IoT sensor data authenticity and protection

How can an end user trust data from a sensor bought off the shelf after the data has passed through a multiple of different communication channels, data migrations and data caches and storages to the customers systems? Solving this while still fulfilling regulatory requirements on GDPR and right to be forgotten makes this a very interesting problem, with multiple security and usability facects, with possibilities to learn practical design of IoT systems with provable, security traits. The main focus of the assignment is to explore the state of art in cryptography, signatures and verification systems to choose and suggest a possible architecture.

The assignment may involve:

• Literature study of state of the art techniques for handling and optionally processing encrypted data while simultaneously providing cryptographic proof that the data are authentic
• Requirements engineering to ensure user friendly, scalable and secure solutions. This will involve among other things threat and risk modelling, energy minimization, usability assessment both for end users and developers working on the system
• Plan a cryptography system from sensor to end consumer via scalable cloud solution fulfilling the requirements

The candidate will be given access to Disruptive Technologies current protocol stack, cloud infrastructure and experienced supervisors. The SDS protocol uses elliptic key cryptography and is optimized for ultra low power devices.

The assignment is well suited for continuation into a Master Project.

Feel free to make direct contact with the Disruptive Technologies external supervisor under it this sounds interesting.

Supervisor: Sigve Tjora, Disruptive Technologies, sigve@disruptive-technologies.com