What was the EU project iNGENIOUS about?
Carsten Weinhold: The iNGENIOUS project was about how the next generation of the Internet of Things (IoT) can make the supply chain sector more efficient and secure. In total, 21 partners from industry and research worked together to better connect and optimize industrial robots, logistics vehicles, shipping containers and even entire ports.
All of these areas already use IoT, but a variety of individual solutions are used in the respective sectors. The iNGENIOUS project has developed an approach to bring together previously isolated IoT systems and their data flows across the supply chain. The merger enables an overall view that can be used to make the management of complex supply processes easier to plan and less prone to errors.
In the project, six use cases were selected for this purpose, on the basis of which the new technologies were developed and tested. One important component, for example, was the further development of 5G mobile communications technology for industrial applications, such as the central control and monitoring of robots in factories or the remote control of vehicles in logistics centers. Furthermore, the use of artificial intelligence methods was researched, among other things to optimize container handling in ports. Through this stronger networking, completely new application scenarios become possible, such as the continuous monitoring of containers and their contents over the entire transport route, both on land and on the high seas.
What position did the BI take in the project and what were the concrete tasks?
Carsten Weinhold: The EU funded iNGENIOUS with a total of eight million euros distributed among the 21 project partners. With so many partners, coordination is of course necessary at the organizational level. But everyone also has to pull together at the technical level. For this purpose, there is the role of the “Technical Manager”, which was taken over by the BI in the iNGENIOUS project. As Technical Manager, we were responsible for the overall technical coordination as well as the quality control for all technical project reports. For example, we had to ensure that the respective reports remained easy to read despite a large number of author:s and that they complemented each other optimally in terms of content.
The second role of BI in the project was that of “task leader” in the development of an overall IoT architecture for the supply chain of the future. This architecture defines how existing and new technology building blocks need to be designed and assembled. To do this, we worked with all partners in the project and documented the results so that everyone would have a common understanding of the project’s technical framework. Most of the innovations that iNGENIOUS has produced require the interaction of multiple technical components from different partners, each working at very different levels. One example is the continuous monitoring of containers on the high seas. This involved integrating novel sensors, a new IoT gateway for satellite communications and cloud services for data management.
And what did BI contribute technically to the project?
Carsten Weinhold: In the project, we focused on the computer systems that are built into IoT devices. To this end, we contributed the MÂł computing platform, which is designed to be as secure as possible by default. MÂł consists of new computer hardware on the one hand and the operating system that runs on it on the other. What is special about MÂł is that the hardware and software are designed together and are closely coordinated.
What is special about MÂł’s hardware?
Sebastian Haas: Unlike current computer platforms, MÂł is based on a so-called “tile” architecture. Here, components such as processors and interfaces are physically separated from the outset (security-by-design). In this way, the effects of hardware errors in the components or malware running on the processors can be minimized. In addition to the isolation of the “tiles”, communication modules (TCU, Trusted Communication Unit) developed by us form the security basis of the computer hardware. One such TCU is provided at each “tile” to control communication and other data access within the computer.
As part of iNGENIOUS, we have built a hardware prototype using an FPGA (Field-Programmable Gate Array) for this computer architecture, which has so far only been simulated. This allows us to connect our MÂł computing platform to IoT sensors from project partners, for example, in order to vividly demonstrate project-specific use cases.
Are there also special features in the software?
Nils Asmussen: The software side of MÂł forms a microkernel-based operating system, which takes advantage of the special properties of the hardware and in particular the TCU. For example, applications run on different tiles for security reasons and can communicate with each other using the TCU. However, they first need explicit permission from the operating system.
In the course of the project, this basic concept was made practicable. This is because although one application per tile is desirable for security reasons, in practice there are often not enough tiles for all applications. For this reason, we extended the hardware and software side of MÂł to be able to run multiple applications on one tile if needed. This was a challenge because we did not want to lose the strong isolation between tiles, which would have been the case with classical approaches. Furthermore, we added to the MÂł platform the ability to communicate with the outside world via networks and other interfaces, which is mandatory for IoT devices.
So the BI also worked on IoT communication?
Carsten Weinhold: Yes, another research question was about the security of communication in the Internet of Things. In iNGENIOUS, we worked closely on this with a project partner who is developing intelligent sensors for monitoring railroad cars. These sensors check the axles of the wagons for potential defects and automatically report them to a control center. These damage reports are very important for the safety of rail operations. If they are suppressed, repairs are not carried out and accidents can occur. If, instead, damage is reported that is not even present, operations will be unnecessarily disrupted. Therefore, it must be ensured that the sensors actually communicate with the correct control center. It must also be ensured that the correct software, i.e. software that has not been tampered with, is running both on the sensors and at the rail operator.
With “Remote Attestation”, a technology already exists to automatically check software in IoT devices and in cloud servers for tampering. However, using this technology in practice is difficult. To make it easier to use, we have integrated the Remote Attestation technology into the widely used industry standard TLS (Transport Layer Security), which is also used in the IoT environment. The corresponding IoT systems can now be additionally secured by Remote Attestation with our TLS extension.
How will the project results be used further?
Carsten Weinhold: With the improvement of the MÂł system and our work around Remote Attestation, we have two building blocks that can be used to make the Internet of Things more flexible and secure in the future. In principle, these building blocks are also useful for many other networked systems, for example for the network operator technology of future mobile communications generations. It is also conceivable that they could be used in the field of medical technology, where more and, above all, more secure networking could improve efficiency and quality in healthcare. As BI, we believe that more security in computing and communications systems can improve trustworthiness in all these sectors.
– – – – –
Further links
👉 www.barkhauseninstitut.org
Photo: Barkhausen Institut