Secure Network Intelligence – better resilience for critical infrastructure

The work of the consortium was part of a recently finished European project AINET, which explored high-performance services at the edges of communication networks. The Finnish consortium focused on the intersection of critical applications, cyber security, and artificial intelligence.

In the realm of critical communications, the systems our society relies on must be scalable, available, and trustworthy. 

– When terrestrial network infrastructure is not available, emerging technologies can offer rapidly deploying connectivity and services. Our contributions strengthen the resilience of communications, essential for the society’s stability and progress, says Jani Suomalainen, Senior Scientist at VTT.

The project trialed availability communication services of public safety authorities with LEO satellite networks [10, 11] and multi-access routing. Measurement campaigns were performed with OneWeb satellite constellations to verify authorities’ broadband connectivity in northern and mobile conditions. The coverage, latency, and quality of connectivity provided by a constellation of satellites orbiting in south-north direction was good for trialed mission-critical applications [5]. Multi-access routing, on the other hand, enabled frictionless switching between different terrestrial and non-terrestrial networks. 

Rapidly deployable tactical networks, so called tactical bubbles, deploy 5G or 6G services to locations where fixed infrastructure is unavailable, e.g., due to catastrophe or rural location. Cyber security is a central challenge for this concept. It was tackled with large security analyses and security architecture, and with studies on security vulnerabilities in mission-critical IoT  and in AI-assisted, intent-based configuration of network. 

– We also developed a cyber range – an isolated 5G test network – to simulate emerging threats. Further, we explored how to extend the capabilities of tactical bubbles by federating with civilian infrastructure. With Centria, we piloted RAN sharing technologies to demonstrate how the coverage of private networks can be delegated for the public safety users, Suomalainen explains.

Intelligent solutions can facilitate scalability, security, and rapid deployment of critical functions. The consortium developed and demonstrated software automation and orchestration solutions [6] that facilitate the swift deployment of AI-based services, cybersecurity, and 5G/6G functions to cloud, to edge. Furthermore, the project improved the maintainability and scalability of public key infrastructures for IoT and MEC (Multiaccess Edge Computing), enhancing life cycle management and providing automation of identities. 

– Eficode’s new tool for automating service orchestration SERVO [8], Goodmills’ new capability to deploy virtualized  services on multi-access routers [15], and Insta’s improved PKI services [9] are examples of exploitable results of the project.

Another use case revolved around sustainable solutions, platforms, and edge intelligence for the internet of things. The consortium developed AI-based solutions that aided secure navigation of aerial and surface vessels and enabled more accurate monitoring of the environment. 

Several AI-based applications for millimeter wave radar technology were demonstrated on energy restricted devices [14]. The first one was monitoring of grease wells and measuring the height of different substances on the water surface. Another one, the precision tracking case, demonstrated the use of convolutional neural networks to identify different materials used in the radared objects. The third application demonstrated the feasibility and effectiveness of the AI and radar-based detection and warning system for boats navigating in open waters under low visibility conditions. Research focused on the implementation and optimization of AI-based algorithms. Intelligent applications must be resource-optimized and operate under restricted conditions. 

Satellite navigation is vulnerable to jamming and interference. The UAV related research focused on this challenge. AI can support UAVs by helping in control and navigation of devices and in analysis of sensed environmental data. We further developed GNSS-free visual navigation system [13] by exploring cybersecurity and data quality challenges and by trialing orchestration of AI-based services across cloud, edge, and trusted execution continuum [6]

The project studied and developed different platforms for critical services as well as solved technological challenges related to their cybersecurity. The focus was both on cloud and edge platforms as well as applications for security-critical users and IoT. Maintaining cybersecurity in these environments is complex as the requirement for security level are high, as the use of AI makes decision making opaque, and as distributed applications often rely on shared infrastructure. 

FPGA-based trusted execution environments enable energy efficient and extremely confidential low-latency services at the edge. The efficient application-optimized confidential computing on cloud infrastructure enables secure re-use of the shared cloud FPGA-farm instances. During the project Xiphera developed and demonstrated hardware acceleration of cryptographic protocols, hardware acceleration for AI vector computations, and FPGA-based trusted execution environments to execute and protect confidential AI-based applications. Protection of confidential computing engine in FPGA is isolated from the rest of the system such that even platform providers should not be able to analyze nor monitor the AI application or application data. The applications of FPGA trusted execution environment are scalable from embedded solutions to the high bandwidth computing applications. 

The project also studied and developed solutions for monitoring security posture and detecting threats on AI-applications and on edge and cloud environments. Given the increasing integration of AI in IoT devices and platforms, it is crucial to ensure robustness of AI against emerging threats [18]. 

