{"id":10809,"date":"2021-05-07T14:50:28","date_gmt":"2021-05-07T12:50:28","guid":{"rendered":"https:\/\/www.telecom-sudparis.eu\/en\/?p=10809"},"modified":"2023-07-03T00:54:06","modified_gmt":"2023-07-02T22:54:06","slug":"variot-the-cybersecurity-of-connected-objects","status":"publish","type":"post","link":"https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/","title":{"rendered":"VARIoT, the cybersecurity of connected objects"},"content":{"rendered":"
<\/div>
\n
\n
\n
<\/div>\n
\n <\/div>\n
\n
\n\n

\n\t VARIoT, the cybersecurity of connected objects <\/h1>\n \n\t <\/header>\n
\n

T\u00e9l\u00e9com SudParis<\/h2>
\"the<\/div><\/section> <\/div>\n
\n

The development of the Internet of Things (IoT) raises the crucial question of the security of connected objects, which are particularly vulnerable to attacks. T\u00e9l\u00e9com SudParis is involved in the research and development of cybersecurity technologies and is particularly interested in IoT security through the European collaborative research project <\/strong>VARIoT<\/strong><\/a> (Vulnerability and Attack Repository for IoT).<\/strong>\u00a0 Here's a look at an ambitious and promising project.<\/strong><\/p>\n

The creation of the project<\/h2>\n

The VARIoT project was set up by Gr\u00e9gory Blanc,<\/strong> a teacher-researcher at T\u00e9l\u00e9com SudParis, lecturer in cybersecurity and networks, coordinator of the third-year specialization in systems and network security<\/a>, and head of European and national projects.<\/p>\n

After completing his engineering school internship in a research laboratory in Japan, Gr\u00e9gory Blanc continued his studies with a thesis in the field of cybersecurity. \u201cThe topic was related to client-side scripting, the objective being to protect the browser against attacks that can be organized via malware-infected websites,\u201d<\/em> says Gr\u00e9gory Blanc.<\/p>\n

Back in France, the young researcher obtained a postdoc at T\u00e9l\u00e9com SudParis, with Professor Herv\u00e9 Debar.<\/strong> In 2012, the opportunity arose to participate in a European project in collaboration with Japan. This first project paved the way for collaborations such as the VARIoT project.<\/strong> Initiated by a European call for projects from the Innovation and Networks Executive Agency<\/a> (INEA), this project, which began in 2019 and ends in 2022, involves five European partners on the IT security of connected objects.<\/p>\n

Why should we be concerned about the security of connected objects?<\/h2>\n

Being mass-produced and having a short time-to-market, connected objects are subject to failures in terms of computer security<\/a>. Since their resources are limited, once the operating system and various applications are installed, they have little memory left for security software.\u00a0Security often has to be outsourced, which results in a notorious vulnerability of these objects to attacks.<\/strong><\/p>\n

\u201cFor objects connected to the Internet via a wireless connection, updates can be vulnerable to interception (or Man-in-the-Middle attacks) when integrity and authenticity guarantees are lacking: when requests and responses are not encrypted, the attacker can modify their content, especially if the object does not verify the identity of the update server,\u201d <\/em>explains Gregory Blanc.<\/p>\n

\"\"<\/a>\u201cAnother very common vulnerability is the administration web portal, like the Telnet service, used as an administration interface by many objects.<\/strong>\u00a0You can connect to it using the administration credentials, which are often left as the default (e.g. admin\/admin). Mirai is known to exploit this vulnerability.<\/em><\/p>\n

The attacks work by scanning the Internet for objects responding on the Telnet port that have weak authentication, i.e. with no or insufficiently protective passwords. It is then possible to take control of the objects and install new programs or generate requests on other entities on the Internet in order to create, for example, distributed denial of service attacks (saturation of communication capacities),\u201d<\/em> says Gr\u00e9gory Blanc.<\/p>\n

The basis of the project<\/h2>\n

The purpose of VARIoT is to make all the data in the world on the vulnerabilities of connected objects and the attacks that target them available via a set of European web portals. Implementation of the web portal is supported by Carnot T\u00e9l\u00e9com & Soci\u00e9t\u00e9 num\u00e9rique<\/a>. The consortium set up to support the project is made up of T\u00e9l\u00e9com SudParis, the Polish research institute NASK, the Dutch Shadowserver<\/a> foundation, the Computer Incident Response Center<\/a>\u00a0 in Luxembourg and Mondragon University<\/a> (Spain).<\/p>\n

