- Author: Saddek Bensalem
- Location: November 2019, Proposed lectures to the Doctoral School (EMSTII) of UGA.
- Duration: 12 hours
- Number of PhD students: around 15
- Author: Saddek Bensalem
- Location: June 2019, Workshop on Trustworthy Embedded Software organized by Huawei
- Authors: Mohammad Rifat Ahmmad Rashid, Xu Tao, Davide Conzon, and Enrico Ferrera
- Location: In book: “Security Risk Management for the Internet of Things: Technologies and Techniques for IoT Security, Privacy and Data Protection”
Abstract: With the increasing adaptation of IoT platforms in decentralized cloud environments, more focus has been given towards facilitating the privacy awareness building upon goals set by current European Union (EU) GDPR regulations. Therefore, it is necessary to empower the end users (both private and corporate) of IoT platforms with the capability of deciding which combination of self-hosted or cloud-oriented IoT systems is most suitable to handle the personal data they generate and own as well as with the ability to change the existing (or preset) configurations at any time. BRAIN-IoT platform focuses on complex scenarios where actuation and control are cooperatively supported by populations of IoT systems. The breakthrough targeted by BRAIN-IoT is to provide solutions to embed privacy awareness and privacy control features in IoT solutions. In this work, the authors explore the following key areas: (a) privacy awareness in IoT systems using GDPR regulations and BRAIN-IoT platform, and (b) propose a conceptual framework for PIA using privacy principles presented in GDPR regulations.
- Authors: Xu Tao, Davide Conzon, Enrico Ferrera, Shuai Li, Juergen Goetz, Laurent Maillet-Contoz, Emmanuel Michel, Mario Diaz Nava, Abdelhakim Baouya, Salim Chehida
- Location: Accepted at Eclipse SAM-IoT, Virtual Conference, September 2020
Abstract: Internet of Things (IoT) is a pervasive technology covering many applications areas (Smart Mobility, Smart Industry, Smart Healthcare, Smart Building, etc.). Its success and the technology evolution allow targeting more complex and critical applications such as the management of critical infrastructures and cooperative service robotics, which requires real time operation and a higher level of intelligence in the monitoring-control command for decision-making. Furthermore, these applications type need to be fully validated in advance considering that bugs discovered during real operation could cause significant damages. In order to avoid these drawbacks, IoT developers and system integrators need advanced tools and methodologies. This paper presents a methodology and a set of tools, defined and developed in the context of the BRAIN-IoT European Union (EU) project. The overall framework includes both Open semantic models to enforce interoperable operations and exchange of data and control features; and Model-based development tools to implement Digital Twin solutions to facilitate the prototyping and integration of interoperable and reliable IoT system solutions. After describing the solution developed, this paper also presents concrete use cases based on the two critical systems mentioned above, leveraging the application scenarios used to validate the concepts developed and results obtained by the BRAIN-IoT project.
- Authors: Rui Zhao, Yenchia Yu, Xu Tao, Davide Conzon, Enrico Ferrera
- Location: Accepted at Eclipse SAM-IoT, Virtual Conference, September 2020
Abstract: Recently, one of the main research topics in the context of application of Cyber-Physical System (CPS) in the Smart City and Industry 4.0 scenarios is the one related to the use of Robot Operating System (ROS)-based CPS. Specifically, one of the main interest is to allow a ROS-based smart robot communicating with other heterogeneous Internet of Things (IoT) applications in an intelligent environment to efficiently react to the system requirements and environment changes. However, the communication between the IoT systems will face many challenges and increase the cost and risks that lead to the requirement of a cross-platform communication for bridging the ROS-based CPS and other heterogeneous IoT applications.
This paper introduces ROS Edge Node for the interoperability between Robotics domain and other IoT domains, leveraging the highly modular BRAIN-IoT federation, which allows to decentralize, compose and dynamically federate the heterogeneous IoT platforms using OSGi specification, thanks to its dynamic modularity and wide usage in IoT middlewares. Together with the flexible integration with existing IoT devices/platforms within BRAIN-IoT platform, the event-driven asynchronous communication mechanism realizes cross-platform interaction with ROSbased CPS and solves the major challenges faced. This communication mechanism allows dynamic deployment of new functionalities for enhancing/extending the behaviour of robots according to external events. In addition, some specific behaviours to new ”virgin” robots, which might be needed to extend the fleet of robots or replace damaged/low batteries ones can be dynamically deployed at the setup phase. In BRAIN-IoT platform, Edge Node behaves as IoT devices/platform adaptors which integrate the existing IoT devices/platforms. The ROS Edge Node is one type of the Edge Node, which bridges the underlying ROSbased robotics systems and BRAIN-IoT execution environment, thus communicates with various IoT systems connected to the BRAIN-IoT platform. A Service Robotic use case is developed to demonstrate the proposed solution, it shows how the ROS Edge Node enables the fast adaptivity and interoperability between heterogeneous IoT domains in a federated environment.
- Authors: Salim Chehida, Abdelhakim Baouya, Miquel Cantero, Paul-Emmanuel Brun, Guillemette Massot
- Location: Accepted at Eclipse SAM-IoT, Virtual Conference, September 2020
Abstract: Security is one of the crucial challenges in the design and development of IoT applications. This paper presents an approach that focuses on existing security standards to evaluate and analyse the potential risks faced by IoT systems. It begins by identifying system assets and their associated vulnerabilities and threats. A list of security objectives and technical requirements are then defined to mitigate the risks and build a secure and safe system. We use our approach to assess risks in the robotic system for supporting the movement of loads in a warehouse.
