Description of the project

Mission & Vision

With climate change being the defining issue of our time, operators are now quickly realising that there is an urgent need to increase the energy efficiency of data centres and reduce their environmental impact.

TANGO will establish a stronger cross-sector data sharing, in a citizen-centric, secure and trustworthy manner, by developing innovative solutions while addressing environmental degradation and climate change challenges. The overall outcome is a novel platform exhibiting the following capabilities: user-friendly, secure, trustworthy, compliant, fair, transparent, accountable and environmentally sustainable data management, having at its core technology components for distributed, privacy preserving and environmentally sustainable data collection, processing, analysis, sharing and storage. This platform will promote trustworthy and digitally enabled interactions across society, for people as well as for businesses. TANGO will leverage the power of emerging digital technologies to strengthen the privacy for citizens and private/public organisations, reduce costs and improve productivity. It will unlock the innovation potential of digital technologies for decentralised, privacy-preserving applications, while making accessible and demonstrating this potential within the Gaia-X and EOSC ecoTango decorative imagesystem. With 34 key partners from 13 countries, TANGO, is uniquely positioned to provide a high impact solution within the transport, e-commerce, finance, public administration, tourism and industrial domains supporting numerous beneficiaries across Europe.

Through the provision of TANGO technologies, a trustworthy environment will be designed acting as a gatekeeper to information and data flows. Citizens and public/private organisations will be empowered to act and interact providing data both online and offline. TANGO will focus its activities on 4 main pillars: (i) the deployment of trustworthy, accountable and privacy-preserving data-sharing technologies and platforms; (ii) the creation of data governance models and frameworks; (iii) the improvement of data availability, quality and interoperability – both in domain-specific settings and across sectors; (iv) energy consumption optimisation at infrastructure, application and inference (AI) level. In-line with the strategic agenda of the Gaia-X initiative, TANGO will boost data sovereignty and enable cloud/edge and AI applications that adhere to European values. Moreover, aligned with the European Open Science Cloud (EOSC), it will provide seamless access and reliable re-use of research and industrial data to European researchers, innovators, companies and citizens through a trusted and open distributed data environment. TANGO’s unique value proposition is the one-of-its-kind platform, which provides a trustworthy data management and sharing platform deployed in federated, distributed, multi-cloud environments ensuring data sovereignty, governance and provenance for public/private organisations while empowering citizens to get control of their data.

Key objectives

TANGO will establish a stronger cross-sector data sharing, in a citizen-centric, secure  
and trustworthy manner, by developing innovative solutions while addressing environmental degradation and climate change challenges.

The creation of the platform, is supported by the following specific objectives:

  • To design and develop a holistic, flexible and open framework for fair, responsible and green data management, sharing and storage while maintaining data ownership
  • To provide a secure, trusted and audible data management, storage and sharing environment ensuring security and privacy
  • To design and implement distributed trust management mechanisms for identity management and onboarding providing security and user-friendliness
  • To develop data security and infrastructure management processes that prioritise green data operations
  • Validation across industries through 6 Data sharing use-cases: Smart Hospitality, Autonomous Vehicles Transport, Smart Manufacturing, FinTech, Public Administration, Retail Sector
  • To implement extensive and detailed communication and dissemination activities to enhance basis for demand and collaborate with relevant initiatives in the field

Key results

Blockchain-based data storage and sharing

TANGO will develop an energy-efficient blockchain agnostic platform (compatible with all major blockchain protocols such as Fabric, R3 Corda, Ethereum, etc) for trusted transactions emphasizing on the simultaneous requirement of transparency, security and privacy, in all the information being shared among relevant stakeholders. TANGO will develop an abstraction layer to allow synchronization of segments of very large datasets (>50TBs) in a highly efficient manner. It will facilitate the synchronisation across all major types of databases that different institutions may be using, allowing them to retain data where it is currently stored. A highly elaborate key management mechanism will be provided, employing 3 layers of encryption as well as a split-seed design to prevent data access in cases where all parties, excluding the user, in the platform are rogue. Interoperability will be ensured through integrating a Gaia-X compliant gateway and IDS connectors to integrate with external sources/external existing data spaces. Efficient distributed and privacy-preserving data storage will be introduced based on the Solid framework, combined with efficient data owner indexing, introducing also an IDS connector for Solid.

Trustworthy data sharing

The objective within TANGO is to bridge the gap from model and practical implementation applied beyond the scope of Industry 4.0. The configuration of characteristics, attributes and evaluation schemes for specific use cases in TANGO will extend the SotA and provide examples facilitating the uptake of trustworthiness in several domains. Furthermore, a privacy-preserving way of sharing data will be introduced leveraging tokenisation. It will be developed as a decentralised recommendation environment without creating user-item matrices prone to privacy issues and without using any collaborative recommenders. Trusted parties will not be required, common knowledge, such as user or item IDs, will not be needed and preferences or properties will be shared.

