Professional Documents
Culture Documents
NOTES
1. INTRODUCTION
Session 1 Introduction
Theme
Readings Required:
Economist Special Report on IoT. September 14th 2019. Download Economist Special Report on IoT.
September 14th 2019.
Krotov, V., 2017. The Internet of Things and new business opportunities. Business Horizons, 60(6), pp.831-
841. Download Krotov, V., 2017. The Internet of Things and new business opportunities. Business Horizons,
60(6), pp.831-841.
Background Info:
Gartner (2018) Gartner Identifies Top 10 Strategic IoT Technologies and Trends Download Gartner (2018)
Gartner Identifies Top 10 Strategic IoT Technologies and Trends
Beebom (2017) 15 Examples of Internet of Things Technology in Use Today Download Beebom (2017) 15
Examples of Internet of Things Technology in Use Today
Excellent reference:
Rose, K., Eldridge, S., & Chapin, L. (2015). The internet of things: An overview. The Internet Society
(ISOC), 1-50. Download Rose, K., Eldridge, S., & Chapin, L. (2015). The internet of things: An overview.
The Internet Society (ISOC), 1-50.
Introduction In this session we will introduce the course and provide an overview of the content, the mandatory group
project and the individual exam assignment. We will also introduce basic IoT definitions, drivers , trends,
architectures, and most importantly for the project broad use scenarios.
Agenda Course Introduction
• Course Overview
• Objectives
• Project & Exam
• Things to prepare for next week
Introduction to The Internet of Things
• What is it?
• Why do we care about it?
Ben Eaton
be.digi@cbs.dk
Jim Sheridan
jsh.digi@cbs.dk
COURSE INTRODUCTION
Summary of Assessment
Group Mandatory Assignment (pass/fail)
Group Project – build in IoT prototype & commercial proposition (weeks 5-15)
Group Project Presentation (Hand in 18th April & present on 19th April )
Exam Individual Written Assignment (Graded - hand in in week 20 )
See document ”Details of Group Project, Assignment and Exam” on Canvas for full details ..
INTRODUCTION TO THE INTERNET OF THINGS
Development
1999/2001: First mentioning of IoT in relation to supply chains Key technology: RFID
The thought of connecting things to each other is not new: From 1970’s: ”M2M” – e.g. Equipment
monitoring
From 1990’s: Mobile data enabled applications – e.g. logistics 2010’s: IP-enabled industrial & consumer
applications
Number of Internet of Things (IoT) connected devices worldwide from 2019 to 2021, with forecasts from 2022
to 2030
Connected devices:
• 2021: 11.28
• 2023: 15.14
• 2030: 29.42
Billions of Devices
Market data
The global market for IoT:
• 2018: $130bn.
• 2023: $318bn by 2023 (annual growth rate 20%).
WHAT IS IOT?
IoT concept
Connecting the virtual world and the world of physical things
Makes the real world more manageable
IoT Drivers
Enables iot
• Ubiquitous Connectivity.
o Communicating from anywhere at anytime. Gives
flexibility.
• Adoption of IP– based networking
• Computing Economics
o Computing has become cheaper. Powerful cheap
computing much more available.
• Miniaturization of technology
• Advances in Data Analytics
• Rise of Cloud Computing
o Enabling powerful computing power, accessible.
Promise or peril?
Data
Business view
The commercial possibilities for value generation warranted by IoT diffusion
IEEE Communications Magazine: The Internet of Things (IoT) is a framework in which all things have a
representation and a presence in the Internet.
The Oxford Dictionaries: The interconnection via the Internet of computing devices embedded in everyday
objects, enabling them to send and receive data.
Commonalities: network connectivity and computing capability extends to a constellation of objects, devices, sensors,
and everyday items that are not ordinarily considered to be “computers’’; Allows the devices to generate, exchange,
and consume data, often with minimal human intervention.
Device-to-Device Model
Device-to-Cloud Model
Device-to-Gateway Model
Back-end Data Sharing Model
Communication Model
Device-to-Device Model e.g., very simple home automation scenarios
– light switch
Gateway model
Device-to-Cloud Model e.g., Consumer IoT– Nest Labs Learning
Thermostat
The Internet of Things offer a potential economic impact of 4 trillion to 11 trillion a year in 2025
Where is the money?
- Industrial IoT?
