IOTA is now part of the ENSURESEC consortium. What is this? And why, especially these days, is this important?
Update: ENSURESEC has received funding from the European Union's Horizon 2020 research and innovation program under grant agreement No 883242.
Let’s start by analyzing the current situation.
During the last few months of pandemic crisis and lockdown, which forced over a third of the worldwide population to limit movement and stay home, one thing has become clear. With most non-essential shops closed to the public and essential ones (i.e. groceries) unable to satisfy online demand and distribution of goods, it is clear how much we depend on the successful operation of e-commerce.
This has been even more visible in countries such as Italy, Spain, France, and the UK, where almost 95% of the population's movement has been limited in the months between March and May 2020. As evidence, consider that, in the UK alone, online retail sales jumped by 32.7% year-on-year in May, the highest increase since March 2008. At the same time, e-commerce giants like Amazon have seen a rise of 32% in the number of products shipped in this same quarter of 2020. Last year, the observed increase was only 10%. While such surge in demand will not necessarily lead to more profit (due to the additional costs generated by the required new warehouse handling and delivery procedures), it is clear how much further investment into the e-commerce infrastructure is needed, not only to satisfy demand but also to protect against new cyberattacks.
It is known that hackers target businesses from which they can gain more when their attacks are successful. And e-commerce, especially during the lockdown, constitutes a very promising target.
It is clear that this trend will not stop after the pandemic, especially when one observes that in this new normal, with the population increasingly relying on e-commerce, new business opportunities are emerging. Just consider how non-e-commerce business Xiaomi has recently launched an e-commerce service in India to enable customers stuck at home to buy the brand's products from their local retailers. This is a growing trend that will hit even more traditional high-street retailers: consider that 19% of UK car buyers recently declared that they would purchase a car sooner if there was an online option available. All this adds up more opportunities but also more risks to an already complex ecosystem, should this become the target of increasingly sophisticated cyberattacks.
On the other end, despite the need for growth in e-commerce, most customers remain skeptical because of a lack of confidence in its security. It is therefore clearly important to further develop and maintain a secure e-commerce infrastructure and distribution chains that go beyond national boundaries.
In Europe, the European Digital Single Market aims to offer such infrastructure to promote the fair growth of all small businesses and distributors across the European market.
Contributing to the security of this infrastructure from cyberattacks is the main aim of the ENSURESEC project.
What is ENSURESEC?
ENSURESEC is a collaborative Innovation Action project awarded by the European Commission to a consortium of 22 different partners, including the IOTA Foundation.
As with other EU-funded projects of which the IOTA Foundation is already a member, including +CityXchange and Dig_it, the Foundation was involved in the development of the project – in this case, in August 2019. In January 2020 the ENSURESEC consortium was awarded funding, winning the competition against other consortia participating in the same call for project ideas. The project finally kicked off with a remote virtual meeting earlier this month. A new normal in these months of restricted cross-border traveling.
Over a period of two years, ENSURESEC will leverage an EU budget of 7.7 million euros, covering 83% of the total estimated project cost of 9.3 million euros, to target End-to-end Security of the Digital Single Market’s E-commerce and Delivery Service Ecosystem. The project is coordinated by INOV Research Center in Portugal, while CEA (Centre for L’energie Atomique) in France will act as Technical Manager.
The IOTA Foundation is the only distributed ledger technology provider involved in the project and will work together with several other partners, including universities and research organizations, small and medium enterprises with boutique expertise in cybersecurity, and large enterprises, composed of system integrators (i.e., ATOS and Engineering) maintaining the e-commerce infrastructure and banks offering the required payments network.
Several external stakeholders, including Walmart, will also be involved through the project's expert Advisory Board, who will steer in identifying the current risks of e-commerce and, in the future, promote the adoption of ENSURESEC-developed solutions.
On a technical level, ENSURESEC develops a platform of security tools as a service, able to integrate with the existing infrastructure of companies that are part of the e-commerce ecosystem and to protect them against possible physical and cyber-physical attacks.
