IoT is a King, Big data is a Queen and
Cloud is a Palace
Abdur Rahim
Innotec21 GmbH, Germany
Create-Net, Italy
Acknowledgements- iKaaS Partners (KDDI and other
partnes)
Intelligent Knowledge-as-a-Service
1
Outline
 Motivation
 Convergence/opportunities/applications
 Challenges and requirements
 Convergence approach
 iKaaS EU-Japan project
 Conclusion
2
Convergence of Technologies
3
Source-IDC
Where is the value of IoT?
 In the past, connectivity and number of the devices were the
main driver of IoT
 Data is nothing without big business value insight
 IoT without BIG DATA is first generation of IoT
4
The real value is not just sheer number of
connected devices and data
 The real opportunity is improved business value-new
revenue models, lower cost, improved client experience,
better insight improve outcomes
5
Source-IDC
Big data-how we understand it
6
IoT in BIG data
 IoT presents challenges in combination of all BIG data
characteristics (3Vs/4Vs)
 Most challenging IoT applications match with either or both
Velocity & Volume and sometimes also Variety (situation and
context)
 Velocity driven-application
 A wearable sensor produces about 55 million data points pro day
(challenge for storage), whereas some medical wearable's (like
ECG) produce up to 1000 events per second (challenge for realtime processing)
 Volume driven-applications
 GE each day gathers 50 million pieces of data from 10 million
sensors, off equipment worth $1 trillion
7
Typical IoT applications
8
IoT BIG data applications
 Massive monitoring/Deep understanding (observe of behavior of
many thing””, gain important insight
 Health example (understanding the cause of
diseases/comorbidities/indicators)
 Real-time actionable insight (Real-time analytic, detect and react in
real-time)
 Health example (real-time fall detection and potential reaction
for aging population)
 Performance optimization (configuration, energy, health-care)
 Health example (Improve overall healthcare efficiency)
 Proactive and predictive functional applications
 Health example (proactive and prediction identification of
diagnostic in healthcare applications (before thing occur)
9
Philosophical differences of Big data analytic
Traditional methods
Big data
Centralize
Distributed
More power
More machines
Summarize data
Keep all data
Transform and store
Transform on demand
Pre-define schema
Flexible/no-schema
Move data toward compute
Move compute towards data
Less data/more complex algorithms
More data/simple algorithms
10
IoT Big data platform requirements
Security and
privacy
Scalable
Intelligent and
dynamic
Unified view
Real-time
Distributed
11
What cloud offers?






Dynamic and flexible resources sharing platform
Offers scalable, elasticity resources and data management
Location independent can be access from any where
Reliable and easy access of the services
Large amount of computing and storage resources
It is also more homogeneous (unified)
12
Convergence of IoT-Big data and Cloud
"Cloud computing a new business model and management (e.g. data
and device) paradigm of Internet of thing and Big data"
”IoT Big data is to enlarge the opportunities of cloud service
provisioning
 Convergence Approaches
 Centralize approach (Bring IoT functionalities in Cloud)
 Distribute approach (Bring Cloud functionalities in IoT)
13
IoT-Big data-Cloud: Centralize approach
 Bring IoT data in the cloud
 Processing and computing the data and deploy management
tools in cloud
 This approach this good if service are provided among objects
located in multiple location
hosting
Cogni ve
capability
databases
partners SI
applications
IoT Cloud Pla orm
Our managed devices
All devices
14
your devices
IoT-Big data- Cloud: Distributed approach
 Edge/fog computing-Stream Processing and storage of data
close to users/near to devices
 To distribute data to move it closer to the end-users to eliminate
latency, numerous hop, and support mobile computing and data
streaming
 Usability
 High-latency and real-time actionable insight (the data flow
to fast to be processed)
 Data/intelligence context are geographically distributed
 The datasets have strict privacy, security and regulation
constraints that prohibit their transfer outside of the paten
domain
 Domain specific service and applications
15
iKaaS (H2020 EU-Japan)
IoT-Big and Cloud Project
16
Project objective
The goal of iKaaS project is to combine ubiquitous
and heterogeneous sensing, semantic, big data
and cloud computing technologies in a platform
enabling the Internet of Things distributed
process consisting of continuous iterations on
data ingestion, data storage, analytics,
knowledge generation and knowledge sharing
phases, as foundation for cross-border
information service provision.
17
Architecture framework (Distributed)
App.
App.
Query
KaaS Cloud
Global
Storage
Data
Knowledge
Data
Knowledge
Security
GW
Security
GW
Query
Query
Local Cloud
Storage
Local Cloud
Storage
Data
Sensors
/IoT Devices
Data
Sensors
/IoT Devices
18
Service and processing migration
iKaaS
Programable
Service logic
Cloud, data
center
Publish sensor needs,
Privacy needs, RT needs,
Reliability needs (constraints)
Cloud, data
center
Move to the Global
Cloud B
Allocation optimizer
Allocation
decision
… or stay in local Cloud
Cloud
Controler
… or stay in local Cloud
Move to the local
Cloud A
19
Service deployment and orchestration
• Smart service logic
– Autonomously analyse application requirements, user preferences
– Register the services/deployment of services
• Allocation manager
– The most appropriate deployment of service must achieve the best
balance among cloud resources, system performance, quality of
service and cost.
– Appropriate service execution
• Service/task Manager (Query, control, and reconfiguration)
– Analysis of the application request(s) using iKaaS service
model/templates; flexible/autonomic selection of more appropriate
cloud resources
– Reconfigure the service logic on run-time (e.g, dynamically changes
the services/business logic)
– Synchronization of the service logic deployment, service migration,
decision between local and global cloud
Distributed execution environment
Service
catalogue
Configuration
and allocation
Manager
Smart logic
Service
Query
Configuration
manager
service logic
Service
Catalogue
Independent
ervice/task Manager
Local Cloud
Synchronization
Dependent
Service query
(Query
control)
Migration
Service/task Manager
Global Cloud
Programmable
application logic
21
Multi-scale service migration
 Migration of relationship logic to local cloud
Cognitive Engine
Analysis
Service Logic
description
Decision Making
Monitoring
Learning
Service request
uCore Framework
Service and
associated meta-data
Service orchestration
Global Cloud
Smart
Virtual
Objects
Computing in the
Global Cloud
Service
component
migration
Local Cloud
Service
execution
Service results
Service component
results
Local Cloud
Service
execution
Local Cloud
Service
execution
Service orchestration
22
Multi-scale application migration
•Application’s logic can be migrated near the data sources
•multi-scale (recursive) process: the application’s logic can be broken down again
and further migrated
Gateway1
Service
migration
My laptop
Temp.
sensor
1ms readings
Local
Proc.
application
Service
migration
iKaaS Component
Final
result
Server
Gateway2
iKaaS
Component
Local
Proc.
Temp.
sensor
1ms readings
Gateway3
In red: application logic deployment
In blue: data gathering and consolidating
Daily computation
results
Local
Proc.
1ms readings
Temp.
sensor
Security Gateway
Global Cloud
Privacy
Policy
Security
Policy
Local Cloud
Security Gateway (2)
• Security and Privacy by Design Concept
• Main Functions:
– Policy Management & Negotiation (Cross-Border)
– Authentication and Access Control (Service Level)
– Transformation of Data (Privacy Preserving Way)
• Application to Cross-border Scenario
Global Cloud
Cross-Border Use
Local Cloud Data Transfer
Internal Use
Local
App.
External
App.
Security GW
Security GW
Local Cloud
Policy Negotiation
25
Security Gateway (3)
Design of the Security Gateway
Privacy CA
Application
Privacy Certificate DB
Global Cloud
Global Platform
Data Processing Functions
Cache Manager
Cache DB
Query Control Functions
Local Cloud
Security Gateway
Token DB
Key DB
Policy DBs
Access Control Functions
Privacy Control Functions
Security Policy DB
Privacy Policy DB
Owner DB
Cache Policy DB
Local Cloud DBs
Local Query Controller
Security Gateway (4)

