Internet of Things - Noter

INTERNET OF THINGS (IOT)
NOTES
1. INTRODUCTION
Session 1 Introduction
Theme
Readings Required:
Economist Special Report on IoT. September 14th 2019. Download Economist Special Report on IoT.
September 14th 2019.
Krotov, V., 2017. The Internet of Things and new business opportunities. Business Horizons, 60(6), pp.831-
841. Download Krotov, V., 2017. The Internet of Things and new business opportunities. Business Horizons,
60(6), pp.831-841.
Background Info:
Gartner (2018) Gartner Identifies Top 10 Strategic IoT Technologies and Trends Download Gartner (2018)
Gartner Identifies Top 10 Strategic IoT Technologies and Trends
Beebom (2017) 15 Examples of Internet of Things Technology in Use Today Download Beebom (2017) 15
Examples of Internet of Things Technology in Use Today
Excellent reference:
Rose, K., Eldridge, S., & Chapin, L. (2015). The internet of things: An overview. The Internet Society
(ISOC), 1-50. Download Rose, K., Eldridge, S., & Chapin, L. (2015). The internet of things: An overview.
The Internet Society (ISOC), 1-50.
Introduction In this session we will introduce the course and provide an overview of the content, the mandatory group
project and the individual exam assignment. We will also introduce basic IoT definitions, drivers , trends,
architectures, and most importantly for the project broad use scenarios.
Agenda Course Introduction
• Course Overview
• Objectives
• Project & Exam
• Things to prepare for next week
Introduction to The Internet of Things
• What is it?
• Why do we care about it?
Ben Eaton
be.digi@cbs.dk
Jim Sheridan
jsh.digi@cbs.dk
COURSE INTRODUCTION
Business: Commercial perspective, business model, value propositions etc

Technology:
Learning objectives
 Understand strategic commercial drivers of IoT including business ecosystems and business models
 Understand the main technical concepts, models, and frameworks of the Internet of Things •Evaluate selected
technical, ethical, privacy, and security issues related to the Internet of Things
 Analyse, using different Internet of Things frameworks: Strategic and operational implications, user centered
design, and technical challenges in particular related to form and function (of embedded, pervasive, and
ubiquitous systems)
 Assess pros/cons of different Internet of Things technologies and their applications
 Develop an outline IoT business proposition and technical solution in hardware and software to solve a given
relevant problem
Learning objectives (short version)

 Understand commercial drivers including business models and ecosystems
 Understand the main technical concepts, models, and frameworks
 Evaluate selected technical, ethical, privacy, and security issues
 Analyse, using different IoT frameworks: Strategic and operational implications, user centered design, and
technical challenges
 Assess pros/cons of different IoT technologies and their applications
 Develop an outline IoT business proposition and technical solution to solve a relevant problem
Sigfox > industry context

Wifi > home context
 PoC: Proof of Concept.

o Build proptotyps that proofs a concept
 PoV: Proof of Value
o Build prototypes can create value in the commercial sense
 SfP: industrial and consumer oriented
Summary of Assessment
 Group Mandatory Assignment (pass/fail)
 Group Project – build in IoT prototype & commercial proposition (weeks 5-15)
 Group Project Presentation (Hand in 18th April & present on 19th April )
 Exam Individual Written Assignment (Graded - hand in in week 20 )
 See document ”Details of Group Project, Assignment and Exam” on Canvas for full details ..
INTRODUCTION TO THE INTERNET OF THINGS
WHY DO WE CARE ABOUT IOT?
There is a buzz about IoT!
Emergent Phenomenon of past 5 years.
Development
 1999/2001: First mentioning of IoT in relation to supply chains Key technology: RFID
 The thought of connecting things to each other is not new: From 1970’s: ”M2M” – e.g. Equipment
monitoring
 From 1990’s: Mobile data enabled applications – e.g. logistics 2010’s: IP-enabled industrial & consumer
applications
Number of Internet of Things (IoT) connected devices worldwide from 2019 to 2021, with forecasts from 2022
to 2030
Connected devices:
• 2021: 11.28
• 2023: 15.14
• 2030: 29.42
Billions of Devices
Market data
The global market for IoT:
• 2018: $130bn.
• 2023: $318bn by 2023 (annual growth rate 20%).
Key Commercial Driver

 Industry engaging in Digital Transformation
 IoT offers:
o Revenue opportunities: New Business Models – e.g. Servitization
o Cost reduction: e.g. Process efficiency
 Topic of guest lecture: Jakob Hall (GE)
IoT Employability Factor

 LinkedIn: 11,000 jobs mention “IoT.”
o ”...insufficient staff and lack of expertise is the top-cited barrier to IoT...” Gartner.
 Critical competences:
o Engineering - Build The Product • Cybersecurity - Make It Secure • Data Science - Realize Value
WHAT IS IOT?
IoT concept
 Connecting the virtual world and the world of physical things
 Makes the real world more manageable

IoT Drivers
Enables iot
• Ubiquitous Connectivity.
o Communicating from anywhere at anytime. Gives
flexibility.
• Adoption of IP– based networking
• Computing Economics
o Computing has become cheaper. Powerful cheap
computing much more available.
• Miniaturization of technology
• Advances in Data Analytics
• Rise of Cloud Computing
o Enabling powerful computing power, accessible.
Promise or peril?
A smart interconnected world A dark world of surveillance of opportunity and lack

of privacy
Some IoT definitions:

 “The internet of things, or IoT, is a system of interrelated computing devices, mechanical and digital
machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to
transfer data over a network without requiring human-to-human or human-to-computer interaction.”
o Rouse, Margaret (2019). "internet of things (IoT)". IOT Agenda
 “The Internet of Things (IoT) has been defined in Recommendation ITU-T Y.2060 (06/2012) as a global
infrastructure for the information society, enabling advanced services by interconnecting (physical and
virtual) things based on existing and evolving interoperable information and communication technologies.”
o International Telecommunication Union
TWO PERSPECTIVES OF IOT

Technological view
The extension of objects with network and computing capacity
Data
Business view
The commercial possibilities for value generation warranted by IoT diffusion
Two perspectives of IoT

•
THE TECHNOLOGICAL VIEW

 The Internet Architecture Board (IAB): A global infrastructure for the information society, enabling advanced
services by interconnecting (physical and virtual) things based on existing and evolving interoperable
information and communication technologies.
 IEEE Communications Magazine: The Internet of Things (IoT) is a framework in which all things have a
representation and a presence in the Internet.
 The Oxford Dictionaries: The interconnection via the Internet of computing devices embedded in everyday
objects, enabling them to send and receive data.
Commonalities: network connectivity and computing capability extends to a constellation of objects, devices, sensors,
and everyday items that are not ordinarily considered to be “computers’’;  Allows the devices to generate, exchange,
and consume data, often with minimal human intervention.
IoT and Data

Key is the data that it generates. Characteristics of the data
 The right data: Accurate and appropriate information about a uniquely identifiable physical object as well as
its form, fit and function.
 The right quantity: High granularity of information combined with filtering and intelligent processing.
 The right time: Not necessarily mean anytime, but more precisely ‘when needed’.
 The right place: where the information is needed or consumed.
Differing Approaches to Delivering IoT – e.g. 4 IoT Communications Models

Source: The Internet Society ... specifically: pp13-18 Rose, K., Eldridge, S., & Chapin, L. (2015). The internet of things: An overview. The Internet
Society (ISOC), 1-50.
Different approaches to delivering IoT. Different approaches in delivering IoT.
Device-to-Device Model
Device-to-Cloud Model
Device-to-Gateway Model
Back-end Data Sharing Model
Communication Model
Device-to-Device Model e.g., very simple home automation scenarios
– light switch
Gateway model
Device-to-Cloud Model e.g., Consumer IoT– Nest Labs Learning
Thermostat
Device-to-Gateway Model e.g., Consumer devices like fitness trackers,

which do not have native ability to connect
with cloud, have to pair with smartphone
first
Back-end Data Sharing e.g., typically more complex corporate

Model solutions requiring data to be shared amongst
a variety of 3rd parties
a devices creates data read by central

platform, which is effectively storing and
steering the data in away that can be used by
applications run on the platform.
THE BUSINESS VIEW

 IoT forms part of a ‘third wave’ of digital technology use: fusion of digital technologies into products,
processes and chanels
 IoT restructures industries into business ecosystems
 IoT puts existing business models into question
IoT: At home and at work

• Both in industrial and consumer setting
• Industrial: enable in factories, production lines,
smart city, car or transport logistics,
IoT and value

Source: McKinsey Global Institute - Unlocking the potential of the Internet of Things - June 2015 | Report
https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/the- internet-of-things-the-value-of-
digitizing-the-physical-world
 The Internet of Things offer a potential economic impact of 4 trillion to 11 trillion a year in 2025
 Where is the money?
- Industrial IoT?
- Consumer IoT?
•
GUEST PRESENTERS
CHRISTIAN KLOCH (FORCE TECHNOLOGY)
5G & IoT – What is it all about

 Change in technology
 Change in Market
o e.g. Measure temperature on a road
o It is about how to map physical world into the digital world
IoT is a combination of
 Product Design: Design better products with digital properties using IoT
o e.g. Sensor, water consumption
 Business Innovation: Create new services and business models based on digital product properties
 Production Optimization: Optimize production by digitization of equipment and processes
Develop, implement and assure the quality of IoT solutions containing sensors, electronics..
IoT Technical Reference Architecture

 People and business process
 Mapping from tech to business side
Coverage cannot be taken for granted

 Prefer wireless connection
30 years have gone since 2G was launched

 Why do we need new technologies?
 We change what we use technologies for
Industrial IoT can be applied outdoor

 Drone – loose connectivity. A drone transporting crucial stuff.
o Using drones to inspect fence around Odense airport.
Exploring the IoT opportunities together

 Wall with plants. Sensors telling when they need whater. Only given whater when needed.
The technology develops new use -cases appear


SØREN NØRGAARD MADSEN (KL) - IOT AND SMART CITIES
Local Government Denmark

Danish cities and municipalities
IoT and smart cities
Challenges:
 Recruitment and
 Climate
Trends
 Smart buildings
 Smart home. Saving energy during higher energy prices.
 Automation
 Smart maintenance
 Waste management
 Real time monitoring of air quality
 Real time monitoring of water
Key technologies
 Wide range of technologies they believe will have importance in coming years
 Some are mature, some are less
Tech radar
 Survey in municipalities on the technologies in terms of their use potential etc.
 Matureness of technologies
 Get a score and can locate technologies in the radar, which they can use to show what technologies they might
should look into.
 Technologies related to IoT
o AI and machine learning
o Edge computing
o Drones
o Wearables/Tracking
o Sensors
o Network technology
IoT setup
IoT value chain
 Sensors (the thing)
 Transmission
 Transformer/mapper of data
o Store data, clean data, provide overview
 Processing data
o Analyze data,
o Dashboard
 Generate value
Moving towards a Modular approach today. Before they buy the whole thing (Supply chain) which is expensive.
Lora is a cellular technology bult for supporting IoT. An antenna.
Challenging the business model of companies buy sharing these
Challenges: Internet of Things

Of cities
 Skills. Lacks of competencies within IT
 Market
 Security.
2. UNDERSTANDING IOT VALUE PROPOSITIONS & BUSINESS MODELS
Session Understanding IoT value propositions & business models

Readings Endres H, Induslka M, Ghish A, Baiyere A, Broser S. Industrial Internet of Things (IIoT) Business Model
Classification. In Proceedings of the International Conference on Information Systems, 2019. Download
Endres H, Induslka M, Ghish A, Baiyere A, Broser S. Industrial Internet of Things (IIoT) Business Model
Classification. In Proceedings of the International Conference on Information Systems, 2019.
Ehret M, Wirt J. Unlocking value from machines: business models and the industrial internet of things.
Journal of Marketing Management 2017;33(1-2):111-130. Download Ehret M, Wirt J. Unlocking value from
machines: business models and the industrial internet of things. Journal of Marketing Management
2017;33(1-2):111-130.
Bucherer, Eva, and Dieter Uckelmann. Chapter 10 - "Business models for the internet of things." In
Architecting the internet of things, pp. 253-277. Springer, Berlin, Heidelberg, 2011.
Introduction In this session we will identify approaches to developing business models for IoT for creation of value for
customers and the capture of value for the IoT ecosystem.
Learning  Understand how value is created in IoT
objectives  Learn the importance of customer experience in a IoT value proposition
 Understand how to develop appropriate business models for IoT solutions
Aims Lecture 2 – Help you to understand (IoT) Business Models
Lecture 4 – Help you to develop (IoT) Business Models ... for your projects
Agenda • Introduction to Business Models in General
• What's Different about an IoT Business Model?
• IoT Business Model Archetypes
• Impact of IoT on Business Model Elements
Guest presentation
• Andrea Pelizzaro, Alfa Laval
INTRODUCTION TO BUSINESS MODELS IN GENERAL
Definition of a Business Model

 A business model describes the rationale of how an organization creates, delivers, and captures value
(Osterwalder and Pigneur 2010) – “how an organization makes money”
 A description and explanation of how a business makes money.
Business Model Framework for this course

 Many many different BM frameworks ... some helpful ... some not ... depending on what you want to achieve
 Some more descriptive, tool based (help build a business model) & aimed at practitioners designing BMs
o e.g. Business Model Canvas – Osterwalder et al (2010)
 Some more theory based, aimed at deconstructing & analysing BMs
o e.g. Hedman & Kalling (2003), Amit & Zott (2001), Teece (2010)
 The goal of your project work is to develop an IoT business/technical prototype
o You need a practical business model tool to help you design your IoT business prototype
o Rather than carry out a deep theoretical analysis of someone else’s existing business model
4 BASIC ELEMENTS OF A BUSINESS MODEL

The basic things bm should help us do
1. Value Proposition
2. Value Creation
3. Value Delivery
4. Value Capture
DESIGNING BUSINESS INITIATIVES: 4 INNOVATION RISKS
 We need to design business models in such a way

