The progress of new technologies has allowed many of the
devices and appliances in
homes,
offices, industries and streets to be connected to the network through the
Internet of Things (IoT), improving and streamlining processes, jobs and even people's quality of life. However, this
massive connection of everyday objects can lead to numerous
risks, especially when processing
personal data, sensitive data or the information handled by these systems.
Now, a team of experts, led by researchers from the Universitat Oberta de Catalunya (
UOC) and Institut Polytechnique de Paris (IP Paris), has designed a
system to guarantee the integrity, origin and security of data coming from IoT networks, especially in areas where connected devices have limited computing and storage resources.
"We've developed a system of
zero-watermarking approach, which does not modify the original data but can incorporate information about their source, ensuring tamper-proof transmission over the network", said Omair Faraj, lead author of this study and PhD with the
Network and Information Technologies programme at both the UOC and Télécom SudParis of IP Paris, working with the K-ryptography and Information Security for Open Networks (
KISON) research group, together with Professor
David Megías, KISON lead researcher and director of the Internet Interdisciplinary Institute (
IN3), and Professor Joaquín García Alfaro, full professor and researcher at Télécom SudParis, both co-authors of this study.
This innovative method, designed to guarantee data integrity and secure provenance in environments where the Internet of Things is used, is called ZIRCON (Zero-watermarkIng-based data pRovenanCe for iOt Networks). "ZIRCON uses a
zero-watermarking technique without amendment to the data itself, in which a unique watermark is generated from the metadata - similar to the IP address of a device - but
without embedding this watermark directly
in the original data", said Faraj. In this way, thanks to the use of this system, the watermark is stored separately in a network database that is tamper-proof and resilient against unwanted external interference.
IoT challenges and risks
Systems based on the Internet of Things have very specific characteristics, and face unique
challenges compared to other digital environments. For example, devices often have
limited processing power, short battery life and
less bandwidth.
There are also many risks involved as the IoT develops and becomes more widely used. Firstly,
data management, because of its dynamic and highly
interconnected nature,
makes data more vulnerable, especially at points where
different devices are connected.
Secondly, a
lack of computational capabilities makes the use of complex
security and encrypting techniques more difficult. This increases risks and
the threat that data could be captured, modified or falsified.
Given the possible consequences of these risks, which can affect key sectors of society, such as electricity networks, traffic or infrastructure,
30 November is
International Computer Security Day, an event aimed at promoting secure, reliable and verified computing systems.
The ZIRCON system is able to solve this type of conflict thanks to its innovative design, which needs only
light computational capabilities and has low energy requirements. The system is applicable to a large proportion of digital environments and can turn them into secure, robust and verified networks at each stage of device interconnection. "It's an ideal solution for IoT devices with limited resources", Faraj emphasized.
In addition, according to the experts, this system is highly resistant to both passive and active attacks, including packet replay, data manipulation, and provenance forgery. "Our results indicate that ZIRCON is superior to traditional methods, especially because of its lightweight processing, efficient use of bandwidth and reduced energy consumption", said Faraj.
Secure transmission
Another fundamental feature of ZIRCON is its ability to
verify the integrity of data at each hop within an IoT network. This ensures
secure end-to-end transmission, providing a solution for the integrity of the data handled by the applications on the devices connected to the network. "ZIRCON is a system that is robust against attacks, lightweight, and efficient in data storage, energy use and bandwidth consumption, compared with previous techniques", the experts pointed out.
Moreover, the design of this innovative system opens up a field of new opportunities to improve network security. "Future projects will be able to explore the integration of ZIRCON with other
cryptographic methods and its application in emerging environments", Faraj concluded.
This work has been possible thanks to various sources of funding, including the Spanish Ministry of Science, Innovation and Universities, the ARTEMISA International Cybersecurity Chair and the DANGER Strategic Cybersecurity Project, supported by the Spanish National Cybersecurity Institute, and funds from the NextGenerationEU scheme and the Recovery, Transformation and Resilience Plan, with the support of the Cyber CNI Chair at the Institut Mines-Télécom in France.
This UOC research contributes to UN Sustainable Development Goal (SDG) 9: Industry, Innovation and Infrastructure.