In the innovation era, prominent applications in the automotive, manufacturing, health, logistics and transport sectors require to securely interconnect high-end and low-end devices by means of trusted networks and digital platforms.
This CNIT Research Area focuses on large-scale and integrated infrastructures at sub-system and system levels (from prototype embedded systems, to digital platforms, and final user applications, including an ICT fully-equipped laboratory), exploiting a large-scale testbed located at the Port of Livorno. Our reference framework is open to partners willing to check interoperability and compliance to standards for their assets. The reference architecture is cloud-shaped: all layers (IaaS, PaaS, SaaS) feature open-source or free software modules so that open-ness towards new partners can be guaranteed.
Complex infrastructures rely on heterogeneous data sources, more specifically local sensing networks, local relational databases and external data banks.
The resulting data lake is therefore capable of:
- Ingesting structured and unstructured data;
- Storing and securing data in a scalable way;
- Allowing for catalogs and indexes without the need of data movement;
- Connecting to Business Intelligence applications via transparent APIs.
The Data Lake is managed by:
- Relational DBMS (i.e. mySQL, MS SQL Server);
- IoT-oriented platform (i.e. Ocean Mobius complying with OneM2M);
- Document-oriented platform (i.e. MongoDB);
- GIS platform (i.e. ESRI ArcGIS).
Jboss Teiid provides technology-independent data virtualization and exposes APIs.
For the Port of Livorno the data infrastructure exposes an Open Data layer where information about (multi-modal) transport & logistics, environmental conditions, status of operational processes can be retrieved.
As security and trust have to be considered in multi-party processes (notably in logistics) the data infrastructure makes use of InteroperaChain, a Distributed Ledger Technology (DLT) interoperability layer:
- Collecting information on the supply and distribution chain in a secure and non-repudiable way (interoperable with industrial IT platforms);
- Guaranteeing replication of information and its availability even in the event of exceptional events (e.g. disasters, cyber attacks);
- Guaranteeing end user abstraction with respect to the underlying technology, avoiding technology lock-in;
- On-boarding Port of Livorno to Tradelens (by Maersk/IBM).
For the industrial development activities the laboratory relies on a local farm consisting (to date) of:
- Server DELL POWEREDGE R730: x1 128 GB RAM, 8 SAS disks of 300 GB disks;
- Server DELL POWEREDGE R7425: x4 128GB RAM, with about 16 TB storage capacity (SAS and SSD);
- VMware virtualization technology (freeware version);
- RAID-1/RAID-6 redundancy.
An industrial tenant on CNIT infrastructure will also make use of the following services:
- Data Lake (as discussed in the previous tab);
- Owncloud (file repository);
- GitLab (source code versioning system);
- OpenProject (project management).
The outdoors wireless network consists of:
- A WiFi private network covering the maritime terminal;
- A C-ITS network supporting ETSI-compliant vehicular communications;
- Commercial mobile networks 4G/5G with specific support of NB-IoT standard protocol.
Dedicated VMs will be instantiated on the farm. A VPN tunnel will be enabled to connect industrial IT premises to the testing infrastructure.
The VMs will have access to dedicated microservices:
- API Gateway to manage API calls;
- RabbitMQ as message-broker for service-to-service communication;
- Token Issuer to manage Single Sign On by JWT token;
- Identity Server to securely access the APIs;
- Publisher Portal Profile to publish new APIs;
- Docker to implement microservices with container design pattern.
Industries can therefore spawn a full-fledged service in an open digital stack.
A system composed of many sensors and entities with different nature requires a real-time monitoring system capable of showing the status of the georeferenced components.
The NVIZ framework satisfies these requirements providing a development environment supporting containerized web-apps. Such applications:
- Render entities (sensors or vehicles) and their state on a 2D map;
- Interact with a OneM2M platform through a native module;
- Leverage the “subscriptions” OneM2M mechanisms to collect sensors data;
- Automatically render entities when payload satisfies a predefined data-model;
- Can display different types of data streams (such as IP cameras images).