 That business model components:
1.
Value Proposition – the service / product we will deliver and the benefit it gives the given customer we are
to sell it to
2. Value Creation – activities, sources, partnerships we are engaged in in order to build the given value
proposition that ends up giving value to customers.
3. Value Delivery - *exam project: come up with suggestions. “our intention is to do online sales, quick and
easy to establish, scale quickly. OR Partners in retail store; people who buy this service or product, need
advice from salesperson.
4. Value Capture – how to make profits. Cost and revenue structures  viability
 Are configured to overcome these risks.
 Your project task (on the commercial side) is to explain to me and Jim how your IoT commercial proposition
can do this ...
o Have the risks in mind when designing our business model.
o *Exam project: Task on commercial side of project; persuade Ben about business initative will
overcome these 4 risks.
4 Innovation Risks
1) DESIREABILITY
Do they want it? Do the customer want the things we are to design
– value proposition.
2) FEASIBILITY
Can we build it?
The customers might like it. But do we have capabilities to do this?
Are we able to build the service, product. Do we have the
resources, know-how, processes, partnerships,
3) VIABILITY
Can we generate value?
Can we actually make money out of it?  value capture
(4) ADAPTABILITY
is the market timing right?)
4 TASKS OF BUSINESS MODEL DESIGN

1. Develop a compelling Value Proposition
 Designing a product or service with features to match customer needs. *Exam project: They don’t expect we
do a market research.
 Minimise desirability risk – by developing something customers value
2. Configuring the organisation for Value Creation

 Ensuring company has right capabilities, resources (it capacity) & partners in place to create value proposition.
How the business creates the value proposition.
 Minimise feasibility risk – so that value proposition can actually be built
3. Ensuring optimal Value Delivery

 Making sure the product or service can be delivered to the customer. Once we built the value proposition, we
can deliver it to the customers.
 Establishing the right sales channels (online, store etc) and customer relationship management - if customers
complain, we can do something about it, maintenance
4. Figuring out appropriate mechanisms for Value Capture

 Developing an appropriate revenue model and cost structure to be profitable. Having mechanisms in place to
make sure we can make profit. Sustainable business in long term – it has a life.
 Minimise viability risk – so that the business is sustainable in the long term
Avoiding confusion ...
 A value proposition creates value for a customer segment(s).
But
 Value Creation is how an organisation builds a value proposition by combining the right capabilities and
resources and working effectively with the right partners
“STRATEGIES” TO ENABLE COMPETITIVE BUSINESS MODELS
Strategies to enable competitive business models
Configure these elements & the components that go into them in the right way – “ingredients” that goes into the 4 basic
elements
2. Value Creation
3. Value Delivery
4. Value Capture
To generate supernormal profit in one or more of the following ways. We have a profitable business. Higher than the
industry average over the long term.
Profit can be made in different ways: not necessarily all, but some of them can be achieved
 Generating Unique Novel Products & Services
 Reducing Operational Cost Structure. Doing things more quickly, getting to market faster.
 Running Operations Faster & More Efficiently
 Generating Income before Incurring Cost
 Getting Partners to do the Work
 Generating Network Effects
 Scaling Quickly
 Creating Customer Lock-In
 Generating Recurring Revenues
 Owning VRIN Resources and Capabilities
 Profiting from Learning Effects
 etc...
=> Sustainable Competitive Advantage
WHAT'S DIFFERENT ABOUT AN IOT BUSINESS MODEL?
What’s not different about an IoT business model?

 Still “a basic description and explanation of how a (IoT) business makes money” ... see official definition
(Osterwalder)
 Still has the same basic elements to enable money to be made:
o Value Proposition
o Value Creation
o Value Delivery
o Value Capture
What’s different about an IoT business model?
Best approached by considering “what’s different” about IoT:

1. IoT “things” are digital. Being digital gives capacity to being able to innovate with it in different ways.
2. Applications of IoT typically revolve around data (generated by sensors). IoT business models are definitely
digital and depend on data. Processing data into information that can be used in a useful way.
3. IoT solutions lend themselves to being enabled in ecosystems of cooperating organisations. An organization
creating iot solution needs to work in partnerships with different organizations in order to create value
proposition. Co-operating in a network -
1. IOT “THINGS” ARE DIGITAL ...& 2. IOT APPLICATIONS REVOLVE AROUND DATA
Material Properties of Digital Technologies

Yoo et al (2010a)
 Memorizability
 Programmability
 Senseability – Important for IOT! sensors creating data
 Addressability – are a part of a network, can communicate with each other.
 Communicability
 Traceability
 Associability
Non-material properties of digital data

Faulkner & Runde (2011)
 Non-rivalry in use
 Infinitely expansible
 Re-combinable
 Gives lot of flexibility in regard to what we can do with data - analytics
Organised as Layered Modular Architectures

Yoo et al (2010b)
 Recombinability of modular functionality across multiple levels
 Highly generative
 IoT ARE layered modular architectures!
Based on these characteristics we can do things with them.

Configure these elements & the components that go into them using:
 Massively Reduced Cost
 Massively Increased Performance
 Novel Hardware & Software Features
 Facilitates Innovation Platforms
 Facilitates Platform Complements
 High Capacity for Innovation
 Transaction Platforms
 Massive Capacity for Scaling
 Big Data Analytics
 AI
 Explosion of Potential Use Cases
If we get the ingredients right going into the 4 BM elements  we can do many things and achieve supernormal profit.
But how to get the ingredients correct?
3. IOT SOLUTIONS LEND THEMSELVES TO BEING ENABLED IN ECOSYSTEMS OF

COOPERATING ORGANISATIONS
 Value creation and value delivery of an IoT value proposition is seldom achieved by one organisation
functioning in isolation
o Key resources are shared across an ecosystem of partners. Have to work with bunch of suppliers or
partners. More an ecosystem than a traditional supply chain.
o Value is created through cooperation and partnership
 Frequently these IoT ecosystems are centralised around one dominant player (aka keystone actor)
o The keystone actor takes on the responsibility of ensuring the health of the ecosystem
o Ecosystem health results from a profitable ecosystem for all ecosystem members (from which the
keystone profits)
o The keystone actor does this in part by ensuring equitable sharing of value captured in the ecosystem.
Session #3 is dedicated to studying IoT ecosystems
IOT BUSINESS MODEL ARCHETYPES
IoT Business Model Archetypes

 IoT has been around long enough (just about) for particular categories and archetypes of business to emerge
 Both in academic literature and from “practitioner views”
 Perhaps the following archetypes can guide you as you start your projects?
o When we create our own it might fit inotone of these and we can take on the characteristics
 So what are these archetypes?
Academic perspective (course reading on Canvas): ** IMPORTANT READ & DIGEST THIS PAPER **
– Endres et al (2019) – Industrial Internet of Things (IIoT) Business Model Classification
Classification of different IoT business models
 Endres et al (2019) analyse 1043 publications from trade magazines etc

o Concerning IIoT projects from start ups and incumbent firms
o They analyse these examples using business model frameworks
 To identify 4 archetypes of IoT business models ...
1. Digical
a. Digital + physical = digical (IoT)
2. Service-centered
3. Data-Driven
4. Platform
None are better than others!
ARCHETYPE #1: DIGICAL
Archetype 1 Digical
Essence  Incumbents combine IoT components into traditional products – incorporating IoT
sensors into a physical products in order to produce extra features,
 Information produced enables product related digital services – e.g. remote
maintenance
 Most basic type
Typical characteristics of  Augments existing traditional value proposition through digitalization and process
Value Proposition optimization
 Development of hybrid products / digicals
 Additional services, which are close to the current product - implementing
complementing services etc.
 Adding featues to the existing physical product.
Example  BMW’s Connected Car provides digital services such as real time traffic info,
security warnings, maintenance services & alerts.
 Sensors can collect data -> analyzed -> sent back to the driver.
 Subscribe for getting these extra services.
 Any Smart Home device. An extension of the existing product
ARCHETYPE #2: SERVICE-CENTERED
Archetype 2 service-centered
Essence  Incumbents combine IoT components into traditional products to radically change
BM
 Shift from selling of traditional component products to selling service based on
benefits of using component
 To be able to provide this service, they need data on how the jet engine is
performing. Additional > able to sell additional services.
Typical characteristics of  radical change of the value proposition: not the product itself is sold, but the
Value Proposition availability of the product
 producer of the component (not customer) as machine owner and operates the
machine
 payment is dependent on the actual use of the product (as a service)
Example  Airlines typically no longer buy and own Rolls Royce jet engines,
 instead Rolls Royce sells the service of jet propulsion as “power by the hour”,
 including additional IoT data enabled services such as recommendations for more
fuel efficient use and scheduling of maintenance on arrival
 not iot if they didn’t have iot devices collecting data.
 Bike sharing in Copenhagen – Donkey Republic using iot devices on their bikes
(tracking) – IoT related service as device is used for tracking and charging
customers. SwapFiest NOT IoT as they don’t have tracking devices etc. Carsharing
is IoT?
ARCHETYPE #3: DATA-DRIVEN
Archetype 3 Data-driven
Essence  Value add services based on processing IoT generated data provided separate to
existing product
 Fee is charged for the generation, collection, aggregation & processing of data (from
different sources)
Typical characteristics of  Value proposition concerns data collection, processing and analysis
Value Proposition  customers gain insights into their machines and processes
 on basis of the data analysis and insights the customers can improve the business
outcome
Example  GE sells information enabling electricity generation companies to manage supply to

demand,
 based on aggregating IoT data from power generators
 with other sources of data including weather conditions and energy markets.
 Sells gass turbines to generate electricity. Sells additional services – information
about when to ramp up their generators to produce more electricity based on demand
peaks. When’s a good time to increase the amount of energy you are producing
 Vestas. Turbine sensors.
 distinction from digical? Depends on how closely related to the product it is
ARCHETYPE #4: PLATFORM
Archetype 4 Platform
Essence  Acting as a keystone, mediating between actors generating IoT data, and actors
(complementors) developing value add services based on that data
 Fee is charged for mediating the transaction of data one way or services the other
way
 Extension from service centered. Collecting data from products in order to create
services
 Bringing in more companies to use the data you generate from iot devices to provide
new services.
Typical characteristics of  efficiency enhancement of the entire value chain

Value Proposition  facilitates transactions between different types of organizations
 creation of a value creation network
 creation of new services and BM
Example  Agricultural machinery manufacturer Claas developed open platform 365FarmNet

 Platform mediates data and services between farmers (generated data & consuming
services)
 & an ecosystem of complementary service providers (consuming data and providing
agricultural products and services)
 Use with ecosystem partners to produce even more services
IMPACT OF IOT ON BUSINESS MODEL ELEMENTS
What’s different about an IoT business model?

 An alternative way to understand the impact of IoT on business models is to consider the impact of IoT on
each of the 4 business model elements:
Impact of IoT on each of the 4 business model elements

Discuss how IoT impacts these elements
Useful; *exam project – why IoT is affecting BM elements, help

creating successful business
Better understanding of how we can explain the BM behind our IoT

devices
Data created by iot device can be used to create a product or service

(new or complementary)
IMPACT OF IOT ON BM ELEMENT: VALUE PROPOSITION
Consistent message from our IoT guests:

 Value is not created for the customer by IoT technology in isolation.
o Not the IoT thing that adds value for customer, HOW we use its data to create value proposition
 Value is created from the service which is designed to meet specific customer needs
o ... and which is enabled by underlying IoT technology & data
 Start with customer need & value proposition & work out from there ...
WHAT IS A VALUE PROPOSITION?
Osterwalder et al (2014)
Source: Osterwalder, A., Pigneur, Y., Bernarda, G. and Smith, A., 2014. Value proposition design: How to create
products and services customers want. John Wiley & Sons.
 Value proposition Osterwalder (2014) describes a value proposition as the net benefits a product or service
generates for a customer/user. Value being created for the user
 Benefits are defined in terms of how the product or service:
o Solves a set of problems / challenges faced by customer
o And provides additional unforeseen benefits
 So the question you need to ask:
o What are the benefits that my IoT enabled service/product delivers
o That solves a customer problem and therefore creates value for them
 IoT based value propositions tend to focus on solving customer needs which depend on the provision of timely
information (based on analysis of IoT sourced data) either:
o Directly – customer specifically needs the information. Help them make decisions (e.g. GE)
o Indirectly – customer specifically needs a service, which is dependent on the information.
 Either augmenting the utility of an existing product/service
 Or enabling an additional complementary service
Moody & Walsh (2002)

Source: Moody, D.L. and Walsh, P., 1999, June. Measuring the Value Of Information-An Asset Valuation Approach. In
ECIS (pp. 496-512).
 “Of all the corporate resources (people, finances, assets, information), information is probably the least well
managed”. (Moody and Walsh, 2002)
 Value in IoT derives from provision of information ... (and the way it is then used) ... (Bucherer & Uckelmann
2011)
 Providing the right information ...
o ... in the right granularity ... (level of detail)
o ... and the right condition ... (in the right context)
o ... at the right time ... not useful to receive information too late (e.g. GE)
o ... anywhere in the network ... (from the right place)
o ... at an appropriate price.
Bucherer & Uckelman (2011)

Source: Bucherer, Eva, and Dieter Uckelmann. Chapter 10 - "Business models for the internet of things." In
Architecting the internet of things, pp. 253-277. Springer, Berlin, Heidelberg, 2011.
 Information components from 4 example value proposition scenarios taken from (Bucherer & Uckelman
2011):
1. IoT enabled platform based car rental (e.g. Car2Go) - Time & distance
2. Detection of counterfeit goods in supply chain – e.g. Blockchain based identifiers in pharmaceuticals
3. Product marketing in retail environment – Product info scanned in store or product marketing pushed
to consumers in store
4. Optimized transport logistics – Tagged transport containers containing perishable goods enable
optimized tracking & transport logistics
Special Case: Considering the value created for customer by an IoT value proposition
Reference: Kim, W.C. and Mauborgne, R., 2000. Knowing a winning business idea when you see one. 44 Harvard
business review, 78(5), pp.129-138.
 In the case of IoT augmenting an existing (traditional) product/service ...