Proceedings of the 1st Eclipse Research International Conference on Security, Artificial Intelligence and Modelling for the next-generation Internet of Things
Virtual Conference | September 17-18, 2020
- Eclipse Foundation, Germany
- LINKS Foundation, Italy
- Authors: Abdelhakim Baouya, Salim Chehida, Saddek Bensalem, Marius Bozga
- Location: 2020 9th Mediterranean Conference on Embedded Computing (MECO)
Abstract: The expected exponential growth of IoT devices in future years arises management issues to be resolved. Cloud computing may not be adequate for a massive scale while fog computing brings the ability to manage the distribution of controllability and manageability. Besides, such decentralized architecture is not sufficient to handle sensitive transactions, blockchain-based technology has raised hypes in implementing applications in trust-less environments. This paper proposes a blockchain-based architecture for scalable control of IoT devices. Moreover, smart contracts are developed to facilitate the ledger update process. Experimental results show that the proposed architecture is capable of providing trust on-demand changes with a negligible effect on IoT resources.
- Authors: Abdelhakim Baouya, Salim Chehida, Saddek Bensalem, and Marius Bozga
- Location: The 19th International Conference on Intelligent Software Methodologies, Tools and Techniques, Tools and Techniques (SOMET 2020), held in Kitakyushu, JAPAN.
- eBook: Frontiers in Artificial Intelligence and Applications, Volume 327: Knowledge Innovation Through Intelligent Software Methodologies, Tools and Techniques
Abstract: Many industrials consider blockchain as a technology breakthrough for cybersecurity, with use cases ranging from cryptocurrency system to smart contracts, and so forth. While IoT systems employ a lightweight communication protocol between physical objects, blockchain may ensure safe information gathering. Unfortunately, the mixture of both technologies has yet to be formally investigated regarding the consensus algorithm. In this paper, statistical model checking is applied to provide quantitative answers on whether the modeled system satisfies safety and liveness properties expressed in LTL temporal logic.
- Authors: Salim Chehida, Abdelhakim Baouya, Saddek Bensalem, and Marius Bozga
- Location: September 2020, Accepted at the 13th International Conference on the Quality of Information and Communications Technology (QUATIC 2020).
Abstract: The analysis of sensors’ behavior becomes one of the essential challenges due to the growing use of these sensors for making a decision in IoT systems. The paper proposes an approach for a formal specification and analysis of such behavior starting from existing sensor traces. A model that embodies the sensor measurements over the time in the form of stochastic automata is built, then temporal properties are feed to Statistical Model Checker to simulate the learned model and to perform analysis. LTL properties are employed to predict sensors’ readings in time and to check the conformity of sensed data with the sensor traces in order to detect any abnormal behavior.
- Authors: Salim Chehida, Abdelhakim Baouya, Marius Bozga and Saddek Bensalem, Univ. Grenoble Alpes, CNRS, VERIMAG
- Location: June 2020, Accepted at the 9th Mediterranean Conference on Embedded Computing MECO’2020.
- Video: [link]
Risks mitigation in IoT based systems is one of the recent challenges in both academia and industry. In this work, we propose an approach based on the attack-defense tree to assess the relevant countermeasures for protecting IoT infrastructure.
To this end, an attack strategy exploration tool built on the top of the statistical model checker and genetic algorithm is used to select high impactful countermeasures. From that result, defense strategies are highlighted while a compromise guarantee between successful attacks, the cost incurred and the time to perform a sequence of attack actions. We report experiments applied over IoT network attacks.
- Authors : Laurent Maillet-Contoz, Emmanuel Michel, Mario Diaz Nava, Paul-Emmanuel Brun, Kévin Leprêtre, Guillemette Massot
- Location: Virtual Event – 3rd June 2020 – 2020 Global Internet of Things Summit (GIoTS) – 3rd Workshop on Internet of Things Security and Privacy (WISP)
While the number of digital services is increasing faster and faster, those services rely more and more on IoT systems to collect data and perform data analysis, eventually using AI techniques. In this context, devices are part of the “root of trust” and need to be secured in order to ensure high quality and trusted digital services.
This paper presents an approach to facilitate the integration, verification and then the functional validation of the security into devices based on modeling and simulation. This approach allows reducing the cost impact of adding security layer to physical devices.
- Author: Enrico Ferrera, Xu Tao, Davide Conzon, Victor Sonora Pombo, Miquel Cantero, Tim Ward, Ilaria Bosi, Mirko Sandretto
- Location: May 2020, Accepted at the AIinIoT – Workshop on Next Generation Internet of Things, co-located with the IoTBDS2020 conference.
Abstract: Nowadays, the adoption of the Internet of Things is drastically increasing in different domains and is contributing to the fast digitalization of several different critical sectors. In the near future, next generation of IoT-based systems will become more complex to be designed and managed. An opportunity for the development of flexible smart IoT-based systems that drive the business decision-making is to take more precise and accurate decisions at the right time, collecting real-time IoT generated data. This involves a set of challenges including the complexity of IoT-based systems and the management of large-scale systems scalability. With respect to these challenges, we propose to automate the management of IoT-based systems mainly based on an autonomic computing approach; these systems should implement cognitive capabilities that allow them learning and generating decisions at the right time. Consequently, we propose a model-driven methodology for designing smart IoT-based systems…
- Authors: Mohammad Rifat Ahmmad RASHID, Davide CONZON, Xu TAO and Enrico FERRERA
- Published in: the book “Security and Privacy in Internet of Things: Challenges and Solutions”
- Pages: 24 – 43
With the increasing adaptation of Internet of Things (IoT) platforms in decentralized cloud environments, more focus given towards facilitating the privacy awareness building upon goals set by current European Union (EU) General Data Protection Regulation (GDPR) regulations. Therefore, it is necessary to empower the end users (both private and corporate) of IoT platforms with the capability of deciding which combination of self-hosted or cloud-oriented IoT systems are most suitable to handle the personal data they generate and own as well as with the ability to change the existing (or pre-set) configurations at any time. Furthermore, adaptation of GDPR regulations in IoT platforms is challenging as there are needs for significant efforts to integrate privacy policies in a programmatic way to: (i) increase awareness of users about which data is collected, where it is transmitted, by whom, etc.; (ii) provide controls to enable users to notify such aspects, being at the same time aware of how such a decision affects the quality of the IoT services provided in that IoT platform. BRAIN-IoT project focuses on complex scenarios where actuation and control are cooperatively supported by populations of IoT systems. The breakthrough targeted by BRAIN-IoT is to provide solutions to embed privacy-awareness and privacy control features in IoT solutions. In this work, the authors explore the following key areas: (a) privacy awareness in IoT systems using GDPR regulations and BRAIN-IoT platform, and (b) propose a conceptual framework for Privacy Impact Assessment (PIA) using privacy principles presented in GDPR regulations. The proposed privacy awareness framework is cross-platform, so it is suitable to support a wide number of heterogeneous IoT systems, deployed by corporate and private users.