Confidentiality and privacy by design

Supporting end-user empowerment for security and privacy is one of the key objectives of innovation. Towards this end, TANGO will cover governance aspects in order to guarantee end-users to be the owners of their data. In particular, it will address security and privacy challenges arising from the integration of the information coming from different sources and devices into central data management platforms. On the one hand, users will be empowered with tools to control how the information is shared. TANGO will address user consent aspects through the use and extension of access control policy-based approaches. GDPR regulation will be considered as a legal umbrella for the data sharing ecosystem. On the other hand, it will be complemented with the application of mechanisms based on the sticky policies approach. TANGO will expressively reflect “regular-language-like” policy, rather than just a set of mathematical symbols (e.g., A or B and C), into encryption/decryption and signature to support data sharing. Thus, it will perform fast and efficiently, no matter how long the data sharing policy is. TANGO will also consider “hiding” the sharing policy from unrelated data parties to maximize data owner and users’ privacy.

Self-encryption and Decryption Techniques with Multi-Factor Information Recovery Mechanisms

TANGO addresses existing shortcomings including identity unlinkability, centralised mode, static key, and lack of interface with other secure tools. A novel selfencryption/decryption approach will be introduced that uses data to be encrypted along with random seed and identity as the encryption key, distributing the keys (via secret sharing) across trusted nodes. Hence, i) all operations are linked to an identity – providing identity interface; ii) the linked identity can be revealed, e.g., auditing; iii) with identity tag, all encrypted chunk data can be traced, iv) in case the device is lost or damaged, the data can be recovered by reconstructing the decryption key from trusted nodes and strong identity verification. It will also leverage a randomised key generator technique to inject randomness in encryption to avoid attacks to “static” encryption.

Self-sovereign identity management

TANGO will develop obvious properties needed for sustainable personal data management: a) granular personal data management, b) temporal management of personal data disclosures, c) cascaded identity control. This asset leverages the OLYMPUS virtual identity provider32, which is comprised of multiple individual IdPs, to manage user identities and authentication. It relies on distributed p-ABCs to offer privacy-preserving (minimal disclosure and unlinkability) authentication (presentation of attributes) linked to eIDAS. A trust framework based on Blockchain to complement the usage of credentials will be introduces. TANGO will progress beyond the state of the art by implementing mature (e.g., embedded databases, symmetric and public key encryption) and nearly mature technologies in a disrupting way, resulting in academic contributions and demonstrable proof-of-concepts.

Seamless onboarding for users and devices

TANGO introduces a novel AI-powered seamless onboarding mechanism for users and devices compatible with distributed identity and trust management offering high security and privacy as there is no human intervention in the process. For users, the mechanism allows remote onboarding of users with Highest Level of Assurance based on eIDAS regulation through a mobile app using a four-step verification process with a proof-ofidentity including a) NFC document scan, b) OCR document scan, c) facial comparison including liveness detection and d) cross-validation of the identity document. Support for eID document and credentials will be provided as well as seamless and secure login mechanisms will be supported such as FIDO 2.0, OpenID and OAuth2.0. For IoT devices, TANGO will offer a self-service registry that offers privacy and confidentiality to public keys and/or any other cryptographic keys required to prove ownership and provide the platform for the decentralised PKI since not all nodes need to know what the data is and reduce redundant computations required to achieve consensus. Towards this end, TANGO vision is a hybrid ID management scheme that parallel to the SSI methods, it implements federated ID management with the ID Manager acting as a trusted proxy based on OAuth2.0 and FIDO2.0 protocols for realizing a privacy preserving federated architecture.

User device continuous behavioural authentication

TANGO will provide the only system that introduces a self-compensating continuous authentication system that autonomously learns the users’ behavioural patterns. Initially, TANGO will use human (interaction, location, speed and distance patterns), device (swipe, touch, gesture and typing patterns) and transactional (trusted beneficiary, amount, frequency, time/location) behavioural patterns. TANGO will be the only system that offers a) continuous behavioural authentication that does not require any user input b) AI-powered authentication that combines 14 independent behavioural traits such as human and device behavioural patterns c) operates as primary and secondary continuous authentication that fully discards passwords.

Device Continuous Behavioural Authentication

Given the distributed nature of the TANGO proposed architecture, a complete end to end solution for guaranteeing continuous device behavioural authentication will be developed powered by an AI-enabled anomaly detection engine. Whereby, existing technologies tend to focus on sensor data solely, the AI-enhanced TANGO component leverages on a range of both cyber and physical sensor data to model and determine normative behaviours for specific device contexts and operators and extends beyond the state-of-the-art by applying sophisticated sequencebased learning techniques and Deep Learning algorithms to discover behavioural fingerprints of device behaviour. In addition, the TANGO module will propose and develop an open-source implementation of the EMVCo 3D Secure V2 Device info SDK and an “EMVCo” light specification extension for IoT devices.

