overview and accomplishment of the h2020 iot security ......world (iot) data streams in a secure and...
TRANSCRIPT
Overview and Accomplishment of the H2020 IoT
Security/Privacy Cluster Projects
John Soldatos, Athens Information Technology
E-Mail: [email protected]
Twitter: @jsoldatos
ETSI, IoT Week, Nice, France, 22.10.2018All the presented projects have received funding from the
European Union’s Horizon 2020 research and innovation
programme
H2020 IoT Security & Privacy Cluster Projects
Brain-IoT
ENACT
CHARIOT
IoTCrawler
SecureIoT
SemIoTics
SerIoT
SOFIE
Eight (8) EC Funded Projects
Successful in the H2020 IoT-03-2017 Call for Proposals “R&I on IoT integration and platforms”
Timeframe: 01/01/2018-31/12/2020 (36 months)
Focal Area: Solutions for Federation, Interoperability, Security and Privacy
Total Budget ~ 37.000.000 EUR (IoT-03-2017 Call Budget)
Common Innovation Drivers & Motivation
"Third Generation" of IoT Systems
• From Distributed Sensing & Massive IoT/Cloud Systems to Smart Objects with (Semi)Autonomous Behavior
• From Passive Data Analytics to Field Actuation and Cyber-Physical Systems (CPS)
IoT Platforms Interoperability (incl. Security Interoperability)
• Cross-Platform Interoperability Scenarios (e.g., Supply Chain Management)
Alignment to On-Going Evolution and Regulatory Compliance
• Artificial Intelligence, Distributed Ledger Technologies (DLT)
• GDPR into force as of May 2018
Foundation for Dynamic Massively Scalable & Autonomous IoT Systems
• Supporting Industry 4.0
• Leveraging AI and Blockchain Technologies
Brain-IoT: Model-Based Framework for Dependable Sensing & Actuation in
Intelligent Decentralized IoT Systems
Objectives, Scope, Validation
• Interoperability & Dynamic Platforms Federations (Shared Semantic Models linked dynamically to IoT devices)
• Smart Cooperative Behavioursbased on AI features
• Dynamic AAA
• Embedded Privacy & Privacy Control
• Dynamic Commissioning & Reconfiguration (edge/cloud deployment & balancing)
• Validation Settings: Robotics, Critical Water Infrastructures, H2020 LSP Projects (Smart Cities, Healthcare, Wearables..)
www.brain-iot.eu
ENACT: Development, Operation, and Quality Assurance of Trustworthy
Smart IoT Systems
Objectives, Scope, Validation
• Enablers for continuous development and operation of trustworthy IoT systems
• Risk-driven and agile development and delivery
• Continuous evolution to keep the smart IoT system trustworthy despite internal threats
• Address security, privacy, safety, resilience, and reliability.
• Deal with software updates, new security strategies, new user profiles, policies changes.
• Validation: Rail, Healthcare, Smart Building
CODE
BUILD TEST
RELEASE &
DEPLOY
OPERATE
Risk-DrivenDesign Planning
Language to specifyDevices behavior
& security behavior
Automated deploymentof Smart IoT systems
and security mechanisms
Simulation and Test environment for
Smart IoT applications.
Simulate and test security mechanisms.
Security, robustness and context monitoring
and root-cause analysis
Dynamic adaptationin open contexts
& actuation conflicts
handling
Secure and context-aware orchestration
of sensors, actuators
and software services.
Actuation conflict
identification
https://www.enact-project.eu
CHARIOT: Cognitive Heterogeneous Architecture for Industrial IoT
www.chariotproject.eu
Objectives, Scope, Validation
• Methodological Framework for the Design and Operation of Safety Critical Systems (safety as cross-cutting concern)
• Open Cognitive IoT Architecture and Platform for safety critical systems and IoT systems interaction in a secure manner
• Runtime IoT Privacy, Security and Safety Supervision Engine (IPSE)
• Privacy Engine based on PKI and Blockchain technologies
• Firmware Security integrity checking
• IoT Safety Supervision Engine (ISSE)
• Analytics Prediction and Dashboard
• Validation: Trenitalia (Italy) & Athens International Airport (Greece), IBM Campus (Ireland)
IoTCrawler: Search Engine for the Internet of Things
Objectives, Scope, Validation
• Search engines that support crawling, discovery and integration of IoT data.
• Adaptive and dynamic solutions for resource ranking and selection.
• Distributed crawling and indexing mechanisms to enable near real-time discovery and search of massive real world (IoT) data streams in a secure and privacy- and trust-aware framework.
• Enablers for security-, privacy and trust-aware discovery and access to IoT resources in constrained IoT environments
• New applications and services that rely on ad-hoc and dynamic data/service query and access.
