Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Horizon 2020 IoT Project Sofie Secure Open Federation of Internet Everywhere and relevant research - AUEB

390 views

Published on

Presentation from hub:raum IoT Academy Athens - November 23rd 2017

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Horizon 2020 IoT Project Sofie Secure Open Federation of Internet Everywhere and relevant research - AUEB

  1. 1. Horizon  2020  IoT Project  SOFIE: Secure  Open  Federation  of  Internet  Everywhere   and  relevant  research George C. Polyzos Mobile  Multimedia  Laboratory Department  of  Informatics School  of  Information  Sciences  and  Technology Athens  University  of  Economics  and  Business Athens,  Greece polyzos@aueb.gr, https://mm.aueb.gr/ Tel.: +30 210 8203 650, Fax: +30 210 8203 325
  2. 2. Outline ● Introduction ◆ Ubiquitous  Computing  &  the  Internet  of  Things ● IoT  Challenges ◆ Interoperability,  Sustainability,  Trust  Model,  Security,  and  Privacy ● The  role  of  Blockchains ● SOFIE:  Secure  Open  Federation  for  Internet  Everywhere ◆ Motivation  and  Rationale ◆ Use-­cases  and  Trials ◆ 4th Generation  Platforms ● Our  other  IoT  research  projects ◆ INTER-­IoT/ACHILLES ◆ FIESTA ◆ POINT ■ ICN ● Conclusion  and  Outlook ● Blockchain-­assisted  Information  Distribution polyzos@aueb.gr 2
  3. 3. Internet  of  Things  (IoT):  Vision  &  Status ● Blurred  boundaries  between  the  cyber  and  physical  worlds! ◆ 2010:  #  Internet  connected  devices  >  Earth’s  population ◆ “Connected  devices”  now  include  everyday  home  appliances ■ refrigerators,  scales,  TVs,  … ■ continuously  decreasing  manufacturing  cost  of  sensors  and  actuators ■ new  protocols  for  autonomous  M2M  communication ● Fragmentation  &  lack  of  security  are  the  main  issues  today ● Most  IoT:  Vertically  oriented,  closed  systems ◆ Silos! polyzos@aueb.gr 3
  4. 4. IoT  Challenges ● Interoperability ● Sustainability ● Trust  Model ● Security ● Privacy polyzos@aueb.gr 4
  5. 5. The  Interoperability  Challenge ● well  over  300  different  Internet  of  Things  (IoT)  platforms ● several  dozens  …  standards ● different  basic  IoT  communication  protocols  will  co-­exist ◆ Constrained  Application  Protocol  (CoAP) ◆ Message  Queue  Telemetry  Transport  (MQTT) ◆ HTTP ● most  of  the  deployed  IoT  systems  are  closed   ◆ largely  incapable  of  communicating  with  other  IoT  systems polyzos@aueb.gr 5
  6. 6. The  Sustainability  Challenge ● How  often  do  we  change/update… ◆ smartphone? ◆ laptop?   ◆ car? ◆ refrigerator? ◆ house  electronic  infrastructure  (security  system)? ● Danger  of  fragmented  ecosystems ◆ composed  of  old  and  new  devices ● In  many  scenarios  Things  are  “deployed  and  forgotten” ◆ sensors  installed  during  the  construction  of  a  building ◆ bio-­signal  detection  inside  the  body  of  a  patient  or  of  a  wild  animal polyzos@aueb.gr 6
  7. 7. The  Trust  Model  Challenge ● IoT’s biggest  breakthrough/vision:   seamless,  “unattended”  interaction   between  the  cyber and  the  physical worlds ● A  new  trust  model  is  needed  to  enable  the  interaction  of   all  devices  with  little  human  intervention ● We  need  novel  mechanisms  for ◆ transactions ◆ compensation   ◆ accountability polyzos@aueb.gr 7
