ABSTRACT
The current cost that energy represents is crucial in a field like climate control which has high energy demands, therefore its reduction must be prioritized. The expansion of ICT and IoT come with an extensive deployment of sensors and computation infrastructure creating an opportunity to analyze and optimize energy management. Data on building internal and external conditions is essential for developing efficient control strategies in order to minimize energy consumption while maintaining users' comfort inside. We here present a dataset that provides key features that could be useful for a wide range of applications in the context of modeling temperature and consumption via Artificial Intelligence algorithms. The data gathering has taken place for almost 1 year in the Pleiades building of the University of Murcia, which is a pilot building of the European project PHOENIX aiming to improve building energy efficiency.
ABSTRACT
The growing availability of mobile devices has lead to an arising development of smart cities services that share a huge amount of (personal) information and data. Without accurate and verified management, they could become severe back-doors for security and privacy. In this paper, we propose a smart city infrastructure able to integrate a distributed privacy-preserving identity management solution based on attribute-based credentials (p-ABC), a user-centric Consent Manager, and a GDPR-based Access Control mechanism so as to guarantee the enforcement of the GDPR's provisions. Thus, the infrastructure supports the definition of specific purpose, collection of data, regulation of access to personal data, and users' consents, while ensuring selective and minimal disclosure of personal information as well as user's unlinkability across service and identity providers. The proposal has been implemented, integrated, and evaluated in a fully-fledged environment consisting of MiMurcia, the Smart City project for the city of Murcia, CaPe, an industrial consent management system, and GENERAL_D, an academic GDPR-based access control system, showing the feasibility.
Subject(s)
Computer Security , Privacy , Cities , Confidentiality , Informed ConsentABSTRACT
The application of new technologies such as the Internet of Things offers the opportunity to improve current agricultural development, facilitate daily tasks, and turn farms into efficient and sustainable production systems. The use of these new technologies enables the digital transformation process demanded by the sector and provides agricultural collectives with more optimized analysis and prediction tools. Due to climate change, one of the farm industry's problems is the advance or decay in the cycle of stone fruit trees. The objective is to recommend whether a specific area meets the minimum climatic requirements for planting certain stone fruit trees based on climatic data and bioclimatic indicators. The methodology used implements a large amount of meteorological data to generate information on specific climatic conditions and interactions on crops. In this work, a pilot study has been carried out in the Region of Murcia using an IoT platform. We simulate scenarios for the development of stone fruit varieties better adapted to the environment. Based on the standard, open interfaces, and protocols, the platform integrates heterogeneous information sources and interoperability with other third-party solutions to exchange and exploit such information.
Subject(s)
Fruit , Trees , Agriculture , Crops, Agricultural , Pilot ProjectsABSTRACT
Due to the rapid development of the Internet of Things (IoT) and consequently, the availability of more and more IoT data sources, mechanisms for searching and integrating IoT data sources become essential to leverage all relevant data for improving processes and services. This paper presents the IoT search framework IoTCrawler. The IoTCrawler framework is not only another IoT framework, it is a system of systems which connects existing solutions to offer interoperability and to overcome data fragmentation. In addition to its domain-independent design, IoTCrawler features a layered approach, offering solutions for crawling, indexing and searching IoT data sources, while ensuring privacy and security, adaptivity and reliability. The concept is proven by addressing a list of requirements defined for searching the IoT and an extensive evaluation. In addition, real world use cases showcase the applicability of the framework and provide examples of how it can be instantiated for new scenarios.
ABSTRACT
The factors affecting the penetration of certain diseases such as COVID-19 in society are still unknown. Internet of Things (IoT) technologies can play a crucial role during the time of crisis and they can provide a more holistic view of the reasons that govern the outbreak of a contagious disease. The understanding of COVID-19 will be enriched by the analysis of data related to the phenomena, and this data can be collected using IoT sensors. In this paper, we show an integrated solution based on IoT technologies that can serve as opportunistic health data acquisition agents for combating the pandemic of COVID-19, named CIoTVID. The platform is composed of four layers-data acquisition, data aggregation, machine intelligence and services, within the solution. To demonstrate its validity, the solution has been tested with a use case based on creating a classifier of medical conditions using real data of voice, performing successfully. The layer of data aggregation is particularly relevant in this kind of solution as the data coming from medical devices has a very different nature to that coming from electronic sensors. Due to the adaptability of the platform to heterogeneous data and volumes of data; individuals, policymakers, and clinics could benefit from it to fight the propagation of the pandemic.
