1. Why Talk About Biometrics and Privacy at Airports Today?

Airports are rapidly evolving into hyper-automated environments.
From self-service check-in kiosks to biometric boarding gates, facial recognition systems are becoming a central element of passenger processing.
These technologies promise convenience, speed, and improved security — but they also raise pressing concerns about privacy, data control, and surveillance.

When your face becomes your passport, how is your data stored, processed, and protected?
Can we trust these systems not only to recognize us — but also to respect our rights?

Artificial intelligence (AI) and machine learning play a dual role here.
They power the recognition systems that drive automation, but they also open up new ways to rethink how sensitive data is managed — especially through Federated Learning (FL), which allows AI models to be trained collaboratively without centralizing personal data.

2. A Federated Architecture to Protect Biometric Data

Our recent study, published in Future Generation Computer Systems, explores how a multi-level federated learning architecture can safeguard biometric data in airport environments.

Federated Learning shifts the model training process from a central server to distributed devices.
Instead of sending raw data to a central authority, each device (or node) trains a local model and shares only model updates. This approach preserves data locality and significantly reduces exposure.

But what happens when multiple organizations — airlines, airport authorities, and government entities — are involved?
That’s where our architecture comes in.

We designed a three-tiered system tailored to the airport context:

• Client Level: Check-in kiosks capture and preprocess biometric data locally.
• Edge Level: Airline servers act as local aggregators, combining updates from their own kiosks.
• Global Level: An airport-wide coordinator aggregates models across airlines without ever accessing raw data.

This structure supports organizational autonomy, compliance with data protection laws, and scalability — all critical for real-world deployments.

3. Privacy by Design: Techniques We Adopted

From the beginning, our goal was to embed privacy directly into the architecture — not to patch it afterward.
This embodies the privacy by design principle.

To achieve this, we combined complementary privacy-enhancing techniques:

• Differential Privacy (DP): Adds mathematical noise to model updates, making it difficult to reverse-engineer original data — even if the model is compromised.
• Secure Aggregation (SA): Ensures that individual updates cannot be accessed by the server, not even during training.
• Privacy Meter: An open-source tool that audits privacy using membership inference attacks (MIA), simulating how an adversary might guess if someone’s data was part of training.
• Data Protection Impact Assessment (DPIA): A GDPR-aligned framework for evaluating privacy risks and mitigation strategies.

Together, these tools provide both quantitative and qualitative insights into the system’s privacy guarantees.

4. What We Discovered

Our experimental evaluation compared three configurations:

1. Centralized Training: Highest accuracy but strong vulnerability to inference attacks.
2. One-Level FL: Improved privacy, but organizational bottlenecks limited scalability.
3. Two-Level FL with DP and SA: Slight accuracy drop, but significantly higher robustness and privacy protection.

The Privacy Meter results confirmed that privacy-preserving mechanisms substantially reduced the risk of data leakage — even under simulated attacks.
The trade-off between accuracy and privacy proved manageable, especially considering the sensitive nature of biometric systems.

This research contributes to the broader conversation on trustworthy AI — how to design systems that are both powerful and privacy-respecting.

For stakeholders such as airport operators, data protection officers, and public institutions, our architecture offers view about:

• Aligns with GDPR principles (data minimization, security by design);
• Supports decentralized governance across multiple organizations;
• Is adaptable to other sensitive domains such as healthcare and smart cities.

As airports and public infrastructures continue to adopt AI-driven automation, our work shows that privacy and performance do not have to be mutually exclusive.

Future developments will explore:

• Formal verification of security properties,
• Real-world deployment pilots, and
• Integration with advanced cryptographic protocols.

Read the full open-access paper here

cite it:

Campanile, L., de Biase, M. S., & Marulli, F. (2026). Design and evaluation of a privacy-preserving multi-level federated learning architecture for airport biometric check-in. Future Generation Computer Systems, 176, 108217. https://doi.org/https://doi.org/10.1016/j.future.2025.108217

Published in Future Generation Computer Systems, Elsevier (2026)
Authors: Lelio Campanile, Maria Stella De Biase, Fiammetta Marulli
Department of Mathematics and Physics, Università della Campania “L. Vanvitelli”

This new edition continues the tradition of the previous AI4IoT sessions (2020–2025),
expanding its focus to include LLMs, Explainable AI, and Generative AI for the design of trustworthy, scalable, and domain-aware IoT systems.

