The URV is taking part in the SECURING project, coordinated by the UOC, which in the coming years will develop new technological solutions to guarantee the safety and sustainability of the ecosystems based on the Internet of Things
In an increasingly digital world, having secure Internet infrastructures is a challenge and an obligation. As the number of devices sharing data increases, thanks to the rise and democratization of the Internet of Things (IoT), the number of threats that users face is also growing: it is estimated that, if the current growth rate is maintained, the damage caused by cyberattacks will amount to about 10.5 billion dollars annually by 2025, compared to three billion in 2015, which represents an increase of more than 200%.
The development of cyber security measures to mitigate and reduce these risks must be sustainable. The commitment to sustainability encourages the Internet to be responsible with the environment, guarantees equitable access to the network and promotes digital inclusion and social responsibility.
One of the premises that led a group of researchers from the Universitat Rovira i Virgili and Universitat Autònoma de Barcelona is to participate in the project Bringing Sustainable Cybersecurity to the Internet of Things (SECURING), coordinated by the UOC.
Funded by the Ministry of Science and Innovation, the project seeks to contribute to the sustainable development of the Internet by providing cybersecurity and privacy technologies that efficiently protect the infrastructures of the Internet of Things. This will protect large sectors of the economy and promote sustainability from a social and environmental point of view.
The importance of a sustainable internet
It is becoming increasingly clear that the concept of sustainability must not be limited to the economy and the environment. It must be integrated into all areas and sectors, one of which is digitalisation: the internet moves the world, so if it is unsustainable, the world will be as well.
In 2020, more than 9.7 billion IoT devices existed on the planet, and the number is estimated to triple by 2030. For this reason, the methods used to produce, maintain and protect these devices and their activities (thanks to cyber security) must be sustainable.
“In the context of the IoT, sustainable cybersecurity involves ensuring that devices and systems are secure and private, while minimizing environmental impacts and making the most of energy efficiency opportunities,” explains Professor David Megías, director of the Internet Interdisciplinary Institute (IN3) of the UOC and coordinator of the SECURING project, together with the lecturer and researcher Helena Rifà, of Informatics, Multimedia and Telecommunications Studies.
Failure to promote sustainability will have consequences in several areas. “We can speculate on some potential consequences of not promoting sustainable cyber security, such as service disruptions due to cyber-attacks; the loss of privacy, information and trust by users, or the increase in congestion problems that can reduce the speed and efficiency of the network”, explains Megías, who leads the K-riptography research group and Information Security for Open Networks (KISON).
This is in addition to the fact that, if IoT devices are not designed to be energy efficient and not recycled properly, they can contribute to the environmental impact of the internet and increase both waste and the emission of greenhouse gases that cause climate change.
SECURING: joining sustainability and cyber security
According to the project coordinators, these problems can be prevented only if there is a proactive approach to security, appropriate regulation and the promotion of a sustainable cybersecurity culture. This culture must be encouraged among all stakeholders: from software developers to users.
The first step to ensure sustainability is the creation phase of IoT devices, an aspect on which the SECURING project focuses. “Incorporating sustainable cyber security into the design of ICT and IoT is essential, because it ensures that devices are secure and private from the start and protects users from possible cyberattacks and privacy violations,” says the IN3 director.
“In addition, if materials and production processes are more efficient and devices are more durable and reparable, the environmental impact of technologies can be reduced. In short, by considering sustainable cyber security in the design of ICT and IoT, safer, more sustainable and efficient solutions can be created to benefit both users and the environment,” says the UOC professor.
SECURING methodology and objectives
The aim of SECURING is to propose new technological solutions to security and privacy issues. Researchers are seeking to provide infrastructures for intrusion detection and prevention (IDP), design new sustainable privacy protocols, and propose a new crowdsensing communication paradigm based on the community.
The methodology involves designing and creating software or hardware solutions and then carrying out formal tests. The project will combine technologies such as machine learning, blockchain and digital watermarks, and will implement measures to guarantee privacy and ensure that the personal data of end users are protected at all times.
The project is a multidisciplinary initiative that combines IT and legislation. “One of the members of the research team is specialised in law and particular research methods will be used in this area to apply rules such as the General Data Protection Regulation (GDPR) to the technological solutions that are developed,” explains Megías.
The URV team that has participated in the project is led by Jordi Castellà-Roca and Alexandre Viejo, researchers from the Department of Computer Engineering and Mathematics. Their task is to ensure security, privacy and energy sustainability in the management of the lifecycle of data acquired through IoT networks. Specifically, they will design systems to acquire and store the data obtained by IoT devices in a secure, private and sustainable way. Subsequently, they will provide tools that will enable the owners of data to effectively control how third-party companies process and exploit it. At the same time, these companies will be able to demonstrate that they make good use of this data. Both scenarios are included as part of the framework of the General Data Protection Regulation.
“Cyber risk is a complex phenomenon that involves numerous technical, legal, economic and social aspects. An interdisciplinary approach makes it possible to address these aspects in a comprehensive way. This provides a deeper understanding of the problem and enables us to develop more effective solutions that are not only technological, but also have an important social component”, he concludes.