Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Towards an authority-free marketplace for personal IoT data (Personal Data from Things)


Published on

The talk he explores models and technical architectures for a new generation of data marketplace for Personal Data from Things (PDT).
In this model, brokered data exchanges that occur on the network are tracked without the need for a trusted authority, namely using (a) blockchain technology to record data exchange transactions, and (b) smart contracts that operate on the blockchain, to enforce agreements between data producers and consumers.
In this vision, smart contracts can also be used for dispute resolution, in combination with reputation management mechanisms, to provide incentives for fair behaviour by participants.
Simple data tracking of brokered exchanges is a natural precursor to recording the full provenance of data further down the value chain, i.e., through value-adding aggregators and services. As provenance arguably adds value to information, the project will also study mechanisms for observing and recording complex transformations over data streams.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Towards an authority-free marketplace for personal IoT data (Personal Data from Things)

  1. 1. P.Missier2017 SystemsResearchChallenges Towards an authority-free marketplace for personal IoT data (Personal Data from Things) Paolo Missier Jan 16th, 2017 Systems Research Challenges in the Internet of Things Workshop Ack: Dr. Michele Nati, DE Catapult
  2. 2. P.Missier2017 SystemsResearchChallenges 2 About a year ago, in a fancy Northumberland country house, ...
  3. 3. P.Missier2017 SystemsResearchChallenges 3 IoT ∩ People  Personal Data from Things (PDT) IoT vision: personal devices will make our lives better They often also produce data that is also personal As per the Data Protection Act 1998 • Are people aware of the trade-offs between privacy and benefits? 1. Ownership: • What is “my” data? Who else has access to it? To what extent? 2. Awareness of third party use of personal data: • Who has been doing what with my data? 3. Control. • How much control can I have on the data that devices produce on my behalf? Ownership + awareness + control  Trust
  4. 4. P.Missier2017 SystemsResearchChallenges 5 Activity detection pattern Accelerometry data Indoor location data Activity Detection Accelerometry data Indoor location data Activity Detection Aggregate Analytics 03 January 2016 10:16
  5. 5. P.Missier2017 SystemsResearchChallenges 6 Moving forward: brokered Personal Data exchanges Working assumption: Personal data are assets with a value fitness / health monitoring, energy metering, … PDT: Control  trading Primary producers (wearables…) Value Added Services / aggregators Topics (minimal data semantics) What would an infrastructure for a PDT marketplace look like? Sensor data streams, batched into windows
  6. 6. P.Missier2017 SystemsResearchChallenges 7 Baseline (personal) data marketplace scenario 1-hop Contract model between Primary producers PP and Primary Consumers PC: Each topic has an associated unit value: T  val(T) For each batch of N messages from PPi, to PCj about Tk: (PPi, PCj, Tk, N)  PCj owes (N . val(Tk)) coins to PPi
  7. 7. P.Missier2017 SystemsResearchChallenges 8 Raw message logging, baseline
  8. 8. P.Missier2017 SystemsResearchChallenges 9 Count cubes from messages, 1-hop
  9. 9. P.Missier2017 SystemsResearchChallenges 10 Using count cubes to enforce contracts
  10. 10. P.Missier2017 SystemsResearchChallenges 11 Baseline scenario, realisation – broker-based tracking
  11. 11. P.Missier2017 SystemsResearchChallenges 12 Baseline scenario, realization - unilateral tracking
  12. 12. P.Missier2017 SystemsResearchChallenges 13 Moving forward Two directions for a more interesting marketplace: 1. Fully decentralised / unilateral message tracking without trusted authority 2. Multi-hop contracts: Primary Consumer PC-VAS  [resell]  Secondary Consumer SC-VAS  …
  13. 13. P.Missier2017 SystemsResearchChallenges 14 Decentralising and removing trust
  14. 14. P.Missier2017 SystemsResearchChallenges 15 What does the authority do? 1. Control the Tracker DB 1. Prevent fraud: • Producers have an incentive to over-claim data production • VAS have an incentive to deny receiving some of the data • (Data ownership / data theft / Replay attack) • A third party will have an interest in claiming ownership of messages sent by others • For instance, by copying data (possibly encrypted) and replaying it on the channel, publishing it as its own
  15. 15. P.Missier2017 SystemsResearchChallenges 16
  16. 16. P.Missier2017 SystemsResearchChallenges 17
  17. 17. P.Missier2017 SystemsResearchChallenges 18 Approach Blockchain + smart contracts technology, used to: 1. Associate identity to marketplace participants 2. Agree on contract specification 3. Settlement of contractual disputes given unilaterally generated count cubes Concrete prototyping [in progress]: the Ethereum platform “A blockchain is a globally shared, transactional database”