Scope

The Internet of Things (IoT) is evolving into a pervasive, intelligent, and interconnected ecosystem where data-driven AI enables adaptive, secure, and sustainable decision-making.
Artificial Intelligence — including Deep Learning, Explainable and Trustworthy AI, and more recently Large Language Models (LLMs) — is transforming the design and operation of IoT and Cyber-Physical Systems (CPS), enabling distributed intelligence at the edge, in the cloud, and across hybrid environments.

This special session aims to explore emerging challenges, opportunities, and methodologies at the intersection of AI and IoT, focusing on trustworthiness, scalability, sustainability, and cross-domain applicability.
Particular attention is given to federated and edge learning, energy-efficient AI, XAI, and the role of LLMs and Generative AI in making IoT systems more adaptive, explainable, and capable of simulating real-world processes.

We also encourage submissions from industrial, civil, and process engineering domains, where AI-enhanced IoT is revolutionizing monitoring, control, and predictive maintenance.

Topics of Interest

AREA 1: Core AI–IoT Integration

• Distributed, Federated, and Continual Learning for IoT Systems
• Edge AI and TinyML for Real-time and Energy-efficient Intelligence
• AI-driven Security, Privacy, and Resilience in IoT Networks
• Digital Twins and Predictive Maintenance for Smart Environments
• AI–IoT Integration for Environmental and Urban Sustainability

AREA 2: Emerging AI Paradigms

• Explainable and Trustworthy AI in IoT and CPS
• Large Language Models for Real-world IoT and Multimodal Environments
• Generative AI for Simulation, Synthetic Data, and System Optimization
• Graph Neural Networks for Complex System Modeling
• Reinforcement Learning for Adaptive and Autonomous IoT Agents

AREA 3: Cross-Domain and Applied Intelligence

• AI and IoT in Smart Cities, Civil Engineering, and Environmental Monitoring
• AI and IoT for Industrial, Process, and Chemical Engineering
• Human-centered and Emotion-aware IoT Applications
• Integration of AI, IoT, and Blockchain for Secure Ecosystems
• Energy-aware AI and Sustainable IoT Infrastructures

📅 Important Dates

Official Website and Submission

AI4EIoTs @ IoTBDS 2026

We warmly invite researchers and practitioners to contribute their latest results,
visionary ideas, and case studies.

Submissions are welcome through the IoTBDS - AI4EIoT submission portal.

(Organized by Lelio Campanile (It’s me!), University of Campania “Luigi Vanvitelli”, and Fiammetta Marulli, University of Campania “Luigi Vanvitelli”.)

With iPadOS 26, Apple has pushed the iPad closer to being a true productivity device. The new multitasking capabilities, better keyboard support, and a more powerful Safari engine (with extended PWA and WebAssembly features) have unlocked possibilities that were not feasible before.

Yet, when it comes to software development, the iPad still falls short. You cannot freely install Python packages, run full IDEs, or access a native terminal environment. The solution is to treat the iPad as a lightweight client and delegate the heavy lifting to a proper development machine — in my case, my Mac at home.

In this post I’ll describe the workflow I implemented to make this possible: the Mac acts as a full-featured development server, while the iPad connects securely through Tailscale. On top of that connection, I can choose between two main approaches: a lightweight Blink/Blink Code setup for quick edits, or a VS Code Remote Tunnel session for a complete IDE experience. Addictionaly you can enable screen sharing on your manc ed use a fullVNC client from iPad to connect.

Workflow Architecture

The architecture is straightforward:

• The Mac stays on at home, running Python, Conda, and VS Code.
• The iPad connects via Tailscale, which places both devices in the same private VPN.
• On the iPad, I can:
  • Use Blink / Blink Code for terminal and quick file edits.
  • Launch VS Code Tunnel and connect via vscode.dev for a full IDE.
  • Optionally use a VNC Client if you need your full mac enviromental on the go

Preparing the Mac

Enabling SSH access

The first step is enabling SSH access. From System Settings > General > Sharing, I enabled Remote Login. Then I configured the ~/.ssh/authorized_keys file to include the public key generated directly in Blink on the iPad, so I can log in without typing my macOS password each time. Create the SSH folder and authorized keys file if they don’t exist:

mkdir -p ~/.ssh
chmod 700 ~/.ssh
nano ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Paste here the public key generated from Blink (iPad).

