Elias Tragos (FORTH) and Vangelis Angelakis (LiU) co-organised a workshop at the prestigious IEEE Globecom conference held in San Diego in December 2015. The workshop was entitled “Networking and Collaboration Issues for the Internet of Everything” and was organised together with the projects TRILLION and SOrBet. The workshop attracted a large number of submissions (24) and after a strict peer-review process only 11 papers were accepted for presentation at the workshop. The workshop was organised in three sessions, complemented by a panel discussion by experts from the organising projects and by a keynote speech. The keynote speaker was Prof. David Elbert (IEEE Fellow, 2015 IEEE CS 2nd Vice President and Treasurer, 2016 IEEE CS 1st Vice President and Vice President of Publications). The workshop attracted a large number of participants, which indeed shows the importance of the topic of security and privacy for the IoT world.
More info regarding the event here
In December 2015 RERUM provided comments to the draft ISO/IEC 30141 standard “Internet of Things Reference Architecture” to reinforce security and privacy aspects. The comments were provided by Eurescom, RERUM co-ordinator to the responsible rapporteur, and also by University of Passau, that provided the comments through DIN.
RERUM is constantly striving to achieve an impact going beyond Europe. Upon an invitation Adam Kapovits, RERUM project co-ordinator presented RERUM achievements at the 2015 TRONSHOW in Tokyo, Japan, as part of a European Smart City session, exploring potential co-operation possibilities.
Adam Kapovits, RERUM co-ordinator presenting RERUM achievements at the 2015 TRONSHOW in Tokyo, Japan
An earlier post of RERUM already pointed out that the edge of the IoT including the devices is going to remain the main attack surface and battlefield in the foreseeable future, due to the relative vulnerability of the devices being exposed in uncontrolled or difficult to control environments, and because of the resource constrained nature of the edge devices.
A large number of monitoring and control application of IoT devices are by nature fall into the category “fit and forget”, which not only means that they are supposed to stay operational using the same battery for many years, even a decade or longer, but also that their software should be update-able remotely to patch security vulnerabilities discovered during this very extended period of time. (Well, not only. Functional improvement and reconfiguration might also become necessary over time.)
These two observations, in particular in conjunction with each other clearly highlight the importance and necessity of over the air patching and programming of IoT devices, as they mutually reinforce each other. Over the air programming is a clear must to have for IoT devices.
RERUM showcases its security and privacy preserving solution by monitoring traffic in the city of Heraklion, Greece. The movement of buses are monitored and traffic situation information is derived. Traffic situation in the city of Heraklion
On the second day of the ITU Telecom World’15 Forum in Budapest, a panel discussion focused on IoT and highlighted the importance of trust and security of personal data in IoT. Bettina Tratz-Ryan, Research VP, Gartner remarked that people are happy to share data within a social media environment, but get more risk averse when it comes to IoT. She went on to say that “securing personal data is a key concern”and that “from a policy perspective we need to settle these concerns” on how data can be shared.
The discussion also gave details on the work of the ITU-T focus group on smart, sustainable cities, which in 2014 agreed on the definition of a smart sustainable city. The focus group produced a series of technology reports on smart cities and communities and in this June ITU-T created a new study group to continue the work of the focus group.
On another panel in the first day of the event Ms Thieblemont (Senior Director, Government Affairs, Qualcomm, Inc., USA) also commented on security and privacy for IoT as being of very high priority, and the subsequent need to practice security-by-design and to inherently build in security rather than add it as an afterthought – as in the case of autonomous cars that have needed patching against software vulnerabilities.
Further reading and reference:
A new release of RIOT OS has been announced on October 5th 2015. The release, namely 2015.09 packs the following improvements:
- A new generic (“gnrc”) network stack, a highly modular and configurable IPv6/6LoWPAN network stack. It implements a large number of IETF RFCs, such as RFC 2473, RFC 4861, RFC 4944, RFC 6550, or RFC 6775. It provides a unified API between the different layers and a generic network device interface.
- A new timer subsystem is introduced by xtimer, replacing hwtimer and vtimer modules. xtimer offers very precise timer operations as well as support for long-term timers running over days and weeks. Along with well-known timer operations in RIOT, it also provides a function for accurate periodic timers.