 You could think how the IoT information generated as technological utility value (Kim & Maubourgne 2000)
Technological Utility
IMPACT OF IOT ON BM ELEMENT: VALUE CREATION
Configuring the organisation for Value Creation

 Ensuring company has right capabilities, resources & partners in place to create value proposition
 Minimise feasibility risk – so that value proposition can be built
Impact of IoT on an organisations:

1. Resources
2. Capabilities, the types of activities it needs & how it can configure and organise them
3. Partners and the way that it works with them
1. Impact of IoT on an organisation’s resources:

 Data created from IoT sensors becomes a key resource and this data is generated from IoT sensors embedded
in
o organisation’s new or existing products
o organisation’s production infrastructure (if it is a manufacturer)
o organisation’s service delivery infrastructure (if is a service provider)
o or in an ecosystem partner’s infrastructure
 Information from processing and analysing this data also becomes a key resource. This information can:
o augment the utility of an existing value proposition
o enable an entirely new value proposition or an additional complementary value proposition
o enable better (automated) internal decision making to facilitate more efficient activities in the form of
processes such as manufacturing, logistics, or service delivery
o or it can be valuable for an ecosystem partner in their activities or creating their value proposition
2. Impact of IoT on an organisation’s capabilities and activities:

 On the one hand, the organisation need to develop capabilities and activities to
o Source and manage IoT data and the information generated from it, including
 IT capabilities to source, design, integrate and manage IoT sensors
 IT capabilities to manage (big) data, to analyse data, and manage & process information that
is generated
 On the other hand, the organisation needs ability to integrate & utilise IoT sourced data and information in
capabilities and activities that benefit from it, for example: USE this in the activities and capabilities. Know
HOW it can make processes more efficient as the result of the use of the IoT data.
o Value proposition design and innovation – new How to use data and information to
features to meet unmet needs make these activities:
o Service delivery more rationalised, cheaper, faster,
o Manufacturing processes more reliable, better quality
o Logistics both inbound and outbound
o Customer, supplier and partnership management
3. Impact of IoT on an organisation’s interactions with partners:

 Value creation and value delivery of an IoT value proposition is seldom achieved by one organisation in
isolation – the ability of an organization to working with partners. Contribute to their value proposition.
o Key resources are shared across an ecosystem of partners
o Value is created through cooperation and partnership among the organizations
 Frequently these IoT ecosystems are centralised around one dominant player (aka keystone actor)
o The keystone actor takes on the responsibility of ensuring the health of the ecosystem
o Ecosystem health results from a profitable ecosystem for all ecosystem members (from which the
keystone profits)
o The keystone actor does this in part by ensuring equitable sharing of value captured in the ecosystem.
IMPACT OF IOT ON BM ELEMENT: VALUE DELIVERY

Ensuring optimal Value Delivery
 Making sure the product or service can be delivered to the customer by establishing – 2 major components to
consider:
o the best sales channels and sales offer to attract the customer to buy the product or service
 Online, physical store, b2b,
 the thing being sold to customer is done is a way that is attractive as possible – e.g. cheapest
o an effective customer relationship to retain the customer and prevent them from leaving for a
competitor
 Retain customers – ensure customers comes back to buy more at us, not at a competitor
Impact of IoT on an organisation’s:

1. Customer relationships
2. Sales channels
1. Impact of IoT on an organisation’s customer relationships:

 Data & information generated from an IoT sensor embedded in a customer product or service generates
customer intelligence – ie information about customer usage
o Customer usage and other customer behaviour ...
o Product & service performance
 Can enable improved customer service, e.g. predictive maintenance
 Can enable a move from a product sale to servitization (see later example)
2. Impact of IoT on an organisation’s sales channels:

 Improved customer intelligence based on IoT sourced data & information can lead to opportunities for:
o Upselling (downselling) to more appropriate product & service variations – sales opportunities if we
know customers have an intensive use of our product
o Information to enable sales of complementary products & services
o Identification of appropriate pricing to maximise revenue or “guarantee” sale
IMPACT OF IOT ON BM ELEMENT: VALUE CAPTURE
Figuring out appropriate mechanisms for Value Capture

 Developing an appropriate revenue model and cost structure to maximise profit
Impact of IoT on an organisation’s:

1. Cost Structure
2. Revenue Stream
1. Impact of IoT on an organisation’s cost structure:

 Implementing IoT, generating and managing IoT data and information comes at a cost for an organization. To
be viable cost must be offset by cost savings elsewhere or incremental revenue ...
 The trick is to identify how IoT generated data and information can reduce cost structures, e.g:
Rationalise, optimise, drive  Service delivery

efficiencies & reduce failures in  Manufacturing processes
activities and processes  Logistics both inbound and outbound
 Customer, supplier and partnership
Improve quality, management
Presumably we will save money,
reduce cost structures
*exam project: see if anything is relevant for our project

2. Impact of IoT on an organisation’s revenue streams:
Increase revenue
 Implementing IoT, generating and managing IoT data and information comes at a cost for an organization. To
be viable cost must be offset by cost savings elsewhere or incremental revenue ...
 The trick is to identify how IoT generated data and information can impact revenue streams positively, e.g:
o Increased revenue from sales of
 Data / information to partners / customers -
 Data / Information driven product/service extensions
 New Features
 New Variants
 Complementary products & services
 Increased revenue from more effective revenue models
o Variable Pricing
o Subscriptions & recurring revenue
o Servitization -> turning one of product sales into ongoing service revenue
o Think about -> How iot data enables to change revenue streams, either by changing the product or..
GUEST PRESENTER: ANDREA PELIZZARO (ALFA LAVAL) - MOVING ALFA LAVAL
BEYOND THE STEEL
About Alfa Laval

 Did not start in IoT
 IoT complement to base business
From boiling water...

 Connectivity project – how to deal with IoT.
o Boilers
o Decanter
 Step 1
o A small platform available – got the infrastructure in place.
 Not in IoT business yet. Used a 3rd party – provided infrastructure.
o A cross functional task force
o Multiple customer interviews. How do you know whether the customer is willing to.
o MVP ready in 1 month
 Step 2
o A formal organization
o A digital portfolio
 If customers had problems with their vessel, they didn’t want to have any one on board due to Covid-19
o Due to their infrastructure, they had the opportunity to provide this for their customers > get data from
vessel from the PLC through the FGW (Field Gateway).
o Field gateway
To fluid separation
 Using Field Gateway. Gateway able to get data from somewhere.
 Totally data driven
 Take iot side in order to create value proposition > warranty for their customers.
o Data about their spare components will fail – remaining life time about their customers products. Can
tell whether parts are damaged.
o 1 day down time
 Service agreement
o Subscription based model – yearly subscription of it. If they want to leave, they just leave the
hardware there. They can enter again if they sign a new service agreement.
 3 drivers
o Uptime
o Cost – troubleshoot from remote,
o yield
Where are we today?

Value able to provide when it comes to connected services – what they offer with the power of IOT
Decanter connectivity
2 solutions:

2 concerns:
Biggest burden for the customers:
 Data ownership: even though they don’t know what to do with the data, if they have it they see it as an asset
they own. Data is their assets, which they don’t want to share
 Cyber Security: When opening a communication channel you become vulnerable for hacking attacks.
o Mærsk was hacked.
o Decanter:
Lessons learned
An interesting future
+
Product
Mechanical
Silo
Transactional
Business as usual
-
Value
Digital
Partnerships and ecosystems
Relational
New company setup
3. IOT AS A DIGITAL BUSINESS ECOSYSTEM
Session IoT as a Digital Business Ecosystem

Theme IoT as a Digital Business Ecosystem
Readings Required Reading:
Iansiti, Marco & Levien, Roy. (2004). Strategy as Ecology. Harvard business review. 82. 68-78, 126.
Download Iansiti, Marco & Levien, Roy. (2004). Strategy as Ecology. Harvard business review. 82. 68-78,
126.
Pauli, Tobias; Marx, Emanuel; and Matzner, Martin, "Leveraging Industrial IoT Platform Ecosystems:
Insights from the Complementors' Perspective" (2020). In Proceedings of the 28th European Conference on
Information Systems (ECIS), An Online AIS Conference, June 15-17, 2020. Download Pauli, Tobias; Marx,
Emanuel; and Matzner, Martin, "Leveraging Industrial IoT Platform Ecosystems: Insights from the
Complementors' Perspective" (2020). In Proceedings of the 28th European Conference on Information
Systems (ECIS), An Online AIS Conference, June 15-17, 2020.
Recommended Reading:
Porter, M.E. and Heppelmann, J.E., 2014. How smart, connected products are transforming competition.
Harvard business review, 92(11), pp.64-88. Download Porter, M.E. and Heppelmann, J.E., 2014. How smart,
connected products are transforming competition. Harvard business review, 92(11), pp.64-88.
Porter, M.E. and Heppelmann, J.E., 2015. How smart, connected products are transforming companies.
Harvard business review, 93(10), pp.96-114.
Introduction In this session we will examine the importance of business ecosystems which are frequently required to be
established in order that effective IoT solutions can be implemented and run in practice.
Learning  Understand the meaning and importance of ecosystems in the context of IoT
Objectives  Learn analytical approaches to help build and sustain an ecosystem
 Learn about analytical tools developed specific to help us establish successful IoT ecosystems
Agenda • Recap of IoT Business Models
• Impact of IoT on Business Model Elements
• IoT Ecosystems
Guest presentation
• Bjørn Rasmussen & Magnus Thomsen, Andel Lumen
IOT ECOSYSTEMS
ARCHETYPE #4: PLATFORM
Archetype 4 Platform
Essence  Acting as a keystone, mediating between actors generating IoT data, and actors
(complementors) developing value add services based on that data
 Fee is charged for mediating the transaction of data one way or services the other
way
 Extension from service centered. Collecting data from products in order to create
services
 Bringing in more companies to use the data you generate from iot devices to provide
new services.
Typical characteristics of  efficiency enhancement of the entire value chain

Value Proposition  facilitates transactions between different types of organizations
 creation of a value creation network
 creation of new services and BM
Example  Agricultural machinery manufacturer Claas developed open platform 365FarmNet

 Platform mediates data and services between farmers (generated data & consuming
services)
 & an ecosystem of complementary service providers (consuming data and providing
agricultural products and services)
 Use with ecosystem partners to produce even more services
IoT Ecosystem Example – 365 FarmNet

Manages a platform that enables farmers to be ore productive
 IoT Platform based business model
 IoT data generated on farm equipment
 Services to improve farming efficiency and effectiveness  plants and crops at the right time
Simplified view of 365Farmnet Ecosystem

FarmNet is in the center
Rely on partners that produce
hardware from which cata is
generated
Software developers that create

third party apps
Origins in Agricultural Manufacturer Claas

Original belonged to Claas,
manufacturer.
Platform growth: Claas “spins-off” 365FarmNet

Begin to develop network effects, opening up
the ecosystem, allowed others to join
WHAT IS A BUSINESS ECOSYSTEM?
 Moore (1993): businesses cannot succeed alone, but prosper or fade together with their peers.
 Businesses need capital, partners, suppliers, and customers to create cooperative networks.
 In ecosystems, companies act cooperatively and competitively developing new products and satisfying
customer needs together.
 Definition of a Business Ecosystem:
o Network of interlinked companies, such as suppliers and distributors Interact with each other,
primarily complementing or supplying key components of the value propositions (benefits for
customers) within their products or services. (Source ft.com/lexicon)
Example: Apple’s iPhone IoT Ecosystem

Can be divided into multiple basic
functional clusters that enables
apple’s ecosystem
Value net diagram. Dash = money

being transferred (e.g. End users pay
apple money to get access to apps)
, full line is service being provided.
(e.g. deliver app to customer)
What is a Business Ecosystem?

Theoretical/conceptual point – The different functional groups are essential for the ecosystem to survive.
 Consist of companies, organizations or actors that directly or indirectly affect the company
 Where does it end? => impossible to find clear cut boundaries
 focus on companies with greatest interdependencies and effects on the organization
 companies can be clustered into particular functional groups
 Functional groups have different roles within the ecosystem
 the health of critical functional groups is essential for ecosystem to survive
 Actions of organisations in ecosystem have a direct effect (dependent on their role) on profitability/viability on
each other
Power of certain actors in IoT ecosystem has direct effect on viability of others
ECOSYSTEM HEALTH
Analytical approaches to help build and sustain an ecosystem

.... Ecosystem Health
3 CRITICAL MEASURES
Source: From Iansiti & Levien 2004 - Ecology as Strategy ... *** Read & absorb this paper ***
For the business model to flourish – the health of functional groups is critical
Three measures:
1. Productivity - “ability to consistently transform technology and other raw materials of innovation into lower
costs and new products”
o Innovate new products and services. In order to do this,they need access to raw materials etc. Maintin
its productivity
2. Robustness - ability of ecosystem to survive unexpected disruptions – measure by survival rate over time
relative to other ecosystems
o To survive disruption – rise of new rival or technology. Google ecosystem around search > rise of
ChatGPT is a new technology that might disrupt google search, ensure google is robust enough to
survive the potential disruption.
3. Niche Creation - the ability to be able to support a diversity of niche players to help ecosystem absorb shocks
and to encourage innovation
o Healthy viable and grow > find successful niches to maintain their businesses,
Your health in the ecosystem depends on your role and the strategy you pursue.
Identify 3 measures > to be successful, needs to be put in place,
ROLES WITHIN THE BUSINESS ECOSYSTEM

Identify 5 different roles that fit into
Different roles ... Different challenges

Organisations with different roles / positions in ecosystem face different types of challenges, e.g.:
 Ability to adapt to turbulent market & industry environment
 Ability to handle complex & broad ranges of relationships
Approach to strategy depends on role & position
Different roles
Vary on the complecity and level of turbulence and innovation the
organisaiton has to deal with
Roles within the business ecosystem

A number of roles (Iansiri & Levien 2004) identified in business ecosystems:
Positive influence players
 Keystone Organisation – central organisation holding position of power to positively influence health
ecosystem
o Typical the largest. The anchor, that other depend on. E.g. Apple.
o Provide platform goodness
 Niche Players - differentiated specialists adding diversity and valuable capabilities to keystone organisation &
ecosystem as a whole
o Might be highly specialized – provide complementary services that ebenfits the ecosystem
 Commodity Players – organisations that individually no longer add value, but taken collectively may retain
value
o Typically don’t have an expertise, but provide standard service in the ecosystem
o Making an app that exists multiple of – e.g. wather forecast. Only have to deal with the platform
provider.
Negative influence > 2 different distincted by whether they are dominating horizontal or vertical
 Value Dominators – exploit ecosystem through horizontal integration aiming to dominate a particular
function and draining ecosystem value pushing out other ecosystem members
o Will dominate the whole functional block in an ecosystem. IoT device; dominates the whole category.
o E.g. Philips in the context of apple: IoT enabled light bulbs, speakers – on the whole horizontal
 Physical Dominators – exploit ecosystem through vertical integration thereby draining ecosystem value
pushing out other ecosystem members
o Not just dominant in devices, but also in apps for example as well as platforms
 E.g. Apple itself. Both apps and physical devices.
 Apple beigns to dominate, monopolize.
So what to do to maintain ecosystem health?
Power of certain actors in IoT ecosystem has direct effect on viability of others
ECOSYSTEM STRATEGIES FOR KEYSTONE ACTORS
Keystone Actors benefit from cultivating & growing the ecosystem

