Security and PrIvacy foR the Internet of Things (SPIRIT)

As the adoption of digital technologies expands, it becomes vital to build trust and confidence in the integrity of such technology. The SPIRIT project will investigate the Proof-of Concept of employing novel secure and privacy-ensuring techniques in services set-up in the Internet of Things (IoT) environment, aiming to increase the trust of users in IoT-based systems. The proposed system will address distinct issues related to security and privacy, hence, overcoming the lack of user confidence, which inhibits utilisation of IoT technology.
The proposed system will integrate three highly novel technology concepts developed independently by the consortium partners. Specifically, a technology, termed ICMetrics, for deriving encryption keys directly from the operating characteristics of digital devices comprising the Internet of Things (IoT) in order to provide an authentication framework for their operation. This prevents spoofing of such devices compromising users' confidential data, and hence leading to increasing the trust and providence of such devices. This technology has been developed by the Universities of Kent and Essex in the UK.
Another technology, termed a Semantic firewall, is a highly flexible network security system, developed by the University of La Rochelle (ULR) in France. The semantic firewall is able to allow or deny the transmission of data derived from an IoT device according to the information contained within the data and the information gathered about the requester, hence ensuring that access to such data is governed by the access permissions commensurate with the requester.
Thirdly, a technology based on creating a content-based signature of user data /documents, in order to ensure the integrity of sent data upon arrival. This technology has also been developed at the University of La Rochelle but not as yet employed in the IoT domain.
The integration of these technologies will be demonstrated in use case scenario in an IoT based service. In the demonstrator, data extraction and analysis will also be carried out, in order to produce content and semantic information needed by both the content-based signature and the semantic firewall technologies. This part will be carried out jointly by the University of La Rochelle and the University of Geneva in Switzerland.
This project aims to build upon the highly significant results produced by the partners and to research the challenges of how these technologies can be adapted for IoT environment.

The increasing number of connected objects already invaded home and/or professional spaces raises many challenges in security and personal privacy preservation for individuals, software developers and public authorities. (There are many forecasts for the number of connected objects on IoT systems in near future: around 26 billion devices by 2020 for Capgemini and Gartner , around 41 billion for ABIresearch , 50 billion for Cisco and Morganstanley , and up to 212 billion for IDC ).
As stated by Capgemini8, only 47% of organizations do not ensure any kind of data privacy information regarding the data generated from their IoT products; and only 48% of companies focus on securing their IoT products from the beginning of the product development phase. In addition, there is a real impact of security concerns on customers' purchase decision for IoT products.

Therefore, in SPIRIT project we try to address some security and privacy vulnerabilities in IoT applications by providing a trustworthy application environments in which people can trust the applications they are using, and the applications are forbidden to abuse the users by placing them under surveillance and to take non-legitimate benefits from there personal data.

We believe that a trustworthy relationship between application providers and consumers may foster the adoption of many home/individual centric applications that do improve the quality of life such as e-health, home automation, e-commerce, e-education, e-bank, e-sport, etc.