M-Sec project provides a secure end to end framework based on advanced techniques, methods, and design as well as operating principles that minimize the risk of suffering from critical vulnerabilities in the IoT ecosystem. The project offers tools and components, most of them open source, that protect IoT devices from malware through intrusion detection mechanisms and vulnerability detection systems, authentication of parties, encryption of data, attestation of devices, anonymization of data sources, personal data removal contained in images or streaming videos using, secure data storage combining onchain and offchain thanks to the use of blockchain, as well as mechanisms to analyze security requirements and eliminate both human errors in designing application logic along with a wide number of tests performed to verify the security level, and more.
On top of the M-Sec framework, and in order to validate the technological and secure components developed, the consortium has built new IoT applications that have been tested across two smart cities; Fujisawa and Santander, each recognized having already developed a long-term smart city approach.
M-Sec Architecture
Layer
sensiNact Studio TRL 7
DMSS TRL 4
Marketplace TRL 9
Layer
& Visualisation Tool TRL 6
Companion DB TRL 7
Layer
sensiNact platform TRL 7
SOXFire TRL 6
Blockchain middleware TRL 7
engine/tool TRL 6
Layer
for devices TRL 6
Detection System TRL 7
Layer
Management Tool TRL 5
where the components are organized in horizontal layers. This is the
traditional method for designing most software and is meant to be
self-independent. This means that all the components are
interconnected but do not depend on each other.
whole framework that provides a set of functionalities based on the combination of other components.
introduce the functional group component. A component is an self-contained software which can
communicate with other components. In this representation a component can also represent a set of components. We are not representing interfaces and connectors.
Application Layer
The Application Layer defines all the use the IoT technology or in which IoT has deployed
Development & Design Tools
- Eclipse sensiNact Studio TRL 7
- Eclipse sensiNact Studio SensiNact is designed to allow platforms to interoperate, thus coexist and benefit from the richness of the variety. Additionally, it provides a fine-grained security mechanism to allow access to services by only authenticated and authorized entities
- SAT & DMSS TRL 4
- Security Analysis Tool & Development Method for a secure service. A security requirements modelling support system, for a misuse case diagram that enables the association of security knowledge with elements that constitute the diagram.
- MTSA TRL 7
- Modal Transition System Analyser. A development tool for synthesizing behaviour specification for reactive systems with formal guarantee.
IoT Marketplace TRL 9
- IoT Marketplace
- The M-Sec IoT Marketplace is a novel Marketplace where smart objects and users can exchange information and services through the use of virtual currencies, allowing real-time matching of supply and demand, and thus enabling the creation of liquid markets with profitable business models of the IoT stakeholders.
Cloud Layer
Cloud layer includes all the infrastructure upon which cloud services are based
Devices Security
- Monitoring & Visualisation Tool TRL 6
- The M-Sec IoT Marketplace is a novel Marketplace where smart objects and users can exchange information and services through the use of virtual currencies, allowing real-time matching of supply and demand, and thus enabling the creation of liquid markets with profitable business models of the IoT stakeholders.
Secured & Trusted Storage
- Crypto Companion DB TRL 7
- Crypto Companion Database – As the real world matches the digital world, ensuring that information remains secure, private and authentic has become an ongoing challenge. Using blockchain technology, some of the issues can be addressed. However, once data is stored on the blockchain it can’t be manipulated or altered. Our companion database is proposed as a parallel system to the blockchain for the encrypted storage. The blockchain saves a hash created from sensitive or personal data, and the companion database stores the sensitive data encrypted together with the hash.
Middleware Layer
Middleware layer includes the infrastructure needed for both Peer-to-Peer and IoT-to-Cloud approaches
Secure City Data Acc
- Eclipse sensiNact platform TRL 7
- Eclipse sensiNact Studio SensiNact is designed to allow platforms to interoperate, thus coexist and benefit from the richness of the variety. Additionally, it provides a fine-grained security mechanism to allow access to services by only authenticated and authorized entities
- Secure SOXFire TRL 6
- SOXFire can provide practical distributed and federated infrastructure for IoT sensor data sharing among various users/organisations in a way that is scalable, extensible, easy to use and secure, while preserving privacy.
