Presentation of the risk assessment solutions designed and implemented in projects participating in the H2020 IoT Security/Privacy cluster. Presentation from John Soldatos of SecureIoT H2020 project.

1. H2020 IoT Security/Privacy Cluster
Projects: Overview of Risk Assessment
Solutions
H2020 IOT Security/Privacy Cluster , May 2019
All the presented projects have received funding from the
European Union’s Horizon 2020 research and innovation
programme

2. Cluster Projects that Focus on Risk Assessment: Overview of Approaches (1)
Brain-IoT
• Risk assessment as a means of setting
security objectives & driving requirements
CHARIOT
• Simulation tool for risk assessment, risk
mitigation and data generation
ENACT
• Continuous & Adaptive IoT Risk Assessment
integrated with DevOps

3. Cluster Projects that Focus on Risk Assessment: Overview of Approaches (2)
IoT Crawler
• Analysis of threats and relevant risks in the
context of IoT Search & Crawling
SecureIoT
• Data-driven risk assessment i.e. advanced
data analytics for risk assessment & scoring
SerIoT
• Policy Based Framework for Risk Mitigation

4. Cluster Projects that Focus on Risk Assessment: Overview of Approaches
RA Area / Project Brain-IoT IoTCrawler SecureIoT CHARIOT ENACT SerIoT
Asset Modelling X X X X X X
Threat Modelling X X X X X X
Threat Databases &
Knowledge Bases
X X X
Threats & Assets Mapping X X
Data Analytics & AI for Risk
Assessment
X
Risk Driven Security
Requirements
X X
Risk Simulation & Calculation X
Risk Visualization X X
Risk Mitigation X
Specification of IoT Threats for
Search and Crawling
X

5. Brain-IoT: Model-Based Framework for Dependable Sensing & Actuation in
Intelligent Decentralized IoT Systems
Objectives, Scope, Validation
• Interoperability & Dynamic
Platforms Federations (Shared
Semantic Models linked
dynamically to IoT devices)
• Smart Cooperative Behaviours
based on AI features
• Dynamic AAA
• Embedded Privacy & Privacy
Control
• Dynamic Commissioning &
Reconfiguration (edge/cloud
deployment & balancing)
• Validation Settings: Robotics,
Critical Water Infrastructures,
H2020 LSP Projects (Smart Cities,
Healthcare, Wearables..)
www.brain-iot.eu

6. Scope of Risk Assessment in Brain-IoT
Scope: Systems Managed by Brain-IoT (not external systems)
•IoT Devices & Platforms in Brain-IoT Use Cases
Iterative Methodology
•Assets identification
•Threats identification , based on common threats databases (EBIOS, OWASP, etc.).
•Security objectives are derived from the threats, to identify security level targeted for each environment.
•Security technical requirements are built to counter the threats

7. Identification of Assets, Threats & Vulnerabilities
Asset Identification
• Different Types of
Assets
• Software (e.g., an
operating system)
• Hardware (e.g., a
sensor, CPU,
memory, etc.)
• Data (e.g., sensor
status transmitted
over a network,
robot location in
memory, etc.)
• Each asset has an
Identifier and is
classified based on
its role & Impact on
the System
Threats and
Vulnerabilities
Identification
• EBIOS Methodology
• Eight main
categories
• Physical damage
• Natural events
• Loss of essential
services
• Disturbance due to
radiation
• Compromise of
information
• Technical failures
• Unauthorized
actions
• Compromise of
functions

8. Mapping Assets & Vulnerabilities/Threats (Template)

9. Security Objectives
Security Objectives
• Derived from threats
• Guideline to counter the identified threats and to satisfy the
security principle
• Should cover the full list of threats for each asset
• Could be classified in terms of Integrity, Confidentiality, and
Availability

10. Security Requirements
Security Requirements
• Final step of the methodology: Technical requirement
identification.
• Each security objective should lead to the implementation of
one or more technical requirements
• Requirement list used as input for the technical design definition

11. CHARIOT: Cognitive Heterogeneous Architecture for Industrial IoT
www.chariotproject.eu
Objectives, Scope, Validation
• Methodological Framework for the Design
and Operation of Safety Critical Systems
(safety as cross-cutting concern)
• Open Cognitive IoT Architecture and
Platform for safety critical systems and IoT
systems interaction in a secure manner
• Runtime IoT Privacy, Security and Safety
Supervision Engine (IPSE)
• Privacy Engine based on PKI and
Blockchain technologies
• Firmware Security integrity checking
• IoT Safety Supervision Engine (ISSE)
• Analytics Prediction and Dashboard
• Validation: Trenitalia (Italy) & Athens
International Airport (Greece), IBM Campus
(Ireland)

