Stephan Schwichtenberg with ‘Neuropil’ cybersecurity mesh tested on Fed4Fire+

Stephan Schwichtenberg

Neuropil is an open source solution to ensure data quality, data transparency, and data sovereignty all the while reducing IT costs, maximising availability, and increasing reliability. It has been tested on the Fed4Fire+ infrastructure which ironed out some initial issues. Stephan Schwichtenberg has more.

What is Neuropil?

Neuropil works just like the fibrous network of tissue which forms the gray matter in our brain. Neuropil facilitates the networking between individual IoT cells. It is in this manner that the Neuropil layer, an open source solution, assures the stable communication between machines and applications. What makes it so unique is that the secure exchange of data between the IoT devices and applications is dynamic, decentralised, and fully automated.

What’s your ‘origin’ story?

We’re based in Cologne and started the neuropil cybersecurity mesh project in 2014 and in 2016 we decided to make it an Open Source endeavour. At that time the pre-dominant pattern for projects and enterprises was to start business first, and then add security measures (maybe) later. Out of curiosity we started to think in reverse: What if you think about security and privacy first, and then add the rest? And that’s where we are: a lot of cybersecurity and privacy first, now let’s add the business…

What problem does your project solve

The Neuropil cybersecurity mesh project solves the problem of data in transit with security and privacy by design principles. With our highly automated publish-subscribe protocol we are aiming at the IIoT market, because we think that most communication will happen between devices and machines, not humans, and that this kind of communication will have a huge impact on our privacy.

Describe the NGI Support

With the help of our NGI Zero Discovery project funding we were able to implement the discovery of data channels based on ARA algorithms on top of our DHT. The implemented gossip protocol based on zero trust principles enables is a new combination of end-2-end encrypted data transmission over a decentralised network.

We had already gained experience with the NGI through other NGI programs and came to the Fed4Fire+ because it exactly matched our requirements. We were in a beta phase beforehand and had various stress tests in front of us. Through our NGI development we were able to prove that the basic concept is feasible and that it works in practice, but we had not been able to scale-up our protocol to the desired numbers. Our goal was now to take a big step towards a production-ready release. Our vision and our concept was confirmed by the Fed4Fire testbed, and we are happy to use their distributed platform.

Tell us more about your Fed4Fire+ experiment

Fed4Fire+ provided us with the necessary testbed to scale and stabilise our product and experience real-time latencies with connections around the globe. The resources provided were instrumental in the further development of the neuropil library and without them, the successful scalability could not have happened at the speed it did. In the Fed4Fire+ open call, we used the testbed EdgeNet and conducted four experiments. First of all the mesh topology experiment, second the half-mesh experiment, next an end2end message delivery experiment and last but not least the failover experiment.

With the two first topology experiments, we were able to distribute our software to hundreds of nodes using the EdgeNet infrastructure. Through our experiments we were able to identify and fix a couple of errors which only occurred in a network with more than 500 nodes/systems and after a runtime of several hours. We were able to solve these problems and can now start and run thousands of nodes without any problems in full-mesh and half-mesh scenarios.

In the end-to-end routing and message delivery experiment we have been able to proof our new zero-trust publish-subscribe routing system which we implemented with the funding of our NGI Zero Discovery project. Our system is inspired by the ARA (“pheromone”) algorithms. We identified that our pheromone configuration is very sensitive to the number of data channels / participants which we previously did not account for. We are currently working on a way how to configure the refresh of our pheromone structures dynamically and according to the requirements of the network.

Unfortunately we were not able to perform the last failover experiment until now, but we hope to be complete the experiment until the end of the year. The preceding experiments and especially their analysis took longer than expected. But due to the experiences we gathered in the topology experiments, we expect to be able to produce satisfying results and insights from our last experiment as well.

What are your next steps?

All of our results will be merged into our GitLab Repository and will become part of our next release which  is an important milestone for our project. Several findings will need a re-factoring of certain parts of our protocol, which we would like to tackle in the first quarter of the year 2022.

Apart from the technical aspects, we see a strong community building phase in our business development activities in relation to our cybersecurity mesh. For the future, which will be characterised by both the SaaS milestone and the successful build-up of further updates and a living security product, we hope to attract more partners and companies embracing the security and privacy paradigms first. The NGI and the F4F+ community are a perfect starting point.

Check out Neuropil – secure messaging for IoT and robotics at www.neuropil.org