Secure #IoT Idea #IAMCIty
* For “Intelligent Autonomous system for Monitoring and Control of Intersection”
* Brought to life through #2015HackadayPrize contest.
* Ultimate goal of this Hackaday Project as such will be #IAMCIty Proof of Concept (PoC).
[ Concept of operation – Final version 06.08.2015 ]
Introduction (only for information):
- Numbering is in order of building-up the foundations. Differently put, it can be seen as numbering every piece of puzzle when put in place. Thus after all pieces are within the puzzle frame and in the right order, the whole Image of puzzle can be seen. And only then the puzzle's Image can make sense.
- Concept is presented from 1st person to give actual sense of the base that will support as foundation the following actual implementation.
- With all that introduction in mind, this is the fundamental part of IAMCIty, for 1st technical details, please check this presentation from 06.08 project update - https://drive.google.com/file/d/0B6S44jnEBxzyTFFLYmN3Z1FVWUk/view .
- Intersection, a simple definition taken from acting laws: That is the area created by two or more roadways at their junction,
which can be at any angle.
IAMCity = )
1. Monitoring – This is the core functionality I have. To process Imaging data and create meta-data, upon which the Decision making process takes place. In that sense the data from an Imaging sensor will be gathered only for the needs of my Digital Signal Processing to result in meta-data. Once done the sensor data will be discard. To state it clearly - NO Imaging data what so ever will be kept of the passing traffic on my intersection, pedestrians or drivers of vehicles. To have that data is not required, nor can be of better value, for the actual Decisions-making progress once there's sensible meta-data. Last, but not least an important notion is that: Based on the meta-data the reverse process of creating the source Image is considered to be close to impossible, if not impossible.
2. Intelligent – In relation to my decision making process I'm not an A.I. in any way. But have the flexibility, to an extend that, I make my own decisions and they can respond to an evolving environment. A single decision of mine depend both on pre-defined rules and gathered meta-data. Because the gather meta-data can result in new, additional rules, i.e. generated another set of rules which is added to the pre-defined one. Then there's the directive that: No generated rule can overrule a pre-defined one.
3. Autonomous – I'm operating on my own. I do NOT need a central managing or control system. Also my goal is NOT to give 'remote access' to my input or output devices, including built-in and as well outside peripherals. A good example is that through my systems no one will be able to receive control to the end-points I'm connected to (as actuators for example). Simply because no such functionality exists within my programming. Yet the following case is considered and taken care of: There can be a situation where I'm not capable to handle the end-points (again as actuators for example). Therefore I can decide to release them from my control so other system can take control ONLY over the end-points, not me. As I'm autonomous. For control to be given back to me all systems must go through reset and an initialization process, including the actual boot-up of my core system, will take place.
4. Control – Only when no information signaling is capable of resolving an immanent situation, then I will be able to take control over “Traffic Signaling”. This action will be completely AUTONOMOUS, i.e. not executed by a remote command or governor. Because that simply does not exist within my programming.
For quick example:
- I can use the LED Traffic Lights to close an intersection where a traffic accident has taken place. NOT prior of that !
- Change the LENS of LED Traffic Lights for better perceptions from the participants in the traffic. Of course that will be taken upon determining and evaluating a changed environmental conditions . And of course if such technically solutions is available on the intersection I'm installed, locally.
5. Modes of operations – Basic, Advanced, Fail-safe, Stand-by/HOLD
- Information signaling only
- Statistical data acquisition during operation in this mode.
Please refer to (3) for more information about my respect toward Personal Privacy.
- Traffic signaling
Please refer to (4) for more information about only when I'll be using Traffic signaling
5.3. Fail-safe (Emergency mode – in regard to the Intersection, NOT me or my systems):
- Includes and continues every operation already undergoing from Advanced mode
- Starting to provide meta-data information in human-understandable way. Only as upstream communication and only to a pre-defined communication end-point at the outside world THAT I can authenticate. Other way to state that would be: Only one-directional communication channel from me to the outside world is going to be opened. And only when no decision chain can achieve a final outcome – a decision about the current situation. Which is to conclude that there's some extra-ordinary situation taking place on my intersection; to which I am not capable to handle on my own. Privacy will be respected without any “bending” of the term. Actual 1:1 Image/Video streaming are not considered here, only meta-data will be streamed.
NB: Does not mean a Power stand-by is executed !
- No monitoring
- No control
- No statistical data
- No meta-data streaming
That only means every operation of mine will be on HOLD.
NB: Security has number 0 ! Not 6.
0. Security - As autonomous system I must guaranty my own security. And also of any external component that I'm to access prior to the actual use. That is a requirement for me to be able to uptake the care and any action toward guarantying the safety of my intersection. In that manner there will be 3 main focus.
Only 2 are into the focus of current PoC.
- Every activity from internal operations to outside actions I perform will be logged. And kept record for at least 1 year = 365 days as thumb rule. This is my 1st line of defense against me as a system being compromised.
- If a predefined number of count is reached I'll send notification to a pre-defined communication end-point at the outside world THAT I can authenticate. Examples would be Authorized Personal or Agency, but still that would be only upstreaming communication. The notification hold information about the fact that I'm taking too many actions to regulate and/or guaranty the safety on my intersection. My 3 modes of operations will continue, but the notification will be made visible and locally on my intersection after the first 24 hours. To signalize the traffic for the possibility of high risk to lower safety present on the intersection. The end-point producing the actual signal will be do so in a way that it does NOT affect the traffic. Yet visible to the participants in the traffic so they can safe-guard themselves and also notify the Authorized side by good will ;-)
This event can mean 1 of 2 things:
a. This is a troublesome intersection
b. I'm operating above my Actions count limitation (which can vary per intersection)
0.2. Communication - I'll not give control over my system, actuators or analytics features. Yet I will be accepting one and only one command – Mode of Operation. Thus I can be switched between modes, but the execution of that mode still will be autonomous, including the escalating or not of my Mode of Operation. My communication will be for 2 main purposes:
0.2.1. Remote set of the “Mode of Operation”
Quick example: I can be set in Advanced Mode of operation, but that would be the only & solely remote command accept. From that point on any Mode switching to Fail-safe or Basic Mode I will do interdependently.
0.2.2. Upstream valuable (but only) meta-data for guarantying Intersection safety – Can be performed only based on my decision.
0.3 Physical security from unauthorized access – not into the scope of current PoC.
=============== END OF CONCEPT OF OPERATIONS ===============
Good Luck to All and especially to All Fellow HACKADOERS :-)