Many data sources in the IoT and smart city domain may contain sensitive information that raises issues on privacy and data protection, such as cyber-attacks to city cameras and sensors, citizens mobile apps, companies’ servers, among others. M-Sec has concluded with 4 main results to ensure that security and integrity of data traffic in hyper-connected smart cities are provided in a secure and transparent way, through the development of several protection layers, while, at the same time, addressing specific needs of smart cities
What was M-Sec trying to solve?
In modern smart city applications, there is an emerging need for end-to-end security since many data sources may contain sensitive information that raises issues on privacy and data protection. These security and privacy issues should be addressed in all layers to ensure “end-to-end security and privacy”. For instance, many smart city applications are utilizing data streams such as images from cameras or mobile apps, and these streams should be protected from attackers in all layers by, for example, adding a protection mechanism in the sensors’ devices, secure an IoT gateway connecting the devices and the cloud, provide data encryption and access control in the cloud, and ensure secure apps utilizing the data stream.
It is in this context that the M-Sec framework was developed, with the main goal of developing a technology capable of ensuring safety and privacy of the data exchanged in highly connected smart cities, through the development of several protection layers: at the device level and apps used, in storing that information in the cloud, and at the development and creation of other smart devices and apps, that follow the same data safety and privacy criteria.
The M-Sec Project
Called M-Sec, this 3-year project researched and developed a set of components that provide security and integrity of data traffic, end-to-end, from the device to the cloud and to the application in a secure and transparent way, with a modular approach for the IoT and smart city domain. M-Sec European Coordinator Vanessa Clemente Nunez said: “Thanks to EU&JP collaboration, the M-Sec Project has counted with a strong partnership of leading European and Japanese universities and research centres, as well as companies in the areas of BigData, IoT, Cloud Computing, Blockchains, that have an extensive experience in smart city related projects and that have made possible to research and develop a framework that provides end-to-end security in the smart city IoT ecosystem”.
At the device level, M-Sec not only provided a secure element embedded in the hardware that allowed storing all confidential information using cryptographic keys, performing sensitive operations in a more secure way, and verifying the integrity of the system, but also provided a tool vulnerability detection, which allowed analysing and identifying abnormal patters, automatically reporting to the security centre, and blocking the entry of malicious traffic into the network.
Data collection and transfer was carried out in an interoperable and scalable way thanks to the use of protocols through which data could be received from different sensors and from different manufacturers, including an access control mechanism that allows only authorized persons to read raw data or interact with IoT devices.
Regarding the data storage part, the consortium used blockchain technology. Blockchain is a chain of blocks (decentralized database) where all data is linked, encrypted, and distributed, allowing transactions to be carried out safely without the need for intermediaries. All information registered in the blockchain cannot be erased or modified. Thanks to its immutability feature, it was possible to transform the audit process into a fast and efficient procedure. Suppose we want to add a layer of security to the traditional encrypted data storage system that takes place off chain (outside the blockchain). In this scenario, M-Sec allowed generating a hash that is simply an alphanumeric code generated from a text string and automatically saving it as an on-chain transaction (in the blockchain itself), allowing to verify at any time if the data has been modified, since any attempt to manipulate the data would change the resulting hash.
In addition to the blockchain, artificial intelligence was also present in M-Sec. One of the current problems in the context of smart cities comes from the amount of personal data captured in images or videos of cameras deployed in the city. As a result, most data are only saved or shared internally, or even discarded to reduce risk of leakage. M-Sec provided a tool that allowed to automatically eliminate all personal information contained in videos or images, using an object detection network and a network that eliminated naturally detected objects as if they did not originally exist.
Finally, M-Sec provided tools for the design and development of applications that support developers and manufacturers of new devices and applications to fulfil citizens data safety and privacy measures. Moreover, M-Sec Japanese Coordinator Keiko Doguchi said: “Extensive study regarding GDPR and APPI based on the adequacy agreement of January 23rd, 2019, has been made. Common interfaces have been developed to be compliant with both regulations. The consortium made available all information which could be beneficial to EU or JP companies, wishing to develop business or implement innovative ideas in Europe, Japan or in a cross-border way”.
To sum up, M-Sec is not only a solution. Its several that, together, allow the safety and privacy of the data that is exchanged in hyper-connected smart cities.
Research collaboration and pilot implementation
According to M-Sec European Coordinator Vanessa Clemente Nunez “2 cities have been fully committed to challenge their smart city needs by using the M-Sec results: Santander and Fujisawa. Both cities have evaluated the M-Sec framework and showcased its outcomes in a real-life environment, to demonstrate the opportunities of the project’s results as an important first step towards a wider adoption of the project’s multi-layer security concepts, both within the smart cities and the wider industry”.