  8. 8. The  Security  Challenge ● Existing  security  solutions  cannot  be  directly  applied  to  Things ◆ Things  are  resource  limited ■ no  computational  power  for  complex  cryptographic  operations ◆ Things  often  (physically)  exposed  to  malicious  users. ◆ Not  always  feasible  to  (remotely)  connect  to  a  Thing ● Things  important/sensitive ◆ can  collect  sensitive  and  personal  information ◆ may  control  critical  aspects  of  our  daily  life ● Actuators,  not  only  sensors ◆ security  even  more  critical…  safety polyzos@aueb.gr 8
  9. 9. The  Privacy  Challenge ● Things  can  collect  personal  and  sensitive  information ◆ which  may  control  critical  aspects  of  our  life ◆ or  the  information  obtained  may  impact  our  life ● Information  from  the  IoT   ◆ can  have  significant  context ◆ be  highly  correlated… ● Because  of  the  pervasive  and  invisible  aspects  of  the  IoT ◆ information  may  be  collected  for  a  long  time  before  it  becomes   known  (and  its  impact  felt) polyzos@aueb.gr 9
  10. 10. Blockchains and  Smart  Contracts: part  of  the  solution… ● Blockchain:  “A  distributed  append-­only  ledger  of   transactions  maintained  by  a  number  of  (untrusted)   Miners  organized  in  a  (distributed)  network” ◆ Distributed  Ledger  Technologies  (DLTs) ● Smart  contracts ◆ Built  on  DLTs ◆ Autonomous  applications  with  pre-­defined  inputs  and  outputs …  that  can  be  executed  by  a  miner  in  a  deterministic  way ◆ Any  user  can  invoke  a  smart  contract,  the  outcome  of  which  is   recorded  as  a  transaction  in  the  blockchain polyzos@aueb.gr 10
  11. 11. Blockchains  enable  novel  security  mechanisms ● No  centralized  trusted  entity  (control) ● No  single  point  of  failure Blockchains ● Prevent  censorship ● Transparent,  Scalable  (?) ● Facilitate  accountability ● Facilitate  the  interaction  of  nodes  not  mutually  trusted polyzos@aueb.gr 11
  12. 12. Blockchains  contribute  to  system  sustainability ● resistant  against  cyber  attacks,  secure ● many  critical  operations  of  an  IoT  system  can  be   delegated  to  or  realized  with  blockchains ◆ using  smart  contracts ● end-­points  can  be  “dumb” ● inter-­ledger  technology  can  provide  long-­term   sustainability  across  DLTs polyzos@aueb.gr 12
  13. 13. Blockchains  enable  new  Trust  Models ● Blockchains  are  built  around  transactions ● The  mapping  of    blockchain’s digital  coin to  the   physical  world  is  application  specific: ◆ Real  money ◆ Domain  name ◆ Actuation ◆ Transfer  of  electricity ◆ … polyzos@aueb.gr 13
  14. 14. DLTs — Authentication  and  Access  Control ● Access  control  enforcement  can  be  delegated  to  third   parties,  the  “Access  control  Providers”  (ACP) ● The  mapping  between  a  content  item  and  the  appropriate   ACP can  be  stored  in  the  blockchain ● Messages  can  be  relayed  securely  using  blockchains ● ACP decisions  can  be  stored  in  the  blockchain →  facilitates  accountability N.  Fotiou,  T.  Kotsonis,  G.  F.  Marias,  G.C.  Polyzos,  “Access  Control  for  the  Internet  of  Things,”  Proc.  International   Workshop  on  Secure Internet  of  Things,  Heraklion,  Greece,  September  2016. polyzos@aueb.gr 14
  15. 15. DLTs — Accountability ● Record  transactions  in  the  blockchain ◆ in  order  to  be  valid  and  actionable ● The  blockchain makes  sure  that  the  history  is  not  deleted ◆ users  can  be  held  accountable  for  their  actions ● …  Non-­repudiation polyzos@aueb.gr 15