- Consumer IoT?
•
GUEST PRESENTERS
IoT is a combination of
Product Design: Design better products with digital properties using IoT
o e.g. Sensor, water consumption
Business Innovation: Create new services and business models based on digital product properties
Production Optimization: Optimize production by digitization of equipment and processes
Develop, implement and assure the quality of IoT solutions containing sensors, electronics..
Challenges:
Recruitment and
Climate
Trends
Smart buildings
Smart home. Saving energy during higher energy prices.
Automation
Smart maintenance
Waste management
Real time monitoring of air quality
Real time monitoring of water
Key technologies
Wide range of technologies they believe will have importance in coming years
Some are mature, some are less
Tech radar
Survey in municipalities on the technologies in terms of their use potential etc.
Matureness of technologies
Get a score and can locate technologies in the radar, which they can use to show what technologies they might
should look into.
Technologies related to IoT
o AI and machine learning
o Edge computing
o Drones
o Wearables/Tracking
o Sensors
o Network technology
IoT setup
IoT value chain
Sensors (the thing)
Transmission
Transformer/mapper of data
o Store data, clean data, provide overview
Processing data
o Analyze data,
o Dashboard
Generate value
Moving towards a Modular approach today. Before they buy the whole thing (Supply chain) which is expensive.
Ehret M, Wirt J. Unlocking value from machines: business models and the industrial internet of things.
Journal of Marketing Management 2017;33(1-2):111-130. Download Ehret M, Wirt J. Unlocking value from
machines: business models and the industrial internet of things. Journal of Marketing Management
2017;33(1-2):111-130.
Bucherer, Eva, and Dieter Uckelmann. Chapter 10 - "Business models for the internet of things." In
Architecting the internet of things, pp. 253-277. Springer, Berlin, Heidelberg, 2011.
Introduction In this session we will identify approaches to developing business models for IoT for creation of value for
customers and the capture of value for the IoT ecosystem.
Learning Understand how value is created in IoT
objectives Learn the importance of customer experience in a IoT value proposition
Understand how to develop appropriate business models for IoT solutions
Aims Lecture 2 – Help you to understand (IoT) Business Models
Lecture 4 – Help you to develop (IoT) Business Models ... for your projects
Agenda • Introduction to Business Models in General
• What's Different about an IoT Business Model?
• IoT Business Model Archetypes
• Impact of IoT on Business Model Elements
Guest presentation
• Andrea Pelizzaro, Alfa Laval
Some more descriptive, tool based (help build a business model) & aimed at practitioners designing BMs
o e.g. Business Model Canvas – Osterwalder et al (2010)
Some more theory based, aimed at deconstructing & analysing BMs
o e.g. Hedman & Kalling (2003), Amit & Zott (2001), Teece (2010)
The goal of your project work is to develop an IoT business/technical prototype
o You need a practical business model tool to help you design your IoT business prototype
o Rather than carry out a deep theoretical analysis of someone else’s existing business model
1. Value Proposition
2. Value Creation
3. Value Delivery
4. Value Capture
4 Innovation Risks
1) DESIREABILITY
Do they want it? Do the customer want the things we are to design
– value proposition.
2) FEASIBILITY
Can we build it?
The customers might like it. But do we have capabilities to do this?
Are we able to build the service, product. Do we have the
resources, know-how, processes, partnerships,
3) VIABILITY
Can we generate value?
Can we actually make money out of it? value capture
(4) ADAPTABILITY
is the market timing right?)
Configure these elements & the components that go into them in the right way – “ingredients” that goes into the 4 basic
elements
1. Value Proposition
2. Value Creation
3. Value Delivery
4. Value Capture
To generate supernormal profit in one or more of the following ways. We have a profitable business. Higher than the
industry average over the long term.
Profit can be made in different ways: not necessarily all, but some of them can be achieved
Generating Unique Novel Products & Services
Reducing Operational Cost Structure. Doing things more quickly, getting to market faster.
Running Operations Faster & More Efficiently
Generating Income before Incurring Cost
Getting Partners to do the Work
Generating Network Effects
Scaling Quickly
Creating Customer Lock-In
Generating Recurring Revenues
Owning VRIN Resources and Capabilities
Profiting from Learning Effects
etc...
=> Sustainable Competitive Advantage
WHAT'S DIFFERENT ABOUT AN IOT BUSINESS MODEL?
