Summary
The scale and geographic dispersion of the Internet of Things (IoT) will surpass the size of the current day Internet in, at least, 3 orders of magnitude. The IoT will be the largest and most widely distributed system ever, with a multitude of connected sensors and actuators. The majority of the interactions will occur between machines – M2M (Machine-to-Machine) – without human intervention. The current Internet already has some serious, unresolved security problems. Adding physical world autonomous connections brings even more concerns about attacks and their consequences to people and goods.
The SureThing project is addressing a timely IoT security need: creating and validating location certificates. The project’s goal is to allow for constrained devices, needed in the provisioning of IoT services, to obtain proof of their location or to request proof of location to other devices. The certificates issued using the SureThing framework will contain location data, obtained and verified using one or more state-of-the-art techniques. These include locality-sensitive network measurements, using WiFi and Bluetooth fingerprinting, and ambience sensing. The existing techniques only consider the use of smartphones. We are researching ways to adapt these techniques to more limited devices and to protocols better suited to the IoT, like COAP and MQTT. The framework will be extensible in order to allow for the novel techniques developed in this project or by the research community to be easily integrated as they appear.
The SureThing framework will allow developers to choose between faster location proofs and more reliable proofs, which will be digitally signed and kept in a ledger. The witness models – providing a validation role for other devices at the same location – will play an important role, particularly when only limited cryptographic mechanisms are available. The witness models assist in validating location, and provide orchestrations involving identity providers and using anonymization techniques to assure adequate witness privacy protection.
Use cases
This project will validate its contributions with two use cases. The first, ‘Smart Tourism’, a key economic sector in Portugal, which will build an application providing tourists with awards for each visit to a predefined set of locations, making use of reliable fast location proofs. The second, ‘Smart Taxes’, will combine the new locations proofs with digital notaries with time-stamping and long-term proof archival. The proof ledger will be made available using distributed models, based on Block-chain techniques for collusion-resistant proofs.
The widespread use of SureThing location proofs will significantly improve the security decisions of policies for the IoT. This will lead to more secure and trustable services in the near future.
Funding
SureThing is a scientific project funded by the Portuguese national funding agency for science, research and technology (FCT) with reference No. PTDC/CCI-COM/31440/2017. The project runs from 01-10-2018 to 30-09-2022 and its total budget is EUR 238.517,78.