Matomo

Securing an ecosystem of edge ML devices | Cossack Labs

🇺🇦 We stand with Ukraine, and we stand for Ukraine. We offer free assessment and mitigation services to improve Ukrainian companies security resilience.

Case Industrial IoT security Industrial HOT SUMMER 2022

IIoT security: protecting specialised edge ML devices

Industry

  • IIoT security

  • AI / ML security

  • Soil enrichment

Technology stack

  • Python, Django & PostgreSQL

  • GCP cloud + on-prem

  • ML / TensorFlow

  • Raspberry PI 4, Raspberry OS

Regulations / standards

  • GDPR

  • IEC standards

  • NIST RMF, SP 800-53, SP 800-57, SP 800-213, NISTIR 8259 series

Challenges

Technology requirements

Data and IP protection

Fleet management

Protection against reverse engineering and tampering

Our approach

Following NIST standards

Full lifecycle, coordinated security controls

Securing a pipeline, not just software

Solution

Architecture scheme

Protecting IIoT devices: a Hive of devices communicates with a Queen server, security and cryptography solution by Cossack Labs.

Threat modelling

  • a device-as-a-blackbox (its hardware, firmware, software, data);
  • a communication channel between the Hive and the Queen;
  • receiving updates of data and software (which could be intercepted, stolen, or corrupted).

SSDLC

IIoT device provisioning pipeline

Linux hardening

Fleet management

Application security

Authentication

Machine Learning security

Data at rest security

Encryption and key management

Secure communication

Reverse engineering protections and self-destruction

Protection against side-channel attacks

Products and services involved

Cryptography engineering

Cryptography engineering

We've designed cryptographic protocol and key management layout for over-the-air updates of firmware and ML models. Cryptography is based on IoT-friendly crypto-primitives, and key management layer is kept lightweight.

Read more
Security architecture & engineering

Security architecture & engineering

We designed & built the whole security layer described above: OS hardening, application security, ML model protection, data security, communication security, and anti-tampering measures.

Read more
Themis

Themis

Themis is a cross-platform high-level open-source cryptographic library. We used Themis as a building block for cryptographic protocols, because it has hard-to-misuse API and works the same among multiple platforms.

Read more

Results and outcomes

Security for innovative industries

Emerging industries don't have established security recipes. We combine years of experience, software, and creative vein to protect innovations. Talk to us if you are looking to take your data security to the next level.

Contact us

Get whitepaper

Thank you!
We’ve received your request and will respond soon.