Improving the Identity and Access Management Capabilities of Industrial Internet of Things
Dixit, A. (2024). Improving the Identity and Access Management Capabilities of Industrial Internet of Things. (Unpublished Doctoral thesis, City, University of London)
Abstract
Internet-of-Things is one of the most widely used technologies in the world. It is used in personal spaces in the forms of virtual assistant technologies, home sensors, baby monitors etc. and in enterprise/public settings to monitor the health and safety of citizens. But the ecosystem that has seen the most significant disruption due to this technology is industry, supply chain and retail management. In these settings, IoT provides monitoring of very specific parameters. It is worth noting that the mode and purpose of using IoT in an industrial setting also known as Industry 4.0 are quite different from the above-mentioned use cases. IoT devices in an industrial setting are quite mobile, distributed across different networks and often handled by various operators. These devices collect critical data that could cause large-scale damage if obtained by attackers or insider malicious entities. Recently, traditional authentication and authorization techniques have been shown to have flaws that enable attackers to bypass them. Furthermore, traditional authentication schemes are designed with a client-server setup which does not scale well with the growing number of IoT devices. These systems are highly centralized which makes it difficult to scale and protect against large-scale attacks as the single root of trust is compromised. Another operational challenge includes the use of static one-time-off authorization mechanism which enables attackers to cause damage if they maliciously gain access to the system. These challenges not only deter the secure functioning of current forms of IoT networks but also creates hindrance in the evolution of IoT networks to support more collaborative use cases that entail device sharing, IoT data sharing and peer-to-peer transactions to support innovative use cases.
While significant progress has been made in adopting existing connectivity, identity and access management frameworks for IoT, most of these frameworks are designed to work for unconstrained devices in centralized settings. IoT devices are usually constrained with an inherent tendency to operate in a decentralized and peer-to-peer arrangement. Therefore, the thesis utilises the concepts of decentralization introduced in Distributed Ledger (DLT) technologies and the capability of automating business flows through smart contracts. This thesis focuses on advancing the traditional identity and access management techniques to enable scalable, decentralized and secure identification of devices by providing novel mechanisms. In order to achieve this, the thesis proposes four novel contributions described in the following:
The first contribution is a smart contract-enabled decentralized identity management framework for Industry 4.0. A novel methodology to create and manage identities and access control using the autonomous functioning of smart contracts on distributed ledgers is proposed. This framework boasts inherent decentralization and scalability, addressing a critical gap in the existing IIoT management landscape, which is largely dominated by centralized models.
The second contribution provides an improvement on the previous contribution in the form of a decentralized IIoT identity framework based on self-sovereign identity. While the core principle of decentralized identity management endures, the innovative model introduces a robust decoupling between the roles of issuer, holder, and verifier. This strategic evolution seeks to reconcile the decentralized digital identity concept, introduced in our prior work, with the emerging standard of Self-Sovereign Identity (SSI).
The third contribution is a fair, secure and trusted decentralized IIoT data marketplace enabled by blockchain. The insights derived from their first two contributions were ingeniously harnessed in this contribution, leading to the consolidation of their expertise in exploring a forward-looking application of IoT within the context of recent advances in AI/ML-driven innovations. Through this design, we explore the parameters like trust, fairness and fault tolerance of such a design pattern.
The last contribution extends and improves some aspects of the previous contribution. Existing data exchange schemes depend on a trusted third party for key management during authentication and rely on a ‘one-time-off’ approach to authorization. This contribution proposes a user-empowered, privacy-aware, authentication and usage-controlled access protocol for IIoT data marketplace.
Publication Type: | Thesis (Doctoral) |
---|---|
Subjects: | T Technology T Technology > TA Engineering (General). Civil engineering (General) |
Departments: | School of Science & Technology > Engineering School of Science & Technology > School of Science & Technology Doctoral Theses Doctoral Theses |
Download (4MB) | Preview
Export
Downloads
Downloads per month over past year