IOTA is now part of the ENSURESEC consortium. What is this? And why, especially these days, is this important?
Let’s start by analyzing the current situation.
During the last few months of pandemic crisis and lockdown, which forced over a third of the worldwide population to limited movement and to stay home, one thing appeared clear. With most of the non-essential shops closed to the public and the essential ones (i.e. groceries) not being able to satisfy the online demand and distribution of goods, it became clear how much we rely on but also how much we all depend on the right operation of e-commerce.
This was even more visible in countries such as Italy, Spain, France, and the UK where almost 95% of the population movements have been limited in the months from March until May. As confirmation of that, in the sole UK, online retail sales jumped by 32.7% year-on-year in May, the highest increase since March 2008. At the same time, e-commerce giants like Amazon have seen a raise in 32% in the number of products shipped in this same quarter of 2020. Last year the observed increase was only 10%. While such surge in demand will not necessarily lead to more profit (due to the additional costs generated by the required new warehouse handling and delivery procedures), it is clear how more investments into the e-commerce infrastructure are needed, not only to satisfy the demand but also to protect against new cyberattacks.
It is known that hackers target businesses from which they can gain more when their attacks are successful. And e-commerce, especially these days, constitutes a very promising target.
This trend is not even set to stop after the pandemic situation, if one observes that in this new normal,with the population relying more and more on e-commerce, new business opportunities are also emerging. Just consider how non e-commerce businesses such as Xiaomi just launched in India an e-commerce service to enable customers stuck at home to buy the brand products from their local retailers. A growing trend that will hit even more traditional high-street retailers, if we consider that 19% of UK car buyers recently declared that they would purchase a car sooner if there was an online option available. All of this adds up more opportunities but also more risks to an already complex ecosystem if this becomes the target of more cyberattacks.
On the other end, despite the e-commerce growth, and the need for it, most of the customers still remain skeptical of its use, due to the lack of confidence in its security. It is then clear how important it is to further develop and maintain a secure e-commerce infrastructure and distribution chain that spans beyond the boundaries of a country.
In Europe, the European Digital Single Market aims to offer such infrastructure in order to promote the fair growth of all small businesses and distributors across the European market.
Contributing to the security of this infrastructure from cyberattacks is indeed the main aim of the ENSURESEC project.
So, what is ENSURESEC?
ENSURESEC is a collaborative Innovation Action project awarded by the European Commission to a consortium of 22 different partners, including the IOTA Foundation.
Like other EU funded projects, including +CityXchange and Dig_it (IOTA is already part of), IF worked to the development of the project concept back in August 2019. In January 2020 the ENSURESEC consortium was awarded with funding, winning the competition against other consortia participating in the same call for project ideas. The project finally kicked off earlier this month, with a remote virtual meeting. A new normal in these months of restricted cross-border traveling.
Over a period of two years, ENSURESEC will leverage an EU budget of 7.7 Millions, covering 83% of the total estimated project cost of 9.3 Millions, to target End-to-end Security of the Digital Single Market’s E-commerce and Delivery Service Ecosystem. The project is coordinated by INOV Research Center in Portugal, while CEA (Centre for L’energie Atomique) in France will act as Technical Manager.
IOTA Foundation is the only Distributed Ledger Technology provider and will work together with a number of other partners, including Universities and Research Organizations, Small and Medium Enterprises (SMEs) with “boutique” expertise in cybersecurity and large enterprises, composed of system integrators (i.e., ATOS and Engineering) maintaining the e-commerce infrastructure and banks offering the required payments network.
A number of external stakeholders, including Walmart, will also be involved through the project expert Advisory Board who will steer in identifying the current risks of e-commerce and, in the future, promote adoption of the ENSURESEC developed solutions.
On a technical level, ENSURESEC develops a platform of security tools as a service able to integrate with the existing complex infrastructure of the companies which are part of the e-commerce ecosystem and to protect them against possible physical and cyber-physical attacks.