 <\/p>\n

T\u00e9l\u00e9com SudParis brings its expertise in intrusion detection.<\/strong> \u201cOur approach is to observe communication on the networks and try to determine whether the messages are issued by legitimate or malicious entities,\u201d <\/em>says Gr\u00e9gory Blanc.\u00a0In the VARIoT project, a number of objects have been deployed in realistic conditions, interacting with humans to generate real traffic.\u00a0This legitimate network profile is integrated into machine learning algorithms, so that an anomaly can be identified as soon as it appears.<\/strong>\u00a0This prevents connected objects that have been infected from sending messages outside the network where they are located. Signatures of previously infected objects will also be collected to provide network behavior profiles of malware. This task is being carried out by Mondragon University, which has proposed a platform to reproduce the infection of an object and capture the network traffic, once this compromised object generates messages.<\/p>\n

A collaborative network<\/h2>\n

\"\"<\/a>
\u00a9 European Data Portal\/Facebook<\/figcaption><\/figure><\/p>\n

T\u00e9l\u00e9com SudParis also shares its data and IoT traffic models on the web portal (variot.telecom-sudparis.eu<\/a>).<\/p>\n

Shadowserver scans the entire Internet regularly to identify threats and share them with its network of partners.<\/strong>\u00a0Since the beginning of the VARIoT project, Shadowserver has been scanning connected objects to identify them and study their security levels. Aggregation of data and constitution of a database is managed by NASK.<\/p>\n

A threat analysis on IoT objects is coordinated by Smile<\/em><\/strong>, an entity working under the CERT (Computer Emergency Response Team<\/a>) in Luxembourg, who have proposed to use an information exchange platform (MISP) between CERTs on a global level, and to share cybersecurity data sources of connected objects across Europe on the European Data Portal<\/a>.<\/p>\n

The benefits<\/h2>\n

The project has a very concrete focus on improving IoT cybersecurity.\u00a0\u00a0By providing more detailed knowledge of vulnerabilities and threats to connected objects, it will enable the development of tools capable of anticipating and preventing the occurrence of threats.<\/strong><\/p>\n

Moreover, since network data on connected objects is rare and difficult to obtain (due to the protection of privacy and personal data), generating this data will provide visibility and enable the evaluation of intrusion detection tools developed at T\u00e9l\u00e9com SudParis.<\/p>\n

The contacts that are being established with Yokohama National University<\/a>\u00a0for collaboration on these topics illustrate the broad interest in this work.<\/p>\n <\/div>\n <\/article>\n\n <\/main>\n <\/div>\n <\/div>\n\t<\/div><\/div><\/div>

<\/div><\/div><\/div>
<\/div>

Contact Carnot TSN<\/h3>\n
\n\t

\"\"<\/a>Olivier Martinot<\/a><\/p>\n

Director of Innovation and Corporate Relations<\/p>\n

Telecom SudParis\u00a0<\/strong><\/p>\n<\/div>\n<\/div><\/div><\/div><\/div>

<\/div><\/div><\/div>
\n
\n
\n \n
\n <\/span>\n <\/header>\n
\n

Doctoral thesis: \u00ab Deep Learning for Internet of Things (IoT) Network Security \u00bb<\/h3>\n <\/div>\n\n <\/a>\n <\/div>\n
\n \n
\n <\/span>\n <\/header>\n
\n

Cybersecurity<\/h3>\n <\/div>\n\n <\/a>\n <\/div>\n
\n \n
\n <\/span>\n <\/header>\n
\n

Doctoral thesis: \u00ab Machine Learning based localization in 5G \u00bb<\/h3>\n <\/div>\n\n <\/a>\n <\/div>\n <\/div>\n <\/div>\n\t <\/div><\/div><\/div><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"

