The Internet of Things (IoT) is a novel paradigm that has revolutionized all social and industrial fabrics. Under this paradigm, a set of resource-constrained devices share information to solve complex problems and provide new business models. These devices measure parameters from the physical medium in which they are present. Due to the sensitive nature of this information, it is relatively easy to associate the information to person actions or behaviors. For these reasons, security, privacy are essential to increase the trust of potential users and encourage the adoption of data-driven business models and services.

When the IoT started getting momentum, several companies rushed their products out of the door in order to win the coveted market share that the paradigm generated. Their designs and applications often relegated security and confidentiality to the background, implementing measures as an afterthought. The consequences of not protecting the access to the resources provided by the hardware devices did not take long to show.

This led to a series of recent cyber-attacks on personal data. Also, since IoT-based solutions cover many different industrial sectors, the services and hardware are heterogeneous. This has prevented the standardization of secure and scalable authentication and authorization mechanisms. In order to comply with the GDPR regulations, there are several companies in Europe that focus on Security and Trust of IoT systems research (especially SMEs). Also universities, where available technologies have already been evaluated and validated in in laboratories and small-scale pilot projects.

In order to protect all the data exchanges among the hardware/software components of the Smart2B vision, the Smart2B cloud platform includes a Security and Privacy Cross Layer that enables communications protection, data privacy and service access management. Whenever a platform client (hardware/software component or Smart2B final user) tries to access the information stored in the platform, it must authenticate itself against an identity manager based in the KeyRock technology. Next, the client requests an authorization token to access the context entity values. This request is evaluated by a policy decision point based on the data access policies that were previously configured by the administrator in the policy administration point. If the client is authorized to access the requested entity, it will obtain a capability token, which grants access to the context. Then, the client presents its requests with the attached authorization token to a policy enforcement point in charge of relying the request to the context broker. Finally, the client request is answered with the entity information or by performing an update on the context information.

The Smart2B Project leverages in the extensive experience in IoT cybersecurity provided by Odin Solutions S.L. in order to provide protocols and practices that provision the IoT services running in several infrastructures with the desired level of confidentiality and privacy protection. The technology employed in Smart2B leverages on previous results and learned lessons from H2020 European Projects such as ARMOUR or ANASTACIA.