5 different broad roles in an ecosystem
*Exam project: as we build the iot value proposition. What role does our hypothetical organization play in the
ecosystem?
Keystone Advantage:
 Keystone organisation has a position of power in business network
 Enabling it to create & share value in network
 Thereby enhancing the health of the network
Keystone Strategies:
1. Value Creation .... increase system productivity by:
o simplifying the complex task of interconnecting network participants
o making the creation of new products by third parties more efficient – e.g SDKs
o Enabling ecosystem actors to do their job better. Be more productive.
o Apple: Helps facilitate creation of new proucts by third parties, making sdk available.
2. Value Sharing.... enable system robustness and niche creation by:
o sharing innovative technologies – e.g. APIs
o Ensure ecosystem remains robust. Helps to encourage niche creation.
o Apple: Share APIs and functionality to enable developer and 3rd party software apps to deliver their
services and products and thrive.
Ecosystem strategies
ECOSYSTEM STRATEGIES FOR NICHE VS COMMODITY PLAYERS
Niche Players
 Leverage keystone organisations
 Avoid dependence on a single keystone. If developing for apple, make sense to also produce for android.
 Avoid dominators. If Philips entered same niche, we would quickly change niche to protect ourselves against
Philips competition.
 Maintain focus, but be vigilant to respond rapidly to change. Adapt.
Commodity Player
 Seek an ecosystem strategy to avoid being competed out of existence – become a niche player.
 Do something different. Try to differentiate.
Ecosystem strategies – Niche vs commodity players
Ecosystem Strategies - Value Dominators & Physical Dominators

A question of perspective:
 Keystone Org seeking to become a dominator?
 Keystone Org defending against dominators?
 Niche / Commodity responding to a dominator?
Ecosystem strategies – Niche vs commodity players

What might this mean for your project?
*Exam project
Position in an ecosystem has strategic implications for value creation & capture
 What is (what are) the ecosystem(s) you operate in?
 Who are the different ecosystems members (as functional groups)?
 How do you in interact with them by generating or using IoT data to create, share & capture value?
And:
 If you are a keystone - how do you maintain the health of the ecosystem?
 If you are not a keystone - how & why might you try to become one?
 If you are a niche player - what steps do you need to take to flourish?
 If you are a commodity player - what steps do you need to take to avoid irrelevance?
Probably not a keystone player!

If IoT sensor, producing product or service based on data/information > think carefully. Maye extend VP to collect data
from 3rd parties, partners etc. think carefully extend VP by selling information/data to other partners. How to manage
the relationships
GUEST PRESENTER: BJØRN RASMUSSEN & MAGNUS THOMSEN, ANDEL LUMEN
IoT Product - Idea to Check Out!

Magnus Ackermann Thomsen & Bjørn Grubbe Rasmussen (Product & Innovation Management)
5 years of building an IoT product and value chain
Niches or keystone that fits into a specific area – Scandinavia as an example
How we envisioned it...
At first – making a platform.

Focus on being niche players
Good at harvesting data. Entering data of

water and district heating.
Notitia Valuechain
With stakeholders in network they’ve built
Analyse: client, their clients, end users.
Market insights....
Classical obstacles you meet
 Snowball is not getting bigger
 ”PoC sickness” - no scaling
 Where’s the business case?
 No standards for sharing data
 Fear of vendor locking
 Ownership of data!
 Immature suppliers
 Lack of knowledge across value chain
 Change management
 Fear of hacking? (security)
Notitia USP
Tried to avoid these when building the product
Market dominated by 1 Danish player, owned by OK. Produce water/heat meters.
...can we deliver ‘X’ as a service, so that we are....

 OPEN
o Independent on manufacturer
o Non proprietary solution
o Standards compliant
 MODULAR
o Adapts to customer needs
o Scale as you go
o Fills voids in existing value chain
 FLEXIBLE
o API First Build-in customization – exchanging everything. Consolidate their market position, can be
monetized later on.
o Volumebased and future secured payment model – try to build. Buy in in bulk,
o Configurable datafrequency
A lot of data...
 Each meter creates and transmits 1,971.000 datagrams a year
 We collect only 8,760 of these datagrams – or more than 175,200,000 datagrams across our customers
 It takes only 1 datagram to create the value needed to build your business
DATA AS A DRIVER FOR NEW BUSINESS
Use data
 Create value!
 Data is just numbers! The opportunity lies in the transformation of the information hidden in the dataset.
 Displaying data is the simplest form – converting knowledge based on data into actions is where the real value
is!
 Don’t tell me – Act!
4. IOT BUSINESS MODELS
Session IoT business models

Theme In this session we will learn approaches to design business IoT value propositions and business models to
incorporate into our IoT projects.
Readings Required Reading:
Chapter 1. Osterwalder, A., Pigneur, Y., Bernarda, G. and Smith, A., 2015. Value proposition design: How to
create products and services customers want. John Wiley & Sons. Download Chapter 1. Osterwalder, A.,
Pigneur, Y., Bernarda, G. and Smith, A., 2015. Value proposition design: How to create products and
services customers want. John Wiley & Sons.
Chapter 1. Osterwalder, A. and Pigneur, Y., 2010. Business model generation: a handbook for visionaries,
game changers, and challengers (Vol. 1). John Wiley & Sons.
Learning Help you to develop (IoT) Business Models ... for your projects
Objectives  Understand the 4 risks to address with business model design
 Learn how to design IoT based value proposition
 Learn how to design IoT based business models
Agenda • Course Administration and Logistics
• Overall Project & Assignment Task (Commercial)
• Task - Value Proposition Part
• Task - Value Creation Part
• Task - Value Delivery Part
• Task - Value Capture Part
• Task - Further Advice
Guest presentation – Jakob Hall, GE
OVERALL PROJECT & ASSIGNMENT TASK (COMMERCIAL)

VP = value proposition
BM = Busines Model
Designing Business Initiatives: 4 Innovation Risks

Structure VP around BM
Commercial take on our prototypes
Structure in 4 parts
*Exam project: When writing projects –

show that our projects can do the 3 things.
BUSINESS MODEL ELEMENTS
Business Model Elements

1)Value Proposition
Making it Desirable
2) Value Creation
Making It Feasible
3)Value Delivery
4) Value Capture
Making it commercially viable
TOOL: BUSINESS MODEL CANVAS
Business Model Canvas
For the IoT proposition your teams builds:

– Describe and explain how the underlying business model works
In terms of its main elements:

2. Value Creation
3. Value Delivery
4. Value Capture
Each element is made up of BMC components,
and you need to reflect on the impact of IoT on these components
VALUE PROPOSITION
1. Develop a compelling Value Proposition

 Designing a product or service with features to match customer needs
 Minimise desirability risk – by developing something customers value
Business Model Canvas - Value Proposition

Not only refer to it, but build it
TOOL: VALUE PROPOSITION CANVAS

Value Proposition Canvas
Understand characteristics of customer segments
And what are the benefits of the products or service–

how do they satisfy the needs of the customer
segment.
*Exam project: To understand characteristics in real

world. Market research and surveys to understand
our customers. Not in this course. Focus on building
our prototypes. Do best effort to make assumption
about customer needs and benefits. State assumption
as clear as possible to make it as realistic as
possible.
The Customer Profile

 Describes the specific customer segment your business model addresses.
 It characterizes the segment in terms of jobs, pains, and gains.
Customer Profile
 Jobs describe the tasks customers are trying to get done in
their work and in their lives
 Pains describe anything that annoys your customer before,
during, and after trying to get a job done
 Gains describe the outcomes and benefits your customers
wants to achieve by getting job done.
Example: Making a device for agriculture. Growing tomatoes in

Sensor monitors the humidity of the soil. Too dry it alerts that the
tomatoes need water.
• Job: Make sure they water tomatoes at the right time. Keep it
simple.,
• Pain: Previously, not watered in time and losing money
• Gain: water tomatoes in right time, great tomatoes 
increased profits.
-
The Value Map

 It describes the features of a specific value proposition.
 It breaks the value proposition into products & services, pain relievers, and gain creators.
 It focuses on the jobs, pains, and gains that matter most to your customer.
 Objective: to describe explicitly how your products and services create value for your customer.
Value Map
 Products & services lists the products and services your
value proposition builds on.
 Pain relievers describe features of the product/service that
alleviate specific customer pains.
 Gain creators are the outcomes and benefits of the
product/service that the customer expects to achieve their job
Objective: Achieve a good fit
Use as brainstorm tool. Iterate back and forth. Quick thinking,
until it fits on both sides.
Focus on one customer segment
Fit of VPC in the BMC

The value proposition canvas & the business model canvas
When wirting up the business model canvas
Where does the elements fit
Value Map = Value proposition

Customer Profile = Customer segment
YOUR VALUE PROPOSITION TASK: PROJECT VS REPORT

 Your task for designing your value proposition in your projects is one thing
 Your task for writing up your value proposition in your project report is another thing!
Value Proposition Design Project task

 Customer Profile:
o Brainstorm: “Jobs to be done” .. then prioritise to 1 or 2 tasks
o Brainstorm: “Customer gains” .. then prioritise to about 3 gains
o Brainstorm: “Customer pains” .. then prioritise to about 3 pains
 Value Map:
o Identify: Max 3 “Gain creators” to address your “customer gains”
o Identify: Max 3 “Pain relievers” to address your “customer pains”
o Identify: Your IoT product/service to deliver “Gain creators” & “Pain relievers”
Make sure your value map addresses your customer profile

In practice you may have to iterate several times between the customer profile and value map to ensure a
“good fit”
This practical IoT value proposition task should be informed by the IoT value proposition concepts from
Session #2
Value Proposition Design Report task

 Describe the characteristics of your customer segment in terms of what you identify in the components of the
VPC customer profile
 Describe your value proposition in terms of the IoT product/service you develop and explain how it addresses
the customer gains & pains you identify so that customers can achieve their “jobs to be done”
 The IoT value proposition should be informed by the IoT value proposition concepts from Session #2
VALUE CREATION
2. Configuring the organisation for Value Creation

o Ensuring company has right capabilities, resources & partners in place to
 create value proposition
o Minimise feasibility risk – so that value proposition can actually be built
Business Model Canvas - Value Proposition

When describing the three elements, keep it
simple and ensure to make it relevant for IoT
Key Resources
 Describe assets most essential for an organisation to have deliver its business model
Major categories of resources What key resources do we require

• Physical • Create & offer value
• Intellectual proposition
• Human resources • Reach and distribute to
• Financial customers
• Maintain customer
relationships
• Generate sales and revenues
 Identify and prioritise those resources that are essential to deliver the business model and that set it apart
from the competition
o Only Focus on key resources.
Impact of IoT on BM Element: Value Creation

Only list 3 components
Key Activities
 Describe those most essential things an organisation must do to deliver its business model
Major categories of resources What key resources do we require

• Production • Create & offer value
• Problem Solving proposition
• Connecting • Reach and distribute to
customers
e.g. supply chain management • Maintain customer
relationships
• Generate sales and revenues
 Identify and prioritise those resources that are essential to deliver the business model and that set it apart
from the competition
Key Partnerships
 Describe essential partners and network of suppliers needed to make a business model to work.
 Motivations for creating partnerships:
Major categories of resources Key questions to answer
• Optimization / economies of • What resources and activities
scale are more effective to bring
• Reduction of risk and in?
uncertainty • Who are our most trusted,
• Acquisition of resources & economic and effective
activities partners and suppliers?

e.g.
App collects data from sensors in farmers
greenhouses
To tell farmers when to water, we need other

data, maybe about the weather (maybe its
going to be a dry period, tomatoes need more
water)
Could do: source data from own sensors, or

collect data from other sources.
VALUE CREATION: PROJECT & REPORT TASK

Identify, explain & justify:
 The 3 most important resources and 3 most important activities (processes & capabilities) you need in order to
build your IoT value proposition
 The role (if any) of IoT generated data and information in these resources and activities
 The relationships your organisation needs with other organisations (e.g. suppliers, vendors, distributors etc) for
your value proposition to be feasible – the network and ecosystem
 If it is applicable to think of these relationships as part of a network or ecosystem, then how can that be
explained in using ecosystem concepts? What is the role of IoT generated data and information in these
relationships?
This practical IoT value creation task should be informed by IoT value creation and ecosystem concepts from
Sessions #2 & #3
Assume you are a start-up with limited resources ...
VALUE DELIVERY
3. Ensuring optimal Value Delivery

 Making sure the product or service can be delivered to the customer
 Establishing the right sales channels and customer relationship management
Business Model Canvas - Value Delivery
Customer Relations
 Represents relationship between organisation & customer
 Focus is on the nature of interactions between organisations and customers, e.g. customer service,
maintenance, complaint handling etc
 Customer relationships can be categorised in several ways:

o Degree of personal assistance
o Sophistication of self service
o Deployment of user communities
o Extent of co-creation with customers.
Channels
 Mechanism by which sales are made to the end customer
Channels
Impact of IoT on BM Element: Value Delivery
VALUE DELIVERY: PROJECT & REPORT TASK

 What types of customer relationship and sales channel activities you will need to help deliver your value
proposition to your customers.
 The role (if any) of IoT generated data and information in these customer relationship and sales channel
activities
This practical IoT value delivery task should be informed by IoT value delivery concepts from Session #2
VALUE CAPTURE
4. Figuring out appropriate mechanisms for Value Capture