  16. 16. SOFIE:   Secure  Open  Federation  of  Internet  Everywhere ● Applying  Distributed  Ledger  Technology  (DLT) ◆ e.g.  blockchains ● to  securely  and  openly  federate  IoT  platforms ● with  interconnected distributed  ledgers  to ◆ build  decentralized  business  platforms   ◆ support  the  interconnection  of  diverse  IoT  systems ◆ provide  openly  accessible  metadata  about  platforms ◆ define  business  rules  on  how  to  connect  to  platforms ◆ securely  record  audit  trails  to  be  used  to  resolve  disputes polyzos@aueb.gr 16
  17. 17. SOFIE:  Overall  Concept  and  Key  Ideas polyzos@aueb.gr 17
  18. 18. SOFIE ● The  concept  will  be   prototyped  and  studied  in   an  EU  Horizon  2020  funded   project ◆ 1/1/2018  – 31/12/2020 ◆ €4.5M ● Partners ◆ Aalto  University,  Ericsson,  Rovio  (Finland) ◆ Guardtime (Estonia) ◆ AUEB,  Synelixis,  Optimum  (Greece) ◆ Eng,  Asm Terni  Spa,  Emotion  Srl (Italy) polyzos@aueb.gr 18
  19. 19. SOFIE’s Federation  Architecture IoT  Network Stored  Data Abstraction Services/API Federation   Adapter IoT  Network Stored  Data Abstraction Services/API Federation   Adapter Existing  “closed”   IoT  Platforms IoT  Network Stored  Data Abstraction Services/API Federation   Adapter Federation Adapter Existing  “open”   IoT  Platforms  (e.g.  FIWARE) Inter-­‐ledger      transactions  Layer Guardtime KSI Ethereum Hyper-­‐Ledger   Fabric .  .  .Semantic Representation Secure Actuation SOFIE  Federation  Framework Legacy IoT  Application SOFIE IoT  Application Hybrid IoT  Application .  .  . Hybrid IoT  Application SOFIE  Component Existing  DLT Existing  IoT  Platform polyzos@aueb.gr 19
  20. 20. SOFIE’s Decentralized  Management  System using  Blockchains polyzos@aueb.gr 20
  21. 21. SOFIE’s Energy  I  Pilot: Smart  Meters  (Estonia) polyzos@aueb.gr 21
  22. 22. SOFIE’s Energy  II  Pilot: Electricity  Marketplace  (Italy) polyzos@aueb.gr 22
  23. 23. SOFIE’s Food-­Chain  Pilot polyzos@aueb.gr 23
  24. 24. SOFIE’s Mixed-­Reality  Gaming  Pilot polyzos@aueb.gr 24
  25. 25. Horizon  2020   INTER-­IoT/ACHILLES:  Access  Control  and  autHenticatIon deLegation for  interoperabLE IoT  applicationS polyzos@aueb.gr 25 ØInteroperability ØAPI ØLink-­layer ØIoT  Platforms ACHILLES ØAccess  control ØAuthentication ØEncryption ØPrivacy Key  features üLightweight üBusiness  oriented üIntegratable üOpen  source CoAP
  26. 26. Horizon  2020 POINT:  IP Over  ICN -­ The  Better  IP? ● Project ◆ Running:  1/1/2015-­28/2/2018 ◆ Partners: Ø Aalto  U  (co-­ordinator),  ELL-­i (FI) Ø CTVC Ltd,  Interdigital,  U  Essex  (UK) Ø Intracom Telecom,  AUEB (GR) Ø RWTH Aachen (DE) Ø Primetel (CY) ● Concept ◆ Premise:  IP  apps  can  do  better  over  ICN ■ Need  to  define  what  “better”  means ◆ Better  utilisation  in  HTTP  streaming  scenarios ◆ Better  privacy  of  personal  data  and  metadata ◆ Better  management  of  virtual  network  paths ◆ Better  content  distribution ● IoT  Component ◆ CoAP  (over  UDP/IP  -­ NAP/ICN) ◆ CoAP  over  ICN 26 ● Focus ◆ 1  provider ◆ UE:  no  required  changes ◆ ICN used  internally  in  ISP’s  net ◆ ICN can  be  exposed  to  UE polyzos@aueb.gr
  27. 27. POINT  IoT  Demo  at  ACM  ICN 2017 CoAP  enables  novel  applications  &  paradigms Asynchronous  communication (CoAP  delayed  responses) Publish-­subscribe  (CoAP  observe) Multicast  (CoAP  group  communication) ICN natively  supports  these  paradigms but  we  cannot  assume  ICN everywhere An  ISP  deploys  ICN specialized  Network  Attachment  Points  (NAPs)  translate   legacy  protocols  into  ICN messages polyzos@aueb.gr 27 ICN enabling  CoAP  Extensions  for  IP  based  IoT  devices ACM  ICN 2017  Best  Demo  Award
