IoT-NGIN comes to an end, boasting of rich portfolio of next-generation IoT tools, designed, developed, validated and piloted within the project. IoT-NGIN has delivered innovations on the network, communication, security and application side of IoT.

Specifically, IoT-NGIN has developed enhancements on IoT Underlying Technology. These include the IoT-NGIN Device-to-device (D2D) solution for improving 5G coverage in areas not well served by public networks. It is a simple but effective methodology for coverage extension by establishing a D2D communication between the node outside the cell coverage area and a relay inside the coverage area. A metrics exchange is established between the participants to select the most suitable relay for the target performance. This selection process exploits various metrics of interest that can be enriched if necessary. This fits perfectly into the IoT-NGIN context, where one challenge related to deploying 5G in wide area networks is the short network coverage of approximately 500 m depending on the frequencies used and the attenuation of signals in a given location.

In addition, IoT-NGIN has contributed to developing deterministic communications bringing 5G closer to private industrial networks. These include the design of 5G core that supports the latest 3GPP standard specifications including all the necessary network functions (NF) for connecting UE devices to fixed LAN and become native Time Sensitive Networking (TSN) devices. The 5G core with TSN features developed in IoT-NGIN has been deployed and piloted in ABB factory, Finland. The pilot setup includes the support for Ethernet PDU which is uniquely available currently in CMC 5G Core – in contrast to commercial 5G networks only supporting IP PDU sessions for data exchange between mobile devices and data networks such as public Internet.

Moreover, 5G integration has been enhanced through IoT-NGIN improved 5G APIs, increase the ease of use for application developers and decrease the required knowledge of the underlying infrastructure. The API resources are grouped into three different categories, namely 5G Connectivity and Device Management, Microservice Lifecycle Management and Network Slice Management. IoT-NGIN has also created a Secure Edge Cloud Framework (SECF) for micro-services. The so-called RustyHermit is used to show the applicability and robustness of unikernels, an alternative to containers solution in which the kernel is linked as library to the application and realized as bootable application, resulting in increased security. RustyHermit can support C/C++ and Fortran by providing a cross-compiler to build unikernels on top of a Linux system, allowing application development for the IoT world. The IoT-NGIN SECF caters for the creation of containers standardized, so that other tools like Kubernetes can build upon different varieties of container implementations through own container spawner runh that can spawn common containers but also containers based on a microVM and the unikernel RustyHermit.

In addition, IoT-NGIN provides contributions to enhancing IoT Intelligence. This is achieved through the IoT-NGIN MLaaS (ML-as-as-Service) platform, addressing stream technologies, MLOps, reinforcement learning, storage, blockchain, conversion, monitoring and federated learning. MLaaS supports ML model storage by integrating MinIO, Rook and Ceph; Data storage as PostgreS and InfluxDB; Data acquisition as MQTT, Kafka, Camel-k; IAM/AAI Keycloak and CI/CD installation based on Argo-CD. In addition, modules for online model training, model translation and zero-knowledge model verification based on Blockchains have been added. Concerning the Privacy-Preserving Federated Learning (PPFL) Framework, locally trained ML models are aggregated in a ‘server’ node and shared to the ‘clients’, without disclosing data to each other, while enforcing privacy preservation during model exchange. The PPFL Framework provides easy access to diverse federated learning approaches, able to operate for different applications. In particular the following frameworks are integrated and enhanced: NVIDIA FLARE, Flower and Tensorflow Federated.

IoT-NGIN enhancements towards IoT Tactile & Contextual Sensing/Actuating refer to IoT Device Discovery and Indexing, IoT Device Access Control and IoT Device Augmented Reality actuation. Concerning IoT Device Discovery and Indexing, fast and versatile software components have been developed for recognition, positioning and indexing of different objects. Different recognition methods, both visual and non-visual, are integrated in the Discovery module and the main advancements concern the reduction of latency in the detections, improvements in the accuracy and the robustness of the methods. The modules recognized in the IoT Discovery are registered in the FIWARE-based IoT Device Indexing Module, with several information per device and the main novelties are the ability of the IoT Device Indexing of integrating big numbers of diverse IoT data sources, providing context-aware querying and supporting historical data services.