Procedure
 Token Issuance







I. An application requests the privacy CA to issue the privacy certificate.
II. The application searches the security gateway of the domain where there are the local cloud DBs suited for the objective with using the
query control functions on the global platform.
III. The application calls function Issuance of Token that the security gateway provides. The application then specifies the DB IDs of the local
cloud DBs that it wants access to, and sends the privacy certificate.
IV. The security gateway confirms the values of parameters CA Domain Name and Expires listed on the privacy certificate to verify the
correctness of the certificate.
V. The security gateway checks the values of Application IP, LC Domain Names and LC DB IDs listed on the privacy certificate to validate the
application and the request.
VI. The security gateway creates a token and returns it to the application.
Data Request










I. An application generates the MAC of the SGW-query with using the token, which is a common key.
II. The application calls function Getting Data that the security gateway provides and transmits SGW-query and the MAC to the security
gateway.
III. The security gateway extracts the corresponding token from the token DB with the values of the Application ID and Application IP headers
and checks the expired date of the token.
IV. The security gateway generates the MAC from the token and the SGW-query to verify the authenticity of the query. The value of the Time
Stamp header is also confirmed.
V. The security gateway transmits the LCD-query to the local query controller.
VI. When the data are returned from the local cloud DBs, the security gateway confirms the privacy type of the DBs while searching the token
DB.
VII. If the data stored in the non-privacy DB are returned, the security gateway returns the data to the application without doing anything.
Otherwise, Steps 8--11 are carried out.
VIII. The security gateway extracts the corresponding owner IDs from the owner DB with using the value of the Owner Attributes header.
IX. The security gateway searches the privacy policy with using the extracted owner IDs and the values of the Application ID and LC DB IDs
headers and confirms the status of the consent of the corresponding data owners.
X. The security gateway extracts the data such that the data owner agrees on the transfer and returns the extracted data to the application.
27
Security Gateway (5)
• Example of Security Policy
– Token Configuration (such as period and accessible information)
should be defined for each application category and country of the
domain that application is executed.
Level
Application A
Administrat
or 1
Administrat
or 2
・・
・
Administrat
or M
1
2
・
・
・
M
DB 1
DB 2
UK 0 / JP
UK 3h / JP
2mo
3h
Non-Privacy Non-privacy
UK 1h / JP
2h
Privacy
UK 5h / JP 0
Non-privacy
・
・
・
・
・
・
UK 0 / JP 0 UK 1h / JP 0
Non-privacy Non-privacy
・・・
DB N
・・・
UK 0 / JP 0
Privacy
・・・
UK 0 / JP 0
Privacy
・・・
・
・
・
UK 0 / JP 0
Privacy
Security Gateway(6)
 Performance Evaluation Results
 Transaction time of data collection is practical.
 Cache function is effective for reducing the transaction time.
# of Data
Non-Private
Private
Using Cache Func.
1000
16.868171
215.650792
3.426036
10000
57.940439
254.608338
5.528918
100000
504.188900
776.667116
21.692454
1000000
5109.974000
5872.079780
155.043988
29
Take away message
 Convergence is everywhere
 If you start innovation think on the how your
business will convergence and scale
 When we talk IoT, it is actually the largescale
 NEED of large-scale IoT is to exploit Big data
for smart IoT services that processed and
executed on the cloud to derive business
value insight
30