Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Privacy and security aspects on a Smart City IoT Platform

47 views

Published on

Internet of Things paradigm enables computation and communication in tools that every day everyone uses. The vastness and heterogeneity of devices and the ways they are composed to offer innovative services and scenarios require a challenging vison in interoperability, security and in managing huge quantity of data. Many IoT frameworks and platforms propose to solve these issues, aggregating different sources of information and combine their flow of data in innovative services. Due to the potentially very sensible nature of some of this data, privacy and security aspects have to be taken into account by design and by default. An end-to-end secure solution has to permit the final users to have full control on their personal data and, on the other side, the framework has to support developers in writing applications offering the highest level of security/protection on their data flow. European Commission GDPR also added complexity to this context. In this paper, Snap4City solution to support such level of privacy and security in an IoT scenarios is presented. Snap4City has been developed in the context of Select4Cities PCP project of the European Commission.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Privacy and security aspects on a Smart City IoT Platform

  1. 1. Snap4City, IEEE ATC, Leicester, August 2019 1 Title Paolo Nesi, paolo.nesi@unifi.it https://www.snap4city.org ‐ https://www.disit.org Powered by Privacy and security aspects on a Smart City IoT Platform C. Badii, P. Bellini, A. Difino, P. Nesi DISIT Lab, Dept. of Information Engineering, University of Florence, Italy
  2. 2. Snap4City, IEEE ATC, Leicester, August 2019 2 architettura BIG DATA ANALYTICS: AI, MACHINE  LEARNING
  3. 3. Standards and Interoperability Snap4City, Antwerp, 21st August 2019 3 Compliant with: AMQP, COAP, MQTT, OneM2M, HTTP, HTTPS, Rest Call, SMTP,  TCP, UDP, NGSI, LoraWan, TheThingsNetwork, SigFOX, DATEX II, SOAP, WSDL,  Twitter, FaceBook, Telegram, SMS, OLAP, MySQL, Mongo, HBASE, SOLR, SPARQL,  EMAIL, FTP, FTPS, WebSocket, WebSocket Secure, ModBUS, OPC, RS485, WFS,  WMS, ODBC, JDBC, Elastic Search, Phoenix, XML, JSON, GeoJSON, Enfuser FMI,  Local File System, ESP32, OBD2, etc.
  4. 4. Snap4City, IEEE ATC, Leicester, August 2019 4 Sentient Solutions Dashboards with IOT Applications for enforcing data driven and  intelligence Dashboards and AppsIOT and City data World IOT Applications My IOT Devices Big Data Analytics, Artificial Intelligence
  5. 5. DISIT Lab, Distributed Data Intelligence and Technologies Distributed Systems and Internet Technologies Department of Information Engineering (DINFO) http://www.disit.dinfo.unifi.it http://www.disit.org Snap4City, IEEE ATC, Leicester, August 2019 5 User  Story
  6. 6. 6 IOT/IOE on the field Snap4City, IEEE ATC, Leicester, August 2019 6 IOE Devices IOT Edge With IOT App distributed Sensors/ Actuators Sensors/ Actuators Sensors/ Actuators Sensors/ Actuators Sensors/ Actuators Sensors/Actuators Raspberry pi ‐‐ PC: Win,  Linux IOT Directory (1) Registration (0) Sensors & Actuators Internet On Cloud IOT Brokers IOT BrokersIOT Button Mobiles (2) Discovery (1) Registration
  7. 7. DISIT Lab, Distributed Data Intelligence and Technologies Distributed Systems and Internet Technologies Department of Information Engineering (DINFO) http://www.disit.dinfo.unifi.it http://www.disit.org IOT involved entities Snap4City, IEEE ATC, Leicester, August 2019 7 Data Visualizatio n Cloud  Processor Data Injection Edge Processor Data Sources IoT Devices (sensors, actuactors) Security and Privacy Management Context Brokers IoT Broker IoT App IoT Context Brokers IoT App IoT Edge IoT Directory Registries and  storage Dashboards
  8. 8. DISIT Lab, Distributed Data Intelligence and Technologies Distributed Systems and Internet Technologies Department of Information Engineering (DINFO) http://www.disit.dinfo.unifi.it http://www.disit.org Snap4City, IEEE ATC, Leicester, August 2019 [IOT Edge]        IOT Broker        [IOT Application] Intranet Internet WSs HTTPS Sensors/ Actuators User interface On Browser WSs, HTTPSWSs, HTTPSWSs, HTTPS…….… Dashboard  Engine IOT  Devices Executing local computation Smart City  Knowledge  Base and RT  data Cloud 8End 2 End security Data Shadow
  9. 9. DISIT Lab, Distributed Data Intelligence and Technologies Distributed Systems and Internet Technologies Department of Information Engineering (DINFO) http://www.disit.dinfo.unifi.it http://www.disit.org Major Security and Privacy Requirements • Supporting security among – IOT Brokers, IOT Discovery, IOT Applications, Dashboards, Storage, …. – Authenticated Connections: H2M, M2M – Secure Communications: H2M, M2M – Authorization according to the role and user ID • Deliver Open Software on well known platforms, end‐2‐end secure IOT stack – Arduino, ESP32, Raspberry Pi, Linux, Windows, Android, etc. • GDPR compliant platform:  – getting signed consent from users – Data Type / City Entities are private by default • Values, Devices, Brokers, IOT App, Dashboards, User Profiles, time series, etc. – Management of Data Types: access, delegate/revoke, forget, etc.  – Auditing on Data Type access, etc.  Snap4City, IEEE ATC, Leicester, August 2019 9
