Trusting farm data

In the agricultural sector, there's individual farmers and corporate farmers, and there's all sorts of different tools that are in use. And sometimes the tools they're using might have vulnerabilities in them that the farmers might be unaware of, which could hurt or stop their farming enterprise and operations.

We know that farmers are gathering data from various sources, some of it might be some sensors, temperature or humidity or soil moisture. Some of it might be from external sources like forecasting from Bureau of Meteorology. The questions farmers need to ask are:

• How much can you trust the data you're getting? And how do you know it's trustworthy?
• How do you know that the data that you're getting represents what it actually is in the real world?
• How do you know if you're getting data supposedly from a sensor that it is actually from that sensor or that the inputs are legitimate? It's not someone injecting information into your system?

If you've got the wrong data, and the decisions you make are based on that, it won't be right for the environment. So just those sorts of problems; they seem simple, but they're challenging.

We hope we can give them some ways to know whether they can trust the data or what level of trust they can have in the data. And with really small devices, that's a bit challenging too, because they don't have a lot of power or memory for performing computation.

Another issue that we are facing is that a lot of cyber-security measures that we use for assurance use cryptographic algorithms that take a significant amount memory and power to function well. So, then we want to know what level of assurance do you need? What types of algorithms can be used to provide some assurance that don't consume a lot of power? We need to understand that the IoT devices use power for their primary functions, not just for security.

Ultimately, we are looking at data trustworthiness. We will be looking to the vCISO as a dashboard to display information, but also there's an opportunity for it to go the other way too. If we're receiving information and we can't verify whether that's from a legitimate sensor or not, maybe that's a place for vCISO to connect as well.

This could involve things like enrolling components into a system, so we know these are legitimate devices. If we're getting messages from something else, then they're not legitimate: we should be ignoring that data if we don’t know where it is coming from. So that’s the space where we see those two things (vCISO and AgTrust Framework) working together.

Data collected from IoT systems is used to inform critical farming decisions. The quality and trustworthiness of data used in these decision processes have a direct impact on farming processes and their outcomes. Malicious actors may have impact on particular farms, or more broadly on the regional economy by targeting data quality. This project has 4 objectives:

• Ensuring that the data source is authentic, and the data produced complies with quality requirements.
• Ensuring that data is not eavesdropped, modified, injected, or deleted in transit, including on its way to cloud systems.
• Ensuring that data is not leaked, modified, or deleted from storage locations.
• Ensuring that data is not leaked when processed risking privacy and confidentiality

Key project outcomes

• Identifying the various security requirements, operating constraints, and building-blocks for the AgTrust Framework.
• Trustworthy data sources, Trustworthy cloud data, Trustworthy data communications, and Data quality assessment.
• Agtrust framework with randomness service and key management service.
• Case study Implementation and security tools (proof of concept).
• Integration and tests of AgTrust Framework.

Drs

• Mir Ali Rezazadeh Baee
• Chadni Islam
• Luke Kane
• Vicky Liu
• Yinhao Jiang (Charles Sturt University)
• Aufeef Chuahan (Adelaide University)

Contributing industry partners were Dr Warren Armstrong (QLabs) and Dr Praveen Guaravaram (TCS).