12. CHARIOT: Scope of Risk Assessment Work
Risk Assessment and Mitigation
• Various standards are part of
CHARIOT’s design and methodology for
use cases in different sectors (e.g., IEC
62443 for railway, CANSO Guide for
Aviation)
• A Simulation Tool developed to
facilitate design and enable data
collection, while boosting risk
assessment
CHARIOT
Simulator
•Privacy, security,
safety threat
vulnerability
analysis
•Predict IoT
devices anomalies
and malfunctions
•Score risk when
something is not
behaving as
expected •Provide
mitigation plans
and
recommendations
Show & Illustrate
bottlenecks

13. CHARIOT Simulator Snapshot

14. ENACT: Development, Operation, and Quality Assurance of Trustworthy
Smart IoT Systems
Objectives, Scope, Validation
• Enablers for continuous
development and operation of
trustworthy IoT systems
• Risk-driven and agile
development and delivery
• Continuous evolution to keep
the smart IoT system
trustworthy despite internal
threats
• Address security, privacy, safety,
resilience, and reliability.
• Deal with software updates,
new security strategies, new
user profiles, policies changes.
• Validation: Rail, Healthcare,
Smart Building
CODE
BUILD TEST
RELEASE &
DEPLOY
OPERATE
Risk-Driven
Design Planning
Language to specify
Devicesbehavior
& securitybehavior
Automated deployment
of Smart IoT systems
and securitymechanisms
Simulation and Test environment for
Smart IoT applications.
Simulate and test securitymechanisms.
Security, robustnessand context monitoring
and root-cause analysis
Dynamicadaptation
in open contexts
& actuation conflicts
handling
Secure and context-
aware orchestration
of sensors, actuators
and software services.
Actuation conflict
identification
https://www.enact-project.eu

15. Risk Management Objectives & Approach in ENACT
RA Scope in ENACT
• Concepts and tools for agile context-
aware and risk-driven decision support
and selection of resources
• Enable application developers and
operators to support continuous
delivery of trustworthy smart IoT
systems.
• Framework & Methodologies: OCTAVE,
OWASP CORAS for likelihood and
impact analysis
RA Functionalities
• Detect risks (System Level &
Component Level)
• Produce mitigation actions - directly
actionable by DevOps teams
• Classifies mitigation actions in order to
understand the impact on the DevOps
process
• Provide a current risk status report for
legislation compliance

16. Baseline and Progress
Extensions to MUSA
• Support any types of risk, defined within the catalogue or defined by the user.
• Enable creation & evaluation of non-functional risks.
• Integration with the DevOps cycle - Monitor the risk mitigation status though evidence collectors
• Open data Risks catalogue for IoT space
• The full functionality provided in ENACT will be released as open-source under MIT license.
MUSA Risk Assessment
Seamless & Impactless Risk Management for
DevOps team
Support IoT and Edge:
• Consider software and hardware components
• IoT security, privacy, resilience,
& non-functional risks
Baseline Planned Progress
ENACT Risk
Management

17. Main Innovations in Risk Assessment
Adaptability
• Completely adaptable to
each customer’s problem
and process
• Adapts to architecture or
process changes
Dashboards &
Visualization
• Dashboards for
continuous process
management adapted
to different roles
• Risk warning
visualization connected
to project management
• Automatically raise
awareness on risks
related to changes in
the schedule
Continuous Risk Control
• Novel mechanisms to
define risks and
mitigations related to a
process.
• Likelihood and impact of
potential risks
associated to the
project will be
continuously calculated
depending on actual
process execution.

18. IoTCrawler: Search Engine for the Internet of Things
Objectives, Scope, Validation
• Search engines that support crawling,
discovery and integration of IoT data.
• Adaptive and dynamic solutions for
resource ranking and selection.
• Distributed crawling and indexing
mechanisms to enable near real-time
discovery and search of massive real
world (IoT) data streams in a secure and
privacy- and trust-aware framework.
• Enablers for security-, privacy and trust-
aware discovery and access to IoT
resources in constrained IoT
environments
• New applications and services that rely
on ad-hoc and dynamic data/service
query and access.
• Validation: Smart City, Social IoT, Smart
Energy, Industry 4.0
https://iotcrawler.eu/
Security,Privacy&Trust
IoT Resources: sensors and actuators
Use cases
Machine initiated semantic sear ch
IoT discovery
Context management
Monitoring & fault recovery
Multi-criteria ranking
Adaptive indexing
Edge
broker
Edge
broker
Edge
broker
Cloud
broker
Distributed
IoT framework
Dynamic
crawling
Search
Dataanalysis
API
Smart city Social IoT
Smart
energy
Industry
4.0

