The FORTIKA project aims to provide SMEs with an embedded, smart and robust hardware security layer (FORTIKA accelerator) enhanced with an adaptive security service management ecosystem (FORTIKA marketplace). Security services vary from access-control to real-time data filtering. Thus, providing services exclusively from the cloud may in some use cases fail to meet latency requirements. As a solution, an appliance, based on an innovative custom tailored FPGA hardware accelerator or implemented as a virtual appliance, will be deployed in house to provide adequate resources, thus the platform for local deployment to provide the desired services and provide a high level of QoE. Using the FORTIKA Middleware appliance that operates in the fog area, latency will be minimal since services will provided in close vicinity and only preprocessed data will be sent to the cloud for further processing. Additionally, the appliance will be able to connect and orchestrate all the other systems in the network, in order to enable the delivery of a large number of time-critical security services to the edge of the network, in the premises of the end user. 

 
The proposed architecture builds around an innovative, low-cost, security by design, FPGA hardware accelerator. The FORTIKA security accelerator, installed locally at the enterprise premises, will embed and provide holistic security services tailored to the needs of the SMEs, while it will have the capability to collect and handle the data of a large number of devices or services (in several SME smart spaces: e.g. business department, shop, industrial environments). The accelerator will be connected (or in some cases may be embedded – the optimal deployment method will be investigated within the project) to the enterprise routers (one device per router) and offer unlimited expandability (by simply connecting as many accelerators as on needs in series) in terms of processing power and storage capacity, and scalability through a modular connection of two or more accelerators. Its intuitive user interface will guide the enterprise administrator to appropriately define and configure the company’s security & privacy policy, along with the level of encryption (information classification) and the corresponding data availability (privacy) within the enterprise and to 3rd parties (e.g. suppliers, partners/ collaborators, customers, other parties), covering thus, a wide range of use case scenarios. The device will possess build-in features for behavioral analysis an organizational (process) level, as well as at individual user. The system users/admins will be kept informed at any time via highly comprehensive visual analytics, while they will also be able to interfere in the functionality of the proposed solution in an effortless and user-friendly way. Furthermore, the proposed architecture will provide automated intrusion prevention and data filtering algorithms, which will be fully adaptable (real time) on the individual user profile characteristics.

The FORTIKA middleware will be easily adopted or embedded on existing networks and each user/admin will be able to choose from a number of available security services through FORTIKA trusted security marketplace. The marketplace will enable (third-party) service providers to specify security services (the required software and hardware resources needs) and sell or advertise these through a secure and easy to use interface. For a service to become available in the marketplace certain criteria – specifications should be met in terms of: usability, relevance (to SME needs), operational transparency and security effectiveness. 

From their perspective, users (i.e. SMEs) may utilize a variety of services and share profiling information with the service providers in return for tailored security services aligned with their actual needs. The FORTIKA marketplace will also function as a single point of access for the profiling information for each SME; user profiling information will be kept locally at the FORTIKA security accelerator, while homomorphic encryption will be applied so that security services are tailored to each enterprise’s individual profile/needs without sensitive profiling data being known to third-party security service providers. This way, the risk of indirect exposure of such valuable data to non-trusted third parties will be practically eliminated. Different levels of adaptation to digital ICT services will become also feasible: for instance, the introduction of variable security levels according to the position, role and/or responsibility of the individual intra-enterprise user, as well as the sensitivity and value of data handled. In this context, the FORTIKA project adopts an innovative architecture to fulfil the following purposes:

1. scrutable user-side adaptability with dynamic privacy control by exploiting a predefined (by the user) configuration 
2. re-usability of the parts of a user model across different services.