Hardening against side-channel attacks

TANGO will extend its compiler to automate the application of a random shuffling of loops and combine it with a code polymorphism countermeasure. This combination of countermeasures will give a multi-scale shuffling, as the loop iteration shuffling is coarse grain, while code polymorphism brings fine grain shuffling such as shuffling between independent assembly instructions, making it harder to perform realignment. In addition, one or several new code transformations will be added to the code polymorphism countermeasure as well, such as operand swapping, which has not been investigated in the state-of-the-art yet. A large range of trade-offs between security and performance will be achievable thanks to these new transformations, and to the combination of the countermeasures.

Exploratory data analysis engine

TANGO will reveal patterns and features that will help data analysts understand, analyse and model the data. Graphical presentation formats and computational intelligence techniques may be combined to convey meaningful insights. Data transformation techniques will be available to produce effective visualisation or more informative analysis. In addition, data partitioning (training, validation and test sets) will be recommended to evaluate a chosen performance measure, decide a reasonable model for the data, find a smoothing parameter in density estimation, and estimate the bias and error in parameter estimations and so on.

Energy efficient AI model training

TANGO aims to offer an AutoML solution designed to generate energy efficient DNNs that provide also appropriate performance in terms of accuracy, considering that the training or inferencing of the models should be done in distributed environments and including edge computing devices. Currently available AutoML solutions are not designed to target use-cases where the training and validation datasets are stored in a single and centralized repository and they do not offer the possibility to find an optimum neural network architecture or its hyperparameters in terms of its carbon footprint. Leveraging the previous research efforts, TANGO will integrate models to predict the computational power required for the training and serving of the DNNs. The innovation of TANGO will be mainly focused on the optimization of the local designs using feature-partitioned data and then the aggregation of the results to find a global solution collaboratively.

Dynamic Intelligent Execution on Heterogeneous Systems

TANGO will enable the use of hardware accelerators from Java through TornadoVM which uses the GRAAL dynamic compiler to generate OpenCL C code for a wide range of hardware accelerators like GPGPUs, multi-core CPUs and FPGAs. TornadoVM will progress by a) integrating power monitoring within its runtime and ML model to enable energy-efficient execution complementing its existing performance-oriented dynamic reconfiguration capabilities. b) Co-designing its node-level execution profiles with TANGO’s global orchestrator to achieve system-wide intelligent resource utilization based on performance, energy and cost requirements. c) Extending its programming interface to accommodate models for seamless integration with more use cases.

Privacy Threat Modelling & Identification for Trustworthy AI

Most privacy metrics proposed in the literature focus on assessing and quantifying privacy based on implemented privacy enhancing technology against some adversary. Very few privacy metrics measure risk directly. Using the ontology of metrics from literature, TANGO will identify technical privacy metrics related to the defined processes and mechanisms. It will extend the state-of-the-art by blending the proposed methodology and identified metrics with the NIST Privacy Framework offering a novel tool bespoke to TANGO use cases to comprehensively address privacy risks. Privacy Enhancing Component will go beyond SotA by a) introducing a novel and extensible privacy risk assessment framework for identifying and quantifying the privacy risks imposed by data handling processes and mechanisms used in an ecosystem. b) implementing a dynamic privacy enhancing tool to recommend optimal set of controls required to mitigate identified privacy risks. TANGO will also advance the state-of-the-art by delivering a Privacy Assurance Tool that will proactively visualise privacy risks based on their continuous monitoring, to enable citizens control their personal data.

X-AI for Privacy and Trust Enhancement

TANGO will develop and integrate a powerful XAI module that will explain AI-based decisions to relevant actors. The module will boost the transparency and trustworthiness of AI-based analytics over the information shared across different public and private organisations. TANGO will research, customize and integrate methods that will enable the platform to produce more explainable and relevant models, while maintaining a high level of learning performance (e.g., prediction / classification accuracy). TANGO will provide a library of XAI techniques that will reveal the main features that cyber-security measures and decisions. The library will enable stakeholders not only to recognize, perceive and reproduce AI-based decisions and recommendations, but also to intellectually understand the context and the circumstances under which these recommendations are created.

AI-based Infrastructure Management

Within TANGO, the specific current data operations optimization challenges in data centres will be analysed, tackling the Artificial Intelligence (AIOps) paradigm. Considering failure management and resource optimization problems, TANGO will provide a holistic approach, integrating from the design phase privacy and security notions. TANGO will gather available datasets and benchmarks, ensuring reproducible results and emphasising on explainability. Moreover, in line with the general shift in AI research, the use of methods based on self-supervised or unsupervised learning will be explored. Overall, TANGO will provide a novel solution that will have AIOps at its core but, unlike previous existing work, applying it to real-world use cases not only for infrastructure optimization but also considering privacy and security implications of all data operations.