  18. 18. P.Missier2017 SystemsResearchChallenges 19 Basic BitCoin protocol(*) (*) Source: A Next-Generation Smart Contract and Decentralized Application Platform State S: {<owner, balance>} Transactions transfer ownership of (unspent) coins APPLY(S,TX)  S' or ERROR APPLY({ Alice: $50, Bob: $50 },"send $20 from Alice to Bob") = { Alice: $30, Bob: $70 }
  19. 19. P.Missier2017 SystemsResearchChallenges 20 Ethereum transactions and smart contracts external accounts are asset owners contract accounts also contain: • contract code • storage BitCoin Transactions: { <owner, balance> } —> { <owner’, balance’> } TX-eth: Transactions become messages Messages carry arbitrary data APPLY(S,TX-eth): run the code associated with the destination (contract) account
  20. 20. P.Missier2017 SystemsResearchChallenges 21 Smart contracts in the Ethereum Virtual Machine runtime environment for smart contracts in Ethereum
  21. 21. P.Missier2017 SystemsResearchChallenges 22 Contracts for device registration / identity management
  22. 22. P.Missier2017 SystemsResearchChallenges 23 Contracts for formalising agreements between parties Note: this sets the list of topics st(PC) to which each PC subscribes
  23. 23. P.Missier2017 SystemsResearchChallenges 24 Contracts used for reputation management
  24. 24. P.Missier2017 SystemsResearchChallenges 25 Using smart contracts for unilateral reporting verification Given N PP, M PC, and R topics T1, T2, …, TR: Each PPi and each PCj all report their unilateral count cubes for each window w They all agree on the time interval that defines W (magic, to be dealt with later) 1) No trouble: 1. All PPi and / all PCj report independently and accurately 2. Some do not report, but reports are accurate 2) Trouble: 1. The reports from PPi and PCj do not “add up” 2. The reports do not sync on time / windows Scenarios:
  25. 25. P.Missier2017 SystemsResearchChallenges 26 Publishers transactions CCs(w,i,k) = ni,k count of messages sent by PPi during w about Tk Fragment of counts cube viewed by PPi: This is one row of sender matrix SMw for w: SMw[i,k] = CCs(w,i,k)
  26. 26. P.Missier2017 SystemsResearchChallenges 27 Publishers transactions Each of these fragments is sent to the Reconciliation Smart Contract as a Ethereum blockchain transaction: - The contract receives N messages associated with w - For each PCj, the contract has access to the set of topics it subscribes to: Credit PCj  PPi:
  27. 27. P.Missier2017 SystemsResearchChallenges 28 Subscribers transactions Fragment of counts cube viewed by PCj: -- note: include senders as an extra dimension Credit PCj  PPi:
  28. 28. P.Missier2017 SystemsResearchChallenges 29 Reports propagation Settlements are straightforward when reports are partial but accurate Matrices SM, RM, are two views of the same data exchanges: C1. For each PPi and topic Tk: SMw(i,k) = RMw(j,i,k) for each j:1..M such that Tk ∈ st(PCj) C2. for i:1..N: RMw(j,i,k) = SMw(i,k) Q. Which subsets of reports are sufficient to complete the matrices?
  29. 29. P.Missier2017 SystemsResearchChallenges 30 Fraud detection Incentives to behave unfairly: • Can fraudulent reporting be always detected? • Can responsibility for the fraudulent reporting be ascribed to one or more specific participants? • Publishers: over-report • Subscribers: under-report 1. Detection: SMw(i,k) > RMw(j,i,k) for some j (1) 2. Ascribing responsibility: Case 1: PC fraud Case 2: PP fraud
  30. 30. P.Missier2017 SystemsResearchChallenges 31 Fraud detection – initial thoughts on responsibilities Case 1: PC fraud It follows from C1, C2 (above) that: If Tk ∈ PCj ∩ PCj then RMw(j,i,k) = RMw(j’,i,k) for i:1..N let j’ such that Tk ∈ PCj ∩ PCj: Suppose SMw(i,k) = RMw(j’,i,k) This suggests that (1) may be due to PCj under-reporting on Tk, and PPi reporting correctly - The more topics the PCs share, the stronger the evidence... Case 2: PP fraud Suppose RMw(j,i,k) = RMw(j’,i,k) for all Tk This suggests that PPi has over-reported (1) SMw(i,k) > RMw(j,i,k)
  31. 31. P.Missier2017 SystemsResearchChallenges 32 The last slide Some novel uses for blockchain (amongst many others) … Personal data in the IoT space: Mashhadi, Afra, Fahim Kawsar, and Utku Gunay Acer. “Human Data Interaction in IoT: The Ownership Aspect.” In Internet of Things (WF-IoT), 2014 IEEE World Forum on, 159–162, 2014. Vescovi, Michele, Corrado Moiso, Fabrizio Antonelli, Mattia Pasolli, and Christos Perentis. “Building an Eco-System of Trusted Services through User Transparency, Control and Awareness on Personal Data Privacy.” In Procs. W3C Workshop on Privacy and User–Centric Controls. Berlin, Germany, 2014. Multi-hop contracts and transitive credit management: Missier, Paolo. “Data Trajectories: Tracking Reuse of Published Data for Transitive Credit Attribution.” International Journal of Digital Curation 11, no. 1 (2016): 1–16. doi:doi:10.2218/ijdc.v11i1.425.