- Authors: Diego Fernández, Ricardo Váquez, Román Maceiras y Adriel Regueira.
- Location: JIA 2019 | Línea Temática MD
In this article, the authors present the results of testing a solution that could allow the integration of sensor systems and platforms within the EMALCSA infrastructure, identifying correlations between the obtained values and the existing platforms and infrastructure. For this purpose, the framework developed in BRAIN-IoT is implemented, to enable interoperability between the current management and control system with other existing IoT platforms and open-source initiatives in a decentralized manner. The distributed nature of the IoT makes it necessary for the BRAIN-IoT platform to ensure good security practices and with privacy and data integrity policies.
- Authors: Davide Conzon, Mohammad Rifat Ahmmad Rashid, Xu Tao, Angel Soriano, Robotnik Automation, Richard Nicholson, Enrico Ferrera
- Published in: 2019 4th International Conference on Computing, Communications and Security (ICCCS)
Modern applications in the Smart Building and Industry 4.0 scenarios will be complex software ecosystems with strict requirements of geographic distribution, heterogeneity, dynamic evolution, security and privacy protection, highly more challenging than the ones required by the current environments. Two of the main challenges arising in the current Internet Of Things scenarios, i.e., the Smart Building one, are, on one side, the requirement of interconnecting several heterogeneous platforms and smart Things in the same environment and, on the other side, the need to be able to evolve the complex software ecosystem deployed, reacting automatically and at runtime to environmental changes, without the human intervention. To address these challenges, BRAIN-IoT establishes a framework and methodology supporting smart cooperative behaviour in fully de-centralized, composable and dynamic federations of heterogeneous Internet of Things platforms. In this way, BRAIN-IoT enables smart autonomous behaviour in Internet of Things scenarios, involving heterogeneous sensors and actuators autonomously cooperating to execute complex, dynamic tasks. Furthermore, BRAIN-IoT enables dynamically deploying and orchestrating distributed applications, allowing the automatic installation and replacement of smart behaviours reacting to environmental changes and User events. Finally, BRAIN-IoT provides a set of components that guarantee the security and privacy protection of the data exchanged using the solution. BRAIN-IoT is a general purpose solution that aims at being adaptable for heterogeneous scenarios, from Service Robotics to Critical Infrastructure Management. This paper introduces a Smart Building use case of the solution, which allows highlighting the advantages given by BRAIN-IoT in such scenario.
- Authors: Richard Nicholson, Timothy Ward, Derek Baum, Xu Tao, Davide Conzon and Enrico Ferrera
- Jul. 2019, World Conference on Smart Trends in Systems, Security and Sustainability
The next generation of Smart City and Industry 4.0 applications will be geographically distributed, heterogeneous, co-evolving software ecosystems, significantly more sophisticated than the current Enterprise or Cloud compute environments. To be economically sustainable and achieve solution longevity, these software ecosystems must be operationally simple, cost effective to maintain over extended periods of time, and able to cost effectively adapt to both changing environmental conditions and service requirements. This paper presents the BRAIN-IoT Federation, a distributed and highly modular federated environment that addresses these sustainability, longevity and adaptability challenges by leveraging OSGi – the Open Standard for Software Modularity. With a focus on Operational simplicity, BRAIN-IoT federation enables the dynamic deployment, orchestration and monitoring of distributed applications and uniquely, automatically installing new behaviours in response to environment triggers and User events. To show how, through the use of OSGi components and standards, it is possible to build a software solution able to address all the challenges presented by the modern scenarios, in terms of agility and adaptability, this work presents an use case study related to the use of robots for last-mile delivery of parcels. Over the next few years this field promises to provide high cost savings and reduction of the environmental impact, allowing to reduce the traffic caused by parcels delivering. An exploration of how the BRAIN-IoT federation is applicable to such environment, enabling robots adapt to changing and diverse Internet of Things environments, will be presented in the paper.
- Author: Jacques Combaz
- Location: April 2019, MeTRID 2019: 2nd International workshop on Methods and Tools for Rigorous System Design
- Author: Saddek Bensalem
- Location: February 2019, Dagstuhl-Seminar 1908, “Verification and Synthesis of Human-Robot Interaction”
- Authors: E. Ferrera, C.Pastrone et al.
- Category: Book chapter in “Next Generation Internet of Things, Distributed Intelligence at the Edge and Human Machine-to-Machine Cooperation, 2018”
- Pages 209-221
The chapter presents an overview of the eight that are part of the European IoT Security and Privacy Projects initiative (IoT-ESP) addressing advanced concepts for end-to-end security in highly distributed, heterogeneous and dynamic IoT environments. The approaches presented are holistic and include identification and authentication, data protection and prevention against cyber-attacks at the device and system levels. The projects present architectures, concepts, methods and tools for open IoT platforms integrating evolving sensing, actuating, energy harvesting, networking and interface technologies. Platforms should provide connectivity and intelligence, actuation and control features, linkage to modular and ad-hoc cloud services, The IoT platforms used are compatible with existing international developments addressing object identity management, discovery services, virtualisation of objects, devices and infrastructures and trusted IoT approaches.
