Data Protection by Design in the Context of Smart Cities: A Consent and Access Control Proposal.

The growing availability of mobile devices has lead to an arising development of smart cities services that share a huge amount of (personal) information and data. Without accurate and verified management, they could become severe back-doors for security and privacy. In this paper, we propose a smart city infrastructure able to integrate a distributed privacy-preserving identity management solution based on attribute-based credentials (p-ABC), a user-centric Consent Manager, and a GDPR-based Access Control mechanism so as to guarantee the enforcement of the GDPR's provisions. Thus, the infrastructure supports the definition of specific purpose, collection of data, regulation of access to personal data, and users' consents, while ensuring selective and minimal disclosure of personal information as well as user's unlinkability across service and identity providers. The proposal has been implemented, integrated, and evaluated in a fully-fledged environment consisting of MiMurcia, the Smart City project for the city of Murcia, CaPe, an industrial consent management system, and GENERAL_D, an academic GDPR-based access control system, showing the feasibility.

Climate-Aware and IoT-Enabled Selection of the Most Suitable Stone Fruit Tree Variety.

The application of new technologies such as the Internet of Things offers the opportunity to improve current agricultural development, facilitate daily tasks, and turn farms into efficient and sustainable production systems. The use of these new technologies enables the digital transformation process demanded by the sector and provides agricultural collectives with more optimized analysis and prediction tools. Due to climate change, one of the farm industry's problems is the advance or decay in the cycle of stone fruit trees. The objective is to recommend whether a specific area meets the minimum climatic requirements for planting certain stone fruit trees based on climatic data and bioclimatic indicators. The methodology used implements a large amount of meteorological data to generate information on specific climatic conditions and interactions on crops. In this work, a pilot study has been carried out in the Region of Murcia using an IoT platform. We simulate scenarios for the development of stone fruit varieties better adapted to the environment. Based on the standard, open interfaces, and protocols, the platform integrates heterogeneous information sources and interoperability with other third-party solutions to exchange and exploit such information.

IoTCrawler: Challenges and Solutions for Searching the Internet of Things.

Due to the rapid development of the Internet of Things (IoT) and consequently, the availability of more and more IoT data sources, mechanisms for searching and integrating IoT data sources become essential to leverage all relevant data for improving processes and services. This paper presents the IoT search framework IoTCrawler. The IoTCrawler framework is not only another IoT framework, it is a system of systems which connects existing solutions to offer interoperability and to overcome data fragmentation. In addition to its domain-independent design, IoTCrawler features a layered approach, offering solutions for crawling, indexing and searching IoT data sources, while ensuring privacy and security, adaptivity and reliability. The concept is proven by addressing a list of requirements defined for searching the IoT and an extensive evaluation. In addition, real world use cases showcase the applicability of the framework and provide examples of how it can be instantiated for new scenarios.

CIoTVID: Towards an Open IoT-Platform for Infective Pandemic Diseases such as COVID-19.

The factors affecting the penetration of certain diseases such as COVID-19 in society are still unknown. Internet of Things (IoT) technologies can play a crucial role during the time of crisis and they can provide a more holistic view of the reasons that govern the outbreak of a contagious disease. The understanding of COVID-19 will be enriched by the analysis of data related to the phenomena, and this data can be collected using IoT sensors. In this paper, we show an integrated solution based on IoT technologies that can serve as opportunistic health data acquisition agents for combating the pandemic of COVID-19, named CIoTVID. The platform is composed of four layers-data acquisition, data aggregation, machine intelligence and services, within the solution. To demonstrate its validity, the solution has been tested with a use case based on creating a classifier of medical conditions using real data of voice, performing successfully. The layer of data aggregation is particularly relevant in this kind of solution as the data coming from medical devices has a very different nature to that coming from electronic sensors. Due to the adaptability of the platform to heterogeneous data and volumes of data; individuals, policymakers, and clinics could benefit from it to fight the propagation of the pandemic.

Semantic-Aware Security Orchestration in SDN/NFV-Enabled IoT Systems.