  10. 10. DISIT Lab, Distributed Data Intelligence and Technologies Distributed Systems and Internet Technologies Department of Information Engineering (DINFO) http://www.disit.dinfo.unifi.it http://www.disit.org Authetication and Authorization • Authentication is performed via  OpenIDConnect as (SSo) which is based on Oauth – User Registry on LDAP/CRM for user data – Authenticated users have Role of the  LDAP registry – Thus Communication start with SSL/TLS  protocol, sharing a secret via JWT Token • H2M: login is needed • M2M: first time it has to be H2M, then a Refresh Token is asked on the basis of  the first JWT. Snap4City, IEEE ATC, Leicester, August 2019 10
  11. 11. DISIT Lab, Distributed Data Intelligence and Technologies Distributed Systems and Internet Technologies Department of Information Engineering (DINFO) http://www.disit.dinfo.unifi.it http://www.disit.org Different Authentication mechanisms • From proprietary server: – The device are registered and data collected by the proprietary  servers: SigFOX, TheThingsNetwork, etc. – SigFOX: the server provides K1, K2 to read the data or subscribe – TTN: other kind of keys are used for the same purpose • From Open Solutions – K1, K2 can be produced for IOT Device registration, subscription,  etc. – K1, K2, plus SHA1/3 of Certificate to establish TLS connection – Certificate and credentials for the mutual authentications, and TLS Snap4City, IEEE ATC, Leicester, August 2019 11
  12. 12. DISIT Lab, Distributed Data Intelligence and Technologies Distributed Systems and Internet Technologies Department of Information Engineering (DINFO) http://www.disit.dinfo.unifi.it http://www.disit.org IOT on premise vs on cloud Snap4City, IEEE ATC, Leicester, August 2019 12 On the Field IoT local  solution (on premise) Dashboards IoT Devices (sensors, actuators) IoT Edge IoT App IoT cloud  infrastructure  IoT Firewall (IoT Broker) MicroServices All the other  cloud services  IOT On Premise
  13. 13. DISIT Lab, Distributed Data Intelligence and Technologies Distributed Systems and Internet Technologies Department of Information Engineering (DINFO) http://www.disit.dinfo.unifi.it http://www.disit.org IOT Devices vs on Cloud Platform Snap4City, IEEE ATC, Leicester, August 2019 13 IoT cloud infrastructure Dashboards Dashboard  Builder IoT Directory IoT Firewall IoT Context Brokerc On the Field IoT Devices (sensors, actuators) IoT App SmartCity API Data Shadow IoT Context Broker MicroServices IoT App All the other  cloud services 
  14. 14. DISIT Lab, Distributed Data Intelligence and Technologies Distributed Systems and Internet Technologies Department of Information Engineering (DINFO) http://www.disit.dinfo.unifi.it http://www.disit.org More Complete Architecture Snap4City, IEEE ATC, Leicester, August 2019 14 Real World IoT cloud infrastructure Dashboards from cloud Dashboard  Builder MicroServices Knowledge base S SmartCity API Analytics Scheduling IoT  Directory IoT local solution (on premise) IoT Edge (aggregators,   distributors) IoT  App Dashboards (local) Security and Privacy Management IoT  App IoT  App Data Shadow Ownership & Delegation Any other static and  real‐time data sources User registry My Personal Data Users’ Data Context Brokers IoT Firewall IoT Firewall IoT Context Broker Devices’ Data Devices’ Data IoT Devices (sensors, actuators) IoT Context Broker
  15. 15. DISIT Lab, Distributed Data Intelligence and Technologies Distributed Systems and Internet Technologies Department of Information Engineering (DINFO) http://www.disit.dinfo.unifi.it http://www.disit.orgCertificate Sec Prot. Snap4City, IEEE ATC, Leicester, August 2019 15
  16. 16. DISIT Lab, Distributed Data Intelligence and Technologies Distributed Systems and Internet Technologies Department of Information Engineering (DINFO) http://www.disit.dinfo.unifi.it http://www.disit.org Conclusions • Issues addressed – Definition and implementation of an end‐2‐end  secure connection model and tools – Release end‐2‐end secure SW as Open Source for major Open and non Open  Platforms for IOT: Android, Arduino, Raspberry pi, Linux, Windows, etc.   – Authentication for personal secure channel connection: H2M, M2M – Support all aspects of GDPR on a large set of Data Types: • Values of sensors, IOT Devices, IOT Brokers, IOT Applications, Personal Data, KPI,  Dashboards, etc. • Snap4City has passed two different PEN Tests performed by two of  the most relevant companies in Europe. • Snap4City is from today an EOSC Smart City IOT as a Service  Snap4City, IEEE ATC, Leicester, August 2019 16

×