- Virtual Twins: Modeling trends and challenges ahead [link is missing]
- Laurent Maillet-Contoz, STMicroelectronics, France
- Presentation during the session “ET7.8 SystemC-based virtual prototyping: from SoC modeling to the digital twin revolution“
- End-to-end security for IoT [link is missing]
- Paul-Emmanuel Brun, AIRBUS CyberSecurity
- Published in IoTSec Open Access Book
- Design and verification of collaborative robots system, Course
- Abdelhakim Baouya and Salim Chehida, Univ.Grenoble-Alpes
- 2nd Summer School on Cyber-Physical Systems and Internet of Things
The present document is a deliverable of the BRAIN-IoT project, funded by the European Commission, under its Horizon 2020 Research and innovation program (H2020), reporting the validation results of the activities carried out by “WP6 – Test, Demonstration and Evaluation”. This deliverable includes the results of the validation methodology described in the “Deliverable D6.2 – Integration and Lab Scale Evaluation” and “Deliverable D6.3 – Phase 1 Integration and Evaluation Framework” and it follows the presentation philosophy of validation results in some production environments. The deliverable does not extend deeply the sections included in the previous D6.2 and D6.3 more than necessary, but it adds information and remarks on important aspects related to the validation methodology needed for the good comprehension of the process and that they were not indicated in the D6.3 because the approach was not yet fully defined at the time of writing that deliverable.
The development activities are being performed in the WP3, WP4, and WP5, and the activities of verification, validation, and evaluation will be reported in the deliverables 6.3, 6.4, 6.5, and 6.6 of WP6.
This deliverable includes 5 sections. Section 1 introduces a summary of concepts related to the validation procedures. Section 2 presents the process of validation management including the methodology. Section 3 is the main section, and includes the results of the validation activities during the first validation iteration, indicating the status of every test and requirement defined in the previous activities. Section 4 contains the status of the tests and demonstrations regarding the KPIs defined in the Grant Agreement and extended in the deliverable D6.2. Section 5 provides the main conclusions related to the validation process and results.
This document reports the activities performed in Task 5.2. This task aims at designing and implementing an Authentication, Authorization and Accounting (AAA) layer in order to provide security and trust for the BRAIN-IoT system. This layer ensures Authentication and Access Management to allow only enrolled and authorized devices or users to access a service. It aims at overcoming the current state-of-the-art by:
- Providing only one solution to manage Users and Devices authentication and access control
- Ensuring strong authentication for low power devices
- Optimizing key management
Actually, a large number of devices and their specificities in IoT systems lead indeed to complex management activities with high operating costs, especially regarding security management: identity, cryptographic keys, and right management.
The present document is the deliverable D5.5 of the BRAIN-IoT project, funded by the European Commission, under its Horizon 2020 Research and innovation program (H2020), reporting the results of the activities carried out by WP5 – End-to-end Security, Privacy and Trust Enablers. The work collected in this document has been compiled with a collaborative effort of all partners who actively participated in Task 5.1 – Threat Modeling and Assessment of BRAIN-IoT target scenarios: Critical Water Management Infrastructure and Service Robotics.
The first report on threat modeling and security assessment has been provided in deliverable D5.1 at M6. In deliverable D5.1 “Initial Threat Modeling and Security Assessment of Target Scenarios, Solutions”, we have focused on the definition of the risk assessment methodology and provided an initial risk assessment of the target scenarios as an illustration of the first phases of the methodology, namely, the identification of critical assets and associated threats and vulnerabilities.
The results of the second iteration have been provided in deliverable D5.4 at M16. In deliverable D5.4 “Updated Threat Modeling and Security Assessment of Target Scenarios, Solutions”, we have continued the risk assessment process through one more iteration by updating and refining the set of assets and their associated threats, for each scenario. We have also made progress in the risk assessment methodology by identifying security objectives that cover the full list of threats for each asset and elaborating technical security requirements covering various security objectives.
This deliverable D5.5 gives the final report on threats modeling and the security assessment process. The novel technical contributions with respect to the previous deliverable D5.4 are:
- In sections 5 and 6, we update the list of assets and their associated threats, security objectives, and security requirements for both Critical Water Management Infrastructure and Service Robotics scenarios.
- In section 7, we present a technological solution to implement the security requirements and explain the innovation of BRAIN-IoT solutions compared to the state of the art.
- In section 8, we collect quantitative metrics of attacks that can exploit several threats and vulnerabilities. Then, we explore defense configurations with the highest impact on attacks.
The IoT domain comprises several different governance models, which are often incompatible, this leads to a situation where security is treated on a per-case and per-legislation basis, retrofitting solutions to existing designs, and this severely hampers portability, interoperability, and deployment. This motivates, first, adopting a Reference Model for the BRAIN-IoT domain in order to promote a common understanding and a common ground for IoT solutions. Second, solutions should describe the essential building blocks regarding functionality, development, deployment, and security schemes.
This document presents the updated reference architecture stemming from deliverable 2.5 and deliverable 2.2 versus requirements that rely on technologies supported by our BRAIN-IoT partners.
The main objective of work package 7 is to create awareness and adoption of the BRAIN-IoT project within the targeted communities defined by deliverables D7.3 & D7.1, i.e.: research communities, developer communities (Early adopters and Late adopters), solution makers, end-users and the general public.
This report documents the updated efforts and results of the project in terms of advertising and community engagement. It follows the dissemination strategy defined in D7.1 and the first version of the advertising, community engagement materials, and results available in D7.3.
