Robustness-as-Traceability: Secure and Legal Calibration Workflows in IoT (RoasT-IoT)


Roast-IoT’s vision is to enable all sensed data and actuation on IoT platforms to be anonymously traced back to securely calibrated sensors whilst ensuring that anonymity can be stripped back when things go wrong and the law gets involved.

Sensing accuracy is a key requirement in safety-critical IoT deployments. Calibration plays an important role in ensuring device accuracy. Consequently, the security of calibration processes is an important security requirement — an uncalibrated deployment cannot be expected to work correctly with negative legal consequences.

To control IoT workflows and to achieve assurance requirements and legal compliance, users need visibility into workflows and the ability to exclude compromised or poorly calibrated devices. RoasT’s objective is to provide security and legal contexts to data generated within an IoT ecosystem about what devices, sensors, and ML applications that data has been exposed to.

RoasT will also develop tools to reason about the security properties of the workflow context whilst balancing operator privacy with user security requirements, and relevant legal obligations. These deliverables will bootstrap context-based access control and enforcement based on the contextual characteristics of the data such as provenance, calibration, and specific devices or applications, along with what users should and should not do in accordance with relevant legal requirements applicable to IoT devices and calibration trails. RoasT contributes to cybersecurity of IoT by considering both legal and technical challenges around workflow traceability, focusing on the dual lenses of Internet (of Things) law and Security-at-the-Edge.