Enabling technologies for secure IoT-as-a-Service business model

Abstract

The IoT-as-a-Service (IoTaaS) is an innovative business model that proposes to offer IoT devices on demand, with considerable cost savings and resource optimization, by enabling different applications to reuse existing devices. Despite the term having already been coined by both industry and academia, there is no formal analysis of the implications that this model has from a technological point of view. Industry 4.0, also known as the Fourth Industrial Revolution, refers to the current phase of industrial transformation characterized by the integration of advanced digital technologies into manufacturing and industrial processes. It is set to modernize industrial processes as we know them today. This modernization goes hand in hand with the digitalization of industry and is closely related to the IoTaaS, the latter serving as an enabler and accelerator for Industry 4.0 initiatives. By providing accessible, scalable, and flexible IoT solutions, IoTaaS lowers down the entrance barriers for Industry 4.0 technologies and supports the digital transformation of manufacturing and industrial processes. The implementation of the IoTaaS presents numerous technological challenges, with security standing out as a critical concern. Within the scope of security, identity management emerges as a fundamental issue. This issue extends to Industry 4.0 environments, where the digital identification of various devices integrated into the manufacturing process becomes crucial. The complexity of accurately and securely identifying and authenticating the myriad of interconnected devices poses a significant obstacle in both IoTaaS and Industry 4.0 implementations, stressing the need for robust identity management solutions. This thesis makes two main contributions in clarifying this field that interconnects IoTaaS, Industry 4.0 and security. The first contribution is to formalize the technological implications of IoTaaS, identifying its technological challenges, describing them and giving potential directions for the main problems. The second contribution is related to the problem of security in IoT environments, with a main focus on the identity management problem. Here, the usage of Self-Sovereign Identity (SSI) schemes has been proposed to provide better privacy and scalability than traditional identity paradigms, which is especially important in the IoT owing to its characteristics. Verifiable credentials and decentralized identifiers, which are part of the SSI concept, allow decentralized identification and characterization of the devices (commonly IIoT devices) that make up Industry 4.0. However, some use cases in the Industry 4.0 cannot be modelled with standard SSI schemes. Despite the fact that delegated credentials have already been defined in the W3C standard for verifiable credentials, current technologies present some important limitations that make them non-implementable. This thesis analyses these limitations in the context of the problem of building delegated credentials for the Industry 4.0, and proposes an alternative based on an Hyperledger Aries RFC, bypassing these limitations. Based on the previous problem of delegated credentials, a new problem arises. Current standard SSI protocols and procedures assume that individuals store only their own identity, failing to provide an accurate solution for the identity management of groups where participants might use credentials from different identities and collaborate to meet a set of verifier´s requirements. The identification of groups has been identified as another challenge for the IoT. Consequently, the present thesis also introduces the concept of Collaborative Credentials (CCs) to formalize identity management procedures that model the collaboration within a group of participants. CCs allow to leverage use cases requiring collaboration that cannot be solved with standard SSI verifiable credentials, increase the privacy of group participants, and enable the development of a software framework that any verifier/holder could use to generate a generic application. To sum up, in this thesis we formally analyse the IoTaaS business model, identifying and detailing its main technological challenges. In addition, we tackle the identity problem of this business model and propose an SSI-based identity management system, which is compliant with the existing standards from the W3C. As part of the identity problem, delegation schemes and the use of CCs are also analysed. Finally, the identity model of the IoTaaS is evaluated in terms of performance, as well as some tests have been conducted to study the feasibility of the use of credential delegation and CCs.