The development of the Internet of Things (IoT) raises the crucial question of the cybersecurity of connected objects, which are particularly vulnerable to attacks. Telecom SudParis is involved in the research and development of cybersecurity technologies and is particularly interested in IoT security through the European collaborative research project VARIoT (Vulnerability and Attack Repository for IoT)<\/p>\n","protected":false},"author":22,"featured_media":10824,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,8],"tags":[],"class_list":["post-10809","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-about-us","category-research"],"yoast_head":"\nVARIoT, the cybersecurity of connected objects<\/title>\n<meta name=\"description\" content=\"The development of the Internet of Things (IoT) raises the crucial question of the cybersecurity of connected objects, which are particularly vulnerable to attacks. Telecom SudParis is involved in the research and development of cybersecurity technologies and is particularly interested in IoT security through the European collaborative research project VARIoT (Vulnerability and Attack Repository for IoT)\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"VARIoT, the cybersecurity of connected objects\" \/>\n<meta property=\"og:description\" content=\"The development of the Internet of Things (IoT) raises the crucial question of the cybersecurity of connected objects, which are particularly vulnerable to attacks. Telecom SudParis is involved in the research and development of cybersecurity technologies and is particularly interested in IoT security through the European collaborative research project VARIoT (Vulnerability and Attack Repository for IoT)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/\" \/>\n<meta property=\"og:site_name\" content=\"TELECOM SudParis\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-07T12:50:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-02T22:54:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.telecom-sudparis.eu\/en\/wp-content\/uploads\/sites\/3\/2021\/05\/variot-logo-400x400px.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"David Keita Martinez\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"David Keita Martinez\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/\",\"url\":\"https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/\",\"name\":\"VARIoT, the cybersecurity of connected objects\",\"isPartOf\":{\"@id\":\"https:\/\/www.telecom-sudparis.eu\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.telecom-sudparis.eu\/en\/wp-content\/uploads\/sites\/3\/2021\/05\/variot-logo-400x400px.jpg\",\"datePublished\":\"2021-05-07T12:50:28+00:00\",\"dateModified\":\"2023-07-02T22:54:06+00:00\",\"author\":{\"@id\":\"https:\/\/www.telecom-sudparis.eu\/en\/#\/schema\/person\/72e1edb43f4fa718d1da5f94c5568852\"},\"description\":\"The development of the Internet of Things (IoT) raises the crucial question of the cybersecurity of connected objects, which are particularly vulnerable to attacks. Telecom SudParis is involved in the research and development of cybersecurity technologies and is particularly interested in IoT security through the European collaborative research project VARIoT (Vulnerability and Attack Repository for IoT)\",\"breadcrumb\":{\"@id\":\"https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/#primaryimage\",\"url\":\"https:\/\/www.telecom-sudparis.eu\/en\/wp-content\/uploads\/sites\/3\/2021\/05\/variot-logo-400x400px.jpg\",\"contentUrl\":\"https:\/\/www.telecom-sudparis.eu\/en\/wp-content\/uploads\/sites\/3\/2021\/05\/variot-logo-400x400px.jpg\",\"width\":400,\"height\":400,\"caption\":\"the cybersecurity of connected objects\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.telecom-sudparis.eu\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"VARIoT, the cybersecurity of connected objects\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.telecom-sudparis.eu\/en\/#website\",\"url\":\"https:\/\/www.telecom-sudparis.eu\/en\/\",\"name\":\"TELECOM SudParis\",\"description\":\"Mastering the digital society\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.telecom-sudparis.eu\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.telecom-sudparis.eu\/en\/#\/schema\/person\/72e1edb43f4fa718d1da5f94c5568852\",\"name\":\"David Keita Martinez\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.telecom-sudparis.eu\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/fd4bf1762cf28ab8d4f015fa0ea78ec1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/fd4bf1762cf28ab8d4f015fa0ea78ec1?s=96&d=mm&r=g\",\"caption\":\"David Keita Martinez\"},\"url\":\"https:\/\/www.telecom-sudparis.eu\/en\/author\/davidk\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"VARIoT, the cybersecurity of connected objects","description":"The development of the Internet of Things (IoT) raises the crucial question of the cybersecurity of connected objects, which are particularly vulnerable to attacks. Telecom SudParis is involved in the research and development of cybersecurity