In the late 1970's the idea came up to connect different networks with each other in order to enhance the communication between universities and research facilities. The purpose of this connection was two-folded: (1) simple exchange of knowledge using file sharing and (2) using computational capacity of computer centers worldwide. Over the decades more and more devices and technology became affordable for everyone and is gaining more and more importance in today's society. This resulted in a paradigm change from the Internet to the Internet of Things (IoT). Common technologies and network approaches are still used and need to undergo modifications and extension to address new communication requirements and patterns. Due to this development and the resulting growing information traffic, privacy has emerged in society as a major concern in order to ensure liberty and creativity. The ability to control the information disclosure determines the root cause for an establishment of support of different levels of security, privacy and trust support. Therefore, new developed solutions need to be flexible and adjustable to stakeholders' individual settings and should be reusable if some items of the setting change.
Current statistics show that each of us has a minimum of 6-8 devices (e.g., access cards, credit/bank cards, smartphone, and smartwatch) that are able to join the IoT. Depending on the resources, technology, and settings devices communicate in different ways, in different time frames, and with different security support. Due the development of digitalization, automatization and continuous connectivity communication, interaction with systems and handling of data becomes more complex. Thus, any designed workflow and process has to investigate the following communication patterns:
- Human-to-Machine (H2M) / Machine-to-Human (M2H) communication,
- Machine-to-Data-Lake (M2D) and Machine-to-Analytic (M2A) communication, as well as
- Machine-to-Process (M2P) and and Machine-to-Machine (M2M) communication.
Hence, concepts, technologies, security schemes and applications of trust are essential for IoT services and have been addressed during the past years and will be further improved.
Depending on the scenario and settings, different assumption concerning privacy and security support (especially on transmissions and access) are implemented. Thus, my research - Secure Communication Systems (SeCoSys) - investigates different issues related to air/ground communications and can be summarized to the topics illustrated in the figure on the right. The issues can be subdivided into the two pillars:
- Communication Networks and
- Data Management.
Both pillars are influenced and regulated by horizonal services (marked grey).
Area 1: Constrained Device Networks
During the last years my own research focused here on existing IoT platforms and their stakeholders to investigate offered IoT services, involved stakeholders and their requests for secure communication and privacy and trust support. Resulting in the SecureWSN framework facing the identified stakeholder requests for constrained devices (especially Wireless Sensor Networks (WSN)) as part of the IoT.
When analyzing the existing IoT projects and their platforms different stakeholders as end-users are included in the solution design such as individuals, commercial organizations, and governments that are also foreseen for future framework developments in IoT & Cyber-Physical-Systems (CPS) requesting federated and trustworthy solutions in Industry 4.0 and other application areas. However, they are not limited to end-users, which can be divided into two groups of end-users: (1) Private ones (e.g., individuals, residents, employees, caretakers) depending on application and (2) public ones (e.g., identity providers, eService providers, governmental authorities) offering eServices. Each of those stakeholders have individual and specific requests either caused by individual concerns (e.g., anonymity, transparency) or due to legal regulations (e.g., Privacy-by-Design or data storage) that need to be identified and addressed by each IoT solution. The performed investigations from my side over the time together with research scope of different projects resulted in a complex and trustworthy solution for constrained networks, called SecureWSN, satisfying stakeholder's request on security and privacy assuming a Smart Home/Building scenario including active and passive devices.
For more details check out the SecureWSN project page and click here.
For publications click here.
Area 2: Secure Aeronautic Communication
From my point of view this field nowadays also counts to the area of the IoT, as also aircrafts and drones get more and more connected using the Internet for getting system updates, navigation information or exchanging specific information just to mention some examples. With this connectivity they also become interested for attacks and misuse requiring security communication solutions on the one hand and also quick decision making procedures to react immediately in emergency situations.
The investigations done here are within industry cooperations with the German Aerospace Center (DLR) and Airbus Defense GmbH. Topics investigated cover the following areas at the moment:
- Mutual authentication and key agreement methods for the digital aeronautical ground-based communications system L-band Digital Aeronautical Communication System (LDACS)
- Air Mobility Integration U-Space (AMIUS)
- Safety and security aspects for Unoccupied Aerial Vehicles (UAV) operations
For more details check out the Aeronautical project page and click here.
For publications click here.
Area 3: Socio-Economic Investigations
Any development of technologie (independent if software or hardware) requires acceptence by the final end-users, which highly influence the success on the targeted market. Thus, it is essential to understand (1) the current market, (2) the different stakeholder groups including their needs and wishes, (3) the required investigations, and (4) the expected influences to existing technologie. With this knowledge in place an individual business model and recommendations for sustainability can be defined.
Therefore, it is recommended to apply our developed 4-step tool chain combining well-accepted methods (e.g., CANVAS and Value-Network-Analysis) with newer methods (e.g., tussle analysis and Terrenghi's method) in order to define a proper business modell and sustainability recommendation. It requires a well-defined scenario as initial input. Further input can include individual experiences and detailed technical knowledge. Each step creates specific output that can be used on its own for the individual purpose of the method applied. Within the approach proposed here the output is in return used as input for the next step of the method. Additionally, discussions between developers and target customers need to be included in the process of the tool-chain in order to receive feedback for each step of the process.
This tool-chain is partly standardized by the ITU and was applied for several use-cases within the project symbIoTe.
For publications click here.