In this document, a list of the press releases, articles, social media tools, and available contents will be presented, as well as a brief summary of the events in which the project has participated.
This document will present the different ideas composing the frameworks that the BRAIN-IoT consortium is considering for the integration and evaluation of separated results of all technical work packages.
The technical evaluation Framework initially defined by Task 6.1 will be presented in the first sections by introducing our lab-scale Proof of Concepts.
Then, our main concepts for user-centered evaluation will be introduced by highlighting the expectations of the end-user partners, and the way the BRAIN-IoT developments will support the operative work. The end-user related KPI’s will also be revised in this section.
Finally, the test-site evaluation framework will be presented by describing the real demonstrators that are foreseen to be part of the project at this point.
The present document is a deliverable of the BRAIN-IoT project, funded by the European Commission, under its Horizon 2020 Research and innovation program (H2020), reporting the results of the activities carried out by WP6 – Test, Demonstration and Evaluation. The main objective of the BRAIN-IoT project is to focus on complex scenarios, where populations of heterogeneous IoT systems cooperatively support actuation and control. In such a complex context, many initiatives fall into the temptation of developing new IoT platforms, protocols, models or tools aiming to deliver the ultimate solution that will solve all the IoT challenges and become ”The” reference IoT platform or standard. Instead, usually they result in the creation of “yet-another” IoT solution or standard. More specifically, the project revolves around two vision scenarios; Service Robotics and Critical Infrastructure Management. The scenarios outlined in the proposal are refined within the engineering efforts alongside the project, driven by WP2.
This deliverable defines the different steps, methods and tools required to verify and validate the architecture of the BRAIN-IoT project and its two related use cases. It also provides the timeline to indicate the achievements of these validations. Furthermore, it provides complementary KPIs associated with the expected outcomes from the BRAIN-IoT architecture concerning its main building blocks, the two site use cases and the tools.
The development activities are being performed in the WP3, WP4 and WP5 and the activities of verification, validation and evaluation will be reported in the deliverables 6.3, 6.4, 6.5 and 6.6 of WP6.
This deliverable includes 6 sections. Section 1 introduces the activities of WP6 and more precisely the activities performed in Task 6.1. It briefly describes the expectations of this deliverable. Section 2 presents the different steps to follow the development, verification and validation of the BRAIN-IoT System architecture and its corresponding use cases. Each step is associated with a Proof-of-Concept (PoC) that will be developed in order to demonstrate the main concepts proposed by the BRAIN-IoT project. At the end of Section 2, a PoCs implementation schedule is provided. Section 3 gives more details on the two use cases (Service Robotics and Critical Infrastructure Management) that will be implemented and demonstrated to validate the architecture and concepts developed in BRAIN-IoT. Section 4 proposes a verification and validation methodology, a test plan and a modelling framework, and its associated tools, to perform the BRAIN-IoT system validation. At the end of Section 4, a tool implementation schedule is provided. Section 5 provides a list of KPIs related to the expected outcomes coming from the different main elements constituting the BRAIN-IoT architecture, the Modelling Framework tools, and the two use cases. Section 6 concludes this work.
The present document is a deliverable of the BRAIN-IoT project, funded by the European Commission, under its Horizon 2020 Research and innovation program (H2020), reporting the results of the activities carried out by WP5 – End-to-end Security, Privacy and Trust Enablers. The work collected in this document has been compiled with a collaborative effort of all partners who actively participated in the Task 5.1 – Threat Modeling and Assessment.
The first report on threat modeling and security assessment has been provided in deliverable D5.1 at M6. This document has reported on the initial threat modeling and preliminary security assessment of the BRAIN-IoT proposed scenarios and introduces the principles of the BRAIN-IoT security methodology based on known threats analysed by international initiatives undergoing in the EU and worldwide. Starting from the scenarios and architectural solutions defined by WP2, the involved partners performed an initial analysis considering intentional threats that may result in BRAIN-IoT services to be compromised or disrupted.
This deliverable D5.4 is an updated and extended version of D5.1, where the partners refined the threats identified previously for the two use cases (“Critical Water Management Infrastructure” and “Service Robotics”) and completed several additional phases of the proposed security methodology. In particular, the risk assessment process has been extended to include the security objectives and the associated security requirements. The novel technical contributions with respect to the previous deliverable D5.2 are described in the following sections:
- Sections 4.4 Security Objectives and 4.5 Security Requirements provide generic objectives and requirements relevant for the Brain-IoT methodology.
- Sections 5.3 Security Objectives and 5.4 Security Requirements for the Critical Water Management Infrastructure.
- Sections 6.3 Security Objectives and 6.4 Security Requirements for the Service Robotics.
Finally, the work presented in this deliverable will be continued in the next iteration and updated in the deliverable D5.5, where the final results will be documented.
This document is a deliverable of the BRAIN-IoT project, funded by the European Commission, under Horizon 2020 Research and Innovation Program (H2020). It belongs to WP5 – End-to-end Security, Privacy and Trust Enablers, under Task 5.3- Initial enabler for privacy awareness and control.
Scope and goals
The main scope of this task is to facilitate the adoption of privacy control policies in decentralized environments building upon goals set by current EU General Data Protection Regulation (GDPR) regulations in terms of privacy and security. More specifically, the goal of this task is to integrate privacy awareness and control in programmatic ways to: (i) increase awareness of users about which data is collected, where it is transmitted, by whom, etc.; (ii) provide controls to enable users to control such aspects, being at the same time aware of how such a decision affect the quality of the IoT service provided in BRAIN-IoT. In the context of privacy awareness and control, the primary objectives are the identification of the privacy risks and the associated technical requirements towards proposing privacy risk mitigation strategies to protect the individuals data (both private and corporate users) the BRAIN-IoT system. The activities performed by Task 5.3 are the following:
- Study of the state-of-the-art in the context of privacy risk assessment and control;
- Propose an approach for privacy impact assessment based on the guidelines from GDPR;
- Initial privacy impact assessment of the BRAIN-IoT use cases;
- Outline the components needed to integrate privacy policies within the Brain-IoT system.
