The BRAIN-IoT Platform for Decentralized IoT Applications

IoT adoption is dramatically increasing in many different domains, contributing to fast digitalization in several sectors. Modern IoT applications must deal with multiple issues, including monitoring, control, and management of the complex infrastructure and systems deployed by smart cities and smart factories to support critical services. As a result, IoT-based applications are becoming more and more complex to design, manage, and maintain.

The BRAIN-IoT research project focused on simplifying this complexity. The project resulted in the BRAIN-IoT Platform, a meta operating system for implementing and executing decentralized IoT applications with computing capacity at the edge in a computing continuum with the cloud. The platform reduces the effort required to develop, validate, operate, monitor, and manage IoT systems that orchestrate new and legacy devices and services.

Designed to Address Key IoT Challenges

BRAIN-IoT simplifies and automates several management procedures to make life easier for IoT systems developers and operators. These capabilities are possible thanks to a model-driven methodology that enables fast design and development of distributed orchestrating logics, and artificial intelligence (AI), which enables implementation of cognitive capabilities that can learn and make decisions at the right time.
 
With this approach, BRAIN-IoT addresses two of the main challenges that arise in current IoT scenarios:

• The requirement to design complex orchestrating applications that involve several heterogeneous platforms and smart, interconnected things
• The need to instantiate, operate, and evolve the complex software ecosystem so it automatically reacts to environmental changes at runtime without human intervention

BRAIN-IoT pioneers a new, AI-driven IoT management system that delivers tremendous advantages when you scale IoT systems for critical industrial purposes. Another key challenge is to guarantee the security, privacy, and resiliency of IoT-based control systems for critical infrastructure.

In the BRAIN-IoT project, two main usage scenarios were taken into account:

• Critical infrastructure, with specific use cases for smart water management
• Service robotics, with specific use cases for smart warehouses

Architected to Drive Digital Transformation

The BRAIN-IoT Platform is primarily composed of three integrated macro frameworks:

• The modeling and validation framework for reusable smart behaviors
• The distributed service recovery and execution platform
• The security framework

The goal of the BRAIN-IoT Platform implementation is to drive digital transformation towards a smart world, exploiting data and computational processes from field devices, sensors, actuators, and cyber-physical systems (CPSs), as well as computing edge nodes and servers.
 
The three BRAIN-IoT frameworks are comprised of several integrated modules that perform specific functional roles (Figure 1).

Figure 1: BRAIN-IoT Platform Functional Architecture

Modeling and Validation Components 

The modeling and validation framework for reusable smart behaviors is responsible for design, development, and validation of IoT application logic. The framework composes and orchestrates services provided by available devices, such as sensors, actuators, CPSs, and external services, such as third-party platforms and databases. Service and application layer modeling and physical layer modeling are handled by the BRAIN-IoT services development toolkit.

At the service and application level, application logic is modeled using a set of tools and languages that support multiple modeling languages, each of which has specific characteristics and meets specific requirements. The BRAIN-IoT modeling tool allows model-based development of applications that are described with the BRAIN-IoT modeling language.

The BRAIN-IoT modeling language is a unified modeling language (UML)-based metalanguage with several profiles for integrating and supporting multiple non-UML modeling languages. It supports the following metalanguages:

• IoT-ML, a modeling language derived from the MARTE language and extended in BRAIN-IoT for system-level description of functional models in the IoT domain.
• W3C WoT Thing Description, a standard from W3C Web of Things (WoT) that describes metadata and interfaces of Things. A Thing is an abstraction of a physical or virtual entity that provides interactions to and participates in the WoT.[1]
• AIML, a language that is completely defined within the BRAIN-IoT project to model and generate AI modules, such as neural networks.

To meet the specific requirements of IoT developers using the BRAIN-IoT Platform, the BIP language can also be adopted, along with its toolset, the BIP code generator, and BIP modeling and validation tool, which were developed as part of the project. The BIP language describes composition of heterogeneous components, ensuring correctness-by-construction for essential system properties, such as mutual exclusion, deadlock freedom, and others. It also enables formal verification.
 
At the physical level, executable models representing real IoT devices can be developed using the BRAIN-IoT physical layer modeling methodology, which leverages the state-of-the-art SystemC-TML language. These IoT device models allow developers to replicate physical devices and to test and validate the developed applications and services in a safe, simulated environment before they are executed in a production environment.
 
As another way to support the system validation, the BRAIN-IoT modeling tool provides the ability to use development-time models to monitor the status of the modeled application that is running. This is possible due to the implementation of the Models@Runtime paradigm, which allows the application model to be synchronized with the running system.

The BRAIN-IoT models, which are converted into source code by the code generators in the BRAIN-IoT services development toolkit, are then released and stored in the BRAIN-IoT repository, ready to be deployed and executed by the distributed service discovery and execution platform.
 
The online data analysis tool for anomaly detection and prediction is a structural and fundamental service in the BRAIN-IoT Platform. Its role is to enable the autonomic capabilities in the BRAIN-IoT distributed service discovery and execution platform. This tool, which was developed using AI and machine learning (ML) algorithms, consists of a non-use-case-specific service that detects and sends notifications when anomalies in analyzed data have occurred or may occur.

These notifications are used by the execution platform, and by other planning and control strategy services, to trigger a prompt reaction that mitigates or avoids negative consequences to the IoT/CPS systems the BRAIN-IoT Platform helps manage. The BRAIN-IoT Platform component that provides the online data analysis tool for anomaly detection and prediction functionality is called s0nar.

