COPS: Comprehensive privacy and security for resilient CPS/IoT

Cyber-physical systems (CPSs) and the Internet of Things (IoT) are technologies expected to gain increased importance in all sectors of society. Information security, including confidentiality, integrity, and availability, is critical in this context, as compromise can have severe consequences for life and health or lead to significant material damage and financial loss. This project addresses privacy and security-related issues from a physical layer perspective, where traditional methods are unable to detect attacks. The issues addressed are particularly challenging owing to the distributed nature of CPS/IoT systems, the high dynamics of the attacks, and infrastructure limitations. Traditional solutions do not include information available at the physical layer, such as sensor redundancy, control laws, and physical processes. The project takes a security-by-design approach in the design of CPS/IoT systems with security and privacy as inherent functionalities, where one is not dependent on security mechanisms being added at a later stage of system design. This ensures that CPS/IoT systems become more robust and remain functional under various types of attacks where other security protocols fail. We have developed new methods to ensure that privacy is maintained. These include distributed machine learning algorithms (federated learning) that contain new privacy metrics and built-in privacy (privacy-by-design). We also developed communication-effective distributed learning algorithms for streaming data. In distributed learning, the aggregator receives model updates from a set of participants and provides no insight into the data used for learning. Malicious participants can carry out attacks by poisoning the model, thereby controlling the predictions at specific data points. Over the past year, we have expanded the research on distributed learning to include the effects of and defenses against natural and artificial disturbances, such as channel noise, private information leakage, and model poisoning. We also initiated studies on the challenges of using distributed learning in medical applications. In recent years, society has been marked by the Covid-19 pandemic. New technologies and innovations should be developed to meet these challenges in the future. In the COPS project, we proposed using drones to combat similar pandemics in the future. This solution, called COROID, is based on crowdsourcing sensor data from mobile devices, such as mobile phones and smartwatches, and correlates these with the results from infrared cameras on the COROID drone. In 2023, we studied and published within two main themes. One theme is the use of federated learning (FL) as a means to efficiently distribute computations among data-collecting devices without raw data transfers to a centralized processing point, adding an additional layer of privacy for the data holder. We analyzed the effects of and developed resilient methods for environments in which malicious actors try to disrupt learning. We also looked at FL for medical applications, where we examined how artificial intelligence (AI) and FL are used in the health sector. We presented a roadmap for secure and decentralized diagnosis and prognosis models and data sharing, security, and privacy related to cancer diagnosis. Related to this, we studied ethics and philosophical principles in using AI in the health sector. Another theme is the analysis of ergodic performance for two-way nonorthogonal multiple access (NOMA) using Reconfigurable Intelligent Surfaces (RIS). Under the assumption that the propagation channel follows a Rice distribution, our study shows that NOMA-RIS communication can provide capacity gain compared to traditional wireless communication systems.

This medium-term time horizon research project develops advanced inference and optimization approaches to overcome challenges faced by future cyber physical systems/internet-of-things (CPS/IoT) and enable a sustainable and resilient digital society. The project addresses privacy and security related problems from a physical-layer perspective where traditional methods fail to detect security breaches and privacy invasions. The considered problems are particularly challenging due to the distributed nature of CPS/IoT, dynamic and non-stationary nature of attacks, and infrastructure constraints. The existing data security approaches ignore the additional information available at the physical layer such as sensor redundancy, control laws, and physical processes. Leveraging on the model knowledge and side information, the project adopts a secure-by-design philosophy for designing CPS and IoT with security and privacy as an inherent aspect of the functionality without solely depending on additional mechanisms at a later part of the design. Unlike the current approaches that assume security and privacy as an additional feature of the system, it is here consider to be a fundamental design constraint. This ensures that CPS and IoT function even when other security protocols fail and maintain operations under adversarial conditions. Finally, the project aims to strengthen the existing liaisons between academia and industry (NTNU and SINTEF), foster international scientific and education collaboration to educate and inform a new generation of scientists and engineers in the strategic area of IoT technologies. International co-operation with world-class research universities forms an important part of the project in the form of researcher exchange.