The proposed solution will be cross-platform, so to possibly support a wide number of IoT products deployed by corporate and private users, therefore empowering final users (both private and corporate) with the capability of deciding which combination of self-hosted or cloud-oriented IoT systems is most suitable to handle the personal data they generate and own – as well as with the ability to change the existing (or pre-set) configurations at any time. Deliverable D5.3 will be continuously updated and refined through an iterative process that will lead to the production of two additional deliverables; D5.7 Final enablers for Privacy awareness and control, solutions planned on M32 and D5.9 Guidelines for privacy compliance and control in IoT services models, solutions planned on M36. LINKS is in charge to coordinate these deliverables with contributions from CNRS, IM, STM-GNB, AIRBUS, EMALCSA, and Robotnik.
This document reports the activities performed in Task 5.2. This task aims at designing and implementing an Authentication, Authorization and Accounting (AAA) layer in order to provide security and trust for the Brain-IoT system.
A BRAIN-IoT environment is composed of a number of BRAIN-IoT Fabrics. These are in-turn composed of a number of BRAIN-IoT nodes (see the related document RD.1 in §1.2). A BRAIN-IoT environment may consist of arbitrary complex distributed interactions between dynamically deployed Smart Behaviours. These behaviours may migrate between runtime locations within each Fabric environment (see the related document RD.2 in §1.2).
To be discovered, and to participate as a member of a Fabric, each BRAIN-IoT node must have the appropriate X509 certificates. Certificates and TLS are both good defenses against external Man-in-the-middle (MITM) attacks but are insufficient against internal MITM. So to guard against a Smart Behaviour erroneously (or maliciously) editing data for an event and sending them on, the project requires that each BRAIN-IoT message contains its own Authentication token.
Finally, BRAIN-IoT must ensure that Smart Behaviours only interact at runtime in an expected manner.
Security is an extremely broad subject within computer science, and it can quickly become difficult to describe the complete set of security actions that apply to a software system. In this deliverable the scope of security is limited to the following considerations:
- The registration of identity for users, devices and Smart Behaviours within the Brain-IoT system.
- The authentication of users, devices and Smart Behaviours.
- The validation of data integrity for messages passed through the Brain-IoT system.
- Permission management for users, devices and Smart Behaviours, limiting the permitted actions and data interactions.
- The runtime application of permissions to permit or deny access.
This report presents the initial perspective of a potential business strategy around the BRAIN IoT repository / marketplace.
To assess this potential perspective the consortium has worked in three different, complementary pathways:
- A careful definition of the repository functional and technical requirements (section 2)
- An assessment of existing other examples of repository/marketplace from known, comparable European projects (COMPOSITION and Big IoT, presented in section 3).
- A review of the business approach of existing software marketplaces developed by various types of businesses and industries (telecom operators, cloud platforms, software repositories, application enablement platforms…). (section 4)
Through this cross-analysis, a first definition of the potential business requirements of a BRAIN IoT marketplace has been defined (section 2.2).
The main findings can be summed up as follow:
- The development of the marketplace would provide benefits to various stakeholders by bringing additional value to the technology platform, but the sustainability of the approach still needs to be assessed, especially if engagement of developers remains too limited.
- The value of a `Marketplace` is dictated by the shareability/re-usability of artefacts in the Marketplace in different and unrelated runtime contexts.
- Generic high-quality Edge Integration Components with assured pedigree/provenance will be of interest to a large community. Whereas, Sophisticated AI/ML-based behaviours trained for specific roles in specific environments may have extremely high business value in the target environment, but limited applicability elsewhere. Here, it is the generic modelling tools which allowed the simple creation of context specific AI/ML-based behaviours that will be of interest to the wider community.
- A Brain IoT marketplace would have to first attract a critical mass of contributors that can build potential behaviours. Thus, a focus on the modelling tool community, smart behaviour developers, should be considered. Ideally the marketplace should also initially be populated with simple behaviours that can be composed easily into more complex ones to facilitate adoption. In a second time the marketplace would have to focus on IoT users, deployment operators and integrators that would need the behaviour developed by the modelling tool community.
- To compensate the marketplace costs and build up the marketplace community, a business model using a subscription model is considered as a more realistic short-term option than a traditional model that takes a share of marketplace exchanges. This is especially the case if the marketplace focuses at first on small atomic behaviours to be assembled. Building up on these initial findings, further discussions are planned as part of the project work on exploitation in the M18-M36 activity period to identify if such a business dynamics can be integrated in the exploitation plan of some of the project partners
Building a framework for deployment and operation of Internet of Things (IoT) service orchestration is a complex task since it needs to address two major challenges: a strong availability and an abstraction layer to deal with heterogeneous devices. In order to tackle the challenge of availability, the Brain IoT project has chosen to rely on Paremus service Fabric, which provides distribution, monitoring, and automatic recovery in case of node failure. Regarding the interaction with heterogeneous devices, the Eclipse sensiNact middleware2 has been chosen for its capability to interact with a wide variety of equipment and protocols, as well as its extensibility mechanisms. The purpose of deliverable 4.2 is to provide a platform using the best of those two enablers, thanks to evolutions of the two code-bases in order to integrate them gracefully. For this reason, deliverable 4.2 is provided as source code.
This deliverable is a software release type of deliverable. The goal of the present notice is to help technical and non-technical stakeholders to understand the purpose of the source code which has been delivered, and to provide useful links to retrieve, build and run the platform.