Distributed Execution Components

The BRAIN-IoT distributed service recovery and execution platform is the architectural component that enables bulk deployment of BRAIN-IoT services on a mixed cloud-edge environment and puts them in communication with one another to implement the modeled application. It is based on the Paremus Service Fabric. This commercial product is an execution environment for deployable BRAIN-IoT services that has been extended with innovative functionality that enables dynamic and automated deployment and communications management. These capabilities, which were implemented using the new BRAIN-IoT fabric, combine with the Paremus Service Fabric to enable:

• Development of runtime capabilities for lightweight micro-cloud environments
• Dynamic, event-driven reconfiguration of the cloud environment and anything connected to it
• Dynamic deployment, configuration, and monitoring of deployed BRAIN-IoT services and automatic management of the (often) very numerous dependencies

Together, these two components allow BRAIN-IoT services to communicate with each other through asynchronous events using the BRAIN-IoT EventBus communications layer. A BRAIN-IoT service issues an event that is routed to local or remote software endpoints that have registered interest in events of that type — other BRAIN-IoT services, for example. This process is entirely independent of the underlying hardware and consists purely of communications between software entities. Thanks to the EventBus, the multiple BRAIN-IoT services taking part in the deployed system are completely decoupled, and the failure of one service has no impact on any of the other running services.
 
Part of the BRAIN-IoT distributed service recovery and execution platform also functions as the edge IoT platform for IoT/CPS interoperability. This platform handles interoperability with the heterogeneous world of IoT devices, CPS (real or virtual), legacy, and external systems that comprise the infrastructures to be monitored and controlled.
 
Multiple different IoT platforms can be integrated and adopted in the BRAIN-IoT Platform but, so far, mainly two types are available: sensiNact-enabled platforms and WoT-enabled platforms.
 
While sensiNact-enabled edge nodes are based on the well-established and mature Eclipse sensiNact gateway, which can be deployed in a distributed and bulk manner thanks to integration with the other BRAIN-IoT Platform components, the WoT-enabled edge nodes are a new implementation of the standardized WoT Servient binding layer. The WoT-enabled edge node implements an approach for automatically generating the interoperability layer for communicating with devices or systems based on a W3C WoT Thing Description of the communications interface.

Security Components

The BRAIN-IoT security framework primarily provides access control and end-to-end data security functionality for resource-constrained devices and implements an approach for privacy control in distributed IoT environments that’s based on the concept of sticky policies.
 
A security module and gateway, a message integrity service (MIS), and a distributed authentication, authorization, and accounting (AAA) server have been implemented to ensure data confidentiality, integrity, availability, and authentication for the BRAIN-IoT Platform:

• The security module is light security software that’s used to authenticate and encrypt data sent over the network at the application level with reduced energy consumption for IoT sensors and actuators.
• The security gateway checks the sender’s authentication before decrypting the data.
• The distributed AAA server manages identity and rights from users and IoT devices with reduced management costs.
• The MIS has two functions:
  • Sign the data event before sending it. This allows the integrity of the event to be checked using a cryptographic signature and the identity of the sender to be confirmed with a certificate.
  •  Verify the message integrity and sender authentication when the event is received by a node.

The privacy control system is a framework that allows IoT system end users to control privacy policies related to personal data collected using IoT devices. The solution is based on a policy enforcement point (PEP) that applies the policies and controls access to the data by available services.
 
The privacy control system attaches the policies to the data event and delivers it along with the data over the EventBus. The services that subscribe to that data type must be authorized by a trust authority before the EventBus allows it to receive the data. This authorization is provided by a policy decision point, which compares the policy attached to the data to the one declared by the service. If the policies are compatible, the privacy control system authorizes the EventBus to deliver the data event to the service that requires it.
 
Finally, the attack defense strategies exploration tool is a decision-support tool that uses a type of cost/benefit analysis to provide suggestions about the most relevant countermeasures to implement. The tool aims to identify the attack actions that are most likely to succeed and the best defense actions to make the system more difficult to attack.

Five Good Reasons to Adopt the BRAIN-IoT Platform

There are many good reasons to adopt the BRAIN-IoT Platform, but here are the top five:

1. You’re a developer looking for easier ways to implement control strategies for complex IoT systems.
   The BRAIN-IoT service development toolkit offers model-based engineering (MBE) solutions for design, development, and validation of control logics.
   
2. You’re looking for a robust IoT system.
   BRAIN-IoT provides recovery from, and adaptation to, failures, as well as data security and access control for resource-constrained IoT devices.
3. You want to focus on application logic.
   BRAIN-IoT handles interoperability issues for you, providing suitable adaptation for IoT devices and for system communications protocols.
4. You’re dealing with the challenges of developing applications for robotics and smart cities.
   BRAIN-IoT addresses issues such as functional code distribution in multi-robot systems and distributed critical infrastructure.
5. You’re looking for an IoT system that respects end-user privacy.
   BRAIN-IoT provides a framework that allows end users to control privacy policies throughout the application life cycle.

Learn More About BRAIN-IoT

Most of the BRAIN-IoT Platform components have been released as open source and are available in the Eclipse Research Lab.

 

---

 

Website Twitter

This project receives funding from the European Union’s Horizon 2020 Framework Programme for Research and Innovation under grant agreement no 780089.

---