IoT systems can be leveraged by Network Function Virtualization (NFV) and Software-Defined Networking (SDN) technologies, thereby strengthening their overall flexibility, security and resilience. In this sense, adaptive and policy-based security frameworks for SDN/NFV-aware IoT systems can provide a remarkable added value for self-protection and self-healing, by orchestrating and enforcing dynamically security policies and associated Virtual Network Functions (VNF) or Virtual network Security Functions (VSF) according to the actual context. However, this security orchestration is subject to multiple possible inconsistencies between the policies to enforce, the already enforced management policies and the evolving status of the managed IoT system. In this regard, this paper presents a semantic-aware, zero-touch and policy-driven security orchestration framework for autonomic and conflict-less security orchestration in SDN/NFV-aware IoT scenarios while ensuring optimal allocation and Service Function Chaining (SFC) of VSF. The framework relies on Semantic technologies and considers the security policies and the evolving IoT system model to dynamically and formally detect any semantic conflict during the orchestration. In addition, our optimized SFC algorithm maximizes the QoS, security aspects and resources usage during VSF allocation. The orchestration security framework has been implemented and validated showing its feasibility and performance to detect the conflicts and optimally enforce the VSFs.

Security Architecture for Defining and Enforcing Security Profiles in DLT/SDN-Based IoT Systems.

Despite the advantages that the Internet of Things (IoT) will bring to our daily life, the increasing interconnectivity, as well as the amount and sensitivity of data, make IoT devices an attractive target for attackers. To address this issue, the recent Manufacturer Usage Description (MUD) standard has been proposed to describe network access control policies in the manufacturing phase to protect the device during its operation by restricting its communications. In this paper, we define an architecture and process to obtain and enforce the MUD restrictions during the bootstrapping of a device. Furthermore, we extend the MUD model with a flexible policy language to express additional aspects, such as data privacy, channel protection, and resource authorization. For the enforcement of such enriched behavioral profiles, we make use of Software Defined Networking (SDN) techniques, as well as an attribute-based access control approach by using authorization credentials and encryption techniques. These techniques are used to protect devices' data, which are shared through a blockchain platform. The resulting approach was implemented and evaluated in a real scenario, and is intended to reduce the attack surface of IoT deployments by restricting devices' communication before they join a certain network.

Evaluation of the Use of Compressed Sensing in Data Harvesting for Vehicular Sensor Networks.

We propose a new harvesting approach for Vehicular Sensor Networks based on compressed sensing (CS) technology called Compressed Sensing-based Vehicular Data Harvesting (CS-VDH). This compression technology allows for the reduction of the information volume that nodes must send back to the fusion center and also an accurate recovery of the original data, even in absence of several original measurements. Our proposed method, thanks to a proper design of a delay function, orders the transmission of these measurements, being the nodes farther from the fusion center, the ones starting this transmission. This way, intermediate nodes are more likely to introduce their measurements in a packet traversing the network and to apply the CS technology. This way the contribution is twofold, adding different measurements to traversing packets, we reduce the total overload of the network, and also reducing the size of the packets thanks to the applied compression technology. We evaluate our solution by using ns-2 simulations in a realistic vehicular environment generated by SUMO, a well-known traffic simulator tool in the Vehicular Network domain. Our simulations show that CS-VDH outperforms Delay-Bounded Vehicular Data Gathering (DB-VDG), a well-known protocol for data gathering in vehicular sensor networks which considers a specific delay bound. We also evaluated the proper design of our delay function, as well as the accuracy in the reconstruction of the original data. Regarding this latter topic, our experiments proved that our proposed solution can recover sampled data with little error while still reducing the amount of information traveling through the vehicular network.

Digital Transformation of Agriculture through the Use of an Interoperable Platform.

The continuous evolution of the agricultural sector justifies the incorporation and adaptation of the latest technologies. Nowadays, managing crops is possible through Internet-based technologies. Their application allows for the exploitation of information and the development of isolated applications, which, although powerful, create challenges for obtaining scalable predictions throughout the useful life of farms. To address this problem, a data model was defined to improve the management of crop plots in irrigation communities and simultaneously monitor crop needs. Consequently, the objective of this study was to create an open and interoperable platform based on standard interfaces and protocols to enable the integration of heterogeneous sources of information, while ensuring interoperability with other third-party solutions for exchanging and exploiting such information. Standard and open interfaces and protocols form the basis of the platform, thereby unifying all information in a single data model, which facilitates the better use and dissemination of information. The system was fully instantiated in a real prototype in an irrigation community; the software improved water irrigation management for the farmers connected to the platform.

Lightweight Data-Security Ontology for IoT.