The ENSURESEC concept is based on prevention-by-design (combining security-by-design and privacy-by-design) followed by a circular “monitoring — assessing risk — detecting incidents — mitigating risks” approach to ensure through-life e-commerce protection.
At design-time, ENSURESEC will provide prevention tools that will leverage machine learning and formal methods techniques to automatically verify that the design of an e-commerce service is secure against critical known threats.
For the real-time scenario, ENSURESEC will develop inductive and deductive tools, leveraging machine learning to classify, predict, detect and respond to attacks.
Physical assets and physical infrastructure are at most risk of harmful cyber attacks in the e-commerce service chain. To protect them and to collect the required monitoring information useful for prevention and incident analysis, a secure and trusted monitoring infrastructure is required.
What is the role of IOTA?
The IOTA Foundation will leverage a public budget of 450,000 euros to provide the technology (the IOTA Tangle) and the expertise to build such an immutable decentralized audit trail infrastructure. The IOTA Foundation will develop several interfaces to IOTA Streams that will make it easier to generate and share the log information required from different systems and assets. ENSURESEC will leverage IOTA Identities to guarantee the authenticity of information and of the connected physical assets and stakeholders. Off-Tangle components connecting to the IOTA Tangle for the search of data and their verification will also be developed.
In a complex scenario such as e-commerce, with multiple stakeholders and assets interacting at the same time, the need for a trusted and neutral infrastructure is paramount, especially to provide a forensics incident analysis when prevention is not enough. Nevertheless, if it has to help against cybersecurity attacks, this infrastructure cannot in any way be hackable.
IOTA has therefore been selected as its reference distributed ledger.
The IOTA Tangle is cyber-secure. Its permissionless nature makes it harder to aggregate enough node power required to control the ledger state. Different from permissioned solutions, the Tangle does not relax security toward node onboarding. The use of proof-of-work as spam protection makes it difficult to perform denial of service attacks, thus guaranteeing 24/7 infrastructure availability, and guards against possible ledger forging attacks by third parties. IOTA transaction signature is quantum-secure and protected against brute force tampering attacks.
Moreover, the Tangle's scalability (in particular post-Coordicide) and feeless structure allow it to support the volume of transactions expected in the e-commerce service ecosystem. The lightweight integration and Internet of Things readiness enable the direct integration of different physical assets, thus moving the trust on generated data at the edge of the infrastructure. The permissionless nature of the IOTA network can easily adapt to an ecosystem of parties that can grow without limit and without the need to agree on pre-formed consortia for the provisioning of such e-commerce asset monitoring infrastructure.
ENSURESEC technology will be deployed and tested in several different real-world e-commerce scenarios and under possible (cyber-)physical attack threats. In particular, the benefit of using IOTA combined with G4S security tools will be tested in the supply chain of TOFAR Market, a pharmacy e-commerce operator operated by logistic providers Milsped Group and Relational Romania. The system will deal with the prevention and response of attacks based on the stolen information about goods location.
However more scenarios and attack vectors will be analyzed during the project course and additional ways to leverage IOTA will be explored. In particular to prevent cyberattacks threatening consumers' data, with increased risks for e-commerce retailers, in particular SMEs, the use of IOTA Identities will be explored. Decentralized identities can guarantee increased data security and control while providing a better user experience.
The IOTA Foundation is proud to be part of the ENSURESEC project and consortium, and excited to be able to learn from these real-world technology deployments and to derive lessons learned on how to deploy a secure DLT infrastructure, with proper security governance across multiple stakeholders, and best practices for endpoints security of the different integrated systems.
In our mission to help foster positive and innovative use of the IOTA technology, the IOTA Foundation hopes to continue being involved in similar collaborative initiatives.
Meanwhile, to learn more about the progress of the ENSURESEC project, continue to follow us on the IOTA blog. We will share the updates on the project and the technical solutions we will develop as it progresses.