Thus, M-Sec validated its approach through 5 different smart city use cases by having these 2 important European and Japanese cities on board, each recognised having developed a long-term smart city approach, which made them ideal for implementing the M-Sec pilots.
The pilots implemented in Santander aimed at improving the well-being of citizens (Use Case 1), namely of the elderly population (Use Case 2). In the first Use Case, a set of sensors were developed to measure several variables that influence the population’s well-being, such as noise level or the number of persons in a specific location. Citizens found QR codes in a city park to join this experience, and an app allowed them to access and classify the amount of information that was submitted. The information collected by M-Sec complemented and enriched the existing one, thus supporting Santander’s Municipality to extract several valuable conclusions to improve the well-being of citizens. In Use Case 2, the goal was to improve the quality of life of the elderly population living in big cities, by monitoring their well-being and fighting social isolation. Citizens were monitored through several sensors installed in their houses and connected to domestic devices, and by using activity bracelets. The innovation brought by M-Sec was the ability to ensure the safety and privacy of end-to-end data, from the elderly to the formal and informal caretaker.
Use Case 3 was implemented in Fujisawa and had a great environmental focus. On the one hand, it provided citizens with real-time environmental data (such as air quality, temperature, pressure, etc.) and, on the other hand, it tried to implement an urban garbage collection counting, capable of counting the amount of garbage that was generated in each house, thus promoting awareness among citizens on the quantity of garbage that was generated daily.
Finally, in the case of cross-border Use Cases 4 and 5, while one intended to create a marketplace between the EU and Japan for exchanging data, based on M-Sec’s multi-layered approach, the other one explored the possibility of citizens in a given city being able to share affective information about it, through an app called “SmartCity Report”, that allowed sharing of photos on specific topics such as tourist attractions, gastronomy, events, etc.
Also, the project replicated the M-Sec framework in 2 other cities and is open to new partnerships to test, pilot and validate this solution, even with the end of the M-Sec project.
Full four results
The fours key exploitable results of M-Sec are:
M-Sec IoT infrastructure: one of the expected results of M-Sec was to have a distributed, robust, and trusted smart city platform, based on IoT, cloud, BigData and blockchain technologies, that would empower IoT stakeholders to develop, deploy and operate novel multipurpose IoT applications for smart cities on top of that smart objects. This specific infrastructure paradigm was achieved through 4 main activities: (1) a simplified view of the M-Sec multi-layered architecture, to easily explain and present this approach to a broader technical and non-technical audience, (2) the organization of a set of community webinars to better explain each layer of the M-Sec architecture to a broader audience, (3) the piloting of the M-Sec architecture in a real-life environment, through 5 Use Cases and (4) the dissemination of the M-Sec Use Cases, main achievements and results through a series of blogposts and videos.
M-Sec Smart City Ecosystem: another expected M-Sec result was to create a sustainable ecosystem of stakeholders, roles, tools, and infrastructures upon which new entrants (e.g., startups, SMEs, etc.) and other players (e.g., developers’ communities, students, entrepreneurs, etc.) could build and experiment with the hyper-connected smart city applications. This ecosystem was achieved through 4 main activities: (1) the creation of a Slack community to directly engage with relevant stakeholders and maximize the visibility of M-Sec results, (2) engagement through the F6S IoT Group, posting and exchanging information on project events and initiatives, (3) partnering with several EU and international projects and initiatives to further promote results and achievements and (4) the launching of the M-Sec Online Contest, that run between 6 and 10 September, and engaged +30 participants from industry and academia towards the adoption and development of the project findings.
M-Sec Marketplace: the M-Sec Marketplace is an open market of applications, data and services that facilitates the exchange of value and information between IoT devices and people through virtual currencies, allowing real-time matching of supply and demand. This specific Marketplace was piloted through a cross-border trial (Use Case 5), thus validating the interoperability, efficiency, and data protection principles that were at the core of M-Sec. To join the Marketplace, you can register here.
M-Sec Replication Plan: finally, the fourth expected result of M-Sec was the development of a parameterized model on how to replicate the M-Sec approach further and guarantee its return of investment and benefits. This replication model was achieved through 2 main activities: (1) the dissemination of M-Sec’s White Paper (that introduces the overall M-Sec framework) and Cookbook (that acts as a practical guide for IoT developers to replicate the M-Sec framework) and (2) the creation of a Business Model Canvas for the M-Sec framework and each Use Case, accompanied by a financial analysis that will prove the sustainability of the M-Sec approach across various socio-economic contexts.