Subject(s)
COVID-19 , Internet of Things , Signal Processing, Computer-Assisted , Artificial Intelligence , COVID-19/complications , COVID-19/diagnosis , COVID-19/physiopathology , Humans , Oximetry , Pandemics , SARS-CoV-2 , Sound Spectrography/methods , Voice/physiologyABSTRACT
The digitization of manufacturing industry has led to leaner and more efficient production, under the Industry 4.0 concept. Nowadays, datasets collected from shop floor assets and information technology (IT) systems are used in data-driven analytics efforts to support more informed business intelligence decisions. However, these results are currently only used in isolated and dispersed parts of the production process. At the same time, full integration of artificial intelligence (AI) in all parts of manufacturing systems is currently lacking. In this context, the goal of this manuscript is to present a more holistic integration of AI by promoting collaboration. To this end, collaboration is understood as a multi-dimensional conceptual term that covers all important enablers for AI adoption in manufacturing contexts and is promoted in terms of business intelligence optimization, human-in-the-loop and secure federation across manufacturing sites. To address these challenges, the proposed architectural approach builds on three technical pillars: (1) components that extend the functionality of the existing layers in the Reference Architectural Model for Industry 4.0; (2) definition of new layers for collaboration by means of human-in-the-loop and federation; (3) security concerns with AI-powered mechanisms. In addition, system implementation aspects are discussed and potential applications in industrial environments, as well as business impacts, are presented.
ABSTRACT
IoT systems can be leveraged by Network Function Virtualization (NFV) and Software-Defined Networking (SDN) technologies, thereby strengthening their overall flexibility, security and resilience. In this sense, adaptive and policy-based security frameworks for SDN/NFV-aware IoT systems can provide a remarkable added value for self-protection and self-healing, by orchestrating and enforcing dynamically security policies and associated Virtual Network Functions (VNF) or Virtual network Security Functions (VSF) according to the actual context. However, this security orchestration is subject to multiple possible inconsistencies between the policies to enforce, the already enforced management policies and the evolving status of the managed IoT system. In this regard, this paper presents a semantic-aware, zero-touch and policy-driven security orchestration framework for autonomic and conflict-less security orchestration in SDN/NFV-aware IoT scenarios while ensuring optimal allocation and Service Function Chaining (SFC) of VSF. The framework relies on Semantic technologies and considers the security policies and the evolving IoT system model to dynamically and formally detect any semantic conflict during the orchestration. In addition, our optimized SFC algorithm maximizes the QoS, security aspects and resources usage during VSF allocation. The orchestration security framework has been implemented and validated showing its feasibility and performance to detect the conflicts and optimally enforce the VSFs.
ABSTRACT
Despite the advantages that the Internet of Things (IoT) will bring to our daily life, the increasing interconnectivity, as well as the amount and sensitivity of data, make IoT devices an attractive target for attackers. To address this issue, the recent Manufacturer Usage Description (MUD) standard has been proposed to describe network access control policies in the manufacturing phase to protect the device during its operation by restricting its communications. In this paper, we define an architecture and process to obtain and enforce the MUD restrictions during the bootstrapping of a device. Furthermore, we extend the MUD model with a flexible policy language to express additional aspects, such as data privacy, channel protection, and resource authorization. For the enforcement of such enriched behavioral profiles, we make use of Software Defined Networking (SDN) techniques, as well as an attribute-based access control approach by using authorization credentials and encryption techniques. These techniques are used to protect devices' data, which are shared through a blockchain platform. The resulting approach was implemented and evaluated in a real scenario, and is intended to reduce the attack surface of IoT deployments by restricting devices' communication before they join a certain network.
ABSTRACT
We propose a new harvesting approach for Vehicular Sensor Networks based on compressed sensing (CS) technology called Compressed Sensing-based Vehicular Data Harvesting (CS-VDH). This compression technology allows for the reduction of the information volume that nodes must send back to the fusion center and also an accurate recovery of the original data, even in absence of several original measurements. Our proposed method, thanks to a proper design of a delay function, orders the transmission of these measurements, being the nodes farther from the fusion center, the ones starting this transmission. This way, intermediate nodes are more likely to introduce their measurements in a packet traversing the network and to apply the CS technology. This way the contribution is twofold, adding different measurements to traversing packets, we reduce the total overload of the network, and also reducing the size of the packets thanks to the applied compression technology. We evaluate our solution by using ns-2 simulations in a realistic vehicular environment generated by SUMO, a well-known traffic simulator tool in the Vehicular Network domain. Our simulations show that CS-VDH outperforms Delay-Bounded Vehicular Data Gathering (DB-VDG), a well-known protocol for data gathering in vehicular sensor networks which considers a specific delay bound. We also evaluated the proper design of our delay function, as well as the accuracy in the reconstruction of the original data. Regarding this latter topic, our experiments proved that our proposed solution can recover sampled data with little error while still reducing the amount of information traveling through the vehicular network.