Although current estimates depict steady growth in Internet of Things (IoT), many works portray an as yet immature technology in terms of security. Attacks using low performance devices, the application of new technologies and data analysis to infer private data, lack of development in some aspects of security offer a wide field for improvement. The advent of Semantic Technologies for IoT offers a new set of possibilities and challenges, like data markets, aggregators, processors and search engines, which rise the need for security. New regulations, such as GDPR , also call for novel approaches on data-security, covering personal data. In this work, we present DS4IoT, a data-security ontology for IoT, which covers the representation of data-security concepts with the novel approach of doing so from the perspective of data and introducing some new concepts such as regulations, certifications and provenance, to classical concepts such as access control methods and authentication mechanisms. In the process we followed ontological methodologies, as well as semantic web best practices, resulting in an ontology to serve as a common vocabulary for data annotation that not only distinguishes itself from previous works by its bottom-up approach, but covers new, current and interesting concepts of data-security, favouring implicit over explicit knowledge representation. Finally, this work is validated by proof of concept, by mapping the DS4IoT ontology to the NGSI-LD data model, in the frame of the IoTCrawler EU project.

Secure Authentication and Credential Establishment in Narrowband IoT and 5G.

Security is critical in the deployment and maintenance of novel IoT and 5G networks. The process of bootstrapping is required to establish a secure data exchange between IoT devices and data-driven platforms. It entails, among other steps, authentication, authorization, and credential management. Nevertheless, there are few efforts dedicated to providing service access authentication in the area of constrained IoT devices connected to recent wireless networks such as narrowband IoT (NB-IoT) and 5G. Therefore, this paper presents the adaptation of bootstrapping protocols to be compliant with the 3GPP specifications in order to enable the 5G feature of secondary authentication for constrained IoT devices. To allow the secondary authentication and key establishment in NB-IoT and 4G/5G environments, we have adapted two Extensible Authentication Protocol (EAP) lower layers, i.e., PANATIKI and LO-CoAP-EAP. In fact, this approach presents the evaluation of both aforementioned EAP lower layers, showing the contrast between a current EAP lower layer standard, i.e., PANA, and one specifically designed with the constraints of IoT, thus providing high flexibility and scalability in the bootstrapping process in 5G networks. The proposed solution is evaluated to prove its efficiency and feasibility, being one of the first efforts to support secure service authentication and key establishment for constrained IoT devices in 5G environments.

Impact of SCHC Compression and Fragmentation in LPWAN: A Case Study with LoRaWAN.

The dawn of the Internet of Things (IoT) paradigm has brought about a series of novel services never imagined until recently. However, certain deployments such as those employing Low-Power Wide-Area Network (LPWAN)-based technologies may present severe network restrictions in terms of throughput and supported packet length. This situation prompts the isolation of LPWAN systems on islands with limited interoperability with the Internet. For that reason, the IETF's LPWAN working group has proposed a Static Context Header Compression (SCHC) scheme that permits compression and fragmentation of and IPv6/UDP/CoAP packets with the aim of making them suitable for transmission over the restricted links of LPWANs. Given the impact that such a solution can have in many IoT scenarios, this paper addresses its real evaluation in terms not only of latency and delivery ratio improvements, as a consequence of different compression and fragmentation levels, but also of the overhead in end node resources and useful payload sent per fragment. This has been carried out with the implementation of middleware and using a real testbed implementation of a LoRaWAN-to-IPv6 architecture together with a publish/subscribe broker for CoAP. The attained results show the advantages of SCHC, and sustain discussion regarding the impact of different SCHC and LoRaWAN configurations on the performance. It is highlighted that necessary end node resources are low as compared to the benefit of delivering long IPv6 packets over the LPWAN links. In turn, fragmentation can impose a lack of efficiency in terms of data and energy and, hence, a cross-layer solution is needed in order to obtain the best throughput of the network.

LPWAN-Based Vehicular Monitoring Platform with a Generic IP Network Interface.