  28. 28. Conclusions ● Blockchains will  be  critical  enablers  for  the  IoT ◆ they  will  enable   ■ unattended  operation  – the  heart  of  the  IoT through ■ automatic  contract  enforcement ■ trust  between  devices  with  unplanned  interactions ■ decentralized  payments ● Major  challenges  remain ◆ performance  issues ◆ real-­world  events  not  directly  verifiable  for  smart  contracts ◆ sustainability  &  business  issues ◆ blockchains record  transactions  “in  the  open” ■ privacy  issues ❍ some  data  can  be  recorded  encrypted – what? – how  to  pass  on  keys  to  unplanned  future  parties? ■ … polyzos@aueb.gr 28
  29. 29. Identification  and  Trust  Management N.  Fotiou  and  G.C.  Polyzos,  “Decentralized  name-­based  security  for  content  distribution  using  blockchains,”   Proc.  IEEE  INFOCOM  Workshops,  San  Francisco,  CA,  April  2016. polyzos@aueb.gr 29
  30. 30. Blockchain-­assisted  Information  Distribution polyzos@aueb.gr 30 ● The  getaway  can  sign  information  on  behalf  of  the  thing ◆ and  perhaps  store  it  in  the  blockchain ● The  corresponding  public  key  can  also  be  on  the  blockchain
  31. 31. Provenance  Verification  &  Information  Tracking polyzos@aueb.gr 31
  32. 32. Provenance  Verification  &  Information  Tracking Smart  contract: -­ input:  authorized  user  identities -­ output:  payment  receipt polyzos@aueb.gr 32
  33. 33. Thank  you! George C. Polyzos Mobile  Multimedia  Laboratory Department  of  Informatics School  of  Information  Sciences  and  Technology Athens  University  of  Economics  and  Business Athens,  Greece http://mm.aueb.gr/ polyzos@aueb.gr
  34. 34. Workshop  on Decentralized  IoT  Security ● Network  and  Distributed  System   Security  Symposium ◆ San  Diego,  CA,  USA ◆ February  18-­21,  2018 https://www.ndss-­symposium.org/ ● Workshop:  18/02/2018 ● Abstract:  01/12/2017 ● Paper:   08/12/2017 http://www.ndss-­symposium.org/ndss2018/cfp-­ndss2018-­diss/ ● Organizers ■ Carsten  Bormann,  Universität Bremen ■ Dirk  Kutscher,  Huawei  German  Research  Center ■ Michael  McCool,  Intel ■ Pekka Nikander,  Aalto  University ■ George  C.  Polyzos,  AUEB ■ Thomas  C.  Schmidt,  Hamburg  U.  of  A.Sc. ■ Matthias  Wählisch,  Freie Universität Berlin ● Enabling  secure  interoperability  across  IoT   ecosystems ◆ Applying  blockchains and  Distributed  Ledger   Technology  to  IoT  infrastructure ◆ Security  and  availability  in  multi-­tiered  IoT  edge   networks  (“fog  computing”) ◆ Peer-­to-­Peer  security  and  privacy  (P2P)  in  IoT ◆ Decentralized  trust  and  rights  management,   including  access  control ◆ Decentralized  authentication  and  access   management  at  the  IoT  edge ● Security  and  privacy  in  ongoing  IoT   standardisation work ● Other  topics ◆ Security  and  privacy  trade-­offs  related  to  IoT   scalability  and  decentralization ◆ Secure  Service  provisioning  and  migration  in  IoT ◆ Sensor  and  Actuator  Key  Management  and  other   Security  Protocols ◆ Smart  Contracts  for  IoT,  including  formal   verification  of  smart  contracts ◆ Usable  security  for  decentralized  IoT polyzos@aueb.gr 34