ABSTRACT
Privacy enhancing technologies (PETs) allow to achieve user's transactions unlinkability across different online Service Providers. However, current PETs fail to guarantee unlinkability against the Identity Provider (IdP), which becomes a single point of failure in terms of privacy and security, and therefore, might impersonate its users. To address this issue, OLYMPUS EU project establishes an interoperable framework of technologies for a distributed privacy-preserving identity management based on cryptographic techniques that can be applied both to online and offline scenarios. Namely, distributed cryptographic techniques based on threshold cryptography are used to split up the role of the Identity Provider (IdP) into several authorities so that a single entity is not able to impersonate or track its users. The architecture leverages PET technologies, such as distributed threshold-based signatures and privacy attribute-based credentials (p-ABC), so that the signed tokens and the ABC credentials are managed in a distributed way by several IdPs. This paper describes the Olympus architecture, including its associated requirements, the main building blocks and processes, as well as the associated use cases. In addition, the paper shows how the Olympus oblivious architecture can be used to achieve privacy-preserving M2M offline transactions between IoT devices.
ABSTRACT
Security is critical in the deployment and maintenance of novel IoT and 5G networks. The process of bootstrapping is required to establish a secure data exchange between IoT devices and data-driven platforms. It entails, among other steps, authentication, authorization, and credential management. Nevertheless, there are few efforts dedicated to providing service access authentication in the area of constrained IoT devices connected to recent wireless networks such as narrowband IoT (NB-IoT) and 5G. Therefore, this paper presents the adaptation of bootstrapping protocols to be compliant with the 3GPP specifications in order to enable the 5G feature of secondary authentication for constrained IoT devices. To allow the secondary authentication and key establishment in NB-IoT and 4G/5G environments, we have adapted two Extensible Authentication Protocol (EAP) lower layers, i.e., PANATIKI and LO-CoAP-EAP. In fact, this approach presents the evaluation of both aforementioned EAP lower layers, showing the contrast between a current EAP lower layer standard, i.e., PANA, and one specifically designed with the constraints of IoT, thus providing high flexibility and scalability in the bootstrapping process in 5G networks. The proposed solution is evaluated to prove its efficiency and feasibility, being one of the first efforts to support secure service authentication and key establishment for constrained IoT devices in 5G environments.
ABSTRACT
Although current estimates depict steady growth in Internet of Things (IoT), many works portray an as yet immature technology in terms of security. Attacks using low performance devices, the application of new technologies and data analysis to infer private data, lack of development in some aspects of security offer a wide field for improvement. The advent of Semantic Technologies for IoT offers a new set of possibilities and challenges, like data markets, aggregators, processors and search engines, which rise the need for security. New regulations, such as GDPR , also call for novel approaches on data-security, covering personal data. In this work, we present DS4IoT, a data-security ontology for IoT, which covers the representation of data-security concepts with the novel approach of doing so from the perspective of data and introducing some new concepts such as regulations, certifications and provenance, to classical concepts such as access control methods and authentication mechanisms. In the process we followed ontological methodologies, as well as semantic web best practices, resulting in an ontology to serve as a common vocabulary for data annotation that not only distinguishes itself from previous works by its bottom-up approach, but covers new, current and interesting concepts of data-security, favouring implicit over explicit knowledge representation. Finally, this work is validated by proof of concept, by mapping the DS4IoT ontology to the NGSI-LD data model, in the frame of the IoTCrawler EU project.
ABSTRACT
The continuous evolution of the agricultural sector justifies the incorporation and adaptation of the latest technologies. Nowadays, managing crops is possible through Internet-based technologies. Their application allows for the exploitation of information and the development of isolated applications, which, although powerful, create challenges for obtaining scalable predictions throughout the useful life of farms. To address this problem, a data model was defined to improve the management of crop plots in irrigation communities and simultaneously monitor crop needs. Consequently, the objective of this study was to create an open and interoperable platform based on standard interfaces and protocols to enable the integration of heterogeneous sources of information, while ensuring interoperability with other third-party solutions for exchanging and exploiting such information. Standard and open interfaces and protocols form the basis of the platform, thereby unifying all information in a single data model, which facilitates the better use and dissemination of information. The system was fully instantiated in a real prototype in an irrigation community; the software improved water irrigation management for the farmers connected to the platform.
