BA/MA: Decentral Authentication and Authorization of Digital Twins within an IoT infrastructure based on GAIA-X

Technical systems are continuously evolving into more complex cyber-physical systems throughout their lifecycle. From the conceptual system up to the actual implementation, a digital twin is a virtual digital 1-to-1 representation of its real twin (especially in terms of semantics, structure, behavior, and interaction) that enables interaction based on current digital artifacts. Digital twins, like their real twins, can be arranged and interconnected in hierarchical and heterarchical structures.

A crucial aspect of Industry 4.0 refers to the core concept of Internet of Things (IoT) that provides services to interconnect all decentralized Things (here especially also Digital Twins) via an IoT infrastructure. This enables further advanced automation, communication, and self-monitoring of things.

A key driver is the infrastructure behind each thing, providing services for authentication (“who am I?”) and authorization (“what am I allowed to do?”), sovereign data exchange, and metadata catalogs. Current implementations utilize central identity providers, which handle all identities within an ecosystem. While this gives a convenient way to authenticate and authorize Things, it requires a high level of trust in a central authority, may lead to serious data protection issues, and establishes a single point of failure.

Fig. 1: an example for centralized vs. decentralized authentication

The GAIA-X initiative seeks to create a federated infrastructure that is based on European values of transparency, openness, data protection and security. One of the central goals is the decentral authentication and authorization, where each party manages identities themselves. The proposed W3C standard for Decentralized Identifiers (DID) is the building block for this approach.

In this thesis, the concept of decentral authentication and authorization shall be applied to the Smart Systems Service Infrastructure (S³I) developed at MMI. The implementation shall give secure access to the S³I services and yield a prototypical migration to GAIA-X.

The concrete work procedure is given by the following:

  • Familiarization with S³I and GAIA-X
  • Literature research of W3C decentral authentication/authorization and similar approaches
  • Conceptual integration of decentralized authentication / authorization into S³I, with focus on the credential flow between entities.
  • Prototypical implementation of the credential flow and its entities.
  • Validation based on a scenario from the field of Forestry 4.0
  • Written elaboration and presentation

Supervisor: Bektas and Chen