Remote vehicle monitoring is a field that has recently attracted the attention of both academia and industry. With the dawn of the Internet of Things (IoT) paradigm, the possibilities for performing this task have multiplied, due to the emergence of low-cost and multi-purpose monitoring devices and the evolution of wireless transmission technologies. Low Power-Wide Area Network (LPWAN) encompasses a set of IoT communication technologies that are gaining momentum, due to their highly valued features regarding transmission distance and end-device energy consumption. For that reason, in this work we present a vehicular monitoring platform enabled by LPWAN-based technology, namely Long Range Wide Area Network (LoRaWAN). Concretely, we explore the end-to-end architecture considering vehicle data retrieving by using an On-Board Diagnostics II (OBD-II) interface, their compression with a novel IETF compression scheme in order to transmit them over the constrained LoRaWAN link, and information visualization through a data server hosted in the cloud, by means of a web-based dashboard. A key advance of the proposal is the design and development of a UNIX-based network interface for LPWAN communications. The whole system has been tested in a university campus environment, showing its capabilities to remotely track vehicle status in real-time. The conducted performance evaluation also shows high levels of reliability in the transmission link, with packet delivery ratios over 95%. The platform boosts the process of monitoring vehicles, enabling a variety of services such as mechanical failure prediction and detection, fleet management, and traffic monitoring, and is extensible to light vehicles with severe power constraints.

Enhancing LoRaWAN Security through a Lightweight and Authenticated Key Management Approach.

Luckily, new communication technologies and protocols are nowadays designed considering security issues. A clear example of this can be found in the Internet of Things (IoT) field, a quite recent area where communication technologies such as ZigBee or IPv6 over Low power Wireless Personal Area Networks (6LoWPAN) already include security features to guarantee authentication, confidentiality and integrity. More recent technologies are Low-Power Wide-Area Networks (LP-WAN), which also consider security, but present initial approaches that can be further improved. An example of this can be found in Long Range (LoRa) and its layer-two supporter LoRa Wide Area Network (LoRaWAN), which include a security scheme based on pre-shared cryptographic material lacking flexibility when a key update is necessary. Because of this, in this work, we evaluate the security vulnerabilities of LoRaWAN in the area of key management and propose different alternative schemes. Concretely, the application of an approach based on the recently specified Ephemeral Diffie⁻Hellman Over COSE (EDHOC) is found as a convenient solution, given its flexibility in the update of session keys, its low computational cost and the limited message exchanges needed. A comparative conceptual analysis considering the overhead of different security schemes for LoRaWAN is carried out in order to evaluate their benefits in the challenging area of LP-WAN.

Performance Evaluation of LoRa Considering Scenario Conditions.

New verticals within the Internet of Things (IoT) paradigm such as smart cities, smart farming, or goods monitoring, among many others, are demanding strong requirements to the Radio Access Network (RAN) in terms of coverage, end-node's power consumption, and scalability. The technologies employed so far to provide IoT scenarios with connectivity, e.g., wireless sensor network and cellular technologies, are not able to simultaneously cope with these three requirements. Thus, a novel solution known as Low Power - Wide Area Network (LP-WAN) has emerged as a promising alternative to provide with low-cost and low-power-consumption connectivity to end-nodes spread in a wide area. Concretely, the Long-Range Wide Area Network (LoRaWAN) technology is one of the LP-WAN platforms that is receiving greater attention from both the industry and the academia. For that reason, in this work, a comprehensive performance evaluation of LoRaWAN under different environmental conditions is presented. The results are obtained from three real scenarios, namely, urban, suburban, and rural, considering both dynamic and static conditions, hence a discussion about the most proper LoRaWAN physical-layer configuration for each scenario is provided. Besides, a theoretical coverage study is also conducted by the use of a radio planning tool considering topographic maps and a precise propagation model. From the attained results, it can be concluded that it is necessary to evaluate the propagation conditions of the deployment scenario prior to the system implantation in order to reach a compromise between the robustness of the network and the transmission data-rate.

Fuzzy Modelling for Human Dynamics Based on Online Social Networks.

Human mobility mining has attracted a lot of attention in the research community due to its multiple implications in the provisioning of innovative services for large metropolises. In this scope, Online Social Networks (OSN) have arisen as a promising source of location data to come up with new mobility models. However, the human nature of this data makes it rather noisy and inaccurate. In order to deal with such limitations, the present work introduces a framework for human mobility mining based on fuzzy logic. Firstly, a fuzzy clustering algorithm extracts the most active OSN areas at different time periods. Next, such clusters are the building blocks to compose mobility patterns. Furthermore, a location prediction service based on a fuzzy rule classifier has been developed on top of the framework. Finally, both the framework and the predictor has been tested with a Twitter and Flickr dataset in two large cities.

Vehicle Maneuver Detection with Accelerometer-Based Classification.