Subject(s)
Agriculture/methods , Software , Agricultural Irrigation , Crops, AgriculturalABSTRACT
The dawn of the Internet of Things (IoT) paradigm has brought about a series of novel services never imagined until recently. However, certain deployments such as those employing Low-Power Wide-Area Network (LPWAN)-based technologies may present severe network restrictions in terms of throughput and supported packet length. This situation prompts the isolation of LPWAN systems on islands with limited interoperability with the Internet. For that reason, the IETF's LPWAN working group has proposed a Static Context Header Compression (SCHC) scheme that permits compression and fragmentation of and IPv6/UDP/CoAP packets with the aim of making them suitable for transmission over the restricted links of LPWANs. Given the impact that such a solution can have in many IoT scenarios, this paper addresses its real evaluation in terms not only of latency and delivery ratio improvements, as a consequence of different compression and fragmentation levels, but also of the overhead in end node resources and useful payload sent per fragment. This has been carried out with the implementation of middleware and using a real testbed implementation of a LoRaWAN-to-IPv6 architecture together with a publish/subscribe broker for CoAP. The attained results show the advantages of SCHC, and sustain discussion regarding the impact of different SCHC and LoRaWAN configurations on the performance. It is highlighted that necessary end node resources are low as compared to the benefit of delivering long IPv6 packets over the LPWAN links. In turn, fragmentation can impose a lack of efficiency in terms of data and energy and, hence, a cross-layer solution is needed in order to obtain the best throughput of the network.
ABSTRACT
Internet of Vehicles (IoV) is a hot research niche exploiting the synergy between Cooperative Intelligent Transportation Systems (C-ITS) and the Internet of Things (IoT), which can greatly benefit of the upcoming development of 5G technologies. The variety of end-devices, applications, and Radio Access Technologies (RATs) in IoV calls for new networking schemes that assure the Quality of Service (QoS) demanded by the users. To this end, network slicing techniques enable traffic differentiation with the aim of ensuring flow isolation, resource assignment, and network scalability. This work fills the gap of 5G network slicing for IoV and validates it in a realistic vehicular scenario. It offers an accurate bandwidth control with a full flow-isolation, which is essential for vehicular critical systems. The development is based on a distributed Multi-Access Edge Computing (MEC) architecture, which provides flexibility for the dynamic placement of the Virtualized Network Functions (VNFs) in charge of managing network traffic. The solution is able to integrate heterogeneous radio technologies such as cellular networks and specific IoT communications with potential in the vehicular sector, creating isolated network slices without risking the Core Network (CN) scalability. The validation results demonstrate the framework capabilities of short and predictable slice-creation time, performance/QoS assurance and service scalability of up to one million connected devices.
ABSTRACT
Building Automation (BA) is key to encourage the growth of more sustainable cities and smart homes. However, current BA systems are not able to manage new constructions based on Adaptable/Dynamic Building Envelopes (ADBE) achieving near-zero energy-efficiency. The ADBE buildings integrate Renewable Energy Sources (RES) and Envelope Retrofitting (ER) that must be managed by new BA systems based on Artificial Intelligence (AI) and Internet of Things (IoT) through secure protocols. This paper presents the PLUG-N-HARVEST architecture based on cloud AI systems and security-by-design IoT networks to manage near-zero ADBE constructions in both residential and commercial buildings. To demonstrate the PLUG-N-HARVEST architecture, three different real-world pilots have been considered in Germany, Greece and Spain. The paper describes the Spain pilot of residential buildings including the deployment of IoT wireless networks (i.e., sensors and actuators) based on Zwave technology to enable plug-and-play installations. The real-world tests showed the high efficiency of security-by-design Internet communications between building equipment and cloud management systems. Moreover, the results of cloud intelligent management demonstrate the improvements in both energy consumption and comfort conditions.
