Overview and Accomplishment of the H2020 IoT

Security/Privacy Cluster Projects

John Soldatos, Athens Information Technology

E-Mail: jsol@ait.gr

Twitter: @jsoldatos

ETSI, IoT Week, Nice, France, 22.10.2018All the presented projects have received funding from the

European Union’s Horizon 2020 research and innovation

programme

H2020 IoT Security & Privacy Cluster Projects

Brain-IoT

ENACT

CHARIOT

IoTCrawler

SecureIoT

SemIoTics

SerIoT

SOFIE

Eight (8) EC Funded Projects

Successful in the H2020 IoT-03-2017 Call for Proposals “R&I on IoT integration and platforms”

Timeframe: 01/01/2018-31/12/2020 (36 months)

Focal Area: Solutions for Federation, Interoperability, Security and Privacy

Total Budget ~ 37.000.000 EUR (IoT-03-2017 Call Budget)

Common Innovation Drivers & Motivation

"Third Generation" of IoT Systems

• From Distributed Sensing & Massive IoT/Cloud Systems to Smart Objects with (Semi)Autonomous Behavior

• From Passive Data Analytics to Field Actuation and Cyber-Physical Systems (CPS)

IoT Platforms Interoperability (incl. Security Interoperability)

• Cross-Platform Interoperability Scenarios (e.g., Supply Chain Management)

Alignment to On-Going Evolution and Regulatory Compliance

• Artificial Intelligence, Distributed Ledger Technologies (DLT)

• GDPR into force as of May 2018

Foundation for Dynamic Massively Scalable & Autonomous IoT Systems

• Supporting Industry 4.0

• Leveraging AI and Blockchain Technologies

Brain-IoT: Model-Based Framework for Dependable Sensing & Actuation in

Intelligent Decentralized IoT Systems

Objectives, Scope, Validation

• Interoperability & Dynamic Platforms Federations (Shared Semantic Models linked dynamically to IoT devices)

• Smart Cooperative Behavioursbased on AI features

• Dynamic AAA

• Embedded Privacy & Privacy Control

• Dynamic Commissioning & Reconfiguration (edge/cloud deployment & balancing)

• Validation Settings: Robotics, Critical Water Infrastructures, H2020 LSP Projects (Smart Cities, Healthcare, Wearables..)

www.brain-iot.eu

ENACT: Development, Operation, and Quality Assurance of Trustworthy

Smart IoT Systems

Objectives, Scope, Validation

• Enablers for continuous development and operation of trustworthy IoT systems

• Risk-driven and agile development and delivery

• Continuous evolution to keep the smart IoT system trustworthy despite internal threats

• Address security, privacy, safety, resilience, and reliability.

• Deal with software updates, new security strategies, new user profiles, policies changes.

• Validation: Rail, Healthcare, Smart Building

CODE

BUILD TEST

RELEASE &

DEPLOY

OPERATE

Risk-DrivenDesign Planning

Language to specifyDevices behavior

& security behavior

Automated deploymentof Smart IoT systems

and security mechanisms

Simulation and Test environment for

Smart IoT applications.

Simulate and test security mechanisms.

Security, robustness and context monitoring

and root-cause analysis

Dynamic adaptationin open contexts

& actuation conflicts

handling

Secure and context-aware orchestration

of sensors, actuators

and software services.

Actuation conflict

identification

https://www.enact-project.eu

CHARIOT: Cognitive Heterogeneous Architecture for Industrial IoT

www.chariotproject.eu

Objectives, Scope, Validation

• Methodological Framework for the Design and Operation of Safety Critical Systems (safety as cross-cutting concern)

• Open Cognitive IoT Architecture and Platform for safety critical systems and IoT systems interaction in a secure manner

• Runtime IoT Privacy, Security and Safety Supervision Engine (IPSE)

• Privacy Engine based on PKI and Blockchain technologies

• Firmware Security integrity checking

• IoT Safety Supervision Engine (ISSE)

• Analytics Prediction and Dashboard

• Validation: Trenitalia (Italy) & Athens International Airport (Greece), IBM Campus (Ireland)

IoTCrawler: Search Engine for the Internet of Things

Objectives, Scope, Validation

• Search engines that support crawling, discovery and integration of IoT data.

• Adaptive and dynamic solutions for resource ranking and selection.

• Distributed crawling and indexing mechanisms to enable near real-time discovery and search of massive real world (IoT) data streams in a secure and privacy- and trust-aware framework.

• Enablers for security-, privacy and trust-aware discovery and access to IoT resources in constrained IoT environments

• New applications and services that rely on ad-hoc and dynamic data/service query and access.

• Validation: Smart City, Social IoT, Smart Energy, Industry 4.0

https://iotcrawler.eu/

Sec

urity

, Priv

acy

& Tr

ust

IoT Resources: sensors and actuators

Use cases

Machine initiated semantic search

IoT discovery

Context management

Monitoring & fault recovery

Multi-criteria ranking

Adaptive indexing

Edgebroker

Edgebroker

Edgebroker

Cloud

broker

Distributed

IoT framework

Dynamiccrawling

Sea

rch

Dat

a an

alys

is

API

Smart city Social IoTSmart energy

Industry 4.0

SecureIoT: Predictive Security for IoT Platforms and Networks of

Smart Objects

Objectives, Scope, Validation

• End-to-End Security Monitoring for Predictive (AI-based Security)

