Towards a secure service provisioning framework in a Smart city environment

Abstract Over the past few years the concept of Smart cities has emerged to transform urban areas into connected and well informed spaces. Services that make smart cities “smart” are curated by using data streams of smart cities i.e., inhabitants’ location information, digital engagement, transportation, environment and local government data. Accumulating and processing of these data streams raise security and privacy concerns at individual and community levels. Sizeable attempts have been made to ensure the security and privacy of inhabitants’ data. However, the security and privacy issues of smart cities are not only confined to inhabitants; service providers and local governments have their own reservations — service provider trust, reliability of the sensed data, and data ownership, to name a few. In this research we identified a comprehensive list of stakeholders and modelled their involvement in smart cities by using the Onion Model approach. Based on the model we present a security and privacy-aware framework for service provisioning in smart cities, namely the ‘Smart Secure Service Provisioning’ (SSServProv) Framework. Unlike previous attempts, our framework provides end-to-end security and privacy features for trustable data acquisition, transmission, processing and legitimate service provisioning. The proposed framework ensures inhabitants’ privacy, and also guarantees integrity of services. It also ensures that public data is never misused by malicious service providers. To demonstrate the efficacy of SSServProv we developed and tested core functionalities of authentication, authorisation and lightweight secure communication protocol for data acquisition and service provisioning. For various smart cities service provisioning scenarios we verified these protocols by an automated security verification tool called Scyther.

[1]  Young-Im Cho Designing Smart Cities: Security Issues , 2012, CISIM.

[2]  Vermesan Ovidiu,et al.  Internet of Things Strategic Research and Innovation Agenda , 2014 .

[3]  Peter Friess,et al.  Internet of Things: Converging Technologies for Smart Environments and Integrated Ecosystems , 2013 .

[4]  Steven Furnell,et al.  Security transparency: the next frontier for security research in the cloud , 2015, Journal of Cloud Computing.

[5]  Hatem Ben Sta,et al.  Quality and the efficiency of data in "Smart-Cities" , 2017, Future Gener. Comput. Syst..

[6]  Zaheer Abbas Khan,et al.  Developing Knowledge-Based Citizen Participation Platform to Support Smart City Decision Making: The Smarticipate Case Study , 2017, Inf..

[7]  Prem Prakash Jayaraman,et al.  Privacy preserving Internet of Things: From privacy techniques to a blueprint architecture and efficient implementation , 2017, Future Gener. Comput. Syst..

[8]  Muhammad Atif Tahir,et al.  Towards cloud based big data analytics for smart future cities , 2013, 2013 IEEE/ACM 6th International Conference on Utility and Cloud Computing.

[9]  Marta Ortiz-de-Urbina-Criado,et al.  A model for the analysis of data-driven innovation and value generation in smart cities' ecosystems , 2017 .

[10]  Agusti Solanas,et al.  The pursuit of citizens' privacy: a privacy-aware smart city is possible , 2013, IEEE Communications Magazine.

[11]  Rodrigo Roman,et al.  Mobile Edge Computing, Fog et al.: A Survey and Analysis of Security Threats and Challenges , 2016, Future Gener. Comput. Syst..

[12]  Abdul Ghafoor Abbasi,et al.  CryptoNET: security management protocols , 2010 .

[13]  M. Sen,et al.  Issues of Privacy and Security in the Role of Software in Smart Cities , 2013, 2013 International Conference on Communication Systems and Network Technologies.

[14]  M. Dohler,et al.  Security and Privacy in your Smart City , 2011 .

[15]  M. Hebbert Cities and Climate Change (Global Report on Human Settlements 2011)/climate Change and Cities (First Assessment Report of the Urban Climate Change Research Network) , 2012 .

[16]  Pablo A. Pérez-Martínez,et al.  W 3-Privacy : the Three Dimensions of User Privacy in LBS , 2011 .

[17]  Salil S. Kanhere,et al.  A survey on privacy in mobile participatory sensing applications , 2011, J. Syst. Softw..

[18]  Sungyoung Lee,et al.  Privacy-Aware Relevant Data Access with Semantically Enriched Search Queries for Untrusted Cloud Storage Services , 2016, PloS one.

[19]  George Suciu,et al.  Smart Cities Built on Resilient Cloud Computing and Secure Internet of Things , 2013, 2013 19th International Conference on Control Systems and Computer Science.

[20]  Adel Said Elmaghraby,et al.  Cyber security challenges in Smart Cities: Safety, security and privacy , 2014, Journal of advanced research.

[21]  Wang Li,et al.  Security Structure Study of City Management Platform Based on Cloud Computing under the Conception of Smart City , 2012, 2012 Fourth International Conference on Multimedia Information Networking and Security.

[22]  Josep Domingo-Ferrer,et al.  A Three-Dimensional Conceptual Framework for Database Privacy , 2007, Secure Data Management.

[23]  Claudio Soriente,et al.  Participatory privacy: Enabling privacy in participatory sensing , 2012, IEEE Network.

[24]  Daniel Díaz Sánchez,et al.  Major requirements for building Smart Homes in Smart Cities based on Internet of Things technologies , 2017, Future Gener. Comput. Syst..

[25]  David Ludlow,et al.  ICT enabled participatory urban planning and policy development: The UrbanAPI project , 2014 .

[26]  Ian F. Alexander,et al.  A Taxonomy of Stakeholders: Human Roles in System Development , 2005, Int. J. Technol. Hum. Interact..

[27]  Baldini Gianmarco,et al.  Internet of Things Privacy, Security and Governance , 2013 .

[28]  M. Anwar Hossain,et al.  Adaptive and context-aware service composition for IoT-based smart cities , 2017, Future Gener. Comput. Syst..

[29]  Zaheer Abbas Khan,et al.  A framework for cloud-based context-aware information services for citizens in smart cities , 2014, Journal of Cloud Computing.

[30]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.