 Developing an appropriate revenue model and cost structure to be profitable
Channels
Cost Structure
 Describes all costs incurred to operate a business model
 Business model cost structures:
o Cost driven verses value driven business models.
o Fixed and variable costs
o Economies of scope and economies of scale
 Questions to answer here are:

o What are the major costs in our business model?
o How cost driven or value driven is our business model and how sensitive to costs are our customers?
o How are we able to reduce our costs, for example through economies of scale and scope?
Cost Structure
Revenue Streams
 Describe the means by which income is generated and is oxygen for the survival of our company – different
ways to charge customers.
o Characteristics of customer segment – what will fit them.
 Range of revenue models available:
o Advertising
o Asset Sale Licensing
o Brokerage fees Lending / Rental / Leasing
o Usage fee Subscription fees
 One off transactional revenues vs recurring revenues - Subsidising & Lock In
o Fixed price mechanisms: list price; product/service features; customer segment variations; volume
discounts vs
o Dynamic price mechanisms: negotiated prices; yield management; real-time; auctions
Impact of IoT on BM Element: Value Capture
VALUE CAPTURE: PROJECT & REPORT TASK

 What types of costs and types of revenues (revenue models) you will need to have a viable business.
 The role (if any) of IoT generated data and information in shaping your cost structures and revenue models
This practical IoT value delivery task should be informed by IoT value delivery concepts from Session #2

FURTHER ADVICE
1. Business model archetypes
2. Ideas for how your business model might generate competitive advantage
3. Tips for designing, presenting and writing up business models etc

Remember to reflect on the IoT Business Model Archetypes after: – Endres et al (2019) – Industrial Internet of Things
(IIoT) Business Model Classification. Doesn’t HAVE to fit in, but will help communicate what business model it is.
1. Digical
2. Service-centered
3. Data-Driven
4. Platform
In your project presentation / report, try to reflect on which if any of these archetypes, your business model most
resembles
... and justify why that might be the case ...
How will it evolve: When go to market start as digical, but maybe move towards platform.
BUSINESS MODELS WITH COMPETITIVE ADVANTAGE
Reflect if, and how, your business (model) idea can generate competitive advantage through achieving one or more of
the following:
1. Customer lock in due to designed in switching costs
a. If physical product – cheaply. Valuable service
2. Recurring revenues through effective revenue models (not limited to subscription models)
a. Revenue model -movey beyond selling a product once. Maybe subscription
3. Enabling a game changing cost structure (e.g. by rationalising your processes)
4. Getting others to do your work (e.g. through outsourcing or enabling third parties to build
1. complementary products & services)
5. Rapid scalability through generating network effects
6. Protection from competition through owning VRIN assets and capabilities (e.g. learning effects from owning
bigger better datasets) – learning effects
Maybe subsidise the data generated by sensors.

Remember, if any of these are applicable to your (business model),
– then you will need to justify and explain how they are achieved credibly.
TIPS FOR DESIGNING, PRESENTING AND WRITING UP BUSINESS MODELS

 When designing, presenting & writing up BMC, it’s generally easiest to go in the order:
o value proposition -> value creation -> value delivery -> value capture
o Also when presenting do it in this order
o
 When building, presenting, and writing up your value proposition try and base it on the value proposition
canvas
 When building, presenting, and writing up the “partners” component of your value creation, try using the
ecosystem perspective (keep it simple: think 365FarmNet & not Apple) ... remember Iansiti & Levien ...
 When designing, presenting & writing up BMC (or a Value Proposition Canvas) keep it simple:
o Max three points per component
o Try and keep each point in the figure to a short headline (2 words excellent; 4 words okish; >6 words
not good)
The point is to present the tools without confusing
In a presentation your spoken words fill in the detail ...
In a written report, your written words fill in the detail of the
diagram ...
Too many words in a BMC or VPC ...

Maybe in the report but not in the diagram
GUEST PRESENTER: JAKOB HALL (GENERAL ELECTRIC)

5. IOT AS PHYSICAL ARCHITECTURE
Session IoT as Physical Architecture

Theme A take on what IoT is, why it’s important now, what are some of the offshoots. A basic understanding of
network architectures and an understanding of the defining characteristics of IoT.
Readings Tanenbaum, A.S. and Wetherall, D.J, 2011. Computer networks, 5-th edition. ed: Prentice Hall. Chapter 1
Download Tanenbaum, A.S. and Wetherall, D.J, 2011. Computer networks, 5-th edition. ed: Prentice Hall.
Chapter 1
El Khaddar, M.A. and Boulmalf, M., 2017. Smartphone: The Ultimate IoT and IoE Device. In Smartphones
from an Applied Research Perspective. IntechOpen Download El Khaddar, M.A. and Boulmalf, M., 2017.
Smartphone: The Ultimate IoT and IoE Device. In Smartphones from an Applied Research Perspective.
IntechOpen
IoT 101 from IoTforAll.com

Agenda  Outline of the remainder of the course
 Some things you should do...
 Brief history – Where does IoT come from?
 Overview and architecture
 Generic network architectures
 Networking 10000 or more cars
 The Smartphone as IoT ecosystem – the smartphone as a central device in IoT
 Industrial IoT infrastructures
 Security Issues
 • Platforms
Stack = device, how it communicates,
IoT Physical Architecture:

A take on what IoT is, why it’s important now, what are some of the offshoots. A basic understanding of network
architectures and an understanding of a layered model approach to IoT ecosystems.
The evolving IoT ecosystem
THINGS YOU SHOULD DO...

 Get an Arduino.cc account ..... It’s free (Why?)
 Get a GitHub account .... It’s free (Why?)
 Sigfox credentials
 Get a Thinger.io account
 Start looking at stuff like:
o Hackster.io
o CircuitBasics.com
o RandomNerdTutorials.com (Why?)
BACKGROUND - HISTORY OF IOT

 Samuel Morse 1844 "What hath God wrought?" from Washington, D.C. to Baltimore
 Nicolas Tesla 1926 "When wireless* is perfectly applied the whole earth will be converted into a huge brain,
which in fact it is, all
o things being particles of a real and rhythmic whole.........and the instruments through which we shall
be able to do this will be amazingly simple compared with our present telephone. A man will be able
to carry one in his vest pocket."
 Alan Turing 1950 "...It can also be maintained that it is best to provide the machine with the best sense organs
that money can buy, and then teach it to understand and speak English. This process could follow the normal
teaching of a child."
 Marshall McLuhan 1964 "....by means of electric media, we set up a dynamic by which all previous
technologies -- including cities -- will be translated into information systems"
 Tim Berners Lee 1989 WWW
 John Romkey 1990 created a toaster that could be turned on and off over the Internet for the '89 INTEROP
conference.
 Paul Saffo 1997 ”cheap, ubiquitous, high-performance sensors — are going to shape the coming decade”
 Kevin Ashton 1999 ”the phrase "Internet of Things" started life as the title of a presentation I made at Procter
& Gamble (P&G) in 1999”
 The ITU 2005 ”from anytime, any place connectivity for anyone, we will now have connectivity for anything”
But it’s all about machines?
Telemetry system – sensor can send

information to central host
IoT Why now? - Timing

 Ubiquitous Connectivity – Internet, wifi, mobility etc.
o Not all had a phone in the beginning of the century. Now it has become ubiquitous
 Widespread Adoption of IP/MQQT, COAP – standardization and simplification
o Everything is built on IP
o
 Computing Economies – basically, people resources cost (lots) more than computer resources
 Miniaturization – sensors, MEMS etc
 Advances in Data Analytics - ML, AI and Big Data technologies
 Rise of Cloud Computing – More commoditization of IT
 Digital Twinning - optimize, improve efficiencies, automate, evaluate future performance
o A virtual representation of a physical object
 Strangely enough, the pandemic and how it changed society
o
The EU-IoT Framework for Internet of Things Skills: Closing the Talent Gap
Digital Twins – the real promise of (I)IoT
Digital twin = “The digital twin is the virtual representation of a physical object or system across its life-cycle. It uses
real-time data and other sources to enable learning, reasoning, and dynamically recalibrating for improved decision
making.”
A virtual representation of a physical object
Model & Interact with the real world - Azure

The technology stacks
OVERVIEW AND ARCHITECTURE
ITU Y.2060
ITU Y.2060
“The IoT can be viewed as a global infrastructure for the
information society, enabling advanced services by
interconnecting (physical and virtual) things based on
existing and evolving interoperable information and
communication technologies (ICT)”
 Things are objects of the physical world (physical things) or of the information world (virtual world) which
are capable of being identified and integrated into communication networks. Things have associated
information, which can be static and dynamic.
 Virtual things exist in the information world and are capable of being stored, processed and accessed.
Examples of virtual things include multimedia content and application software.
 Physical things exist in the physical world and are capable of being sensed, actuated and connected. Examples
of physical things include the surrounding environment, industrial robots, goods and electrical equipment.
TOP LEVEL STRUCTURE IOT
Top level structure IoT

Physical world and information world
Time, place, thing..

Time, place, thing..
3 important elements
Time constriction:
It can be anything; any physical thing
COMPONENTS
Devices & components
 A device is a piece of equipment with the mandatory capabilities of communication and optional capabilities
of sensing, actuation, data capture, data storage and data processing. The devices collect various kinds of
information and provide it to the information and communication networks for further processing.
 Some devices also execute operations based on information received from the information and communication
networks.
DEFINING CHARACTERISTICS OF IOT

 Heterogenous
 Dynamic
 Interconnectable
Scale
Components
Overview & architecture
Enormous scale: The number of devices that need to be
managed and that communicate with each other will be at least
an order of magnitude larger than the devices connected to the
current Internet. The ratio of communication triggered by
devices as compared to communication triggered by humans
will noticeably shift towards device- triggered communication.
5 Things to know about IoT Protocols

1. There’s no one-size-fits all IoT protocol
2. Protocols purpose-made for IoT are seeing increased adoption
3. Software is becoming more ipirtant to managing Iot Connectivity
4. “Ease of use” and “realiability” are most important when choosing a new protocol
5. Decision making for IoT protocols has become a multi-stakeholder exercise
GENERIC NETWORK ARCHITECTURES
Definition
(Tanenbaum Chapter 1)
A couple of things to remember...

 Data transfer rate (bandwidth)
o Maximum rate of data transfer possible
o When signing up for a broad band connection and they guarantuee the best possible connection IF
there’s no other activity.
 Throughput
o Maximum rate achieved
 Typically measured in megabits per second (Mbps) or gigabits per second (Gbps)
 But not always relevant for specialized (sub) networks
Wireless Sensor Network
ARCHITECTURE
Classified by: 4 rules used to classify different types of networks

 Distance between nodes (nodes are the different devices on the network)
 How they are managed (central, peer)
 Rules used to exchange data between nodes (protocols)
 Communications medium used (wires, fiber, wireless)
BASIC NETWORK TYPES....

1. Public networks (telecoms) or private
2. Managed networks: goes across
3. Corporate networks
TYPES OF NETWORKS
 PAN: Personal Area Network
 LAN: Local Area Network
 MAN: Metropolitan Area Network
o CBS
 WAN: Wide Area Network
o Global, represented by the internet, all other types of networks are kind of subnetworks to this type.
DEFINED BY DISTANCE
City area
Sixfox
DEFINED BY ADMINISTRATION
 Central Administration
 Local Administration
Central Administration Local Administration
Server network, usually managed by an IT team In our home

NETWORK ARCHITECTURES - ETHERNET PROTOCOLS
 Ethernet network
o Ethernet protocol for communication
o Developed by the Institute of Electrical and Electronics Engineers (IEEE)
o 802.3: Wired – physical connections between devices
o 802.11: Wireless -
 Backward compatibility: If we have the newest version of Wifi – the device running the wifi,
o Ethernet devices can communicate with older Ethernet devices without any issues. In other words, the
newer devices can understand and work with the older devices that use older versions of Ethernet.
 Interoperability regardless of OS
 Ethernet is a “pipe”
o Fiber as a pipe. Means how much data we can get into it?
 TCP/IP defines what comes down the pipe
o The packages
Wifi is a universal standard
Challenge:
Sixfox data to something wifi understands – push data to
central point
NETWORK ARCHITECTURE – TCP UDP AND IP

Universal ethernet and idp protocol
 High level (presentation)protocols
 Transport and network protocols
 Link and physical protocols
 IPv4 and IPv6
 Transmission Control Protocol:
o Reliable – packets
 UDP:
o Unreliable,
o Latency
 Security issue with TCP IP: Weak link in IoT?

o IP addresses can be spoofed very easily
o Man in the middle attack in between IP traffic. Huge issue.
o Solution: Public key encryption
o With six fox it’s built in, only send message of 12 bytes.
NETWORK COMPONENTS (SOME)...
LAN
Network Components: Transmission Media

Communications channel between nodes
 Wireless networks
o Radiowaves
 Wired networks
o Cables:
 Twisted pair cable
 Coaxial cable
 Fiber optic cable
THE 4 STAGE IOT SOLUTIONS ARCHITECTURE
Edge IT: intelligence on the edge of the network

Data cloud: backend, collects and prepares data for
NETWORKING 10000 CARS (OR MILLIONS OF THEM)

A network can also be this
 Autonomy
o Personal cars
o Public transport
o Drones
o Delivery systems
 Infrastructure
o Physical
o Digital
 Data
 Power
From this to this...

Drone delivering orders – autonomous
All cars communicate with the cloud (controlling system)
and each other.
Wireless networks
 Edge data centers and distributed charging stations
THE SMARTPHONE AS IOT ECOSYSTEM
Smartphone-centric IoT
 Smartphone development
o https://flauntdigital.com/blog/evolution-mobile-phones/
o https://www.bankmycell.com/blog/iphone-evolution-timeline- chart#info
 Whats inside the box?
 IoT and IoE
 Smart everything and controlling it..
 Machine learning and Artificial Intelligence
 4 – 5g and BLE/NFC/WiFi
Whats inside the box? (basically, a bunch of sensors)

Sensors
 Face ID
 Barometer
 Three-axis gyro
 Accelerometer
 Proximity sensor
 Ambient light sensor
IoT & IoE (Internet of everything)
 Apple Homekit – your home at your command!
 IoE is:
 “bringing together people, process, data, and things to make networked connections more relevant and
valuable than ever before- turning information into actions that create new capabilities, richer experiences, and
unprecedented economic opportunity for businesses, individuals, and countries” [30]. IoE definition means
“connecting people in more relevant ways, converting data into intelligence to make better decisions,
processing this data and delivering the right information to the right person at the right time, and connecting
things which denote any physical devices or objects connected to the Internet or to each other for intelligent
decision making”
Smartphone: The Ultimate IoT and IoE Device Mehdia Ajana El Khaddar and
Mohammed Boulmalf
INDUSTRIAL IOT INFRASTRUCTURES
RECAP
The story so far...

