Information and Communication Technology (ICT) systems provide government, businesses, institutions, and individuals with access to the information and knowledge needed to transform Qatar into a more advanced country by 2030. To achieve this, all critical sectors in Qatar including government, healthcare, finance, water, and electricity are increasingly adopting the most modern digital applications. According to the latest edition of The Global Competitiveness Report (published in 2020 [1]), Qatar is among the top ten countries in adopting ICT. Qatar has been investing billions of US dollars in improving the country’s infrastructure to provide highly and sophisticated ICT, but with this growth Qatar becomes an attractive target for attackers and malicious activities, these attacks may lead to catastrophic results, if not dealt with promptly. Qatar is strongly committed to fight against cyberthreats, it is evident from its National Information Assurance Policy. More recently, the initiation of the cybersecurity center by Ministry of Interior in 2020 [2], and continuous endeavor towards bringing high quality cybersecurity researchers on their shores through conference and summits like World Cyber Security Summit – Qatar in July 2021 [3]. Besides investing into the cybersecurity infrastructure, Qatar is investing a lot in cybersecurity research and education as well, which is evident from recent approval of a computer security minor in computer science at Qatar university (QU) and a Master of Science in cybersecurity at Hamad Ben Khalifa University. In general, the cybersecurity consists of application layer level and network layer level security. However, with the advent of threats in hardware supply chains, an increased level of concern has risen related to hardware or physical layer level security in modern cyber-systems. The introduction of the modern internet of things (IoT) based cyber-systems and their spread of use among the large population requires more research on the hardware aspect of security. It is estimated that by 2025 there will be more than 21 billion IoT end devices [4]. At the same time the IoT security market is expected to grow at a compound annual growth rate of 27% an increase from $8.6 billion in 2019 to $58.4 billion by the end of 2027 [5], with IoT node device security alone is expected to reach a market of up to $18.6 billion by 2027 [6]. IoT node device security has become a major concern due to the absence of concrete measures of security in IoT systems especially against the threats of hardware intrinsic attacks (HIA) [Hamdan2019], [Pavithra2015], [Vujovi´c2015], [Abtahi2018]. Commercial off the shelf (COTS) devices are used in most of the IoT system. Artificial Intelligence of Things (AIoT) has been introduced recently, which combines Artificial Intelligence (AI) and IoT with the help of a technology enabler – Edge Intelligence (EI). Since EI is perceived as a secure and privacy preserving alternative to cloud computing [Wolf2019], [Rausch2019], [Xu2019], [Keshavarzi2019], [Wang2020], it is a subject of growing interest to cybersecurity researchers and professionals. However, non-conventional attacks, such as HIA, remains a major threat to EI-enabled AIoT as well.
This research project aims to develop a defense strategy for resource constrained (RC) COTS based IoT system against HIA. Qatar has been investing in thwarting the security threats to all the modern ICT systems, such as internet of things (IoT), edge intelligence, and futuristic Artificial Intelligence of Things (AIoT) with horizontally collaborated edge task offloading. To the best of PIs’ knowledge most of the Qatar’s endeavors, so far, are in the domain of application layer level security and network layer level security. However, HIA brings a bigger challenge since the cause of the attack and its triggering mechanisms are difficult to detect and yet its manifestation can be equally (if not more) catastrophic. One of the major issues in securing against HIA is that many of the IoT related devices are RC in nature, hence providing a security aware block in RC devices is considered very expensive. Therefore, such devices can be compromised easily and may turn into a hardware Trojan Horse or backdoor channel into the IoT system. In this proposal PIs are investigating such stealthy attacks, and proposing defense strategies against HIA in RC COTS based Traditional and Futuristic AIoT devices.
The proposed strategies, which are explained in work packages, will benefit current and future IoT systems deployed in Qatar. The proposed study’s following aspects make it very novel: 1. The idea of achieving HIA security using an HIA aware trusted eco-system is unique, since in this research all the data is collected from the trusted system to detect the HIA in the untrusted system, which is challenging, unique, and PIs have the expertise to achieve it. 2. The idea of data-fusion to complement with multiple dataset based multi-label multi-class Convolutional Neural Network architecture has not been explored before, PIs are in a unique place to accomplish this as they have the expertise in applying data fusion and their group has already proposed multiple dataset based multi-label multi-class CNN architecture. 3. Vulnerability of futuristic AIoT systems with horizontal collaboration at RC COTS based AIoT devices against HIA has never been studied before. PIs group have pioneered this research and have some recent publications in this domain. 4. Novel defense mechanisms will be developed against HIA in distributed deep neural network in AIoT (using horizontal collaboration at the node level). 5. An Indigenous pilot study (via a testbed setup) using AIoT scenarios in Qatari ICT industry, especially related to Ministry of Interior’s Security Systems Department (letter attached).