Contextually-Appropriate Selective Sharing IoT Open-standard PErmIssioning Architectures (CASSIOPEIA)
with Instituto de Telecomunicacoes (Portugal), and Gilad Rosner (Spain) - EU H2020 funded
The CASSIOPEIA project investigates how open-standard/open-source technologies can be
used to create usable and transparent architectures enabling device owners to selectively
collect, share and retain data from users, while delegating control of device features to the
users from whom data is being obtained. Selective sharing is a critical dimension of privacy:
enhancing user choice, autonomy, participation, and trust. It is the technical embodiment of
respect for social contexts in information sharing. Moreover, “privacy-by-default and -design”
is the law of the land, but there are few examples of what that actually means aside from
basic ideas of confidentiality and limited conceptions of transparency. The CASSIOPEIA
project will provide a proof-of-concept for policymakers, technologists and the public
showing how privacy-by-design can mean enhanced informational control - focusing on
sharing rather than hiding data.
People: Shankar Ammai, Vitor Jesus
Privacy-as-Expected: Consent Gateway (PaECG)
with Trinity College Dublin (Ireland), and Open Consent (UK) - EU H2020 funded
Whenever a User accepts a Privacy Notice and starts sharing personal data, they will receive a
cryptographic Consent Receipt (based on a secure architecture and open standards) which, with
non-repudiation and unforgeability proves, at any time, who-what-how any conditions were accepted.
Considering the dynamic nature of the Web, a User will not have to extensively review or re-accept the
same Privacy Terms. While creating an infrastructure to manage transparent, usable and accountable
Consent, the User will further have access to crowd-reviewed Privacy Notices. As long as the Notice does
not change, the User will not have to repeatedly re-accept. This will dramatically improve usability, while
improving Transparency.
People: Muhammad Waqas, Antonio Nehme, Vitor Jesus
BASIEM - Building Automation Security Information and Events Manager (SIEM).
SIEMs are a common and indispensable tool in any organisation as it greatly facilitates monitoring of security of both real-time and when reporting is needed (e.g., for compliance). SIEMs
are the eyes of the Securtiy Operations. Whereas there is an abundance of tools in the IT world, the OT counterpart sees a gap. In particular, the Building Automation sector, with its different
stakeholders (owners, facilities managers, integrators, manufacturers, etc) have virtually no (integrated) tools available except, perhaps, those coming from a particular brand typically associated to
the particular devices in use by the Building. We are developing an open-source and module tool, supporting different communication protocols (BACnet, Modbus, KNX, etc.), Artificial Intelligence, Threat
Intelligence, etc.. A particular focus is on legacy buildings as it is expected that a mix of Smart- and Legacy buildings will continue to coexist for decades to come.
People: Jahid Ali, Diogo Fernandes Freire, David Garcia Quintero, Arjun Mepa, Vitor Jesus
Web-of-Receipts
We accept and sign up for any T&Cs every day and online businesses take all our personal data. At present, and even with GDPR, we do not know what we accepted and what we shared and
when. In recent cases, people complained about having accepted certain conditions while the online business denies. How can we prove and control what we shared? This work is being done in cooperation
with external parties such as Open Consent and Kantara Initiative.
People: Vitor Jesus, Shweta Mustare, Shankar Ammai
BRUE - Secure Exchange of Healthcare Records Across Jurisdictions
We are developing a new approach to the practically unsolved problem of exchnanging Healthcare records. If a person is outside their country and needs medical care, it is practically
impossible to request access to healthcare records from the home country, or any other visited. The problem is essentially administrative: countries (or even medical practices) do not share, normally,
such information in order to protect the person as this is highly sensitive personal information. We term our approach BRUE as we are looking at combining Blockchains, digital consent Receipts and UMA
(User-Managed Access). This work is in partnership with external organisations.
People: Xiaohu Zhou, Vitor Jesus
Distributed Ledger Technologies (Blockchains) for the Supply Chain
This project will review and propose new technologies to use Blockchains to bring Trust to a Supply chain, particularly those involving (effectively) anonymous and long supply chains. This
project will leverage, along with new technologies to develop, the project on auditing distributed workflows. This work is multidisciplinary between the Business School and the Computing School.
People: Ali Al Kalifa, Shishank Shishank, Xiaohu Zhou, Vitor Jesus
Secure collaboration and workflows (2018-2020)
As the old Russian saying goes, "Trust but verify". The recent series Chernobyl has the best explanation of this - the
circle of accountability. This project looks at the problem of Trust when multiple participants working together can become accountable when each, individually,is unaccountable. For example, when
multiple organisations or government departments collaborate or share data in order to deliver a single service, if something goes wrong, how do we identify what and who made a mistake, either by
negligence or deliberately? A good example is when businesses operate over the Cloud. Another aspect is sensitive data sharing such as medical data being shared between hospitals, insurance companies,
doctors, etc.. Another example is large projects such as Construction ones. How can we share data and work together in a secure, accountable and traceable way? One of the technologies we are looking into
is Blockchains and Smart-Contracts.
People: Antonio Nehme, Xiaohu Zhou, Vitor Jesus, Leo Wang