Vehicles are already connected devices. However, in the very near future they will also interact directly with each other and with the road infrastructure. This interaction is the domain of Cooperative Intelligent Transport Systems (C-ITS), which will allow road users and traffic managers to share information and use it to coordinate their actions. This cooperative element – enabled by digital connectivity between vehicles and between vehicles and transport infrastructure – is expected to significantly improve road safety, traffic efficiency and comfort of driving, by helping the driver to take the right decisions and adapt to the traffic situation. (source EC)
A standardization action has been mandated to ETSI/CEN by the EC in 2008. A set of standards (release 1) is already in force. A regulatory action (“Delegated Act”) is still pending of approval by the European Parliament and the EU Council.
- New embedded systems (to be considered as OBU/RSU) w/ local computing and PAN/LAN/MAN interfaces: System-on-Modules w/ WiFi, vehicular communication (ETSI-G5, C-V2X PC5), in-vehicle communications (CAN Bus), 6LoWPAN (2.4 GHz IEEE 802.15.4), Bluetooth 4.0, 2G/3G/4G, GNSS/GPS;
- ETSI-G5 V2X module with full SW stack;
- Advanced integrated HMI with touch screen (OBU configuration).
CNIT Vehicular PKI complying with ETSI standards for:
- Security Messages, Security Entities, Certificate formats;
- Latest version of ETSI Trust Model (i.e. Root CA, EA, AA, Distribution Centre, ECTL) implemented and ready to use (Privacy in ITS Anonymity, Pseudonymity, Unlinkability, Unobservability);
- ITS-S Security Lifecycle (Initialization, Enrolment, Authorization);
- Public Key Infrastructure;
- Trust Information List Management (CTL & CRL & ECTL);
- ETSI Conformance testing passed in ITS-CMS6 e ITS-CMS7 (2019).
Control & management:
A prototype Control Center is interconnected with the Data Infrastructure and is capable of:
- Field components configuration for:
- Day-1 services;
- Interoperability with DATEX nodes in Traffic Control Centers:
- Feed by locally generated events;
- Route DATEX messages to C-ITS;
- Component maintenance;
- Vehicular PKI early vehicle manufacturer registration.
This asset can be exploited by industries willing to deploy part or a full C-ITS in a large-scale infrastructure (i.e. a smart road, a smart city, an industrial settlement).
The standardization activity around 5G network has paved the way to a low-latency, ultra-high broadband, application-aware mobile infrastructure.
Exploiting the third-party 5G NSA infrastructure deployed in the container-terminal area the laboratory permits to design, develop, and test Application Functions running on the “Edge Cloud” located at CNIT laboratory.
Interoperability with 4G/5G core services as well as with external data centers is also possible.
New embedded system) w/ local computing and radio interfaces:
- Low-power, micro-controller based architecture with 2.4GHz short range ad-hoc adapters (Bluetooth 5, Bluetooth mesh, ANT, IEEE802.15.4, Thread , Zigbee…);
- Long-range network adapters complying with 3GPP specifications (R13 – LTE): connected to eNodeB;
- Tested with ICON (TIM/Olivetti OneM2M Platform).
Off-the-shelf IoT sensing devices: Interconnected by the local network (WPAN, WLAN); tested with local OneM2M platform.
Integration with satellite backhaul in maritime services:
The next version of the NB-IoT smart object will be equipped with an additional transceiver providing mesh networking capability for the maritime transport scenario, to overcome the radio-coverage issues due to the cargo containers. Furthermore, the NB-IoT smart object will be integrated in a E2E system able to deliver the sensor measurements to a cloud platform via an ad-hoc satellite backhauling.
Future versions of the smart object will be designed according to 3GPP Release 17 process, where NB-IoT over Non Terrestrial Network specification activity is planned during 2021.
This asset can be exploited by industries willing to deploy monitoring applications on a 5G-like composite network infrastructure. The capability of deploying NetApps exploiting the Edge Nodes hosted in a local cloud directly interfaced with a 5G fronthaul is also offered.