• Security Interoperability across IoT Platforms

• Cross-Platform & Cross-Vertical

• Validation: Socially Assistive Robots, Smart Manufacturing, Connected Car & Self-Driving

https://secureiot.eu/

IoT Systems (Platforms &

Devices)

FieldNetwork

FieldDevice

Edge

Cloud

App Intelligent(Context-

Aware)Data

Collection

Actuation & Automation

Open APIs

IoT Security Template Extraction (Analytics)

Template Execution

Engine(e.g., Rule

Engine)

Global Storage(Cloud)

SecureIoT Database + Assets

Registry

IoT Security Templates Database

Templates

ContextualizationEngine

IoT Security Knowledge Base

Security Policy Enforcement Point

Risk Assessment

Compliance Auditing

Developers’ Support

Developers’ Support

WP4

Open APIs

WP5

WP3

SemIoTics: Smart End-to-end Massive IoT Interoperability,

Connectivity and Security

Objectives, Scope, Validation

• Patterns for security, privacy, dependability and interoperability

• Semantic interoperability mechanisms

• Dynamically and self-adaptable monitoring

• Embedded intelligence and adaptation

• Programmable networking with SDN/NFV

• SEMIoTICS open architecture prototype

• Promote the adoption of EU technology offerings internationally

• Validation: Wind Energy, Healthcare, Smart Sensing

https://www.semiotics-project.eu/

IoT/IIoT Gateway

IIoT

Edge instance

SDN/NFV based industrial networks

SDN

Controller 1

SDN

switch

SDN

switch

SDN

switch

Sensor /

Actuator

SDN

Controller N

Industrial Private Cloud

Fie

ldN

etw

ork

Ba

ck

en

d/C

lou

d

IIoT Applications

Logical ViewDeployment View

IIoT

Backend instance

Cloud App1 Cloud AppN

Public Cloud

Cloud App1 Cloud AppN

En

d-t

o-e

nd

Se

cu

rity

Mec

ha

nis

ms

Sensor /

Actuator

Sensor /

Actuator

IIoT Enhanced SDN &

NFV Networks

IIoT Application & Smart Object Management

Discovery andSemantic

Interoperability

Monitoring

Management and

Analytics

Control

and

Adaptation

Learning

and

Evolution

Smart Objects Manager

IoT Platforms

Local. IIoT Application & Smart Object Management

Local Analytics Control and Adaptation

IIoT Components (Smart Objects)

Semi-autonomous IoT devices

IoT/IIoT Gateway

Sensors Actuators

Open IoT Plarforms

(FIWARE)

Domain Specific IoT

Platforms (e.g. MindSphere)

IIoTSPDI Patterns

ThingsEvents

SerIoT: Secure & Safe Internet of Things

Objectives, Scope, Validation

• Design a Cognitive Packet Network that interconnects distributed IoT subsystems based on SDN technology

• Use “Smart Packets” (SP) to search for secure multi-hop routes having good quality of service & energy efficiency.

• Use Random Neural Networks for routing decisions and overall network performance improvements – “Security Aware” routing

• Validation: ITS & Smart Cities, Surveillance, Flexible Manufacturing, Food Chain

https://seriot-project.eu

Objectives & Scope

• Secure open federation to enable interoperability between existing IoT platforms

• Utilizes multiple distributed ledger technologies (DLTs) in parallel

• Creation of IoT business platforms Enables open data markets

Validation

• Energy - Electrical vehicle charging, allows optimizing electricity generation and grid load

• Energy - laboratory pilot with smart meter data

• Food chain - from field to fork, precise tracking of the whole agricultural supply chain

• Mixed-reality mobile gaming, allows gamers to interact with real-world

IoT Network

Stored Data

Abstraction

Services/API

Fed

erat

ion

A

dap

ter

IoT Network

Stored Data

Abstraction

Services/API

Fed

erat

ion

A

dap

ter

Existing “closed” IoT Platforms

IoT Network

Stored Data

Abstraction

Services/API

Fed

erat

ion

A

dap

ter Federation

Adapter

Existing “open” IoT Platforms (e.g. FIWARE)

Inter-ledger transactions Layer

GuardtimeKSI

EthereumHyper-Ledger

Fabric

. . .SemanticRepresentation

SecureActuation

SOFIE Federation Framework

LegacyIoT Application

SOFIEIoT Application

HybridIoT Application

. . .

HybridIoT Application

SOFIE Component Existing DLT Existing IoT Platform

SOFIE: Secure Open Federation for Internet Everywhere

https://www.sofie-iot.eu/

Cross Cutting Activities & Joint Results

Joint Standardization Efforts

• Specify/Standardize Common Tools for risk assessment and threat analysis

• Explore existing standards in lifecycle management for security and trust

Knowledge & Experience Sharing

• Blockchain & DLT Deployment, Operation and Use

• Joint “Thematic” workshops on Blockchain

IoT Platforms Interoperability and Integration

• Emphasis on Data-Driven Security Monitoring

• Streamlining with other EU Efforts (e.g., IoT-EPI)

Joint Dissemination and Policy Contributions

• Common workshops and conferences – Joint participation in exhibitions

• Collaborative contributions to policies (e.g., GDPR compliance, inputs to ECSO)

Tentative Release Roadmap & Outlook

Sep ‘18 Architectures & Use Cases Detailed

Mar ’19

Initial Platform Releases

June ’19 First Results of Joint Standardization & Dissemination Efforts

Dec ’19

Results Validated (Technical Validation) –Planning of Business Validation

Thank you