technologies and is particularly interested in IoT security through the European collaborative research project VARIoT (Vulnerability and Attack Repository for IoT)","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/","og_locale":"en_GB","og_type":"article","og_title":"VARIoT, the cybersecurity of connected objects","og_description":"The development of the Internet of Things (IoT) raises the crucial question of the cybersecurity of connected objects, which are particularly vulnerable to attacks. Telecom SudParis is involved in the research and development of cybersecurity technologies and is particularly interested in IoT security through the European collaborative research project VARIoT (Vulnerability and Attack Repository for IoT)","og_url":"https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/","og_site_name":"TELECOM SudParis","article_published_time":"2021-05-07T12:50:28+00:00","article_modified_time":"2023-07-02T22:54:06+00:00","og_image":[{"width":400,"height":400,"url":"https:\/\/www.telecom-sudparis.eu\/en\/wp-content\/uploads\/sites\/3\/2021\/05\/variot-logo-400x400px.jpg","type":"image\/jpeg"}],"author":"David Keita Martinez","twitter_card":"summary_large_image","twitter_misc":{"Written by":"David Keita Martinez"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/","url":"https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/","name":"VARIoT, the cybersecurity of connected objects","isPartOf":{"@id":"https:\/\/www.telecom-sudparis.eu\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/#primaryimage"},"image":{"@id":"https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/#primaryimage"},"thumbnailUrl":"https:\/\/www.telecom-sudparis.eu\/en\/wp-content\/uploads\/sites\/3\/2021\/05\/variot-logo-400x400px.jpg","datePublished":"2021-05-07T12:50:28+00:00","dateModified":"2023-07-02T22:54:06+00:00","author":{"@id":"https:\/\/www.telecom-sudparis.eu\/en\/#\/schema\/person\/72e1edb43f4fa718d1da5f94c5568852"},"description":"The development of the Internet of Things (IoT) raises the crucial question of the cybersecurity of connected objects, which are particularly vulnerable to attacks. Telecom SudParis is involved in the research and development of cybersecurity technologies and is particularly interested in IoT security through the European collaborative research project VARIoT (Vulnerability and Attack Repository for IoT)","breadcrumb":{"@id":"https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/#primaryimage","url":"https:\/\/www.telecom-sudparis.eu\/en\/wp-content\/uploads\/sites\/3\/2021\/05\/variot-logo-400x400px.jpg","contentUrl":"https:\/\/www.telecom-sudparis.eu\/en\/wp-content\/uploads\/sites\/3\/2021\/05\/variot-logo-400x400px.jpg","width":400,"height":400,"caption":"the cybersecurity of connected objects"},{"@type":"BreadcrumbList","@id":"https:\/\/www.telecom-sudparis.eu\/en\/about-us\/variot-the-cybersecurity-of-connected-objects\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.telecom-sudparis.eu\/en\/"},{"@type":"ListItem","position":2,"name":"VARIoT, the cybersecurity of connected objects"}]},{"@type":"WebSite","@id":"https:\/\/www.telecom-sudparis.eu\/en\/#website","url":"https:\/\/www.telecom-sudparis.eu\/en\/","name":"TELECOM SudParis","description":"Mastering the digital society","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.telecom-sudparis.eu\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.telecom-sudparis.eu\/en\/#\/schema\/person\/72e1edb43f4fa718d1da5f94c5568852","name":"David Keita Martinez","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.telecom-sudparis.eu\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/fd4bf1762cf28ab8d4f015fa0ea78ec1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fd4bf1762cf28ab8d4f015fa0ea78ec1?s=96&d=mm&r=g","caption":"David Keita Martinez"},"url":"https:\/\/www.telecom-sudparis.eu\/en\/author\/davidk\/"}]}},"acf":[],"_links":{"self":[{"href":"https:\/\/www.telecom-sudparis.eu\/en\/wp-json\/wp\/v2\/posts\/10809"}],"collection":[{"href":"https:\/\/www.telecom-sudparis.eu\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.telecom-sudparis.eu\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.telecom-sudparis.eu\/en\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/www.telecom-sudparis.eu\/en\/wp-json\/wp\/v2\/comments?post=10809"}],"version-history":[{"count":4,"href":"https:\/\/www.telecom-sudparis.eu\/en\/wp-json\/wp\/v2\/posts\/10809\/revisions"}],"predecessor-version":[{"id":12243,"href":"https:\/\/www.telecom-sudparis.eu\/en\/wp-json\/wp\/v2\/posts\/10809\/revisions\/12243"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.telecom-sudparis.eu\/en\/wp-json\/wp\/v2\/media\/10824"}],"wp:attachment":[{"href":"https:\/\/www.telecom-sudparis.eu\/en\/wp-json\/wp\/v2\/media?parent=10809"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.telecom-sudparis.eu\/en\/wp-json\/wp\/v2\/categories?post=10809"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.telecom-sudparis.eu\/en\/wp-json\/wp\/v2\/tags?post=10809"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}