how can we handle with insecurity than on trying to get rid of it. It€™s a complete different attitude, when we accept that future Internet of Things eco system will be completely insecure and a privacy nightmare. Because by that we can strengthen our selves to manage.

We can face the challenges, for example by being be prepared that you (or your institution / company) can be pawnd any time over an Internet of Things attack. For that it€™s better that you will rely your IT infrastructure on a compartment strategy €“ where you can shut off or isolate suspicious or harmful devices and services €“ without shutting off your complete smart environment and services. Next, it€™s important to have a close eye on all ingoing and outgoing communication from your network and the connected devices. This must be possible under full control without dependencies of 3rd parties as ISPs. The dowse.eu project is one possible solution to provide such controlling and monitoring instance which can be operated independently, as you can run it in a small scale smart home or larger scale smart infrastructure as industry 4.0.

Keeping the control on data flows is the key not to be doomed.

Its better just to accept that the Internet of Things is unsecure and post privacy. Sounds hard, but if we focus on that we can work on better concepts to create secure and private spaces in an unsecure world.

1 2 3 24