M-Sec · Project

Multi-Layer Cybersecurity Platform Protecting Smart City IoT Networks with Blockchain

digitalTestedTRL 6

Imagine your city has thousands of sensors — traffic lights, air quality monitors, parking meters — all connected to the internet. Right now, most of these funnel data through one central hub, which is both a bottleneck and a juicy target for hackers. M-Sec built a security system that works in layers, like a building with locked doors on every floor, not just the front entrance. It uses blockchain so devices can talk to each other directly and securely, without needing a central middleman, and it created a marketplace where cities and companies can safely buy and sell IoT data and services.

By the numbers

distinct security layers developed (IoT, cloud, P2P blockchain, application, end-to-end)

demonstrator prototypes delivered

total project deliverables

consortium partners across EU and Japan

countries represented in consortium

50%

industry ratio in consortium

The business problem

What needed solving

Cities and companies deploying IoT sensor networks face a fundamental security weakness: most systems funnel all data through a single central cloud, creating one massive target for attackers and a bottleneck for performance. Current IoT security solutions typically protect only one layer (the device OR the cloud OR the network), leaving gaps that sophisticated attackers exploit. As cities connect more infrastructure — from traffic systems to utilities — the cost of a breach grows exponentially, yet no off-the-shelf solution covers the full stack from sensor to application.

The solution

What was built

The project built an integrated multi-layer security platform with 11 demonstrator prototypes: IoT device security, cloud and data security, peer-to-peer blockchain security, application-level security, and end-to-end security — each delivered in first and final versions, plus a fully integrated prototype combining all layers into one functional system. It also created an open IoT marketplace for secure exchange of applications, data, and services.

Audience

Who needs this

Smart city technology departments deploying connected urban infrastructureIoT platform companies needing layered security for device-to-cloud communicationCritical infrastructure operators (energy, water, transport) facing cybersecurity regulationsCommercial real estate and building management companies with smart building systemsPayment and fintech companies processing IoT-generated transaction data

Business applications

Who can put this to work

Smart City Infrastructure

enterprise

Target: Municipal IoT platform operators and city technology departments

If you are a city technology department dealing with securing thousands of connected sensors and devices across urban infrastructure — this project developed a multi-layered security platform covering IoT devices, cloud data, peer-to-peer blockchain, and application levels. It was built as an integrated prototype tested across 4 countries with 6 partners, meaning the architecture has been validated in real multi-national deployment scenarios.

IoT Platform Providers

mid-size

Target: Companies building or operating commercial IoT platforms

If you are an IoT platform company struggling to secure device-to-device communication and data exchange at scale — M-Sec created a decentralized security architecture with 11 demonstrator prototypes covering every layer from device to cloud. The open marketplace component lets you monetize IoT data and services securely, creating new revenue streams beyond basic connectivity.

Critical Infrastructure & Utilities

enterprise

Target: Energy, water, and transport operators with connected sensor networks

If you are a utility operator worried about cyberattacks on your connected infrastructure — this project delivered end-to-end security prototypes that protect data from the sensor all the way to the cloud. With blockchain-based peer-to-peer security validated through 35 deliverables, it addresses the growing regulatory pressure on critical infrastructure operators to demonstrate layered cybersecurity.

Frequently asked

Quick answers

What would it cost to implement this security platform?

The project's EU contribution amount is not available in the dataset. However, the platform was built as modular security layers (IoT, cloud, blockchain, application, end-to-end), meaning companies could adopt specific layers relevant to their needs rather than the full stack, potentially reducing implementation costs.

Can this scale to a city-wide deployment with thousands of devices?

The architecture was specifically designed for scalability using a decentralized peer-to-peer approach rather than centralized processing. The integrated prototype was tested in a consortium spanning 4 countries, and the decentralized design means adding more devices does not create a single bottleneck. However, city-scale production deployment would require further engineering beyond the prototype stage.

What is the IP situation and can we license this technology?

The project was coordinated by Worldline Iberia (a major payment technology company) with 6 partners across 4 countries. As a publicly funded RIA project, results are typically available for licensing. Contact the coordinator through the CORDIS portal to discuss specific IP terms for each security layer.

Does this comply with current cybersecurity regulations like NIS2?

The project developed multi-layered security covering IoT, cloud, blockchain, and application levels — which aligns with the defense-in-depth approach required by modern cybersecurity regulations. While the project ended in September 2021 (before NIS2 entered into force), the architecture addresses the core requirements of layered security and incident traceability that regulators now demand.

How long would integration take with our existing IoT infrastructure?

The project delivered both first and final versions of each security layer, following an iterative development approach. The integrated prototype combined components from multiple work packages along with third-party open source modules, suggesting the system was designed to work alongside existing infrastructure. Based on available project data, integration timelines would depend on which security layers you adopt.

Is this an EU-only solution or does it work internationally?

M-Sec was an EU-Japan collaboration, with each security layer co-led by European and Japanese partners (including Keio University and Yokohama National University). This dual-continent development means the platform was designed for international interoperability from the start, not retrofitted for it.

What exactly was demonstrated and validated?

The consortium delivered 11 demonstrator prototypes covering 5 distinct security layers: IoT security, cloud and data security, P2P blockchain security, application security, and end-to-end security. Each layer had first and final versions, plus a fully integrated prototype combining all layers. That is 35 total deliverables across the project.

Consortium

Who built it

The M-Sec consortium is compact but industry-heavy: 6 partners across 4 countries (Greece, Spain, France, UK) with a 50% industry ratio — 3 industrial partners including 2 SMEs. The coordinator, Worldline Iberia, is a major European payment technology company (not an SME), which adds commercial credibility and signals real market intent. The consortium also includes 2 research organizations, providing the scientific backbone. Notably, this was an EU-Japan collaboration with Japanese partners co-leading every security layer, giving the results international validation. For a business buyer, the fact that a payments industry giant like Worldline led the project suggests the security architecture was designed with commercial-grade reliability in mind, not just academic interest.

WORLDLINE IBERIA SACoordinator · ES
TECNOLOGIAS SERVICIOS TELEMATICOS YSISTEMAS SAparticipant · ES
COMMISSARIAT A L ENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVESparticipant · FR
AYUNTAMIENTO DE SANTANDERparticipant · ES
F6S NETWORK LIMITEDparticipant · UK
EREVNITIKO PANEPISTIMIAKO INSTITOUTO SYSTIMATON EPIKOINONION KAI YPOLOGISTONparticipant · EL

How to reach the team

Worldline Iberia SA (Spain) — a major European digital payments company. Contact through CORDIS project page or Worldline's corporate channels.

Order a report on this consortium See WORLDLINE IBERIA SA profile →

Next steps

Talk to the team behind this work.

Want to connect with the M-Sec team about licensing their multi-layer IoT security platform? SciTransfer can arrange an introduction and help you evaluate which security layers fit your infrastructure.

Order a report on this topic More in Digital & ICT