19. Repositories of Threats used in IoTCrawler
IoTCrawler specifies a library of threats
derived from existing repositories and
ontologies
Threat
Modelling in
IoTCrawler
IoTSec Ontology: Comprises Repository
threats for IoT
IoTSec
Paper on Threat Analysis for M2M
Communications
ETSI’s Threat
Analysis

20. IoTCrawler: Types of Threats Analyzed & Modelled
Types
of
Threats
IoT Devices
Threats
Communication
Threats
Platform
Threats
M2M Threats

21. SecureIoT: Predictive Security for IoT Platforms and Networks of
Smart Objects
Objectives, Scope, Validation
• End-to-End Security
Monitoring for Predictive
(AI-based Security)
• Security Interoperability
across IoT Platforms
• Cross-Platform & Cross-
Vertical
• Validation: Socially
Assistive Robots, Smart
Manufacturing, Connected
Car & Self-Driving
https://secureiot.eu/
IoT Systems
(Platforms &
Devices)
Field
Network
Field
Device
Edge
Cloud
App Intelligent
(Context-
Aware)
Data
Collection
Actuation &
Automation
Open APIs
IoT Security
Template
Extraction
(Analytics)
Template
Execution
Engine
(e.g., Rule
Engine)
Global Storage
(Cloud)
SecureIoT
Database+ Assets
Registry
IoT Security Templates
Database
Templates
Contextualization
Engine
IoT Security
Knowledge Base
Security Policy
Enforcement Point
Risk
Assessment
Compliance
Auditing
Developers’
Support
Developers’
Support
WP4
Open APIs
WP5
WP3

22. SecureIoT: Functional Architecture (Logical View)
SecureIoT Architecture
• Data Driven Architecture for SECaaS Services
• Risk Assessment is one of the SECaaS Services
• Risk Assessment leverages processing & analytics over security information derived from various
probes

23. Risk Assessment Workflow SecureIoT Platform
Main Elements of
SecureIoT Risk
Assessment Approach
• System
• Asset
• Abuse Case
• Risk Model
• Indicators
• Mitigation Measures

24. SecureIoT Assets & Threats Modelling (Proprietary)

25. IoT Security Knowledge Base
IoT Security Knowledge Base
• Serves as basis for Vulnerabilities Identification &
Resolution
CVE, CWE, CPE,
CAPEC data
• Vulnerabilities documents
• 4 tables (CVE, CPE, CAPEC, CWE)
• Documents database (MongoDB)
CVE, CWE, CPE,
CAPEC relations
• CyberThreat Intelligence (CTI)
• Graph database (OrientDB + Tinkerpop Gremlin)
Devices
knowledge graph
• Knowledge graph databases
• One per device
• Graph database (OrientDB + Tinkerpop Gremli)

26. Role of IoT Security Knowledge Base in Risk Assessment
Official sources IoT assets
Risk assessment
service
Template
execution engine
Human end-user
API
Visual tools
CyberThreat Intelligence
crawler
Assets aggregator
Knowledge Base DBs

27. SerIoT: Secure & Safe Internet of Things
Objectives, Scope, Validation
• Design a Cognitive Packet Network
that interconnects distributed IoT
subsystems based on SDN
technology
• Use “Smart Packets” (SP) to search
for secure multi-hop routes having
good quality of service & energy
efficiency.
• Use Random Neural Networks for
routing decisions and overall
network performance
improvements – “Security Aware”
routing
• Validation: ITS & Smart Cities,
Surveillance, Flexible
Manufacturing, Food Chain
https://seriot-project.eu

28. Scope of Risk Assessment Work in IoT
Policy based Framework for data usage and risk
prevention
• Enable risk identification and minimization based on
appropriate policies
Risk Analysis & Mitigation based on cross-layer data
collection & analytics
• Empowered by interoperability and resulting in increased
intelligence
Validation in LL (Smart Transport)
• E.g., Risk Mitigation in Road ITS Scenarios

29. Possible Synergies & Joint Activities
Synergies
on Risk
Assessme
nt
Alignment & Reuse
of Asset Modelling
Approaches
Exchange of Threat
Models, Asset
Models etc.
Joint Whitepaper on
Risk Modelling &
Assessment for IoT
Catalogue of
Different Standards
(ENISA, IEC 62433)
and Methodologies
(e.g., EBIOS,
OCTAVE, CORAS etc)
Examples
• IoTCrawler threats as
input to SecureIoT
Knowledge base
• Common Database of
Assets, Threats and
Vulnerabilities
• Brain-IoT methodology
used to drive Security
Requirements in SecureIoT
Use Cases
• CHARIoT Simulator could
generate datasets to
shared with other projects

30. Thank you