The ENSURESEC concept is based on prevention-by-design (combining security-by-design and privacy-by-design) followed by a circular “monitoring — assessing risk — detecting incidents — mitigating risks ”approach to ensure through-life e-commerce protection.
At design-time, ENSURESEC will provide prevention tools that will leverage machine learning and formal methods techniques to automatically verify that the design of an e-commerce service is secure against critical known threats.
For the real-time scenario, ENSURESEC will develop inductive and deductive tools, leveraging machine learning, to classify, predict, detect, and respond to attacks.
Physical assets and physical-infrastructure are the ones most exposed to harmful cyber attacks in the e-commerce service chain. To protect them and to collect the required monitoring information useful for prevention and incident analysis, a secure and trusted monitoring infrastructure is required.
So what is the role of IOTA?
IOTA Foundation will leverage a public budget of 450K EUR to provide the technology (the IOTA Tangle) and the expertise to build such an immutable decentralized audit trail infrastructure. IF will develop a number of interfaces to IOTA Streams that will make it easier to generate and share the log information required from different systems and assets. ENSURESEC will leverage the IOTA Identities to guarantee the authenticity of information and of the connected physical assets and stakeholders. Off-tangle components connecting to the IOTA Tangle for the search of data and their verification will also be developed.
In a complex scenario like the one of e-commerce with multiple stakeholders and assets interacting at the same time, the need of a trusted and neutral infrastructure is paramount, especially in order to provide a forensics incident analysis, when prevention is not enough. Nevertheless, if it has to help against cybersecurity attacks, this infrastructure cannot in any way be hackable.
IOTA has therefore been selected as a reference distributed ledger for it.
The Tangle is cybersecure. The permissionless nature makes it harder to aggregate enough node power required to control the ledger state. Differently from permissioned solutions, the Tangle does not relax security toward nodes onboarding. The use of Proof-of-Work as spam protection makes it difficult to perform Denial of Service attacks, thus guaranteeing 24/7 infrastructure availability, and allows to guard against possible ledger forging attacks by third parties. IOTA transactions signature is quantum-secure and protected against brute force tampering attacks.
Moreover, the Tangle scalability (in particular post-Coordicide) and feeless structure allow it to support the volume of transactions expected in the e-commerce service ecosystem. The lightweight integration and Internet of Things readiness allow to directly integrate different physical assets, thus moving the trust on generated data at the edge of the infrastructure. The permissionless nature of IOTA network can easily adapt to an ecosystem of parties that can grow without limit and without the need to agree on pre-formed consortia for the provisioning of such e-commerce asset monitoring infrastructure.
ENSURESEC technology will be deployed and tested in a number of different real-world e-commerce scenarios and under possible (cyber-)physical attack threats. In particular, the benefit of using IOTA, combined with G4S security tools, will be tested in the supply chain of TOFAR Market, a pharmacy e-commerce operator, operated by logistic providers Milsped Group and Relational Romania. The system will deal with the prevention and response of attacks based on the stolen information about goods location.
However more scenarios and attack vectors will be analyzed during the project course and additional ways to leverage IOTA will be explored. In particular to prevent cyberattacks threatening consumers' data, with increased risks for e-commerce retailers, in particular SMEs, the use of IOTA Identities will be explored. Decentralized identities can guarantee increased data security and control while providing a better user experience.
The IOTA Foundation is very proud to be part of the ENSURESEC project and consortium, and excited to be able to learn from these real-world technology deployments and to derive lessons learned on how to deploy a secure DLT infrastructure, with proper security governance across multiple stakeholders, and best practices for endpoints security of the different integrated systems.
In our mission to help foster positive and innovative use of the IOTA technology, the IOTA Foundation hopes to continue being involved in similar collaborative initiatives.
Meanwhile, to learn more about the progress of the ENSURESEC project, continue to follow us on the IOTA blog. We will share the updates on the project and the technical solutions we will develop as it progresses.