ABSTRACT
Remote vehicle monitoring is a field that has recently attracted the attention of both academia and industry. With the dawn of the Internet of Things (IoT) paradigm, the possibilities for performing this task have multiplied, due to the emergence of low-cost and multi-purpose monitoring devices and the evolution of wireless transmission technologies. Low Power-Wide Area Network (LPWAN) encompasses a set of IoT communication technologies that are gaining momentum, due to their highly valued features regarding transmission distance and end-device energy consumption. For that reason, in this work we present a vehicular monitoring platform enabled by LPWAN-based technology, namely Long Range Wide Area Network (LoRaWAN). Concretely, we explore the end-to-end architecture considering vehicle data retrieving by using an On-Board Diagnostics II (OBD-II) interface, their compression with a novel IETF compression scheme in order to transmit them over the constrained LoRaWAN link, and information visualization through a data server hosted in the cloud, by means of a web-based dashboard. A key advance of the proposal is the design and development of a UNIX-based network interface for LPWAN communications. The whole system has been tested in a university campus environment, showing its capabilities to remotely track vehicle status in real-time. The conducted performance evaluation also shows high levels of reliability in the transmission link, with packet delivery ratios over 95%. The platform boosts the process of monitoring vehicles, enabling a variety of services such as mechanical failure prediction and detection, fleet management, and traffic monitoring, and is extensible to light vehicles with severe power constraints.
ABSTRACT
The increase of Software Defined Networks (SDN) and Network Function Virtualization (NFV) technologies is bringing many security management benefits that can be exploited at the edge of Internet of Things (IoT) networks to deal with cyber-threats. In this sense, this paper presents and evaluates a novel policy-based and cyber-situational awareness security framework for continuous and dynamic management of Authentication, Authorization, Accounting (AAA) as well as Channel Protection virtual security functions in IoT networks enabled with SDN/NFV. The virtual AAA, including network authenticators, are deployed as VNF (Virtual Network Function) dynamically at the edge, in order to enable scalable device's bootstrapping and managing the access control of IoT devices to the network. In addition, our solution allows distributing dynamically the necessary crypto-keys for IoT Machine to Machine (M2M) communications and deploy virtual Channel-protection proxys as VNFs, with the aim of establishing secure tunnels among IoT devices and services, according to the contextual decisions inferred by the cognitive framework. The solution has been implemented and evaluated, demonstrating its feasibility to manage dynamically AAA and channel protection in SDN/NFV-enabled IoT scenarios.
ABSTRACT
Luckily, new communication technologies and protocols are nowadays designed considering security issues. A clear example of this can be found in the Internet of Things (IoT) field, a quite recent area where communication technologies such as ZigBee or IPv6 over Low power Wireless Personal Area Networks (6LoWPAN) already include security features to guarantee authentication, confidentiality and integrity. More recent technologies are Low-Power Wide-Area Networks (LP-WAN), which also consider security, but present initial approaches that can be further improved. An example of this can be found in Long Range (LoRa) and its layer-two supporter LoRa Wide Area Network (LoRaWAN), which include a security scheme based on pre-shared cryptographic material lacking flexibility when a key update is necessary. Because of this, in this work, we evaluate the security vulnerabilities of LoRaWAN in the area of key management and propose different alternative schemes. Concretely, the application of an approach based on the recently specified Ephemeral Diffieâ»Hellman Over COSE (EDHOC) is found as a convenient solution, given its flexibility in the update of session keys, its low computational cost and the limited message exchanges needed. A comparative conceptual analysis considering the overhead of different security schemes for LoRaWAN is carried out in order to evaluate their benefits in the challenging area of LP-WAN.
ABSTRACT
New verticals within the Internet of Things (IoT) paradigm such as smart cities, smart farming, or goods monitoring, among many others, are demanding strong requirements to the Radio Access Network (RAN) in terms of coverage, end-node's power consumption, and scalability. The technologies employed so far to provide IoT scenarios with connectivity, e.g., wireless sensor network and cellular technologies, are not able to simultaneously cope with these three requirements. Thus, a novel solution known as Low Power - Wide Area Network (LP-WAN) has emerged as a promising alternative to provide with low-cost and low-power-consumption connectivity to end-nodes spread in a wide area. Concretely, the Long-Range Wide Area Network (LoRaWAN) technology is one of the LP-WAN platforms that is receiving greater attention from both the industry and the academia. For that reason, in this work, a comprehensive performance evaluation of LoRaWAN under different environmental conditions is presented. The results are obtained from three real scenarios, namely, urban, suburban, and rural, considering both dynamic and static conditions, hence a discussion about the most proper LoRaWAN physical-layer configuration for each scenario is provided. Besides, a theoretical coverage study is also conducted by the use of a radio planning tool considering topographic maps and a precise propagation model. From the attained results, it can be concluded that it is necessary to evaluate the propagation conditions of the deployment scenario prior to the system implantation in order to reach a compromise between the robustness of the network and the transmission data-rate.
