The TruSDEd project aims to provide a network traffic processing platform to defend IoT and sensor networks from present and evolving cyberattacks. Individual IoT devices, particularly those running commodity OSes like Linux, present risk in the willingness or ability for manufacturers to keep them up-to-date and patched against vulnerabilities. Such devices’ ubiquity makes them a prime target for hackers to control – either for their own data, or to serve as part of a larger botnet or infrastructural attack vector. The mixed provenance, hardware, and software stacks present on each IoT device make it difficult to secure each with a unified solution – moreover, devices are physically vulnerable to the elements or humans, making expensive processing hardware undesirable to deploy in practice.
TruSDEd aims to securely process in- and out-bound IP traffic from IoT networks in a fast, easily reconfigurable way. We go beyond ‘by-design’ security to aim to offer an affordable solution which can be used to easily retrofit secure, software-defined, and attestable packet processing into existing IoT deployments, as well as being factored into new installations. Our project objectives are to investigate software stacks which will enable in-situ processing of traffic (i.e., without using remote cloud servers for scrubbing) on low-cost devices, and to show that this is both fast and requires little additional power use. This is in light of such devices lacking key technologies leveraged by the state of the art, such as trusted execution environments (TEEs). Our other principal objective is to design strong, fast, and cheap hardware-based physical unclonable function (PUF) authentication primitives based on resonant tunnelling diodes (RTDs), and to use these to ensure provenance of state and configuration exchanged between administrators and the edge.
TruSDEd is joint work between the University's School of Computing Science and James Watt School of Engineering, and is an interdisciplinary effort to bring together our expertise in dataplane programming, security, and hardware research and design.