Install tools

Next, I installed Tailscale with Homebrew, tht it is the easiest way to install and manage development tools on macOS. and logged in with my account. The Mac was automatically assigned a private IP address (100.x.y.z) reachable only inside the Tailscale network. To prevent the machine from sleeping, I installed Caffeine, though Amphetamine or even the built-in caffeinate -dimsu command would work just as well.

Finally, I added Mosh and tmux. Mosh allows stable connections even if the network changes (for instance, switching from Wi-Fi to 5G), while tmux lets me detach and resume sessions without losing state.

brew update

# --- Network & Remote Access ---
brew install --cask tailscale    # Secure VPN with WireGuard
brew install mosh                # Stable SSH replacement
brew install tmux                # Persistent terminal sessions

# --- Development Tools ---
brew install git                 # Version control
brew install --cask visual-studio-code  # VS Code app

# --- Utilities ---
brew install --cask caffeine     # Prevents Mac from sleeping

You can check everything is working by running:

tailscale version
mosh --version
tmux -V
code --version

Setting up Tailscale

Once Tailscale is installed, start it and login with your Google account or Github account, you can find Tailscale app in your application folder and once opened in the mac menubar. If everything is set up fine then

tailscale ip

it will show you up the ip address assigned by Tailscale. It should look like 100.x.y.z. This is the address you’ll use to connect from the iPad.

Optional stuff:

You can prevent macOS from sleeping using Caffeine (a menubar app). Once launched, click the coffee cup icon — the Mac stays awake indefinitely.

Alternatively, from Terminal:

caffeinate -dimsu

This keeps the machine awake as long as the process is running.

Mosh replaces SSH for more reliable terminal connections. tmux allows you to detach and reattach to sessions easily.

Configuring the iPad

On the iPad, I installed the Tailscale app and logged in with the same account. Now the iPad and Mac are on the same virtual LAN.

For terminal access, I rely on Blink. For quick edits I use Blink Code, which provides an editor with SFTP integration plus an embedded terminal. My ~/.ssh/config is set up like this:

Host macbook
    HostName 100.x.y.z
    User myuser
    IdentityFile ~/.ssh/id_ed25519
    ServerAliveInterval 60

Connect with:

ssh macbook

or use mosh:

mosh --server=/opt/homebrew/bin/mosh-server macbook

Once connected, you can open tmux sessions or launch your Python projects directly or to whatever you want!

VS Code Tunnel and vscode.dev

This is the core of our configuration. When I need a full IDE, I rely on VS Code Tunnel on mac and Vs Code server via web

On the mac start the tunnel service:

code tunnel --accept-server-license-terms

This opens a secure tunnel accessible through vscode.dev and allow you to access to your code on Mac using only a browser and an internet connection.

On the iPad, open Safari, log in with your GitHub account, and select your active tunnel. You’ll have a complete VS Code IDE running in your browser — including extensions, IntelliSense, debugging, and Jupyter notebooks.

Remote Desktop Access

Sometimes, a graphical interface is helpful. macOS includes Screen Sharing (VNC) by default. You can enable it under System Settings → General → Sharing → Screen Sharing, then set a VNC password.

On the iPad, I use Screens (by Edovia) to connect to my Mac’s Tailscale IP. It’s smoother than plain VNC, supports shortcuts and gestures, and feels almost native.

Other good options include Jump Desktop (with the “Fluid” protocol) and RealVNC Viewer for a free alternative.

Conclusion

With this setup, the iPad becomes a professional-grade remote development client. Tailscale ensures a private and secure network, SSH and Mosh provide low-latency and reliable sessions, and Blink or VS Code Tunnel let you choose between a minimalist or full-featured workflow.

The result is flexibility: you can travel with only an iPad and still enjoy the power of your Mac at home. This configuration combines the portability of iPadOS with the completeness of a desktop environment — the perfect hybrid for modern Python development.

The 2021 edition will be an all-digital conference from April 7th to April 9th, 2021.

During this conference there will be a panel on gender divisions in the IT sector, thanks to an event coordinated by the CyberEquality working group (of which I am a member) of the National Cybersecurity Laboratory, created in 2020 to identify and develop targeted initiatives on the topic. The panel will take place on Friday 9 April from 15.30-16.30.The panel will be in italian and participation is free. If you can, please participate and spread the word.