In a modern digital society, we all expect software and hardware to work properly, to be secure, and to do exactly what is expected of them. In addition, we are looking for new solutions to develop the Internet of Things to make solutions even smarter and more energy-efficient in different areas.
However, IT systems are becoming increasingly more complex and ensuring security and reliability requires more resources. To address these issues, two new research groups were established in Estonia in 2018 as part of the research measure of the IT Academy: the Centre for Hardware Security and the Laboratory for Compositional Systems and Methods; the Centre of Excellence for the Smart Internet of Things (IoT) was also developed.
How is hardware attacked?
For Samuel Pagliarini, Professor at the Centre for Hardware Security at the School of Information Technologies, hardware security is about how chips and electronics in general can be maliciously attacked or compromised. Among other things, researchers in this area are studying problems such as reverse engineering, piracy, and hardware ‘Trojans’ and ‘backdoors’.
‘However, to understand vulnerabilities, we need to know how chips are designed. The process of creating chips is broken down into incredibly small steps. For example, if my research group is making a relatively small chip for academic use only, I have to deal with a handful of companies in the US, UK, Taiwan, and Singapore,’ explains Pagliarini. The list is even longer for chips designed for commercial purposes. And therein lies the problem, according to the researcher: ‘I have no control over these companies and therefore, I cannot exclude malicious actors in my supply chain. For example, I can buy a memory controller, but it might have a ‘backdoor’ that allows access to my data. Or, for example, I hire a company to produce a million units of my chips, but they decide to produce 1.1 million and sell the rest on the black market,’ says Pagliarini.
To prove this, the researchers of the centre created a new chip and showed that it is possible to install Trojans in their production cycle using simple tools and in a short time. Such Trojans can attack IT systems, collect user data, and compromise the security of other data. The scariest part is that the researchers used freely available software to hack into the chips and it took a little over 60 minutes in a lab.
Overall, in its research, the centre aims to find ways to design secure hardware despite an unreliable supply chain. The centre is currently developing various methods to make chips harder for malicious parties to hack. If they do not understand how the chip is built, it cannot be copied. Unless its construction can be fully understood, it will not be possible to retrieve the data later by creating a ‘backdoor’.
What is reliable software?
Reliable software engineering means knowing the principles of writing software: we will be able to trust the program and it really works as promised. For example, when a civil engineer builds a bridge, they are building on centuries of materials science knowledge. That way, we can be fairly sure that the bridge designed by a qualified civil engineer will not collapse in the next storm.
According to Professor Pawel Sobocinski, head of a research group at the Department of Software Science, the same cannot be said for software. ‘Software engineers do not have access to software materials science. Compared to physics, chemistry, or biology, computer science is in its infancy: it is not even 100 years old and we are still establishing the basic principles,’ said Sobocinski.
Professor Sobocinski believes that Estonia is the digital experiment of Europe – government and health and social services are moving online faster than in other European country. In previous centuries, governments built impressive physical buildings to provide their services. Infrastructures were built using bricks and mortar; there were security guards and locked filing cabinets. ‘However, to get more things moving online, we need a new, interconnected digital infrastructure. It should be easy for every citizen to use and at the same time, accessible to businesses, which play different roles in the new, emerging ecosystem,’ said Sobocinski.
He added that the Estonian government is investing heavily in artificial intelligence, which means access to data, but the privacy of citizens must also be protected. Moreover, the whole infrastructure should be secure and reliable. We do not want to end up in a situation where ransomware breaks the system and the Estonian government is forced to transfer millions of euros in bitcoins to hackers who are located in other countries thousands of kilometres away.
According to him, it is a huge amount of engineering, but we cannot leave it all to engineers. The process also needs to be guided by the principles of IT and this is where reliable software can provide solutions.
Things are getting smarter online
Many of you will have heard of the Internet of Things, or IoT, which helps us save energy in smart homes, better manage manufacturing, create autonomous vehicles, and monitor people’s health. According to Alar Kuusik, Head of the Centre of Excellence for the Smart Internet of Things at the University of Technology and senior research fellow at the Thomas Johann Seebeck Department of Electronics, there will be more than 20 billion networked IoT devices in the world in the coming years, which will have a huge impact on human society as a whole.
‘Smart devices are getting increasingly smarter: before, IoT devices used to collect data that was processed remotely in server farms, but now, IoT devices can process data locally, making systems more reliable, faster, and energy-efficient,’ says Kuusik. He also gives an example: ‘At the centre, we are making the environmental monitoring sensors of the smart city smarter. This means that data will only be transmitted upon the detection of dangerously polluted air or excessive noise levels.’ This way, less energy is spent on data transmission and the need for rare materials is reduced. Such smart, yet affordable and easy-to-install sensors can also predict impending failures in industrial equipment, thus reducing maintenance and repair costs for machinery.
In addition, the Centre of Excellence for the Smart Internet of Things will provide solutions for self-driving vehicles using 5G mobile technology. ‘Mobile base stations are becoming intelligent nodes that not only exchange data but also process it, e.g. video signals that allow collective management decisions to be made quickly. Processing the data on site is also important for coordinating the movement of drones and it allows creating mobile base stations using drones,’ explained the senior researcher.
Cybersecurity is important for devices connected to the internet, both for industrial solutions and for devices for the general public. While industry is all about ensuring reliability, smartphones connected to the internet can be used to carry out dangerous attacks. The Centre of Excellence for the Smart Internet of Things analyses data traffic on devices to help detect and prevent attacks locally using machine learning.
Under the coordination of Tallinn University of Technology, the pan-European innovation project 5G-TIMBER is being implemented, piloting the use of intelligent mobile base stations for image recognition, employee safety, and augmented reality in the timber industry. The project will focus on the environmental and social sustainability of industrial production in Europe, with a focus on the timber and construction sectors, the latter of which emits 36 per cent of greenhouse gases in Europe. The aim is to increase the recycling of wood-based materials by 50 per cent and to raise the efficiency of the production of modular wooden houses by 15 per cent. In the long term, 5G-TIMBER will contribute to meeting the growing demand for climate-friendly products and materials and extend the life cycle of wood-based materials to 100+ years to reduce waste and greenhouse gases.