In the mobile computing era, smartphones have become instrumental tools to develop innovative mobile context-aware systems. In that sense, their usage in the vehicular domain eases the development of novel and personal transportation solutions. In this frame, the present work introduces an innovative mechanism to perceive the current kinematic state of a vehicle on the basis of the accelerometer data from a smartphone mounted in the vehicle. Unlike previous proposals, the introduced architecture targets the computational limitations of such devices to carry out the detection process following an incremental approach. For its realization, we have evaluated different classification algorithms to act as agents within the architecture. Finally, our approach has been tested with a real-world dataset collected by means of the ad hoc mobile application developed.

Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things.

As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things.

MagicFinger: 3D Magnetic Fingerprints for Indoor Location.

Given the indispensable role of mobile phones in everyday life, phone-centric sensing systems are ideal candidates for ubiquitous observation purposes. This paper presents a novel approach for mobile phone-centric observation applied to indoor location. The approach involves a location fingerprinting methodology that takes advantage of the presence of magnetic field anomalies inside buildings. Unlike existing work on the subject, which uses the intensity of magnetic field for fingerprinting, our approach uses all three components of the measured magnetic field vectors to improve accuracy. By using adequate soft computing techniques, it is possible to adequately balance the constraints of common solutions. The resulting system does not rely on any infrastructure devices and therefore is easy to manage and deploy. The proposed system consists of two phases: the offline phase and the online phase. In the offline phase, magnetic field measurements are taken throughout the building, and 3D maps are generated. Then, during the online phase, the user's location is estimated through the best estimator for each zone of the building. Experimental evaluations carried out in two different buildings confirm the satisfactory performance of indoor location based on magnetic field vectors. These evaluations provided an error of (11.34 m, 4.78 m) in the (x; y) components of the estimated positions in the first building where the experiments were carried out, with a standard deviation of (3.41 m, 4.68 m); and in the second building, an error of (4 m, 2.98 m) with a deviation of (2.64 m, 2.33 m).

How can we tackle energy efficiency in IoT based smart buildings?

Nowadays, buildings are increasingly expected to meet higher and more complex performance requirements. Among these requirements, energy efficiency is recognized as an international goal to promote energy sustainability of the planet. Different approaches have been adopted to address this goal, the most recent relating consumption patterns with human occupancy. In this work, we analyze what are the main parameters that should be considered to be included in any building energy management. The goal of this analysis is to help designers to select the most relevant parameters to control the energy consumption of buildings according to their context, selecting them as input data of the management system. Following this approach, we select three reference smart buildings with different contexts, and where our automation platform for energy monitoring is deployed. We carry out some experiments in these buildings to demonstrate the influence of the parameters identified as relevant in the energy consumption of the buildings. Then, in two of these buildings are applied different control strategies to save electrical energy. We describe the experiments performed and analyze the results. The first stages of this evaluation have already resulted in energy savings of about 23% in a real scenario.

PANATIKI: a network access control implementation based on PANA for IoT devices.

Internet of Things (IoT) networks are the pillar of recent novel scenarios, such as smart cities or e-healthcare applications. Among other challenges, these networks cover the deployment and interaction of small devices with constrained capabilities and Internet protocol (IP)-based networking connectivity. These constrained devices usually require connection to the Internet to exchange information (e.g., management or sensing data) or access network services. However, only authenticated and authorized devices can, in general, establish this connection. The so-called authentication, authorization and accounting (AAA) services are in charge of performing these tasks on the Internet. Thus, it is necessary to deploy protocols that allow constrained devices to verify their credentials against AAA infrastructures. The Protocol for Carrying Authentication for Network Access (PANA) has been standardized by the Internet engineering task force (IETF) to carry the Extensible Authentication Protocol (EAP), which provides flexible authentication upon the presence of AAA. To the best of our knowledge, this paper is the first deep study of the feasibility of EAP/PANA for network access control in constrained devices. We provide light-weight versions and implementations of these protocols to fit them into constrained devices. These versions have been designed to reduce the impact in standard specifications. The goal of this work is two-fold: (1) to demonstrate the feasibility of EAP/PANA in IoT devices; (2) to provide the scientific community with the first light-weight interoperable implementation of EAP/PANA for constrained devices in the Contiki operating system (Contiki OS), called PANATIKI. The paper also shows a testbed, simulations and experimental results obtained from real and simulated constrained devices.