CALL FOR PAPERS
Workshop on IoT-SoS: Internet of Things Smart Objects and Services
in conjunction with IEEE WoWMoM 2016
Coimbra, Portugal, June 21 – 24, 2016
The Internet of Things (IoT) is a novel paradigm which is shaping the evolution of the future Internet. According to the vision underlying the IoT, the next step in increasing the ubiquity of the Internet, after connecting people anytime and everywhere, is to connect inanimate objects. By providing objects with embedded communication capabilities and a common addressing scheme, a highly distributed and ubiquitous network of seamlessly connected heterogeneous devices is formed, which can be fully integrated into the current Internet and mobile networks, thus allowing for the development of new intelligent services available anytime, anywhere, by anyone and anything. Such a vision is also becoming known under the name of Machine-to-Machine (M2M), where the absence of human interaction in the system dynamics is further emphasized.
Many applications with high social and business impact fall under the IoT/M2M umbrella, including personal healthcare, smart grid, surveillance, home automation, intelligent transportation, while it is expected that new ones will emerge once the enabling technologies reach a stable state. At the moment, three of the most important challenges are: 1. Architectures, protocols and algorithms for an efficient interconnection of smart objects, both between themselves and with the (future) Internet. 2. The creation of value-added services in cross-domain applications, especially open and interoperable, enabled by the interconnection of things / machines / smart objects, in such a way that they can be integrated with current and new business and development processes. 3. Security, privacy and trust in the IoT applications, for ensuring that the provided services will protect the users’ data, provide guarantees that no malicious users/devices will affect the system decisions and that the IoT applications will be secure and privacy-preserving “by design”.
The aim of this workshop is to bring together practitioners and researchers from both academia and industry in order to have a forum for discussion and technical presentations on the recent advances in theory, application and implementation of the Internet of Things concept: Technologies, protocols, algorithms, and services.
TOPICS OF INTEREST
We highly encourage novel and innovative previously unpublished work. Topics include, but are not limited to:
- System architectures for the IoT/M2M
- Protocols and mechanisms for seamless IoT/M2M communications
- Modeling and simulation of large¬scale IoT/M2M scenarios
- Enabling standards and technologies for the IoT/M2M
- Service platforms for IoT/M2M applications
- Business models and processes for IoT/M2M applications
- Energy optimization and sustainable operation of IoT/M2M devices
- Access network issues; including mobility management, data dissemination and routing
- Testbeds for the IoT/M2M
- Security, privacy and Trust in the IoT/M2M context
- Experiences with experimental IoT/M2M system prototypes and pilots
- Novel and emerging IoT/M2M applications; including eHealth/mHealth, Smart Grid/Smart ¬ Metering, Intelligent Transportation Systems, Smart House/Neighborhood/Cities
Paper Submission: by March 10, 2016
Notification of Acceptance: by April 15, 2016
Camera-ready Paper Due: by April 29, 2016
The workshop accepts only novel, previously unpublished papers. Submissions may be up to 9 pages in length (including figures and references), formatted in two-column IEEE conference style with font size 10 point or greater. For the camera-ready (accepted) papers, authors can buy one additional page, i.e. up to 10 pages.
- Elias Tragos, FORTH-ICS, Greece
- Rasmus Nielsen, Movimento, USA
- Adam Kapovits, Eurescom Gmbh, Germany
- Stefano Iellamo, FORTH, Greece
- Vangelis Angelakis, Linköping University, Sweden
In December 2015 RERUM provided comments to the draft ISO/IEC 30141 standard “Internet of Things Reference Architecture” to reinforce security and privacy aspects. The comments were provided by Eurescom, RERUM co-ordinator to the responsible rapporteur, and also by University of Passau, that provided the comments through DIN.
RERUM is constantly striving to achieve an impact going beyond Europe. Upon an invitation Adam Kapovits, RERUM project co-ordinator presented RERUM achievements at the 2015 TRONSHOW in Tokyo, Japan, as part of a European Smart City session, exploring potential co-operation possibilities.
An earlier post of RERUM already pointed out that the edge of the IoT including the devices is going to remain the main attack surface and battlefield in the foreseeable future, due to the relative vulnerability of the devices being exposed in uncontrolled or difficult to control environments, and because of the resource constrained nature of the edge devices.
A large number of monitoring and control application of IoT devices are by nature fall into the category “fit and forget”, which not only means that they are supposed to stay operational using the same battery for many years, even a decade or longer, but also that their software should be update-able remotely to patch security vulnerabilities discovered during this very extended period of time. (Well, not only. Functional improvement and reconfiguration might also become necessary over time.)
These two observations, in particular in conjunction with each other clearly highlight the importance and necessity of over the air patching and programming of IoT devices, as they mutually reinforce each other. Over the air programming is a clear must to have for IoT devices.
RERUM showcases its security and privacy preserving solution by monitoring traffic in the city of Heraklion, Greece. The movement of buses are monitored and traffic situation information is derived. Traffic situation in the city of Heraklion
On the second day of the ITU Telecom World’15 Forum in Budapest, a panel discussion focused on IoT and highlighted the importance of trust and security of personal data in IoT. Bettina Tratz-Ryan, Research VP, Gartner remarked that people are happy to share data within a social media environment, but get more risk averse when it comes to IoT. She went on to say that “securing personal data is a key concern”and that “from a policy perspective we need to settle these concerns” on how data can be shared.
The discussion also gave details on the work of the ITU-T focus group on smart, sustainable cities, which in 2014 agreed on the definition of a smart sustainable city. The focus group produced a series of technology reports on smart cities and communities and in this June ITU-T created a new study group to continue the work of the focus group.
