Secure and Efficient Data Spaces

Coach Name

Jordi Bosch i Garcia

EU Organization

Athens University of Economics and Business (AUEB)

Members

  • George Xylomenos
  • Yannis Thomas
  • Nikos Fotiou
  • Iakovos Pittaras
  • Fotios Bistas
  • Ioannis Barous
  • Katerina Mantaraki

US Organization

University of Memphis (UMemphis)

Members

  • Prof. Christos Papadopoulos

Project Overview

SeEDS implements a fully ETSI-compliant Data Space on top of the Named-Data Networking (NDN) architecture—extending a previous NGI Sargasso project (SNDS) with richer data APIs, built-in trust management, and distributed resilience mechanisms.

The project delivers a distributed context broker, supporting the complete NGSI-LD API, including content filtering, temporal queries, and event subscriptions. Using NDN’s content-centric features (caching, multicast, name-based routing), SeEDS provides efficient data retrieval without relying on centralized cloud servers or IP-based silos.

A major innovation is SeEDS’ selective revelation scheme, enabling producers to sign data only once while allowing consumers to view only the attributes they are authorized to see—without trusting brokers or re-encrypting data. Combined with fully decentralized identity (DID)-based trust mechanisms, SeEDS ensures strong privacy, verifiable provenance, and user data control.

SeEDS was validated both on the global NDN testbed (EU, US, South America) and at scale using Mini-NDN, demonstrating performance gains, energy efficiency, reliability under failures (recovery <200 ms), and resilience to attacks.

Methods and approaches

ETSI NGSI-LD API implemented over NDN with advanced extensions

SeEDS integrates the full NGSI-LD API—including selective and conditional filtering, temporal queries, and persistent event subscriptions—mapping HTTP-based queries to NDN Interests and Data packets through proxy services. The system supports both direct and indirect (metafile-based) retrieval modes for optimal caching and traffic reduction.

Distributed trust architecture with DIDs and selective revelation

Through decentralized identifiers (did:self), SeEDS provides cryptographic proofs of content provenance and proxy authorization. Its selective revelation mechanism signs data attributes only once, enabling consumer-side filtering while preserving data integrity and privacy—even when content is cached across the network.

Key Achievements

A fully distributed Data Space implementation with no single point of failure.

Complete NGSI-LD support:

  • GET by ID / TYPE
  • Selective & conditional filtering
  • Temporal queries
  • Event notifications / subscriptions

Distributed broker architecture with primary–secondary replication achieving recovery in <200 ms.

Selective revelation scheme for privacy-preserving attribute-based filtering.

Decentralized identity (DID)-based security, enabling in-network verification and proxy authorization without traditional PKI.

Extensive validation through:

  • NDN testbed experiments across three continents
  • Large-scale Mini-NDN experiments
  • Local cryptographic performance tests

Two scientific publications and a public webinar.

Fully open-source implementation: https://github.com/mmlab-aueb/SeEDS

Impact & Results

Scientific Impact

SeEDS demonstrates the feasibility of fully decentralized Data Spaces using a content-centric network architecture, advancing research in NDN, data provenance, distributed trust, and Data Spaces interoperability.

Environmental Impact

By reducing cloud dependency, enabling caching, and avoiding repeated encryption and transmission of identical content, SeEDS significantly reduces energy usage in data-driven applications.

Economic Impact

SeEDS lowers the barrier for SMEs to enter the data brokerage market through open-source, standards-compliant tools. It enables data portability without vendor lock-in, helping users reclaim control over their data.

Societal Impact

By decentralizing access control and identity, SeEDS empowers users to determine how their data is used and shared—offering a privacy-preserving alternative to centralized cloud platforms.

Strategic EU–US impact

The project deepened collaboration between AUEB and UMemphis, reinforced ties to the global NDN community, and created joint pathways for future research in smart cities, medical wearables, and secure distributed systems.

Publications and Open-Source Contributions

Future directions

  • Continue collaboration with UMemphis through joint EU–US proposals.
  • Deepen cooperation with ExcID, DomX, and Plegma Labs for real-world deployments (IoT, smart cities).
  • Explore integration of SeEDS within 5G/6G edge networks, in partnership with University of Sussex.
  • Potential commercialization of optimization algorithms and advanced filter-execution techniques.

Subscribe to our newsletter
SUBSCRIBE

Horizon Europe – Grant Agreement number 101092887

Funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or European Union’s Horizon Europe research and innovation programme. Neither the European Union nor the granting authority can be held responsible for them.