 Brief history – Where does IoT come from?
 Overview and architecture
 Generic network architectures
 Networking 10000 or more cars
 The Smartphone as IoT ecosystem
 Industrial IoT infrastructures
 Security Issues
 Platforms
 Onboarding groups
EXERCISE 1A/B: 1 MARCH 8.00 – 11.30 AND 11.40 -15.10
Introduction to an IoT eco-system Part 1:
Since we will be using Sigfox as one of ”our” networks, we need to know what it is, strengths and weaknesses,
suitability for purpose.
Similarly we will be using WiFi as a medium so we need to know how to know what it is, strengths and weaknesses,
suitability for purpose.
We will also learn about using a smartphone as a sensor platform.
GUEST PRESENTER: TBA

6. TECHNICAL OVERVIEW
Session Technical Overview

Theme The IoT stack and it’s components in detail. Communications channels, protocols and radio solutions.
Sensors and actuators. The software stack and some platform examples
Readings Greg Dunko, Joydeep Misra, Josh Robertson, Tom Snyder (2017). A Reference Guide to the Internet of
Things, 2017. Download Greg Dunko, Joydeep Misra, Josh Robertson, Tom Snyder (2017). A Reference
Guide to the Internet of Things, 2017.
Sanjit Ganguli, Ted Friedman (2015): IoT Technology Disruptions: A Gartner Trend Insight Report
Download Sanjit Ganguli, Ted Friedman (2015): IoT Technology Disruptions: A Gartner Trend Insight
Report
GSMA (2014). Understanding the Internet of things. Download GSMA (2014). Understanding the Internet of
things.
IoT-Device-Certification-Report.pdf Download IoT-Device-Certification-Report.pdf
MachNation-IoT-Architecture-v1.4.pd
Things you should have done ...
 Got an Arduino.cc account ..... It’s free
 Got a GitHub account .... It’s free
 Got a Thinger.io account .... It’s free
 Signed on to Sigfox Portal
 Retrieved ID & PAC
 Started looking at stuff like:
o Hackster.io
o CircuitBasics.com
o RandomNerdTutorials.com
Introduction - session agenda

 The IoT stack – principles of operation
 Sensors and actuators
 Communication channels
 Some IoT protocols
 Radio Solutions
 Software stack
 Analytics and Big Data
THE IOT STACK – PRINCIPLES OF OPERATION
Start
Sensors: connecting to edge of network (e.g. gateways)

Gateway:
Edge IoT
An IoT Architecture
Sidebars:
i
IOT STACK
He likes this best.

Devices – can be the sensors
Getting data in = digestion
Original OSI model. 7 layers.
Data link: MAC address.
Elements of IoT Architecture (Simple IoT Stack)

Base IoT architecture / stack
Ifcompared to the original OSI its reduced but pretty

closed. Something in IoT are not necessary within the
OSI model.
Connectivity – sixfox
Backend: sixfox, iot cloud
Platofrm: Arduino
Functional stack in prototype practice

APPLICATION LAYER
 The application layer contains IoT applications.
Where we can interact with the system.
COMMUNICATIONS CHANNELS
 IoT is (loosely) based on the internet – uses internet
 specific protocols (sort of!) to communicate with server systems (cloud) in different ways.
 Remember the ISO model?
 Which is really a 7 layer model:
What do the layers do?
 Layer 1: Application Layer
o User inputs data and data is output to the user.
o User normally filters data
 Layer 2: Presentation Layer
o Converts incoming and outgoing data from one format to another for presentation.
 Layer 3: Session Layer
o Sets up and authenticates, coordinates, maintains, and terminate
o Session management. IoT session different from traditional internet sessions.
o Why different from ordinary internet sessions? Data that needs to be calibrated.
 Layer 4: Transport Layer
o Provides communication session management support, packetization of data, delivery of the packets,
and error checking once the data arrives. Hash algorithm
o Tcp and udp. – overhead
o
 Layer 5: Network Layer
o Handles the addressing and routing of the data.
o Ip protocol, ip address originates
 Layer 6: Data Link Layer
o Provides a reliable link between two directly connected nodes. The data link layer is also responsible
for detecting and fixing packet errors that may form on the physical layer.
 Layer 7: Physical Layer
o Conveys the bit stream through the network at the electrical, optical, or radio level.
DEVICE LAYER
Multiple capabilities:
 The device capabilities include but are not limited to:
o Direct interaction with the communication network. Able to gather and upload directly without using
gateway.
o Indirect interaction with the communication network.
 Do same thing with a gateway as a medium betwene
o Ad-hoc networking
 Need a connection now but not in a few minutes – p2p.
 Making a device sleep
o Sleeping and waking up is key – else using battery too quickly
 Gateway capabilities:
o The gateway capabilities include but are not limited to:
o Multiple interfaces support
o Protocol conversion
The gateway capabilities include but are not limited to:

 Multiple interfaces support: At the device layer, the gateway capabilities support devices connected through
different kinds of wired or wireless technologies, such as a controller area network (CANbus), ZigBee,
Bluetooth or Wi-Fi. At the network layer, the gateway capabilities may communicate through various
technologies, such as the public switched telephone network (PSTN), second generation or third generation
(2G or 3G) networks, long-term evolution networks (LTE), Ethernet or digital subscriber lines (DSL).
 Protocol conversion: There are two situations where gateway capabilities are needed. One situation is when
communications at the device layer use different device layer protocols, e.g., ZigBee technology protocols and
Bluetooth technology protocols, the other one is when communications involving both the device layer and
network layer use different protocols e.g., a ZigBee technology protocol at the device layer and a 3G
technology protocol at the network layer.
o
 interoperability
NETWORK LAYER
 This consists of the following two types of capabilities:
o Networking capabilities: provide relevant control functions of network connectivity, such as access
and transport resource control functions, mobility management or authentication, authorization and
accounting (AAA).

o Transport capabilities: focus on providing connectivity for the transport of IoT service and
application specific data information, as well as the transport of IoT- related control and management
information.
Service support and application support layer

 The service support and application support layer consists of the following two groupings:
– Generic support capabilities: The generic support capabilities are common capabilities which can
be used by different IoT applications, such as data processing or data storage. These capabilities may
be also invoked by specific support capabilities, e.g., to build other specific support capabilities.
– Specific support capabilities: The specific support capabilities are particular capabilities which cater
for the requirements of diversified applications. In fact, they may consist of various detailed capability
groupings, in order to provide different support functions to different IoT applications.
MANAGEMENT CAPABILITIES
 In a similar way to traditional communication networks, IoT management capabilities cover the traditional
fault, configuration, accounting, performance and security (FCAPS) classes, i.e., fault management,
configuration management, accounting management, performance management and security management.
 The IoT management capabilities can be categorized into generic management capabilities and specific
management capabilities.
 Essential generic management capabilities in the IoT include:
o device management, such as remote device activation and de-activation, diagnostics, firmware and/or
software updating, device working status management; local network topology management;
o traffic and congestion management, such as the detection of network overflow conditions and the
implementation of resource reservation for time-critical and/or life-critical dataflows.
 Specific management capabilities are closely coupled with application-specific requirements, e.g., smart grid
power transmission line monitoring requirements.
SECURITY CAPABILITIES
 Generic security capabilities and specific security capabilities. Generic security capabilities are independent of
applications. They include:
o at the application layer: authorization, authentication, application data confidentiality and integrity
protection, privacy protection, security audit and anti-virus;
o at the network layer: authorization, authentication, use data and signalling data confidentiality, and
signalling integrity protection;
o at the device layer: authentication, authorization, device integrity validation, access control, data
confidentiality and integrity protection.
 Specific security capabilities are closely coupled with application-specific requirements, e.g., mobile payment,
security requirements.
 Each level needs to be authenticated. The importance depends on the type of system we are working with
Why might internet protocols not be the best solution for IoT?
 Power constraints
o Makes some power each time processing bytes. Processing an IPv4 or 6 header is either 20 or 40
bytes
 Payload size vs. overhead
 Duty cycle
o How much time can I be on the air using the tech that we use. We use tech in ISM band.
 Memory
 Data delivery (ACK). Do I want a receipt for data.
 Handshaking?
 Security – IP spoofing etc
o If getting in the middle we can spoof the IP, imitating another IP
Ip is not based on wifi, wifi is based on IP
A lot of data each time we want to send

information – especially the IPv6.
The sixfox message signs is 12 bytes. The header

is eaither 20 or 40 bytes whicih is quite a lot
more. Therefore IP not the best solution.
SOME IOT PROTOCOLS
MQTT (MESSAGE QUEUING TELEMETRY TRANSPORT)
Alternatives to internet protocols – MQTT (Message Queuing Telemetry Transport)

A lightweight messaging protocol that uses “publish/
subscribe” operations to exchange data between clients and
the server.
Small size, low power usage, minimized data packets and
ease of implementation make the protocol ideal for the
“machine-to-machine”
or “Internet of Things” world.
Similar to SixFox. Supported under wifi. Publish data to

specific server, to which we can subsribe to. Evry similar to
sixfox.
Benefits: realtime. Works as fast as
MQTT – ”publish, subscribe” model

Client publish data e.g. temperature to a broker.
Client can subscribe to the broker.
MQTT – example - temp sensor
How many devices?
MQTT Brokers
 Basically there are a number of Brokers available, Mosquitto, Mosca, emqttd being the best known.
 These are server applications
 which can be downloaded and installed on
 local servers or hosted on AWS, Node red MS Azure or similar
 Aternatively, use a test broker or a cloud based solution as shown in the table
SIGFOX PROTOCOL STACK – PROPRIETARY

RADIO SOLUTIONS
Also RANs
(some) IoT Radio technologies and

characteristics
LICENSED VS. UNLICENSED SPECTRUM

 Licensed spectrum is used for for cellular, broadcast and other commercial stuff – e.g. The last auction raised 1
billion kr.!
 Unlicensed spectrum is used for some essential services and a whole lot of Industrial, Scientific and Medicinal
applications
 And, IoT (sigfox, Lora), WiFi, Zigbee and lots of other devices.
 Unlicensed does’nt mean free-for-all,there are rules:
 Boiled down, this means a 1% duty cycle – transmission must be no more that 1% per day (24*60)/100 =
14,4m (864s)
 For Sigfox (where a message averages 6s), this gives 144 messages per day.
 The other relevant constraint (Sigfox) is payload size but this is a mathematical consequence rather than
regulatory.
 Who’s watching? Well, basically no one! (Sigfox monitors and delivers warnings and can shut off rogue
devices)
Some issues and constraints (choosing a radio technology)

Consider:
 Environment – where will the IoT device operate?
 Service life and ability, interoperability
 Power availability, battery life, power harvesting etc
 Local processing requirements (also storage)
 Size – has an influence on
 antenna, battery, durability
 etc •
 Cost – if a device is too expensive, this is an issue in itself. (we will look at cost in detail later)
 Data – size, persistence etc
 Simplex/duplex – operational mode
 Security – a major constraint
SOFTWARE STACK(S) FOR IOT
CHARACTERISTICS/ROLES FOR 3 SOFTWARE STACKS
Constrained-device software roles (Firmware)

 Communication
o Protocols
o Modems
 HAL
o methodology for communicating with components, sensors etc
 OS/RTOS
o tasks, timing, data management etc
 Remote Mgt
o OTA upgrades, parameter changes etc
DEVICE: ANATOMY OF A DEVICE (WHERE DOES FIRMWARE LIVE?)
INTELLIGENT EDGE SOFTWARE ROLES

 Application Runtime
o Protocols
o Modems
 Network Management
o reliability, sequencing, handshaking, security (VPN, cryptology etc)
 Data Management/messaging
o Offline mode, metadata analytics, logging, persistence, reporting etc
 Connectivity/msg routing
o Ingest huge amounts of data (millions of RT connections) Manage Multi-tenant aspect
 Device onboarding and Management
o identify and manage devices
 Data Management
o Data storage, sequencing (time series)
 Application enablement
o Expose data to API, callbacks, enterprise systems
 Event mgt, Analytics & UI
o Monitor events, reports & Dashboards, fault finding, etc
Some thoughts on agnosticism and interoperability

 Loosely coupled – It is important that each stack can be used independently of the other stacks. It should be
possible to use an IoT Cloud Platform from one supplier with an IoT Gateway from another supplier and a
third supplier for the device stack
 Modular – Each stack should allow for the features to be sourced from different suppliers.
 Platform-independent – Each stack should be independent of the host hardware and cloud infrastructure. For
instance, the device stack should be available on multiple MCUs and the IoT Cloud Platform should run on
different Cloud PaaS.
 Based on open standards – Communication between the stacks should be based on open standards to ensure
interoperability.
 Defined APIs – Each stack should have defined APIs that allow for easy integration with existing applications
and integration with other IoT solutions.
IOT TECHNOLOGY STACK – DEFINITION
 The IoT technology stack is a range of technologies, standards and applications, which range from the simple
connection of objects to the Internet to simple/very complex applications that use these connected things, the
data they gather and communicate and the different steps needed to power these applications.
IoT Stack <-> Web stack correspondence
Platforms
ECOSYSTEM PARTNERS VALUE CHAIN – SIGFOX

 Ecosystem Partner Select which role or roles
 Rely on existing SIGFOX partners
 Support customers throughout the value chain
Role of Ecosystem Players in the Value Chain
Sigfox Certification Program
Key Partners
Sigfox Partner Network
• The place to look for Sigfox’s

ecosystem : https://partner.sigfox.com
IoT Value Chain


IoT solutions are complex and have complex cost models

 You need to:
o Raise capital to develop software and hardware as well as industrialization of product design
o Ensure viability of production and distribution
o Cover costs of maintaining software stack
o Cover recurring costs of support, maintenance, communication, platform, storage etc.
 So:
o VOLUME of devices is King
o Length of SERVICE delivery is key
o (Short contracts = higher (device) prices, Long contracts = lower OVERALL pricing)
IoT needs recurring revenue
SENSORS AND ACTUATORS

SENSORS
 Working definition: A Sensor is an input device which provides an output (signal) with respect to a specific
physical quantity (input).
 To be useful, sensor(s) must be combined in a Wired/wireless Sensor Node (device)
o Main components of a WSN node

o Controller
o Communication device(s)
o Sensors/actuators • Memory
o Power supply
ACTUATORS
 An actuator is a device that alters the physical quantity as it can cause a mechanical component to move after
getting some input from the sensor. In other words, it receives control input (generally in the form of the
electrical signal) and generates a change in the physical system through producing force, heat, motion, etc.
 Sensor and actuator flow What (could be) the challenges?

o Duplex communication paths – some networks are basically simplex
o Out of sequence – protocol and handshaking issues (QoS)
o Interoperability...
o Fail-safe mechanisms... Monitoring (human?, AI?).... Security, Security, Security.... Firmware...
o Hacking....
o More?
 MicroElectroMechanical Systems (MEMS) (Accelerometer)
EXERCISE 2A/B: INTRODUCTION TO THE MKR DEV KITS

This will be a partial hands on exercise where we will work with the Arduino system and the Sigfox system as well as
the physical devices. You will also learn about the components which you have received and how to handle and
interface them. This session (or 2b) is required.
GUEST PRESENTER: TBA

7. IOT PLATFORMS AND TOOLKITS
Session IoT Platforms and Toolkits

Theme Deep dive into the systems you will be using for your projects at all levels of the stack
Readings Sigfox 2017. Whitepaper. Sigfox Technical Overview Download Sigfox 2017. Whitepaper. Sigfox
Technical Overview
Padraig Scully,Knud Lasse Lueth 2016. Guide to IoT solution Development Download Padraig Scully,Knud
Lasse Lueth 2016. Guide to IoT solution Development
Caldwell 2016 - IBM Internet of Things POV and strategy
Analytics and big data..

