by Christoph Klikovits (Forschung Burgenland), Elke Szalai and Markus Tauber (FH Burgenland)

Digitisation is leading to the increased use of cyber-physical systems (CPS). A citizen participation and disaster management platform uses IoT components like sensors, which collect information about critical events in disaster scenarios. In this situation it is critical that all stakeholders can be assured of trustworthy information. We are researching an approach that takes ethical considerations into account during the development process, resulting in a secure, trustworthy framework.

Increasing, due to availability of technology, also smaller communities make use of the automation of processes and involvement of citizens, creating “smart municipalities”, those rely. Internet of Things (IoT) components are used to improve processes of the local administration and communication. Most current platforms and applications have a restricted point of view, with a focus on features and sustainability [1]. To achieve trustworthiness and secure communication—which are essential but often neglected in systems rely on citizen participation—ethical aspects of the system must be considered. Ideally, all stakeholders should have input and these considerations factored into the system early in the design process.

In the EFRE project (FE07) “Civis 4.0 Patria” [L1] a citizen participation and disaster management platform will be developed. The project aims to make it easy for citizens and local authorities to communicate with each other and to share information [1]; for example for citizens to report incidents, such as open manholes or potholes, to the local authorities. Furthermore, local IoT sensors and external weather services provide disaster warnings and can improve the lead time to achieve an accurate operational picture. This information can be processed by local authorities, citizens, or emergency services. IoT sensors will collect information about air quality, water levels, rainfall, temperature, storm, heat, fill levels and number of visitors, which can give an overview of the situation to emergency personnel.

Disaster management and citizen participation are sensitive areas in which privacy and trustworthiness are important. The stakeholders determine what action to take based on the information they receive, and this works in both directions: from the citizens to the public administration and vice versa. Hence, trustworthiness of information and the safety of individuals are paramount.

We are researching the integration of ethical principles during the design phase of a citizen participation and disaster management platform. This approach can lead to technology acceptance by users.

To ensure that the needs of different groups of stakeholders are considered, we incorporate social science methods, such as the use of “personas”, during the development process. This process gives stakeholders the opportunity to express worries, doubts, objections and suggestions. The “persona” method makes it possible to describe different types of user, to understand their needs, and to consider them when making design-related decisions. In a first step, the research team will develop "personas", which result from interviews and questionnaire surveys. These personas represent prototypes of the project and encompass stakeholders’ ethical concerns about the system’s trustworthiness and security. Features addressing these concerns can be proactively build into the software design and security architecture. This approach increase user acceptance of the technology and can help researchers recognise and perhaps change the attitudes of users [3].

Once the platform is developed, citizens, local authorities, and others can register and use it for purposes such as reporting incidents with their smartphones (for example). To this end, we need to identify a secure IoT framework that can integrate smartphones, sensors, and external services into the platform while achieving trustworthy, secure communication and safe storage of data.

Figure 1: The onboarding procedure of a smartphone, to interact with the Arrowhead local cloud during the registration and incident reporting process.
Figure 1: The onboarding procedure of a smartphone, to interact with the Arrowhead local cloud during the registration and incident reporting process.

The Arrowhead framework [L2] and its onboarding procedure is one method that we are considering for this purpose. The Arrowhead chain of trust [3] enables a trustworthy environment through its process-oriented usage of certificates and secure onboarding of smartphones. The registration and incident reporting processes are researched in the opensource framework Arrowhead, which provides many security functions by design. First, smartphones can be onboarded in the Arrowhead framework, as shown in Figure 1. They form part of the Arrowhead local cloud, authorised by certificates, and can share information in a trustworthy way, e.g., reporting incidents in the context of “Civis 4.0 Patria”.

In contrast to hardware components (e.g., smartphone or sensor) being onboarded, it is not only the device but also the user that governs the interactions and hence new approaches for onboarding in cyber-physical systems may be needed. The researched techniques (Arrowhead onboarding and personas) represent a possible approach with the objective to facilitate security, safe storage of data and trustworthiness, in convergence with ethical considerations within a citizen participation and disaster management platform. The incorporation of personas allows the needs of individual stakeholders to be factored in early in the development process. This approach leads to ethically aligned software design and security architecture.


[1] J. Wolfgeher, M. Zsilak, M. Tauber: “Smart Municipality”, ERCIM News, issue 119, 2019,
[2] A. Bicaku, et al.: “Interacting with the arrowhead local cloud: On-boarding procedure”, in 2018 IEEE Industrial Cyber-Physical Systems (ICPS), pp. 743-748. IEEE, 2018.
[3] J. Pruitt, J. Grudin: “Personas: practice and theory”, in Proc. of the 2003 conference on Designing for user experiences (DUX ’03), ACM, 1–15, 2003.

Please contact:
Christoph Klikovits, Forschung Burgenland, Austria
This email address is being protected from spambots. You need JavaScript enabled to view it.

Next issue: October 2024
Special theme:
Software Security
Call for the next issue
Image ERCIM News 122 epub
This issue in ePub format

Get the latest issue to your desktop
RSS Feed