IoT developers face a very fragmented landscape made of very different devices, from bare metal devices with few KB of RAM and limited or no security protection to devices equipped with powerful support for AI and with built-in hardware (HW) to implement Root of Trust (RoT) and Trusted Execution Environments (TEE). Such different devices coexist, and it is an open challenge to guarantee an acceptable level of security across the whole system to avoid “easy” entry points for attackers. The complexity is further exacerbated by the existence of many HW platforms, general purpose but also domain specific, each implementing proprietary instances of RoT and TEE that prevent or make it very difficult for applications and security services to interoperate. CROSSCON aims at addressing all these issues by designing a new open, flexible, highly portable and vendor independent IoT security stack that can run across a variety of different edge devices and multiple HW platforms to offer a consistent security baseline across an entire IoT system. A high-level assurance is guaranteed by the formal verification of the stack specifications. CROSSCON stack offers a unified set of trusted APIs to the layers above. It is modular and among all the security features it offers is possible to configure only the ones needed depending on the underlined HW and firmware. It leverages the security features already implemented in the layers below. In case such security features are missing, like in bare metal devices, the stack offers an entire TEE implementation suitable for such devices. As devices are getting more powerful and use cases more complex, there is the need to add new trusted services as building blocks to implement security at the higher levels, such as protection of the models given in input to ML engines embedded in HW or support for biometrics and template protections. CROSSCON provides the open specifications of the stack along with an open-source reference implementation.

We will develop an Integrated Software Toolbox that will offer predictive Cybersecurity sensing, optimization and management services for the distributed IoT-to-Cloud continuum. The scope is to continuously maximizing the continuum’s infrastructure security and data privacy with minimal effect on its computing capacity, energy consumption, monetary costs, etc. that are necessary for the businesses to run. To do so, Twinning tools will be replicating the continuum as virtual (isolated) dataspaces, such that Threat Intelligence tools can stress-test the attack-surface of these dataspaces and predict optimal risk mitigation measures accurately and safely (i.e. pre-emptively protecting and without affecting the real system operation), subject to certain computing, energy, etc. thresholds set by the end-user. Scalability & Interoperability of services and data will be achieved via the use of open standards & APIs (including Eclipse Connector), while AI Automation will be embedded in all Toolbox processes. Identity & Access Management will be advanced over a zero-trust distributed computing pipeline covering all Hardware-, System-, and Application-level security. An initial Lab-testbed with matured DevSecOps & ML/Data-Ops stemming from previous EU Actions will lead our developments roadmap to 4x + 1 final TRL7 operational deployments that will be validated over 1st & 2nd Stage Demos covering use cases related to Telcos, Health 4.0, Transportation, Safety-critical Nuclear Infrastructures, and Smart Cities (cross-vertical supply-chain assessments). The impact will not only safeguard EU position in data security, economy and applications verticals, but lower energy efficiency and CO2 footprint. Sustainability & Industry acceptance will be achieved via open source ecosystems, standardization involvement, and a dedicated Portal for linking our dataspaces to EU Data Spaces (GAIA-X, IDSA, etc) and our innovations to EU Bodies related to Cybersecurity, AI, IOT and Robotics.

CoGNETs aims to revolutionize the Intelligent Infrastructure Management by introducing a scalable and interoperable distributed Middleware Framework for autonomous IoT-to-Cloud computing, sustainable during and after the project via FIWARE Foundation (Technical Manager) and supported by a strong Industrial & Academic EU-JAPAN ecosystem led by AVL (leader of Catena-X initiative between EU-JAPAN in data sovereignty for the Automotive & Manufacturing supply-chain). The idea is to leverage the IT intelligence to the point where devices can self-realize their heterogeneity and self-decide how to form dynamic IoT-to-Cloud swarm continuums for responding to common AI tasks and significant items of cognitive computing in automated, secure and energy efficient fashion. At is core our Middleware will integrate new decentralized federated multi-context Broker architecture enriched with Game-intelligent Agents, Collaborative Federated Learning and End-to-End Security mechanisms (including RISC-V hardware security & AI acceleration) to effectualize dynamic data and resource management across devices at different domains, thereby using open-source programing models and APIs to produce new orchestration, optimization, etc. routines with no vendor locking. CoGNETs will also achieve energy/CO2 neutrality and “by-design” security awareness by leveraging all its Middleware processes over unified Computing-Energy-Security optimization, thereby introducing a new logic to systemically improve Computing in joint and equal terms to Energy and Security performances that are necessary for sustaining new services and business models. Validations will be taken over 3x vertical and 1x cross-vertical Demos to support emerging Manufacturing, Mobility and Health sectors, and to examine how CoGNETs can safeguard for economic, business and societal resilience, and how it can expand Europe’s digital sovereignty, strategic autonomy and industrial supremacy in the next wave of technology evolution.