About the project
Project Name: SelectShare
Selective IoT data sharing.
Team: George C. Polyzos, George Xylomenos, Iordanis Koutsopoulos, Vasilios A. Siris, Nikos Fotiou, Anna Kefala, Evgenia Faltaka, Iakovos Pittaras, Athina Katsari, Nikos Ipiotis, Spiros Chadoulos, Stratos Keranidis and Polychronis Symeonidis
As IoT becomes omnipresent vast amounts of data are generated, which can be used for building innovative applications. However, interoperability issues and security concerns prevent harvesting the full potentials of these data. In this project we focus on data generated by smart buildings. Buildings are becoming ever “smarter” by integrating IoT devices that improve comfort through sensing and automation. However, these devices and their data are usually siloed in specific applications or manufacturers, even though they can be valuable for various interested stakeholders who provide different types of “over the top” services, e.g., energy management. Most data sharing techniques follow an “all or nothing” approach, creating significant security and privacy threats, when even partially revealed, privacy-preserving, data subsets can fuel innovative applications. With these in mind we will develop a platform that will enable controlled, privacy-preserving sharing of data items.
Our project will innovate in two directions: Firstly, it will provide a framework for allowing discovery and selective disclosure of IoT data without violating their integrity. Secondly, it will provide user-friendly, intuitive mechanisms allowing efficient, fine grained access control over the shared data.
The project will leverage recent advances in the areas of Self-Sovereign Identities, Verifiable Credentials, and Zero-Knowledge Proofs, and it will integrate them in a platform that combines the industry-standard authentication and authorization framework OAuth 2.0 and the Web of Things specifications. We will pilot a real-world use case of sharing energy related data from two industrial partners. Our prototype will (a) include IoT devices from smart homes and buildings provided by the project partners, and (b) demonstrate controlled, privacy-preserving, and tamper-proof data sharing with stakeholders such as energy providers, utilities, and Distribution System Operators (DSOs).
Achievements from the first phase of the DAPSI programme
In the first phase of the DAPSI programme the technical objectives of the project were fulfilled. In particular the project delivered:
a) an IoT gateway that implements the WoT specification, capable of collecting data from legacy IoT devices and platforms, and sharing them in an interoperable and standards compliant manner,
b) transcoding tools to transform IoT data based on pre-configured schemas and sign them using algorithms that support ZKPs,
c) an authorization server supporting capabilities-based access control policies, VC issuance based on OAuth 2.0 authorization flows, and VC revocation, and
d) a transparent Web proxy used for protecting the IoT gateway, by “verifying” the provided VCs.
Links to our open-source software, as well as a video demo of the developed system can be found in our project’s website.
Achievements from the second phase of the DAPSI programme
During the 2nd phase, the project prepared a Minimum Viable Product (MVP) and piloted it in a real-world use case of sharing energy-related data from the two SMEs in the project consortium. Our pilot(a) includes IoT devices from smart homes and buildings provided by the project partners, and (b) demonstrates controlled, privacy-preserving, and tamper-proof data sharing with stakeholders such as energy providers, utilities, and Distribution System Operators (DSOs).
Additionally, the project team investigated business aspects and published a scientific paper:
N. Fotiou, I. Pittaras, S. Chadoulos, V.A. Siris, G.C. Polyzos, N. Ipiotis, S. Keranidis, “Authentication, Authorization, and Selective Disclosure for IoT data sharing using Verifiable Credentials and Zero-Knowledge Proofs”, ESORICS Workshop on Emerging Technologies for Authorization and Authentication (ETAA), Copenhagen, Denmark, September 2022.
https://mm.aueb.gr/publications/3b82f68d-cdc4-4168-b20fc85641afe289.pdf
Promotional materials
Website:
https://mm.aueb.gr/projects/selectshare
Scientific paper:
N. Fotiou, I. Pittaras, S. Chadoulos, V.A. Siris, G.C. Polyzos, N. Ipiotis, S. Keranidis, “Authentication, Authorization, and Selective Disclosure for IoT data sharing using Verifiable Credentials and Zero-Knowledge Proofs”, ESORICS Workshop on Emerging Technologies for Authorization and Authentication (ETAA), Copenhagen, Denmark, September 2022.
https://mm.aueb.gr/publications/3b82f68d-cdc4-4168-b20fc85641afe289.pdf
A public deliverable describing the project’s architecture:
https://mm.aueb.gr/files/selectshare/architecture.pdf
Technical materials
Software deliverables:
OAuth2.0-based VC issuer (source code)
python-based HTTP proxy acting as VC verifier (source code)
WoT Gateway (source code)
ZKP toolkit (source code)
Pitch
Testimonial
The DAPSI programme allowed me to focus on the essentials of my work without distracting me with unnecessary administrative overhead. Additionally, through its activities not only I gained deeper knowledge of relevant technologies, but, also, I was stimulated to further look into the business and socio-economic aspects of our project. Overall, DAPSI was a valuable experience, it offered me the chance to materialise many of my research hypotheses and it widened my perspectives of my field.
Nikos Fotiou
Team
Entities
Athens University of Economics and Business (AUEB), Mobile Multimedia Laboratory (MMlab)
The Mobile Multimedia Laboratory (MMlab) is performing research in the areas of Wireless Packet Networks and Mobile Communications, Internet Architecture, Protocols, and Applications, Security, Privacy and Trust, Mobile Multimedia, Quality-of-Service and Quality-of-Experience, Multimedia Multicast and Broadcast.
Plegma Labs S.A.
Plegma Labs develops enterprise IoT solutions for energy management, renewables, smart buildings, environmental monitoring and industry 4.0 applications.