1. The Rise in Cloud Migration
2. Predictive Analytics
3. AutoML
4. TinyML
5. Cloud-Native Solutions
6. Augmented Consumer Interfaces
7. Better Data Regulation
8. Medical Cures and Pandemic
1. Control
9. Training Data Complexities
10. Human Jobs will Remain Safe
What makes (small) data big?

 Lots of devices delivering small payloads
 Lots of contextual data (metadata) data lakes
 Source Agnosticism – who cares where the data comes from?
 Cloud solutions – Hadoop and beyond BI
 Driven by predictive analytics, ML and AI (even robotics and self driving vehicles), cyber security, etc

Gartner:
Small data from.....

POSITIONING – NETWORK, WIFI/BLE, GPS
Technology positioning
USE CASES
Sigfox Geolocation
 Works on all Sigfox hardware –extra costs involved. Definitely a Best Effort service!
 Delivers coarse position – accuracy in kms. Best in antenna-dense areas (urban)
 Defined by Cell size and number of receiving BS’s
 Combined with wifi can give accuracy down to sub 100m. (best case, less accurate in rural areas)
 Low power usage (increasing w. Wifi)
 Other sensors – tilt, temp/hum, movement etc.
 Varying battery life (use case dependent) but usually 1 to 2 years
 Varying SW platforms
 Typical products: any Sigfox device
Global
hegemony with
Sigfox
technology!
One ring
(subscription) to
rule them all!
For devices that
have the Sigfox
Geolocation
service activated,
and for a single
message
reception, the
system provides
estimated
location
coordinates
along with a
radius. The
radius
corresponds to
the estimated
accuracy of the
location
information.
The location
computation is
based on the data
from the Sigfox
infrastructure,
coming from
several replicas
of the same
messages sent by
a device and
received by
different base
stations.
Those different
replicas, in
addition to the
message itself,
have further
information
coming from the
network, such as:
The identifier of
the base station
that received the
message.
The RSSI
(Received Signal
Strength
Indicator)
indicating the
quality of the
signal received
Wifi
 Devices (such as Loka, Antalis and others) built as multifunction boards
 Onboard WiFi scanner (as opposed to a WiFi module) – looks at 1, 2 or 3 strongest SSID/Mac adresses from
available AP’s LoKauses2or3,Antalis1or2
 Scanner references one or more AP databases (Here, Google and Combain – 92,7% coverage in Dk.)
 Often combined with XG and BLE (always combined with GPS in iPhones and similar)
 Claimed accuracy 10m Indoor, 30m outdoor urban/suburban, less in rural areas (dependent on number of WiFi
APs and Sigfos BS.
Wifi – Loka Device
 General Features
o Dimensions: L: 65mm, W: 20mm, H: 5mm
o Operating temperature: -10oC to +65oC
 SIGFOX - ETSI:
o Output power: 14dBm
o RxSensitivity: -124 dBm
o Uplink Frequencies : 868.1 MHz & 869.5 MHz
 External Interfaces
o 2 Analog IO lines
o 8 Digital IO lines
o UART / Serial Port (AT commands available)
 Approvals and certifications
o SIGFOX ready
o FCC and CE mark (on going)
o WEEE, RoHS compliant
 Sensors etc.
o WiFi 802.11b/g/n transceiver
o Accelerometer and Temperature sensors
o Input VCC: From 1.8V to 3.3 V
o Power consumption: Sleep: 3uA Running: 1mA
o Transmitting: 60 mA (~6 sec)
o SPI / I2C / 1-Wire Support
o 3.3V input / output
o Power controlReset
Accuracy with WiFi - ( Sigfox test material)
Accuracy with WIfi – City Industrial
Accuracy with WiFI – Rural?
RTLS with GPS

 Several classes:
 Personal, pet, small assets trackers:
o Tifiz
o Co-Assist
o Pet-tracker
 Industry strength multifunctional asset trackers:
o Sensolus ST2
o Digital Matter Oyster
o Traquer Nano
 All have a GPS chip embedded – same chip as used in a turn-by-turn navigator but constrained by Sigfox
operational rules (1% duty cycle)
Personal tracker – TiFiz

 Personal, pet, small assets trackers:
o Tifiz
o Co-Assist
o Pet-tracker
RTLS with GPS

 ST2 – Industrial GPS Tracker
o GPS position
o Movement detection
o Vibration detection
o Geo Beacons for indoor use
o Temperature
o No realtime track and trace
o Battery life dependent on use case (1 to 5 years)
o Jammable
o Not the best anti theft device
o Sigfox trackers (GPS, WiFi and even Harry Potter enabled stuff) do not do turn by turn navigation.
o For that, you need a Smartphone, a navigator, a GPS chip etc.
 Main uses
o Find things (quickly)
o Identify and find unused or underutilized assets
o Understand where asset go
o Optimize how/when/where assets are used
o Localize and protect assets
o Find stolen assets
Sensohive...
Maturix
Market size...
Before Maturix and after...
And all because of temperature and humidity...
ELEMENTS OF AN IOT PROJECT ?
IoT Project Timeline

Success in IoT projects are the ones that concentrate on the green stages. Major investments (time, money etc) occur in
the Industrialisation stage and need to be qualified. Build stage is often around 18 months and 80% of cost is in the
build stage.
POC
Quick and dirty solution which should prove concept (can it be done?), identify problem issues, get first data and
imagine extensions. Use out of the box components, work-arounds and hacks. Time constraint 2-4 weeks.
 Speed is of the essence:
o Design, cost, size are not the issue her. Use existing (cheap) elements, non-optimal hacks.
 Network:
o Network will always be a major constraint on th Business Model. Better to choose right at the
beginning but plan for change.
 Platform:
o Basically, use free platforms even Excel is good enough at this stage!
Field Test
Deploy X devices in the field under realistic conditions, capture data and as much relevant environmental data as
possible. Correlate to Business Model & Plan
 What happened?:
o Failure, loss of device, breakdowns etc. all contribute to understanding. Ideally, a diversity of contexts
is needed.
 Scale:
o From small data to extrapolated big data-
o Find best frequency, autonomy and precision. Open to un-expected use and additional new uses.
 Choice:
o Examine suitability for purpose and evaluate choices made. Alternatives?
POT/POV
(Re)Design a device with optimal technologies based on results of field tests and which meet expected autonomies,
costs etc. Identify (sets of) main insights and Value Creation. Decision Time!
 Verify tech assumptions?:
o Failure, loss of device, breakdowns etc. all contribute to understanding. Ideally, a diversity of contexts
is needed.
 Verify external partner choices:
o From small data to extrapolated big data-
o Find best frequency, autonomy and precision. Open to un-expected use and additional new uses.
 Confirm Value Creation:
o Examine suitability for purpose and evaluate choices made. Alternatives? Refine BP.
Industrialisation
Create end-product, mass production, testing, certification, packaging etc. Apps/platform, marketing and support
infrastructure.
 Manufacture:
o Design end product to built at scale. BOMs, electronics, mechanical, assembly, test-automation,
certification etc. Mostly engineering handled by specialist companies
 Service Provider:
o Build subscription model– cooperate with Network Operator or alternative.
 Platform/Apps:
o Provide insigt and/or build platform. Classical IT using Cloud services and similar.
Expertise – Team
IoT projects need a lot of expertise which currently is not found in most companies.
Since IoT is transformative, these profiles may be very far from a company’s comfort zone.
 Hardware engineer Embedded/Firmware engineer
 Backend developer Frontend developer
 Marketing Digital solution sales
 Mechanical Design Manufacturing
 Database expert Apple developer
 End-User support Field Maintenance
 Purchasing IoT Networks engineer
 Android developer Data Analyst
 IoT Project manager PM and <Deployment
 IoT projects need a lot of expertise which currently is not found in most companies.
 Since IoT is transformative, these profiles may be very far from a company’s comfort zone.
Dilemmas, constraints, choices
 In real life and especially for IoT - because things like size, price, volume, autonomy etc. are key elements,
there are many make-or-break dilemmas to be solved and choices to be made. This often means compromizing
on initial expectations, alternatively not starting an IoT project!
EXERCISE 3A/B: THINGER.IO AND SIGFOX, WIFI AND ARDUINO IOT CLOUD
By now we should have the Dev Kits up and running, communicating with Sigfox and WiFi and able to push data to a
simple endpoint (mail and/or monitor).
This session will deal with:

1) WiFi and the linkage to the IoT platform (Arduino IoT Cloud) and what is required to achieve it and
2) Sigfox and the linkage to the IoT platform (Thinger.io) and what is required to achieve it.
GUEST PRESENTER: SIGFOX, TBA

8. IOT SECURITY AND PRIVACY
Session IoT Security and Privacy

Theme Security and Privacy in IoT What are the challenges?
 A systemic approach – relating to the IoT Stack
 The anatomy of Mirai and what we can learn from it
Readings International Electrotechnical Commission, 2017. Download International Electrotechnical Commission,
2017.
Wei Zhou, Yuqing Zhang, and Peng Liu, Member, IEEE , 2018. The Effect of IoT New Features on Security
and Privacy: New Threats, Existing Solutions, and Challenges Yet to Be Solved Download Wei Zhou,
Yuqing Zhang, and Peng Liu, Member, IEEE , 2018. The Effect of IoT New Features on Security and
Privacy: New Threats, Existing Solutions, and Challenges Yet to Be Solved
Arbia Riahi Sfar, Yacine Challal et al. 2013. A Systemic Approach to IoT Security Download Arbia Riahi
Sfar, Yacine Challal et al. 2013. A Systemic Approach to IoT Security
Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman,
J.A., Invernizzi, L., Kallitsis, M. and Kumar, D., 2017. Understanding the mirai botnet. In 26th {USENIX}
Security Symposium ({USENIX} Security 17) (pp. 1093-1110).
Important to reflect upon in the papers
WHERE ARE THE SECURITY WEAKNESSES
SECURITY, A KEY CHALLENGE FOR IOT
Interconnecting anything
 Surface of attack is exploding
o The ways in which black hat hackers are able to attack devices is huge. Easy to get in.
 Attacks are scalable and can damage others businesses
o Attack in network, needed huge amount of knowledge, today its more easy. Easy to gain information
enough to break into systems.
o
 Vulnerabilities across the value chain
 Proactive view of sec in IoT.
Security is an E2E requirement
Not just where you are attacked but goes across value chains
AT STAKE: BUILDING TRUST
IoT is business critical – Providing the right balance between

 SECURITY
 RELIABILITY
 PRIVACY
 RESILIANCE
The right balance between RISK, EFFORT & COST

 Risk analysis
 The right balance
 Regulations
Security by default > Protecting what matters,

where it matters, when it matters
 On-device
 On network infrastructure
 On cloud – becoming more and more
important. Big players have more or less
pulled out close to end solutions in the
cloud, back to just providing tools to
build solutions. We are faced with taking
care of security in our solutions.
SECURITY IS A PROCESS
Steps
Step 1 Risk evaluation
Your E2E application
Iterative and ongoing process – do it all the time
Step 2 Security by Design Implement security controls & counter-

Hard bits – infrastructure, network (trusted) – quality measures where it is needed
assurance.
Put best practices into place in
developments, balance the risk, the cost
and efforts, develop dedicated features
Step 3 Continuous audit & improvements process  DESIGN: Implement security

controls & counter- measures
Build iot device, secure it, where it is needed
Cisco used to do that with their devices; came with default  DEPLOY: Implement security
user and pw, 2 generation old firmware strategy
 OPERATE: Maintain the security
Do we need to update firmware etc level and detect failures
CHALLENGES IN IOT
We recognized from Day-1, security is one of the biggest challenge in IoT
Security as a large issue.
DESIGN CHOICES: A BUILT-IN FIREWALL

Sigfox use a radio modem
 Device initiated communication

Other things that mitigate security issues with sigfox
o small payload
 needs lot of information about payload before you can see what it is
o low bit rate
o Random frequencies
 Never get the same frequency
 Interference robustness: anti-jamming
o How you can jam gps. Jammers to jam the mobile signal that would send an alarm or track with a gps
signal.
o Buy a jammer online for $36 – gms singals
o Very difficult to jam
o Triggered when the first signal is jammed
o .
 Preventing DDoS
 Secure transmission:
o From base station to cloud
o From Cloud to customer application
 Secure transmission
o Edge – high risk
Sigfox ReadyTM device not connected thru IP
Secure transmission
TECHNOLOGY POLICIES: TRUSTED COMMUNICATION

Things involved:
 Authentication
o Triple A (AAA)
 Authentication: identification
 Authorization:
 Accounting
 Anti-replay mechanism
o Steal a message and replay in another context, potential security issues > block one device and imitate
another device and inject malware into a system
 Message integrity
o We don’t want the message to be altered with
 Payload encryption
o Doesn’t make sense unless you know the custom grammar bit
o Without impacting 12 bytes which is the max size
 In-device security: hardware and software security technologies
IT STRATEGY: STATE-OF-THE-ART INFRASTRUCTURE
 CLOUD INFRASTRUCTURE SECURITY

 Hosting center Certifications
o SSAE16/ISAE3402 SOC-1 Type
o ISO 27001
o PCI-DSS
o FACT
o ISO 9001-2008
o ISO 50001
FRAME OF REFERENCE
What is IoT?
 Devices: Devices within a network are instrumented so they can be addressed individually
o IoT picture
 Platform: Devices are interconnected by way of a shared platform such as a cloud services
 Intelligence: Devices may perform functions adaptively, on their own or with other devices and applications,
based on programming and inputs from the physical worls
Who are the players?

