Internet of Things (IoT) Security Platform Can Improve Warfighter Resilience, Deliver Cost Savings
Created October 2019 • Updated February 2025
Internet of Things (IoT) devices can provide useful capabilities, but many have known security vulnerabilities that have been exploited by malicious actors. The SEI KalKi security platform leverages software-defined networking (SDN) and network function virtualization (NFV) to enable secure integration of IoT devices into Department of Defense (DOD) networks, even devices that are not fully trusted or configurable. Such integration can improve warfighter resilience and deliver cost savings.
IoT Devices: Great Promise, Great Security Challenges
Commercial Internet of Things (IoT) devices, aka “smart” devices, are evolving rapidly to provide new and potentially useful capabilities. The DOD recognizes the rapid pace at which the IoT marketplace is evolving, the role IoT devices play in gathering data to inform decision making, and the urgency to embrace IoT technology to match its adversaries.
The DoD currently uses IoT devices in supervisory control and data acquisition (SCADA) systems. The DoD is also interested in using such devices in edge-enabled and tactical systems.
However, the DOD has been slow to adopt IoT devices and is reluctant to use them in tactical systems and other sensitive environments because
- Supply chains are not always secure or trustworthy.
- Not all IoT device manufacturers follow secure development practices.
- Not all devices allow software updates to address security vulnerabilities.
- The dynamic nature of the current IoT device market results in inconsistent installation of security patches.
- There are very few IoT security standards that are widely implemented by IoT devices.
- Not all IoT devices can be fully trusted or configurable to meet security standards.
Furthermore, several high-profile IoT-related security incidents have occurred in recent years due to the limitations of existing network-protection systems. Current solutions, such as gateways and firewalls, can become compromised, and static firewalls are not device specific and cannot adapt to changing security states.
KalKi: A High-Assurance Software-Defined IoT Security Platform
The SEI developed the KalKi platform to address security concerns with IoT devices.
KalKi moves part of security enforcement to the network to enable the integration of IoT devices into DOD systems and networks by creating an IoT security infrastructure that is provably resilient to a collection of prescribed threats. This includes warfighter threats from devices vulnerable to compromise by adversaries, to attempts to infiltrate networks and devices. KalKi uses
- SDN and NFV to create a highly dynamic IoT security framework
- überSpark (a framework for building secure software stacks) to incrementally develop and verify security properties of elements of the software-defined IoT security infrastructure
SDN allows network configuration to be more efficient and adaptive than traditional network management. NFV allows KalKi to protect networks with greater flexibility and without the typical cost and complexity of physical network protection units.
KalKi adapts network defenses for each IoT device based on active monitoring of (1) traffic to and from each IoT device and (2) variables sensed by each device. In military theaters, being able to quickly change security measures as threats come up, allows military personnel to react to new and unexpected attacks in a secure way.
The current version of KalKi allows the DOD to take full advantage of commercial IoT devices—even IoT devices that are not fully trusted or configurable—with
- customizable security policies to meet the unique needs of each device and network
- efficient monitoring of device-specific vulnerabilities
- limited interference between security policies
- agile response to rapidly changing security needs
- With KalKi, the DOD can save time and money, and increase resilience, because it can use off-the-shelf IoT devices with confidence. This is especially important at edge bases, which often lack the resources and the time to customize IoT devices. KalKi enables quick delivery of easy-to-use standard devices that can be secured from malicious agents.
Software and Tools
KalKi Platform Main Repository
KalKi is an IoT platform for allowing untrusted IoT devices to connect to a network in a secure way, protecting both the IoT device and the network from malicious attackers.
Learn MoreLooking Ahead
Initial experiments show that the KalKi platform performs well, scales well, and remains resilient in the presence of a powerful attacker. Our next steps focus on simplifying the integration of new devices and policies, increasing performance, and reducing resource utilization with particular emphasis on
- scaling to support larger scenarios and different field experiments to advance the evolution of KalKi
- incorporating artificial-intelligence and machine-learning techniques that can more intelligently detect new attacks or vulnerabilities as well as reduce IoT device integration time by automatically generating security measures or policy definitions based on learning of normal and abnormal IoT device behaviors
- extending überSpark implementation of sensitive components as “µobjects”—low-level system constructs that are protected from other untrusted system components and that allow only authorized components to communicate with them (This effort is to strengthen components of the system that, if attacked, would compromise the full system, including the main controller that contains the state machines used to control the network defenses for each IoT device.)
We are seeking collaborators to pilot and extend this work. If interested, please contact us.
Learn More
Engineering of Edge Software Systems: A Report from the November 2022 SEI Workshop on Software Systems at the Edge
•White Paper
Based on a workshop with thought leaders in the field, this report identifies recommended areas of focus for engineering software systems at the edge.
ReadKalKi++: A Scalable and Extensible IoT Security Platform
•Conference Paper
This paper discusses KalKi++, an evolution of KalKi that improves the performance, scalability and usability of the platform by orders of magnitude.
ReadKalKi: A Software-Defined IoT Security Platform
•Conference Paper
KalKi, a software-defined IoT security platform, moves security enforcement to the network to enable safe integration of IoT devices, even if the devices are not trusted.
ReadKalKi Platform Main Repository
•Software
KalKi is an IoT platform for allowing untrusted IoT devices to connect to a network in a secure way, protecting both the IoT device and the network from malicious attackers.
Download