• Validation: Smart City, Social IoT, Smart Energy, Industry 4.0
https://iotcrawler.eu/
Sec
urity
, Priv
acy
& Tr
ust
IoT Resources: sensors and actuators
Use cases
Machine initiated semantic search
IoT discovery
Context management
Monitoring & fault recovery
Multi-criteria ranking
Adaptive indexing
Edgebroker
Edgebroker
Edgebroker
Cloud
broker
Distributed
IoT framework
Dynamiccrawling
Sea
rch
Dat
a an
alys
is
API
Smart city Social IoTSmart energy
Industry 4.0
SecureIoT: Predictive Security for IoT Platforms and Networks of
Smart Objects
Objectives, Scope, Validation
• End-to-End Security Monitoring for Predictive (AI-based Security)
• Security Interoperability across IoT Platforms
• Cross-Platform & Cross-Vertical
• Validation: Socially Assistive Robots, Smart Manufacturing, Connected Car & Self-Driving
https://secureiot.eu/
IoT Systems (Platforms &
Devices)
FieldNetwork
FieldDevice
Edge
Cloud
App Intelligent(Context-
Aware)Data
Collection
Actuation & Automation
Open APIs
IoT Security Template Extraction (Analytics)
Template Execution
Engine(e.g., Rule
Engine)
Global Storage(Cloud)
SecureIoT Database + Assets
Registry
IoT Security Templates Database
Templates
ContextualizationEngine
IoT Security Knowledge Base
Security Policy Enforcement Point
Risk Assessment
Compliance Auditing
Developers’ Support
Developers’ Support
WP4
Open APIs
WP5
WP3
SemIoTics: Smart End-to-end Massive IoT Interoperability,
Connectivity and Security
Objectives, Scope, Validation
• Patterns for security, privacy, dependability and interoperability
• Semantic interoperability mechanisms
• Dynamically and self-adaptable monitoring
• Embedded intelligence and adaptation
• Programmable networking with SDN/NFV
• SEMIoTICS open architecture prototype
• Promote the adoption of EU technology offerings internationally
• Validation: Wind Energy, Healthcare, Smart Sensing
https://www.semiotics-project.eu/
IoT/IIoT Gateway
IIoT
Edge instance
SDN/NFV based industrial networks
SDN
Controller 1
SDN
switch
SDN
switch
SDN
switch
Sensor /
Actuator
SDN
Controller N
Industrial Private Cloud
Fie
ldN
etw
ork
Ba
ck
en
d/C
lou
d
IIoT Applications
Logical ViewDeployment View
IIoT
Backend instance
Cloud App1 Cloud AppN
Public Cloud
Cloud App1 Cloud AppN
En
d-t
o-e
nd
Se
cu
rity
Mec
ha
nis
ms
Sensor /
Actuator
Sensor /
Actuator
IIoT Enhanced SDN &
NFV Networks
IIoT Application & Smart Object Management
Discovery andSemantic
Interoperability
Monitoring
Management and
Analytics
Control
and
Adaptation
Learning
and
Evolution
Smart Objects Manager
IoT Platforms
Local. IIoT Application & Smart Object Management
Local Analytics Control and Adaptation
IIoT Components (Smart Objects)
Semi-autonomous IoT devices
IoT/IIoT Gateway
Sensors Actuators
Open IoT Plarforms
(FIWARE)
Domain Specific IoT
Platforms (e.g. MindSphere)
IIoTSPDI Patterns
ThingsEvents
SerIoT: Secure & Safe Internet of Things
Objectives, Scope, Validation
• Design a Cognitive Packet Network that interconnects distributed IoT subsystems based on SDN technology
• Use “Smart Packets” (SP) to search for secure multi-hop routes having good quality of service & energy efficiency.
• Use Random Neural Networks for routing decisions and overall network performance improvements – “Security Aware” routing
• Validation: ITS & Smart Cities, Surveillance, Flexible Manufacturing, Food Chain
https://seriot-project.eu
Objectives & Scope
• Secure open federation to enable interoperability between existing IoT platforms
• Utilizes multiple distributed ledger technologies (DLTs) in parallel
• Creation of IoT business platforms Enables open data markets
Validation
• Energy - Electrical vehicle charging, allows optimizing electricity generation and grid load
• Energy - laboratory pilot with smart meter data
• Food chain - from field to fork, precise tracking of the whole agricultural supply chain
• Mixed-reality mobile gaming, allows gamers to interact with real-world
IoT Network
Stored Data
Abstraction
Services/API
Fed
erat
ion
A
dap
ter
IoT Network
Stored Data
Abstraction
Services/API
Fed
erat
ion
A
dap
ter
Existing “closed” IoT Platforms
IoT Network
Stored Data
Abstraction
Services/API
Fed
erat
ion
A
dap
ter Federation
Adapter
Existing “open” IoT Platforms (e.g. FIWARE)
Inter-ledger transactions Layer
GuardtimeKSI
EthereumHyper-Ledger
Fabric
. . .SemanticRepresentation
SecureActuation
SOFIE Federation Framework
LegacyIoT Application
SOFIEIoT Application
HybridIoT Application
. . .
HybridIoT Application
SOFIE Component Existing DLT Existing IoT Platform
SOFIE: Secure Open Federation for Internet Everywhere
https://www.sofie-iot.eu/
Cross Cutting Activities & Joint Results
Joint Standardization Efforts
• Specify/Standardize Common Tools for risk assessment and threat analysis
• Explore existing standards in lifecycle management for security and trust
Knowledge & Experience Sharing
• Blockchain & DLT Deployment, Operation and Use
• Joint “Thematic” workshops on Blockchain
IoT Platforms Interoperability and Integration
• Emphasis on Data-Driven Security Monitoring
• Streamlining with other EU Efforts (e.g., IoT-EPI)
Joint Dissemination and Policy Contributions
• Common workshops and conferences – Joint participation in exhibitions
• Collaborative contributions to policies (e.g., GDPR compliance, inputs to ECSO)
Tentative Release Roadmap & Outlook
Sep ‘18 Architectures & Use Cases Detailed
Mar ’19
Initial Platform Releases
June ’19 First Results of Joint Standardization & Dissemination Efforts
Dec ’19
Results Validated (Technical Validation) –Planning of Business Validation
Thank you