On another panel in the first day of the event Ms Thieblemont (Senior Director, Government Affairs, Qualcomm, Inc., USA) also commented on security and privacy for IoT as being of very high priority, and the subsequent need to practice security-by-design and to inherently build in security rather than add it as an afterthought – as in the case of autonomous cars that have needed patching against software vulnerabilities.
Further reading and reference:
RERUM advisory board member Ms Marit Hansen, who until now was the executive vice president of the Independent Centre for Privacy Protection in Schleswig-Holstein has just been promoted to become Schleswig-Holstein Data Protection Commissioner. She will formally assume her new role in July 2015. The representatives of the political groups supporting her promotion praised Ms Hansen as an internationally recognized expert in her field. (heise)
The workshop had a double focus and was split in two parts.
Preserving security as IoT matures and consolidates from the current fragmentation
The contribution by Leonard Ciprian Pitu from Siemens highlighted that the number of attacks increased dramatically recently. Thus, hacking has become a major concern for manufacturers. It was stressed that security should start on device level, and on the hardware level. Life cycle risks: The impact of a large scale call back of for example white goods and the associated costs could be immense.
The contribution of Alexandros Fragkiadakis from FORTH highlighted that as IoT consists of highly heterogeneous networked entities and networks, a number of challenges have emerged including security, trust and privacy, scalability, legislation, and standardisation issues. The vast majority of the security challenges focus on authentication, access control, confidentiality, integrity, availability, and non-repudiation. A number of traditional security attacks (e.g. jamming), as well as novel attacks (e.g primary user emulation attacks in cognitive radio systems), are difficult to be detected and mitigated in the IoT, for reasons related to the vague ownership of the IoT devices, the resource constrained nature of these devices, standardisation issues, and legislation shortcomings.
The final contribution to the security topic from Antonio Jara (HOP UBIQUITOUS S.L.) discussed that in order to successfully break the traditional silos multi purpose and generic solutions, generic enablers, commodity like solutions and re-use of components are needed. Naturally, this process is expected to further increase complexity and heterogeneity, however integration should handle and manage the resulting heterogeneity. Further to heterogeneity scale is also an issue. Bootstrapping and registration of devices should be automated to scale. Connectivity should be global.
Levels of security – a layered approach is envisioned. Basic security should be present, to which increased levels can be added.
Innovation and privacy − approaches and best practices that support the innovation process and lead to actual privacy solutions that sell on the market
Klaus Moessner from the University of Surrey emphasised that we should not forget that ultimately the goal of IoT is to support people – technology solutions are only the means but not the end themselves. This means that users need to be involved. In the project SOCIOTAL a co-creation process is adopted to generate applications and uses that are responding to actual user needs and demands. However, the process needs to be transparent for bootstrap and to gain trust. Example given is measuring use and mileage of elevators to schedule service and maintenance in large block of flats – the Novi Sad case.
Data ownership –in most cases the situation is not black and white. Following the bubble principle, privacy circle / sphere, sensors of my smart phone, or other device might collect data for someone else, upon the initiative of that person. In case of a decision later by that someone else, actual data collected must be removed, but the fact / event that some data was collected cannot be erased.
Also, SOCIOTAL does not directly focus on preventing passing on the data to third parties that was made available. However, there were other research efforts that focused exactly on that − the “sticky policy” approach investigated in iCore was provided as an example.
Open data – principle is that data collected using public money should be of public good and serve the purpose of the community. However, as the presentation from Smart Aarhus by Jesper Algren revealed privacy needs to be observed, which sometimes means that geographic accuracy / precision of data needs to be reduced, or only cumulative data (for example from a certain geographic area) needs to be stored to prevent traceability back to individuals. Furthermore, economic impact and interest should be of concern, as certain data generated might have severe negative impact on property valuation, etc.
Another observation made was that health data / records are immensely sensitive.
Open Data Aarhus, being a small player with administration backing can not afford mistakes similar to the XBOX case, when user data was leaked on a very large scale. Any such or similar incident would have a devastating effect on reputation of the initiative, and would mean the end of the project, political support would stop.
Suggestion from floor – Ivan Meseguer, Institut Mines-Télécom – that a more active international dialogue might be helpful, as the problems the different European countries are facing are similar in this relatively unchartered territory. Admittedly though there are historical and cultural differences also embedded in the various jurisdiction frames and practices. Still, a more active dialogue and sharing of best practices would support and ease the way forward, as opposed to acting in isolation.
One of the main messages that emerges from the IoT week discussions in Lisbon concerning security is that the edge including the devices themselves represents the primary attack surface due to the resource constraints of the devices and the associated difficulty to adequately protect them, exacerbated by their physical exposure, being deployed in uncontrolled, or difficult to control environments. This situation is expected to prevail even on the long term as the exposure and resource constrained nature are intrinsic characteristics of the edge. Admittedly, technology advancement is expected to make edge devices somewhat more resourceful and less constrained, but this will not change their position as remaining the weakest point in the IoT − the same level of sophistication and protection that is available in more controlled environments and closer to the core of the system will not become feasible. So the edge is expected to remain the main battlefield with a continued arms race between defence and attack or intrusion, with the defence being in a disadvantaged position.
This message came across clearly, both from the discussions within the IERC constituency and also as part of the dialogue with the CHIST-ERA initiative which has Security and Privacy in the IoT as one of its two focus areas in its 2015 Call for projects looking for long term issues in ICT.