The IoT Device Access Control service has been implemented to handle in a flexible privileged way the access to the resources of the Project. The module is implemented as a flexible Ingress gateway enforcing chained access control methods, following different access control mechanisms which are implemented as plugins: Proximity plugin, OpenID Connect Authentication plugin and Self Sovereign Identities plugin.

The IoT Device Augmented Reality actuation is a module able to communicate with different devices, framework and tools. The main novelty is that a set of APIs have been created, that will allow the different AR tools to interact with the IoT Device Indexing module.

Furthermore, IoT-NGIN provides enhancements for IoT cybersecurity and data privacy, following a comprehensive approach towards Federated Learning cybersecurity. This is done by introducing the IoT Vulnerability Crawler (IVC), as well as its dynamic defense mechanism through the Malicious Attack Detector (MAD), also leveraging on advanced ML and Generative Adversarial Networks (GAN) based Data Generator. IVC aims to scan the participating IoT nodes for vulnerabilities and report back its findings. Within the second half of the project, the final version of IVC has been released, integrating 2 plugins, namely OWASP zap and log4shell scanner, which cover a wide range of vulnerabilities (more than 200).

Moreover, the GAN-based Dataset Generator aims for the creation of poisoned datasets that assist addressing attacks against IoT and Federated Learning systems. It features two variants, namely one for generating IDS Network data and one for image datasets. Within the second period, the image generation variant has been implemented and used for introducing poisoning attacks in FL. It has been developed and tested with plant disease datasets and used for testing MAD. Specifically, relevant experiments include deployment of the GAN Generator (images) on a malicious FL node, synthetic images’ creation and data poisoning attack realization by flipping images’ labels. MAD has aimed to provide network attacks detection capabilities enabling also the support of online processing on Suricata data; on the other hand, it has been further developed to facilitate the detection of ML poisoning attacks. For the part of the ML poisoning attacks, GAN-based data poisoning attacks, with little deviation on individual nodes’ parameters, which cannot be detected with common techniques proposed in FL. Regarding MTD Honeypots, the 2^nd and final version of the MTD Honeypot framework has been implemented, that incorporates the IP Randomization technique.

Moreover, IoT-NGIN has made significant contribution in terms of data privacy and sovereignty through the Decentralized Interledger Bridge (DIB) component, realizing an optimized implementation supporting a great number of distributed, ledger-independent transactions/sec even in extreme use cases. In addition, on-device access control solution for constrained devices and the QR code / GS1 Digital Link based discovery for Device Triplets (Semantic Twins, Digital Twins and IoT devices) has been implemented and prototyped. Privacy-preserving SSIs have been developed for the Triplets and SAREF ontologies have been exploited to support Semantic Twins (STs). Moreover, the work on the Semantic Twins (STs) (previously referred to as Meta-Level Digital Twins) has been completed, allowing to solve many typical technical problems faced in developing solutions that utilize Triplets, but also to streamline the related business processes, thus opening up many new business opportunities.

Last, but not least, the pilot activities have been completed during operation in the IoT-NGIN Living Labs (LLs):

• Human-Centred Twin Smart Cities Living Lab, Finland
• Smart Agriculture IoT Living Lab, Greece
• Industry 4.0 Use Cases Living Lab, Spain
• Industry 4.0 Use Cases Living Lab, Finland
• Smart Energy Grid Monitoring / Control Living Lab, Italy.

Specifically, the final results and outcomes of the pilot validation processes have been collected for each of the 10 use cases in the context of the defined scenarios. Moreover, the outcomes of the assessment of Quality-of-Experience (QoE) per use case or Living Lab have been presented, as derived by pilot end-user’s feedback to relevant questionnaires, developed specifically for each business case.

Last, but not least, assessment and evaluation of the acquired results has been conducted, verifying the progress towards the initially set Key Performance Indicators (KPIs) for each LL or UC. In addition, deviations from the initial planning, limitations and design optimizations have been identified for each LL, while replication guidelines are provided, allowing reproducibility of the pilot scenarios.

As a conclusion, the LL goals and objectives have been met, with minor or no deviations. The pilot execution and evaluation of the IoT-NGIN tools have been successful in reaching the targets of our KPIs, while the identified limitations provide lessons learnt for applying optimizations and enhancements in IoT-NGIN components and use cases in future research and innovation activities.

We invite stakeholders among the developers’ community, IoT, edge and cloud sector, as well as the project’s application domains to gain insights through our results on the project’s GitLab group and our website.