  35. 35. Selected  Publications ● Nikos  Fotiou et  al.,  “ICN enabling  CoAP  Extensions  for  IP  based  IoT  devices,”  Proc.  ACM  ICN,  Berlin,   Germany,  September  2017  (Best  Demo  Award).   ● G.C.  Polyzos  &  N.  Fotiou,  “Blockchain-­assisted  Information  Distribution  for  the  Internet  of  Things,”   Proc. Workshop  on  Information  Integration  in  Cyber  Physical  Systems  w/  IEEE  International  Conference   on  Information  Reuse  and  Integration,  San  Diego,  CA,  USA,  August 2017. ● N.  Fotiou,  et  al.,  “Edge-­ICN and  its  application  to  the  Internet  of  Things,”  Proc.  Workshop  on   Information-­Centric  Fog  Computing  w/  IFIP TC6  Networking  Conference,  Stockholm,  Sweden,  June  2017. ● N.  Fotiou &  G.C.  Polyzos,  “Decentralized  Name-­based  Security  for  Content  Distribution  using   Blockchains,”  Proc.  IEEE  INFOCOM Workshops,  San  Francisco,  CA,  USA,  April  2016. ● G.C.  Polyzos  &  N.  Fotiou,  “Building  a  Reliable  Internet  of  Things  using  Information-­Centric   Networking,”  Journal  of  Reliable  Intelligent  Environments,  Springer,  vol.  1,  no.  1,  July  2015. ● N.  Fotiou &  G.C.  Polyzos,  “Enabling  NAME-­based  security  and  trust,”  Proc.  IFIP International   Conference  on  Trust  Management,  Hamburg,  Germany,  May  2015. ● N.  Fotiou,  G.F.  Marias,  G.C.  Polyzos,  “Access  Control  Enforcement  Delegation  for  Information-­ Centric  Networking  Architectures,”  ACM  SIGCOMM Computer  Communication  Review,  October    2012.   ● G.  Xylomenos et  al.,  “A  Survey  of  Information-­Centric  Networking  Research”  IEEE  Communications   Surveys  and  Tutorials,  vol.  16,  no.  2,  2014. polyzos@aueb.gr 35
  36. 36. ICN timeline polyzos@aueb.gr 36 Van  Jacobson papers/talks projects “A  Survey  of  Information-­Centric   Networking  Research,”  IEEE   Communications  Surveys  and   Tutorials,  vol.  16,  no.  2,  2014. CCN
  37. 37. polyzos@aueb.gr 37 ICN Prototype  Implementations,Testbeds,  &  Trials 1.  PSIRP Testbed (w/  Blackhawk) • 6  countries:  UK,  FI,  GR,  D,  BU,  US • In  addition:  Belgium  during  ICT  demos • Tunneled  over  the  public  Internet • +dedicated  fiber  where  available 2.  PURSUIT Testbed (w/  Blackadder) • 25  nodes • 5  countries:  UK,  FI,  GR,  D,  US • Tunneled  (VPN)  over  the  public  Internet PURSUIT PSIRP 3.  φSAT  Testbed w/  SAT  emulation • Re-­used  in  SatNEx-­4 4.  POINT  Testbed,  Trials  and  Demos IoT  Demo:  ICN 2017   best  demo  award BIO  open  trial   @  Bristol,  UK   trial   @  Cyprus
  38. 38. ● PSIRP:  Publish  Subscribe  Internet  Routing  Paradigm ◆ FP7  ICT  STREP,  2008-­2010 ■ the  basis ■ focus  on  (inter)-­networking ● PURSUIT:  Publish  Subscribe  Internet  Technologies ◆ FP7  ICT  STREP,  2010-­2013 ■ extending,  above  &  below  the  Internet  layer ■ optical,  wireless,  mobility,  transport… ● Euro-­NF:  Anticipating  the  Network  of  the  Future—From  Theory  to  Design ◆ FP7  ICT  Network  of  Excellence,  2008-­2012 ■ ASPECTS,  GOVPIMIT,  E-­key-­nets ● EIFFEL:  Evolved  Internet  Future  For  European  Leadership   ◆ FP7  ICT  SSA,  2008-­2010;;  Think-­Tank  continued ◆ June  2011  TT  @  MIT:  Information-­Centric  Networking ● φSAT:  The  Role  of  Satellites  in  Future  Internet  Services ◆ European  Space  Agency  funded ◆ 2011-­2013 ● I-­CAN:  Information-­Centric  Future  Access  Networks ◆ NSRF (Greece),  2014-­2015 ● POINT:  IP Over  ICN-­ The  better  IP ◆ H2020  ICT  STREP,  2015-­2017 polyzos@aueb.gr 38 Our  ICN-­related  Research  Projects

×