
Security by design: tool-supported process for more security in the Internet of Things
In times of increasing networking and complex Industry 4.0 and smart home applications, the need to secure systems against cyber attacks is growing. At the same time, however, the effort required to ensure adequate protection is also increasing. The it’s OWL project ‘IoT-ScuBA‘, short for ‘IoT security through cyclical, precisely interlinked threat analysis and attack detection’, aims to facilitate the development and maintenance of secure IoT systems according to the security-by-design principle. In this project, the consortium partners Fraunhofer IEM, Diebold Nixdorf and Miele are developing methods and tools that enable the requirements of relevant security standards to be met and secure networked systems to be developed with less effort.
As part of IoT-ScuBA, the project team has defined a process that enables the systematic, tool-supported linking of threat analysis and attack detection. The process starts with use cases created by product management, which are then analyzed for potential threats by security experts. This threat analysis uses the IoT-ScuBA tools to be developed to identify vulnerable system components and plan effective countermeasures.
What does security by design mean?
Security by design means that security is integrated into the development process of a system or product right from the start. Instead of adding security measures retrospectively, they are considered and built in from the outset. The aim is to identify and eliminate potential vulnerabilities at an early stage in order to create a more secure system overall. This ensures that security is a fundamental part of the design and not just an afterthought.
The development tool will also generate security suggestions that are incorporated into the technical requirements and design of the IoT product. In this way, neuralgic points in the system that appear particularly attractive to attackers can be identified. An attack detection system then monitors these points during operation. This makes it possible to detect attempted attacks and previously unknown types of attack.
System security is constantly being improved
The findings from attack detection are fed back into the threat analysis, which is updated regularly. This allows threat risks to be reassessed and security measures to be adapted accordingly. This iterative process ensures that a high level of security is maintained through regular security updates and that the networked product can be operated sustainably.
it’s OWL companies to benefit from security developments
The methods and tools to be developed will be designed in such a way that they are not only transferable to the IoT systems of the network partners, but also to other use cases. The it’s OWL cluster members in particular should benefit from the simplified development of secure products, especially in view of the upcoming legal requirements. In the long term, the project results should help to strengthen the security of IoT systems across all industries. In the next two years of the project, the focus will be on developing the necessary tools for threat analysis, generating security proposals, detecting attacks and processing security findings. The results of the IoT-ScuBA project will enable optimization of the secure development lifecycle and thus contribute to the security culture in the IoT industry.