- Refactoring and cleaning up the peripheral drivers as well as other CPU and board specific code, helped to reduce the number of Makefile duplication lines by about 50% and provide a much cleaner and easier to use interface for porting new platforms to RIOT.
The Zolertia’s RE-Mote platform is included as an officially hardware platform supported in RIOT.
The RIOT community will offer long-term bug fixes for this release in a API-stable branch.
RERUM participated at the Meet-IoT 2015 event that took place during 1-2 of October in Turin.
As part of the exhibition, Mr. Pavlos Charalampidis from FORTH demonstrated two demos related to the two out of totally four use cases of the project:
1) A remote live demo of the smart transportation application that included presentation of the privacy-preserving traffic sensing Android app along with traffic results of a pilot deployment at Heraklion. Special emphasis was put on the privacy-enhancing novelties of the solution.
2) Sensor data and network statistics monitoring implemented on RERUM Devices (Zolertia RE-Mote) as part of the environmental monitoring application, ensuring security and energy-efficiency through the use of Compressive sensing.
More than 60 visitors stopped at RERUM’s booth and showed special interest in the activities of the project, raising questions regarding the RE-Mote hardware platform and recognizing the importance of security and privacy on the edge IoT devices.
Henrich C. Pöhls met Thiago Ribeiro the co-ordinator of POA#digital on his trip through Brazil. POA#digital is the coordinating and technical expert group behind Porto Alegre’s SmartCity initiative.
Mr. Thiago Ribeiro is the coordenador do POA Digital na Prefeitura Municipal de Porto Alegre and thus he is involved in all SmartCity projects of Porto Alegre. Among the technology they mentioned are roadside cameras, participatory sensing apps. For example Mr. Ribeiro mentioned a service called waze for road congestion detection also used in Porto Alegre.
Porto Alegre is the capital of the large southern Brazilian state Grande do Azul. Mr. Thiago said that Porto Alegre supports to release information again as open data. It is actively making themselves heard and it is one of the few south american cities that are part of connectedsmartcities.eu. Porto Alegre is actively taking concepts and ideas from leading SmartCities, Mr. Ribeiro mentioned San Francisco, and adept them to suit the southern environment. He explicitly mentioned the climate as a distinguishing factor, e.g. heat and moisture levels are higher than in European Cities.
“Smartcities are not the owners of the citizen-supplied data but the data guardians”
For the city wide deployed cameras Mr. Ribeiro also mentioned that Porto Alegre has a very large fiberoptical network backbone. When we discussed the topic of privacy, Thiago Ribeiro said that “POA#digital sees themselves not as owners of the citizen-supplied data but as data guardians.” Porto Alegre is taking the protection of data at their servers very seriously and the protection of data when it is on their servers is on their agenda.
“SmartCities have a clear need for protection of the integrity of the data sensed and at the same time privacy”
As example of the privacy mechanisms he explained that if security cameras are able (because of viewing angle or because of pan/tilt/zoom functionality) to monitor private spaces, e.g. the windows of a house, than the system is configured and deployed such that those areas are digitally masked from the image feed that is visible to the operator. So the camera operator cannot see into citizens’ private areas. He further explained that openly shared data, the example was health related data the city has, i.e. data that is released as open data, shall not allow identifying individual citizen’s health status. The discussion evolved further and finally centered around the mutual agreement that SmartCities have a clear need for protection of the integrity of the data sensed and at the same time privacy.
Henrich C. Pöhls from UNI PASSAU will continue to stay in contact with POA#digital.
RERUMs deliverables on privacy —soon to be released— will help to highlight RERUM’s strength. RERUM will investigate if in the future the discussion can be intensified.
We would like to thank Mr. Ribeiro and the team from POA#digital for the time and the insights into Porto Alegre — a Brazilian SmartCity.
RERUM advisory board member Ms Marit Hansen, who until now was the executive vice president of the Independent Centre for Privacy Protection in Schleswig-Holstein has just been promoted to become Schleswig-Holstein Data Protection Commissioner. She will formally assume her new role in July 2015. The representatives of the political groups supporting her promotion praised Ms Hansen as an internationally recognized expert in her field. (heise)