– Hence, we studied methods for testing and increasing trustworthiness of AI-based decision making. Our approaches for increasing explainability of AI and for measuring uncertainty and novelty were released as an open-source software. [17]. We developed and tailored tools and security metrics for assuring security of tactical networks and for utilizing AI-strengthened security operation centers to detect security attacks in private 5G/6G networks [1]. WithSecure’s Cloud Security Posture Management [16] is an example of a commercial service developed during the project. It provides a comprehensive multi-perspective security threat detection and management approach, covering threat scanning, misconfiguration detection, and vulnerability assessment from the cloud perspective.

AINET-ANTILLAS was a three-year European cooperation. The project received CELTIC-NEXT innovation award in June 2024 and ended in August 2024. The Finnish consortium was coordinated by VTT and funded by Business Finland under the Digital Trust programme.

Contributors: Markus Säynevirta, Tapio Savunen (Airbus), Markus Paananen, Joni Jämsä (Centria), Gabor Kiss, Gabor Megyaszai (Eficode), Petteri Suomalainen (Goodmill), Rizwan Asif (Huld), Janne Kallio (iProtoxi), Juho Heikkinen (Insta), Kimmo Ahola (VTT), Hela Cherif, Mahmoud Mortazavi (WithSecure), Petri Jehkonen (Xiphera)

The main image of the article was created using the Adobe Firefly AI tool.

1. AINET-ANTILLAS, web-site. https://antillas.ai-net.tech/
2. Jani Suomalainen, Ijaz Ahmad, Annette Shajan, Tapio Savunen. Security for Tactical 6G Networks: Threats, Architecture, and Intelligence. Future Generation Computer Systems, 2024. https://doi.org/10.1016/j.future.2024.107500.
3. Huld. Huld to collaborate with Airbus on a mission-critical IoT cybersecurity analysis. https://huld.io/news/huld-and-airbus-collaborate-on-a-mission-critical-iot-cybersecurity-analysis/
4. Ijaz Ahmad, Jani Suomalainen, Pawani Porambage, Andrei Gurtov, Jyrki Huusko, Marko Höyhtyä. Security of Satellite-Terrestrial Communications: Challenges and Potential Solutions. IEEE Access, vol. 10, pp. 96038-96052, 2022.
5. Heli Kokkoniemi-Tarkkanen, Kimmo Ahola, Jani Suomalainen, Marko Höyhtyä, Markus Säynevirta. Mission-critical connectivity over OneWeb system in Finland: Architecture and measurements. Winter Satellite Workshop, 2024.
6. Jani Suomalainen, Kimmo Ahola, Mirko Sailio, Gabor Kiss, Gabor Megyaszai, Rizwan Asif, Petri Jehkonen, Jonathan Rivalan. Tactical Orchestration - Network, Security, and Drone Intelligence for Mission-Critical Operations. Joint European Conference on Networks and Communications & 6G Summit (EuCNC/6G Summit). p. 1061-1066, Antwerp, Belgium, 3-6- June 2024.
7. Ijaz Ahmad, Jere Malinen, Filippos Christou, Pawani Porambage, Andreas Kirstaedter, Jani Suomalainen. Security in Intent-Based Networking: Challenges and Solutions. IEEE Conference on Standards for Communications and Networking (CSCN 2023). Munich, Germany, November 6-8 2023.
8. Eficode. We’re helping the EU digitally transform Europe. https://www.eficode.com/about/project/ainet-antillas
9. Insta. Insta Certifier. https://www.insta.fi/en/cybersecurity/services/pki-solutions/insta-certifier-ca-product/
10. Airbus. Low-latency broadband LEO satellite services in Northern Finland. Press release, 2022. https://www.securelandcommunications.com/news/airbus-demonstrated-low-latency-broadband-leo-satellite-services-in-northern-finland
11. Airbus demonstrates low-latency satellite services on a moving vehicle across Norther FinlandPress release, 2024. https://www.securelandcommunications.com/news/airbus-demonstrates-low-latency-satellite-services-on-a-moving-vehicle-across-northern-finland
12. Xiphera. Hardware-based security with standardised cryptography. https://xiphera.com/
13. Huld. Huld’s Platform for GNSS-Free Visual Navigation. https://huld.io/news/hulds-platform-for-gnss-free-visual-navigation/
14. iProtoxi. iProtoxi IoT Platform — all the pieces of the puzzle. https://www.iprotoxi.fi/iprotoxi-iot-system/
15. Goodmill. Goodmill Products Ensure Uninterrupted Connectivity. https://goodmillsystems.com/products
16. WithSecure. Cloud Security Posture Management. https://www.withsecure.com/en/solutions/managed-services/cloud-security-posture-management
17. Janne Merilinna. MACAU, Github-project. https://github.com/jmerilinna/macau
18. Centria. Tom Tuunainen: Uudet teknologiat muokkaavat tietoturvakenttää. https://centriabulletin.fi/uudet-teknologiat-muokkaavat-tietoturvakenttaa/