The software stack is still under construction. It will be delivered in its final version at the end of the project, as part of deliverable 4.5 entitled “Final Deployment and operation enablers”
This document is a quick start guide to the BRAIN-IoT modelling framework implementation, i.e., a modelling tool hereafter named “BRAIN-IoT Designer”. The modelling tool is composed of the Papyrus IoT-ML modeller, and its eco-system od Model-Driven Engineering (MDE) tools for purposes such as model checking, code and metadata generation, and Models@runtime features. In this first version of BRAIN-IoT Designer, we shall expose its IoT-ML modeller and code generation functionalities through BIP. More information on the underlying modelling languages can be found in D3.1.
BRAIN-IoT Designer is an Eclipse Rich Client Platform (RCP) that has been built with all the required features packaged as one tool. In this first deliverable, BRAIN-IoT Designer is composed of the following features:
- Papyrus UML
- Papyrus SysML
- Papyrus MARTE
- Papyrus IoT-ML
This document shows how to download, install, launch, and create a first model with BRAIN-IoT Designer. Afterward we show how the model is represented in the BIP modelling and analysis framework for code generation. Finally, this document shows some ongoing development works for the second release of the tool, to be detailed in D3.8. These MDE tools in development exploit the model for metadata generation and add Models@runtime features, i.e., monitoring and quick post-deployment behavior prototyping through models.
This document describes the research and approaches identified by task 3.3 `Initial Enablers for dynamic distribution of IoT behaviour`: this activity delivering BRAIN-IoT’s generic nonfunctional runtime mechanisms needed to support the dynamic deployment and orchestration of BRAIN-IoT’s Smart Behaviours.
Why this is an essential characteristic of, and a unique differentiator for, BRAIN-IoT, is first explained.
It is important to note that this document is not concerned with the specifics of Smart Behaviours needed for particular Use Cases specified in D2.4; nor how Smart Behaviours should be modelled; these concerns addressed by the D3.1, D3.2 & D3.4 deliverables in WP3.
This document is a deliverable of the BRAIN-IoT project, funded by the European Commission, under the Horizon 2020 Research and Innovation Program (H2020). It belongs to WP3 – IoT Framework for smart dynamic behavior, under Task 3.2 – AI and ML features for smart behavior and actuation.
The main role of this task is to design and implement the features that deal with Artificial Intelligence (AI) and Machine Learning (ML) techniques in Smart Behaviours as they are being defined in BRAIN-IoT.
The two main sets of use-case real-world scenarios, service robotics, and critical infrastructure monitoring, will dictate the specific features where some applied intelligence (analysis, prediction, collaborative context base behavior) is needed to solve the problems.
However, it is the main goal of this document to generalize the solutions available for this kind of intelligence. Research in classic and state-of-the-art AI and ML methods will be elaborated on in order to design for a set of abstractions that can be used under a generalized approach. In such a way that this proposed design:
- Solves the use-case scenarios.
- Covers a wide enough range of problems in the context of Smart Behaviours in distributed environments.
- Is well defined in terms of the ongoing IoT-ML definition elements.
- Explore the Capabilities that would be needed to advertise regarding Smart Behaviours requirements.
- Outline which Smart Behaviours would benefit from the exogenous coordination approach advocated and developed in BIP.
- Those elements can be modelled and managed within the Brain-IoT developed modelling tools.
The IoT domain comprises several different governance models, which are often incompatible, this leads to a situation where security is treated on a per-case and per-legislation basis, retrofitting solutions to existing designs, and this severely hampers portability, interoperability, and deployment. In our vision of the Internet of Things, the interoperability of solutions at the communication level, as well as at the service level, has to be ensured across various platforms. This motivates, first, adopting a Reference Model for the BRAIN-IoT domain in order to promote a common understanding and a common ground for IoT solutions. Second, solutions should be supported by BRAIN-IoT Reference Architecture that describes essential building blocks regarding functionality, deployment, and security. The reference architecture proposed in this document relies on the technology supported by our BRAIN-IoT partners such as PAREMUS, CEA, and, Airbus.
The present document is a deliverable of the BRAIN-IoT project, funded by the European Commission, under its Horizon 2020 Research and innovation program (H2020), reporting the results of the activities carried out by WP2 – Requirements and Architecture Engineering. The main objective of the BRAIN-IoT project is to focus on complex scenarios, where populations of heterogeneous IoT systems cooperatively support actuation and control. In such a complex context, many initiatives fall into the temptation of developing new IoT platforms, protocols, models, or tools aiming to deliver the ultimate solution that will solve all the IoT challenges and become ”the” reference IoT platform or standard. Instead, usually, they result in the creation of a “yet-another” IoT solution or standard. More specifically, the project revolves around two vision scenarios; Service Robotics and Critical Infrastructure Management.
Deliverable D2.1 has reported on 1) the identification of the purpose and workflow of the workbench, 2) an initial set of stakeholders and their categorization, 3) the communication flow between them, and lastly 4) an initial description and analysis of use cases.
In the current deliverable D2.4, we refine the initial version of the use cases specified in D2.1 and give an updated vision towards which the project will evolve. The descriptions presented here will be used for interproject communication in order to identify development scenarios and help to fertilize the process of thinking for the design of future systems. Besides the aspects regarding development, the vision scenarios are used as understandable stories to externally communicate the project’s aims and inform the audience what kind of applications can be designed with the framework developed by BRAIN-IoT, the actual outcome of the project.
Finally, deliverable D2.4 will be further extended and refined in the next iteration and updated in the deliverable D2.6, where the final results will be documented.
The main objective of work package 7 is to create awareness and adoption of the BRAIN-IoT project within the targeted communities defined by deliverables D7.4 & D7.1, i.e.: Research Communities, Developer Communities (Early adopters and Late adopters), Solution makers, End users and the general public
This report documents the initial efforts and results of the project in term of advertising and community engagement. It follows the dissemination strategy defined in D7.1.
