The ARCADIAN-IoT concept relies on a novel approach to manage, in an integrated way, identity, trust, privacy, security and recovery. The ARCADIAN-IoT framework includes vertical planes devoted to identity, trust and recovery management, which are supported by horizontal planes managing privacy of data, security of components and decentralized storage through blockchain technologies, as illustrated in the figure below.
- The Privacy Plane aims to provide functionalities for the privacy-preserving management of confidential or sensitive data involving persons’ entities, and includes the (i) Self-aware Data Privacy and (ii) Federated Artificial Intelligence (Federated AI) components.
- The Security Plane contains all the cyber security features required for the monitoring, prevention, management, and recovery; it comprises the (i) Network Flow Monitoring, (ii) Behaviour Monitoring, (iii) Cyber Threat Intelligence, (iv) Network Self-protection, (v) IoT Device Self-protection, and (vi) Network Self-healing components.
- The Common Plane includes the two components that provide common functionalities to the Vertical Planes, i.e., (i) the Hardened Encryption and (ii) Permissioned Blockchain
- The Identity Plane enables the management of identities of the different entities (e.g. persons, devices and ARCADIAN-IoT components), and comprises work on multiple identification schemes, particularly the Decentralized Identifiers for providing a decentralized digital identity, eSIMs as secure elements capable of storing identity and authentication credentials, and Biometrics focusing facial recognition from different devices and considering diverse circumstances (e.g. distance, angle, exposure to light).
- The Trust plane implements mechanisms for managing trust on the involved entities (persons, devices and services), namely Verifiable Credentials as a method to enable trusted identification of users and things through the issuing of identity claims, Remote Attestation for attesting IoT devices and services integrity with the support of hardware-based RoT, Network-based Authorization for enforcing trust-based authorization rules in the network core and informing secure elements about their corresponding device’s trustworthiness level, and the Reputation System, responsible for determining the different entities’ Reputation scores based on data received from other entities and ARCADIAN-IoT.
- Finally, the Recovery plane addresses recovery management of data associated to the different types of entities, concretely the Self-Recovery for enabling heterogeneous devices to access data recovery services according to different access policies, and the Credentials Recovery for secure recovery of credentials, the first and necessary step to trigger data recovery actions.