This building block facilitates trusted data exchange among participants, reassuring participants in a data exchange transaction that other participants really are who they claim to be and that they comply with defined rules/agreements. This can be achieved by organisational measures (e.g. certification or verified credentials) or technical measures (e.g. remote attestation).
Role and Scope
Facilitates trusted data exchange among participants.
Features
DSBA - CTO architecture coherence [DRAFT. NOT APPROVED]
Security Profiles
Certification
Remote Attestation, remote integrity verification
Trust Authority for verifying trustworthiness of participants
European identification
IDS Connector implementation
i3-Market Project
An Identity and Access Management system based on Decentralized/Self Sovereign Identity and Verifiable Credentials
Smart Wallets with different level of security (Cloud/HW Wallet).
Smart Contracts.
A Data monetization system based on crypto currency for secure, trusted and cost-effective peer-to-peer payments.
Participant registration service for data spaces, allowing data spaces to make participants known in their data space and also across data spaces.
Totally federated 'trust phone book' to discover participants, find the trust level and the roles, and of course the data space.
i4Trust
iSHARE Satellite services are used at this moment. This service has been defined implementing Trust Anchor functions within data spaces to verify trust of participants.
CS4EU project
FE2MED (Functional encryption to Medical Data)
Technical Reference Implementation
Design Principles Position Paper
Trust is a necessary feature in any data-sharing environment, i.e. also for predictive maintenance. Unfortunately, predictive maintenance is difficult to achieve, as algorithms used are still not as effective as desired, and the quality of outcome often is not sufficient, due to a lack of reliable data. Nevertheless, integrating and leveraging data from partners – and even from competitors or companies from different sectors (OEMs, maintenance equipment producers, energy companies) – can be of great benefit for all participants. To overcome the lack of trust currently still prevailing, data sovereignty concepts and services should be employed
AgriSpace4Trust
AgriSpace4Trust aims to integrate i4Trust Marketplace Framework working with FIWARE’s Smart Models and linked data following the latest NGSI-LD specifications. In addition, iSHARE integration to a third-party SensorPassport implementation will build trust within the community. SensorPassport includes functionalities on validating sensor operations, credibility, access, authorization and account control through iSHARE integration.
iSHARE Foundation
Distributed Ledger node for federated registration of participants in data spaces, hence enabling legal and organisational interoperability.
Datavillage
The Data Cage: A confidential computing environment to process data from different parties while ensuring data confidentiality and algorithm ownership.
End to end data encryption with algorithm integrity through enclaving
No data leak with whitelist sandboxing
Automate secure deployment on cloud providers
Data access management with data activity ledger
Interoperability with linked data and knowledge graph
The Data Pod: A personal data store where individuals control and manage their data.
Extend your data mesh with personal data store
Rely on user centric data model, feed and connect first and third party data
Get customer consent and access data in full transparency
Process data from Data Pod to the Data Cage
i4Trust
iSHARE provides testing and operation instances of the service.
API gateways used in i4Trust are available in the FIWARE Catalogue. The extended version of the Kong API gateway via plugins is recommended.
Portfolio of pioneer use cases relying on the i4Trust framework and using iSHARE Satellite services as basis for verifying trust of participants.
CS4EU project
The Functional Encriptation for Medical (FE2MED) asset is used in CyberSec4Europe (CS4EU) projec. CS4RU goal is provide security measures when medical data are shared. It secures data sharing by using this functional encryption tool. FE2MED ensures data integrity and confidentiality, Leveragecrypto libraries which implement Inner product schemes (e.g., simpleDDH or damgardDDH) for computing data sets providing statistical results to the data consumers. It also implements ABE schemes: KP-ABE schemes ensuring that only selected recipients are able to see certain data. It provides a graphical user interface for facilitating the KP-ABE use. FE2MED is a service currently deployed on premise.
It can be ceployed as a Service
Business Use Cases Implementation
ECI - TNO
A metal company purchases metal sheets to their providers as well as they receive orders from customers. Through the SCSN and IDS network they can receive orders through ECI gatewise and the IDS network to supply drive. Therefore, they can send a purchase order to their providers and they can receive purchase orders from their clients, even though they have different platforms. Information can be transmitted no matter where connectors and suppliers are connected, making sure that every type of business gets digitized and isn’t left behind.
ADVANEO DMP
The ADVANEO DMP is a collaboration portal that enables the data-sovereign formation of Data Spaces for data-driven applications. Integrated AI tools, data models and applications as well as free access to millions of Open Data support the development of data-driven innovation projects. The DMP has no contact with the actual raw data, being directly transmitted to the interested party in peer-to-peer encrypted form by an IDS-Connector. Only the exploitation result is accessible, enabling the sharing of confidential data in value chains.
Vastuu Group
The goal of the project was to use the IDS standard to reveal the energy consumption and emissions information found in Helsinki Region Transport’s (HSL) and a specific city district’s data platforms. This way the data of both public transport and buildings could be taken into account when searching for ways to reduce the energy consumption and carbon footprint in a certain area. The project required developing a solution that would enable smooth data transfer without sacrificing information security.
AgriSpace4Trust
AgriSpace4Trust enables the prosumption of data services to optimise energy inputs in olive production creating new data-driven services. It proposes to create data hubs supported by i4trust data space that exploit local weather stations or agro-environmental sensors and open them to a broader community of local users. This way, opinion leaders and tech-savvy farmers will invest in buying specialised equipment, and data can be shared at will, including cooperatives and farm advisors/ agronomists.
Datavillage
TAILORED CONTENT DISCOVERY FOR END-USERS
Enable the analysis and processing of sensitive personal data aiming better content recommendation through data sourced directly by your users in a compliant and secure way. Let users consume online content on multiple platforms with their own reputation, identity and history. Don't collect the data in your system but access and process it via the end-users Data Pod and the Data Cage.
TAILORED CONTENT DISCOVERY FOR END-USERS
Enable the exploration and processing of user behaviors with other media & entertainment companies in a compliant and secure way (GDPR, e-privacy ...).
CS4EU project
Use Case MD-UC1: Sharing Sensitive Health Data Through an API The FE2MED asset, used in CyberSec4Europe project, secures data sharing by using this functional encryption tool.
The Medical Data Exchange demonstrator is intended to increase the trustworthiness between stakeholders when sharing medical data through a marketplace platform thus generating new business opportunities. This will be achieved by using a real environment provided by the COVID-19 Data Exchange platform50 (COV19DEP)launched by Dawex, which will offer to the users an anonymization service and a functional encryption service for increasing the user privacy and security when sharing data.
The figure below shows the basic flow of this Medical Data use case.
Best practices identification and recommendations
iSHARE Foundation
There is a governance structure to the ledger and hence provides measures for changes and eventual fixes.
Datavillage
Flexibility to deploy on any cloud provider
Development environment with test data required
In memory processing
CS4EU project
The main functionalities should be deployed on the data provider infrastructure for minimising data leaks.
## Gap or what is missing?
Datavillage
A database integrated into the confidential computing environement is missing. We are looking to integrate an in memory graph database like redis.
i4Trust
Convergence with other alternative Trust Anchor services (Gaia-X, IDS, EBSI) is being analysed under the DSBA (Data Spaces Business Alliance).
CS4EU project
User interface could be made more friendly and additional crypto schemes can be included. Mechanisms for sharing decrypting keys.
More information about Cyber Security for Europe project and the use cases are described at the D5.5 Specification and set-up demonstration case Phase 2. [https://cybersec4europe.eu/wp-content/uploads/2022/01/D5.5-Specification-and-set-up-demonstration-case-Phase-2-v1.0_submitted.pdf]