Secured & Trusted Storage
- Quorum Blockchain Blockchain middleware TRL 7
- A distributed ledger and middleware services system which provides all the necessary groundwork for security/privacy-enhancing services related to transactions and interactions between actors of various ecosystems.
- T&R Model engine/tool TRL 6
- Trust & Reputation Model/Engine The Trust & Reputation Management Engine (T&RM Engine) is a tool working on top of the M-Sec blockchain/Marketplace and in parallel with the corresponding middleware so as to provide a ranking system assessing the reliability, trustworthiness and reputation of resources providers within the MSec ecosystem.
IoT Layer
IoT Layer includes all the devices, sensors, and their corresponding low-level networks that are met in IoT ecosystems
Devices Security
- Secured components for devices TRL 6
- Secured components for devices. A secure element, such as a TPM, is added to the physical platform, It is used to store any sensitive information that shall be protected from people having physical Access to the electronics, such as IoT devices and gateways. The secure element handles the integrity of the device during the boot process and also handles the authentication and encryption for external communication channels.
- Intrusion Detection System TRL 7
- Intrusion Detection System Protect vulnerable IoT devices from malicious activities using defense-in-depth mechanisms and threat monitoring, thereby providing multi-layered security against policy violations and cyber attacks, along with security health-checks
- Stealth security TRL 5
Privacy Management
- Ganonymizer TRL 7
- Ganonymizer. In situations where video data is used in various IoT application use cases such as smart cities, personal information is often a problem. GANonymizer is a technology that automatically deletes personal information contained in such videos using AI technology.
Cross Layer
Cross layer is the layer that provides services to all the horizontal layers.
End-to-End Security
- Security Management Tool TRL 5
- Security Management Tool. A set of centralized security functions that are necessary to ensure end-to-end security, privacy and therefore digital trust. It is designed to support several security functionalities aggregated in a single backend using the LDAP standard. The central element for the security manager is a directory service containing all information to manage security services for clients, such services known as AAA for Authentication, Accounting and Authorization.
Visit the M-Sec’s Github
FG | Component | Owner | Code of the Repository |
---|---|---|---|
Development and (Security) Designing Tools | Security Analysis Tool & Development Method for a secure service | NII | https://github.com/MSec-H2020/Secure_Analysis_Tool |
Modal Transition System Analyser | WU | https://github.com/MSec-H2020/MTSA-NodeRed-Translator | |
Eclipse Sensinact Studio | CEA | https://projects.eclipse.org/projects/technology.sensinact/developer | |
Cloud Tools FG | Monitoring and Visualisation Tool | YNU | https://github.com/MSec-H2020/Monitoring_and_Visualisation_Tool |
Devices FG | Stealth Security | YNU | https://github.com/MSec-H2020/Stealth_Security |
Secured Component for Devices | CEA | CEA private GitLab instance. Access restricted to M-Sec partners. https://gitlab.msecproject.eu/ | |
Intrusion Detection System | YNU | https://github.com/MSec-H2020/Intrusion_Detection-System | |
Privacy Management FG | GANonymizer | KEIO | https://github.com/MSec-H2020/GANonymizer |
Secure City Data Access | Eclipse Sensinact Platform | CEA | https://projects.eclipse.org/projects/technology.sensinact/developer |
Secure SoxFire | KEIO | https://github.com/MSec-H2020/Secure_SOXFire https://github.com/MSec-H2020/SOXStore-Server |
|
Secured & Trusted Storage FG | Quorum Blockchain /Blockchain Middleware | ICCS | https://github.com/MSec-H2020/Quorum_Blockchain_and_Blockchain_Middleware |
Crypto Companion Database | WLI | https://github.com/MSec-H2020/Crypto_Companion_DB | |
IoT Marketplace FG | IoT Marketplace | ICCS | https://github.com/MSec-H2020/IoT_Marketplace |
End-to-End Security FG | Security Management Tool | CEA | CEA private GitLab instance. Access restricted to M-Sec partners. https://gitlab.msecproject.eu/ |