 Consumers
o Groups of users
 Enterprises
 Governments
o
ROLE BASED APPROACH TO SECURITY

1. Build the product: IoT hardware manufactures or integrators
o USB connection > needed to program. But when it has ended it leaves itself open to interference. Lots
of IoT devices have USB devices.
o SD card. Discrete component. We can put malware onto it.
o Tamper-proof. Alert if you have been tampered with.
o Building preemptive technology into the technology
o Build an encryption chip on the device.
o Firmware upgrades
o Wifi device > updating firmware
2. Integrate software solutions: IoT solution developers
o Inhouse team of developers.
o Follow different methods with secure software development methodologies; often built into IDE; not
in Arduino.
o Arduino is open source; maintained by normal, everybody is involved; nobody really has
responsibility
o Maintenance and documentation of some libraries. Can’t depend on this to build production
systems, fine to PoC or protoypes.
o Most software vulnerabilities exists in libraries or API
3. Deploy hardware and connect devices: IoT solution deployers

o The guys who install the devices.
o Wifi devices: authentication keys. Exchange encrypted public private key pair
4. Maintain the solution - Operations, monitoring, and upgrades: IoT solution operators
o Not monitorable our PoC
o Sigfox: some level of management in the system. Requiring them to update
SECURITY-RELATED CHALLENGES OF IOT
 Availability: Ensuring constant connectivity between Endpoints and their respective services
o IoT cloud.
o WifiOnly connected when it needs to be. Sometimes it is not connected. Not contstant
o Sigfox: sleeps most of the time, not constantly connected. Ensure to be connected that it CAN connect
 Identity: Authenticating Endpoints, services, and the customer or end-user operating the Endpoint
o Possible with Wifi
o Not possible with Sigfox; ‘to who is the end user’ not possible.
o Different in sub wifi system: easy (wifi in our home)
 Privacy: Reducing the potential for harm to individual end- users
 Security: Ensuring that system integrity can be verified, tracked, and monitored
AVAILABILITY CHALLENGE
Availability challenge
 How can Low Power Wide Area (LPWA) networks (e.g. NB-IoT and LTE-M) be deployed and operated with
a similar level of security to traditional cellular systems?
 How can multiple mobile operators support the same level of network security as IoT Endpoints migrate across
network boundaries?
 How can network trust be forwarded to capillary Endpoints that rely on Gateway Endpoints for
communication?
 How can the power constraints of Lightweight Endpoints be addressed in secure communications
environments?
IDENTITY CHALLENGE
 Can the user operating the Endpoint be strongly associated with the Endpoint’s identity?
 How can services and peers verify the identity of the end-user by verifying the identity of the Endpoint?
 Will Endpoint security technology be capable of securely authenticating peers and services?
 Can rogue services and peers impersonate authorized services and peers?
 How is the identity of a device secured from tampering or manipulation? How can the Endpoint and Network
ensure that an IoT Service is permitted to access the Endpoint?
PRIVACY CHALLENGE
 Is the identity of an Endpoint exposed to unauthorized users?
 Can unique Endpoint or IoT Service identifiers allow an end-user or Endpoint to be physically monitored or
tracked?
 Is data emanating from an Endpoint or IoT Service indicative of or directly associated with physical end-user
attributes such as location, action, or a state, such as sleeping or awake?
 Is confidentiality and integrity employed with sufficient security to ensure that patterns in the resultant cipher-
text cannot be observed?
 How does the product or service store or handle user-specific Personally Identifiable Information (PII)?
 Can the end-user control the storage or use of PII in the IoT Service or product?
 Can the security keys and security algorithms used to secure the data be refreshed?
SECURITY CHALLENGE
Have reflections of this in the paper
 Are security best practices incorporated into the product or service at the start of the project?
 Is the security life-cycle incorporated into the Software or Product Development LifeCycle?
 Is application security being applied to both services and applications running on the embedded system?
 Is a Trusted Computing Base (TCB) implemented in both the Endpoint and the Service Ecosystem?
 How does the TCB enforce self- verification of application images and services?
 Can the Endpoint or IoT Service detect if there is an anomaly in its configuration or application?
 How are Endpoints monitored for anomalies indicative of malicious behavior?
 How is authentication and identity tied to the product or service security process?
 What incident response plan is defined for detected anomalies indicative of a compromise?
 How are services and resources segmented to ensure a compromise can be contained quickly and effectively?
 How are services and resources restored after a compromise?
 Can an attack be spotted?
 Can a compromised system component be spotted?
 How can customers report security concerns?
 Can Endpoints be updated or patched to remove vulnerabilities?
THESE SECURITY CHALLENGES COULD BE CLASSIFIED UNDER..
 Manufacturing standards
 Update management
 Physical hardening: making it difficult for hackers to get into (USB, SD card etc)
 User knowledge and awareness
Potential Security Risks
Locking out
Fitness trackers with Bluetooth

Pairing to devices; still open to pairing when it is paired
CHALLENGES ARISING FROM MANUFACTURING STANDARDS

 Hardware issues
 Old, not updated/patched operating systems
 Weak “default” passwords etc
 No secure update system
 Unprotected data storage
 Unprotected data transfer
Social engineering – Stuxnet on a (usb) stick
Manipulating
Phonecall, phishing, mails
UPDATE MANAGEMENT OR LACK OF...
What we experienced with the Sigfox devices. Old libraries

 Transport layer: (weaknesses)
o Reusing cryptographic keys/certificates
o Weak keys (size)
 Short passwords and weak passwords
o Insecure key storage
o Lack of auth for API request calls
 Most are done without authorization
o Accessing insecure open cloud instances
 General:
o Misconfiguration (defaults)
o Insufficient logging
o Capabilities (disabled)
o No security alerts
o OTA – unsigned/unencrypted
PHYSICAL HARDENING...
MIRAI... DDOS IOT BOTNET 2016
The Mirai internet of things (IoT) botnet is infamous for targeting connected household consumer products.
It attaches itself to cameras, alarm systems and personal routers, and spreads quickly.
The damage can be quite substantial. People might not realize that their internet-enabled webcam was actually
responsible for attacking Netflix.
Mira 2016
Timeline
Timeline details - read if you are curious
 Mirai Genesis: Discusses Mirai’s early days
and provides a brief technical overview of
how Mirai works and propagates. Krebs on
Security attack: Recounts how Mirai briefly
silenced Brian Krebs website.
 OVH DDoS attack: Examines the Mirai
author’s attempt to take down one of the
world’s largest hosting providers.
 The rise of copycats: Covers the Mirai code
release and how multiple hacking groups
end-up reusing the code. This section also
describes the techniques we used to track
down the many variants of Mirai that arose
after the release. Finally, this section
discusses the targets and the motive behind
each major variants.
 Mirai's takedown of the Internet: Tells the
insider story behind Dyn attacks including
the fact that the major sites (e.g., Amazon)
taken down were just massive collateral
damage.
 Mirai’s attempted takedown of an entire
country: Looks at the multiple attacks
carried out against Lonestar, Liberia’s
largest operator.
 Deutsche Telekom goes dark: Discusses
how the addition of a router exploit to one of
the Mirai variant brought a major German
Internet provider to its knees.
 Mirai original author outed?: Details
Brian Krebs’ in-depth investigation into
uncovering Mirai’s author.
 Deutsche Telekom attacker arrested:
Recounts the arrest of the hacker who took
down Deutsche Telekom and what we
learned from his trial.
Genesis
Double up every 76 minutes....

Routers and cameras ...
A self propagating worm...
Attack module
Brian Krebs under attack...
Where are the attacks coming from?

OVH attack
Dyn attack
The Liberia attack
Deutche Telecom attack

Black hats all caught?
LESSONS?
 Eliminate default credentials: This will prevent hackers from constructing a credential master list that allows
them to compromise a myriad of devices as MIRAI did.
 Make auto-patching mandatory: IoT devices are meant to be “set and forget,” which makes manual patching
unlikely. Having them auto- patch is the only reasonable option to ensure that no widespread vulnerability like
the Deutsche Telekom one can be exploited to take down a large chunk of the Internet.
 Implement rate limiting: Enforcing login rate limiting to prevent brute- force attack is a good way to mitigate
the tendency of people to use weak passwords. Another alternative would be using a captcha or a proof or
work.
 Many IoT devices with different hardware configuration and operating systems
 No one size fits all
 Limited processing capabilities - This makes it hard to run state of the art
 encryption-based security solutions inside the devices
 No firmware update (possible) – no patches
 Different for platform/application layer – needs stringent security
 Open ports must be protected
 Encrypted passwords...
 IP white lists
 NoIP?
 More?
Paper* thoughts on what security issues relevant for our Iot Device - reflections
STUFF YOU NEED TO READ...

 International Electrotechnical Commission, 2017. Mr. Bernd Leukert, SAP Project Director Dr. Dr. Timo
Kubach, SAP, Project Manager Dr. Claudia Eckert, Fraunhofer AISEC, Project Partner Dr. Kazuhiko
Tsutsumi, Mitsubishi Electric,MSB Member et. al.
o https://www.iec.ch/whitepaper/iotplatform/
 Wei Zhou, Yuqing Zhang, and Peng Liu, Member, IEEE , 2018. The Effect of IoT New Features on Security
and Privacy: New Threats, Existing Solutions, and Challenges Yet to Be Solved
o https://ieeexplore.ieee.org/document/8386824
 Arbia Riahi Sfar, Yacine Challal et al. 2013. A Systemic Approach to IoT Security
o https://www.researchgate.net/publication/261075256_A_Systemic_Approach_for_IoT_Security
 Manos Antonakakis, Georgia Institute of Technology; Tim April, Akamai; Michael Bailey, University of
Illinois, Urbana-Champaign; et. al. 2017. Understanding the Mirai Botnet.
o https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-antonakakis.pdf
EXERCISE 4A/B: SIGFOX/THINGER/SENSOR/ARDUINO IOT CLOUD WORKSHOP

Handling data from sensors on the edge and in the cloud. Building dashboards and presenting data. Focus on
programming.
One-pager on projects
GUEST SPEAKER: "SECURITY BY DESIGN, ZERO TRUST", NIELS E. ANQVIST,
ZAFEHOUZE

Internet of Things - Noter

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Internet of Things - Noter

Uploaded by

Copyright:

Available Formats

INTERNET OF THINGS (IOT)

Business: Commercial perspective, business model, value propositions etc

Learning objectives (short version)

Sigfox > industry context

 PoC: Proof of Concept.

WHY DO WE CARE ABOUT IOT?

There is a buzz about IoT!

Emergent Phenomenon of past 5 years.

Key Commercial Driver

IoT Employability Factor

A smart interconnected world A dark world of surveillance of opportunity and lack

Some IoT definitions:

TWO PERSPECTIVES OF IOT

Two perspectives of IoT

THE TECHNOLOGICAL VIEW

IoT and Data

Differing Approaches to Delivering IoT – e.g. 4 IoT Communications Models

Different approaches to delivering IoT. Different approaches in delivering IoT.

Device-to-Gateway Model e.g., Consumer devices like fitness trackers,

Back-end Data Sharing e.g., typically more complex corporate

a devices creates data read by central

THE BUSINESS VIEW

IoT: At home and at work

IoT and value

CHRISTIAN KLOCH (FORCE TECHNOLOGY)

5G & IoT – What is it all about

IoT Technical Reference Architecture

Coverage cannot be taken for granted

30 years have gone since 2G was launched

Industrial IoT can be applied outdoor

Exploring the IoT opportunities together

The technology develops new use -cases appear

Local Government Denmark

IoT and smart cities

Lora is a cellular technology bult for supporting IoT. An antenna.

Challenging the business model of companies buy sharing these

Challenges: Internet of Things

Session Understanding IoT value propositions & business models

INTRODUCTION TO BUSINESS MODELS IN GENERAL

Definition of a Business Model

 A description and explanation of how a business makes money.

Business Model Framework for this course

4 BASIC ELEMENTS OF A BUSINESS MODEL

DESIGNING BUSINESS INITIATIVES: 4 INNOVATION RISKS

 We need to design business models in such a way

4 TASKS OF BUSINESS MODEL DESIGN

2. Configuring the organisation for Value Creation

3. Ensuring optimal Value Delivery

4. Figuring out appropriate mechanisms for Value Capture

“STRATEGIES” TO ENABLE COMPETITIVE BUSINESS MODELS

Strategies to enable competitive business models

What’s not different about an IoT business model?

What’s different about an IoT business model?

Best approached by considering “what’s different” about IoT:

Material Properties of Digital Technologies

Non-material properties of digital data

Organised as Layered Modular Architectures

Based on these characteristics we can do things with them.

3. IOT SOLUTIONS LEND THEMSELVES TO BEING ENABLED IN ECOSYSTEMS OF

IoT Business Model Archetypes

 Endres et al (2019) analyse 1043 publications from trade magazines etc

None are better than others!

ARCHETYPE #1: DIGICAL

ARCHETYPE #2: SERVICE-CENTERED