In this document, a list of the press releases, articles, social media tools and available contents will be presented, as well as a brief summary of the events in which the project has participated.
This deliverable documents the activities related to the website of the Brain-IoT project, the main tool to communicate project results to scientists, scholars, professionals, the interested public and other stakeholders. More specifically, it aims at providing a project introduction as well as continuous updates on project results. The website is designed using the WordPress Content Management System (CMS), as it naturally supports the combination of static pages with blog entries that are continuously added. WordPress also provides an editorial system that supports the coordination of inputs from the different partners and collaborators of the project.
This document defines the project‘s outreach strategy including an effective communication plan. The strategy is intended to optimize dissemination of project knowledge and results to scientific, open source and industrial communities, companies and public organizations. This document will identify the main stakeholders‘ communities to be mobilized by the project and for each define the best media, events, and publications to target.
This document will be a living document throughout the project regularly updated to take count of strategy evolutions. The evolution of the strategy will be visible in the next deliverables D7.3, D7.5 and D7.6 which will present an update of the Advertising, Community Engagement materials and Results.
This document is split in three main sections:
- How we identify our customers, describing the projects’ efforts to identify the dissemination and exploitations targets, i.e. the project “customers”.
- The Dissemination strategy outlining the dissemination activities carried out by the BRAIN-IoT project partners.
- The Eclipse IoT Proposal explaining the benefits in joining an open source community like the Eclipse Foundation and explaining the steps the BRAIN-IoT project proposal has to go through to be sustainable in this open source community.
The purpose of this document is to present the initial Data Management Plan (DMP) of the BRAIN-IoT project and to provide the guidelines for maintaining the DMP during the project.
The Data Management Plan methodology approach adopted for the compilation of D6.1 has been based on the updated version of the “Guidelines on FAIR Data Management in Horizon 2020 version 3.0 released on 26 July 2016 by the European Commission Directorate – General for Research & Innovation”. It defines how data in general and research data in particular will be handled during the research project and will make suggestions for the after-project time. It describes what data will be collected, processed or generated within the scope of the project, what methodologies and standards shall be followed during the collection process, whether and how these data shall be shared and/or made open for the evaluation needs, and how they shall be curated and preserved.
All BRAIN-IoT data will be handled according to EU Data protection and Privacy regulation and the General Data Protection Regulation (GDPR).
Deliverable D3.1 is aiming to design a BRAIN-IoT modelling language IoT-ML which allows to virtualize concrete physical world devices including also complex system such as autonomous robots and critical control devices, as well as data and capabilities models for cross-platform interoperability. The main challenge in this work is to design a IoT Modelling language which can embrace multiple domains. The framework designed could provide the capability to model several different aspects, meaning it could support several individual modelling approaches as well as modelling languages.
This document explores how BRAIN-IoT approaches the requirements of initial device discovery, search, composition and orchestration in a manner that addresses these non-functional challenges. The proposed approach is sufficiently flexible to deal with any foreseeable runtime use case and this document maps out a strategy to deliver this. However, it should also be noted that current BRAIN-IoT Use Case(s) will be subsets of these generalised behaviours.
This document reports on the initial threat modeling and security assessment of the BRAIN-IoT proposed scenarios and the followed security methodology which is based on known threats analyzed by international initiatives undergoing in the EU and worldwide. Starting from the scenarios and architectural solutions defined by WP2, the authors performed an initial analysis considering intentional threats that may result in BRAIN-IoT services to be compromised or disrupted.
This document represents the first iteration of the BRAIN-IoT architecture with focus on: i) identifying BRAIN-IoT things and platforms, ii) defining initial set of requirements, iii) defining initial version of the BRAIN-IoT reference architecture, iv) identifying BRAIN-IoT relevant technologies, v) defining Proof-of-Concept specifications.
The reference architecture and the requirement list in this deliverable will be revised, extended and refined in the next iteration.
Initial version of the vision, application scenarios and use cases in which the results of the BRAIN-IoT project will be demonstrated. D2.1 work has been conducted using domain analysis and brainstorming sessions involving relevant stakeholders and use case analyses. This document reports on the iterative process of ideation which resulted in the definition of: 1) the workflow of the workbench, 2) an initial set of relevant stakeholders, 3) the communication flow between them, and 4) the initial set of use cases.
The official BRAIN-IoT flyer and poster are available below, please feel free to download them!
- BRAIN-IoT – The Evolvable Software Nervous System for Tomorrow’s Autonomous Smart Cities and Industry 4.0 (PAREMUS)
- Eclipse Foundation supports EU funded Brain-IoT Project
- IDATE DigiWorld has been selected to Provide Market Analysis and Exploitation Support for EU funded IoT Research Project
- Airbus CyberSecurity brings its expertise to EU funded Brain-IoT Project
Other Press Release
- Paremus Service Fabric for Cloud, Edge & Fog Computing
- Pitch at EclipseCon Europe 2019
- Enrico Ferrera Interview, Oct. 2019
- Medusa Project – EMALCSA
- Using Eclipse Technologies to Develop the BRAIN-IoT model-based framework for IoT platform – Eclipse IoT Day Grenoble 2019
- End-to-end security validation of IoT systems based on digital twins of end-devices – 2020 Global Internet of Things Summit (GIoTS) – Airbus – STMicroelectronics
- Exploration of Impactful Countermeasures on IoT Attacks – UGA
- Risk Assessment in IoT Case Study: Collaborative Robots System – UGA/SAM-IoT
- Model-Based Methodology and Framework for Design and Management of Next-Gen IoT Systems – LINKS/SAM-IoT
- A Cross-Platform Communication Mechanism for ROS-Based Cyber-Physical System – LINKS/SAM-IoT
- Securing low power device communication in critical infrastructure management – Airbus/SAM-IoT