1. IOT “THINGS” ARE DIGITAL ...& 2. IOT APPLICATIONS REVOLVE AROUND DATA
If we get the ingredients right going into the 4 BM elements we can do many things and achieve supernormal profit.
But how to get the ingredients correct?
Value creation and value delivery of an IoT value proposition is seldom achieved by one organisation
functioning in isolation
o Key resources are shared across an ecosystem of partners. Have to work with bunch of suppliers or
partners. More an ecosystem than a traditional supply chain.
o Value is created through cooperation and partnership
Frequently these IoT ecosystems are centralised around one dominant player (aka keystone actor)
o The keystone actor takes on the responsibility of ensuring the health of the ecosystem
o Ecosystem health results from a profitable ecosystem for all ecosystem members (from which the
keystone profits)
o The keystone actor does this in part by ensuring equitable sharing of value captured in the ecosystem.
Session #3 is dedicated to studying IoT ecosystems
IOT BUSINESS MODEL ARCHETYPES
Academic perspective (course reading on Canvas): ** IMPORTANT READ & DIGEST THIS PAPER **
– Endres et al (2019) – Industrial Internet of Things (IIoT) Business Model Classification
Classification of different IoT business models
Archetype 1 Digical
Essence Incumbents combine IoT components into traditional products – incorporating IoT
sensors into a physical products in order to produce extra features,
Information produced enables product related digital services – e.g. remote
maintenance
Most basic type
Typical characteristics of Augments existing traditional value proposition through digitalization and process
Value Proposition optimization
Development of hybrid products / digicals
Additional services, which are close to the current product - implementing
complementing services etc.
Adding featues to the existing physical product.
Example BMW’s Connected Car provides digital services such as real time traffic info,
security warnings, maintenance services & alerts.
Sensors can collect data -> analyzed -> sent back to the driver.
Subscribe for getting these extra services.
Any Smart Home device. An extension of the existing product
Archetype 2 service-centered
Essence Incumbents combine IoT components into traditional products to radically change
BM
Shift from selling of traditional component products to selling service based on
benefits of using component
To be able to provide this service, they need data on how the jet engine is
performing. Additional > able to sell additional services.
Typical characteristics of radical change of the value proposition: not the product itself is sold, but the
Value Proposition availability of the product
producer of the component (not customer) as machine owner and operates the
machine
payment is dependent on the actual use of the product (as a service)
Example Airlines typically no longer buy and own Rolls Royce jet engines,
instead Rolls Royce sells the service of jet propulsion as “power by the hour”,
including additional IoT data enabled services such as recommendations for more
fuel efficient use and scheduling of maintenance on arrival
not iot if they didn’t have iot devices collecting data.
Bike sharing in Copenhagen – Donkey Republic using iot devices on their bikes
(tracking) – IoT related service as device is used for tracking and charging
customers. SwapFiest NOT IoT as they don’t have tracking devices etc. Carsharing
is IoT?
Archetype 3 Data-driven
Essence Value add services based on processing IoT generated data provided separate to
existing product
Fee is charged for the generation, collection, aggregation & processing of data (from
different sources)
Typical characteristics of Value proposition concerns data collection, processing and analysis
Value Proposition customers gain insights into their machines and processes
on basis of the data analysis and insights the customers can improve the business
outcome
Archetype 4 Platform
Essence Acting as a keystone, mediating between actors generating IoT data, and actors
(complementors) developing value add services based on that data
Fee is charged for mediating the transaction of data one way or services the other
way
Extension from service centered. Collecting data from products in order to create
services
Bringing in more companies to use the data you generate from iot devices to provide
new services.
Osterwalder et al (2014)
Source: Osterwalder, A., Pigneur, Y., Bernarda, G. and Smith, A., 2014. Value proposition design: How to create
products and services customers want. John Wiley & Sons.
Value proposition Osterwalder (2014) describes a value proposition as the net benefits a product or service
generates for a customer/user. Value being created for the user
Benefits are defined in terms of how the product or service:
o Solves a set of problems / challenges faced by customer
o And provides additional unforeseen benefits
So the question you need to ask:
o What are the benefits that my IoT enabled service/product delivers
o That solves a customer problem and therefore creates value for them
IoT based value propositions tend to focus on solving customer needs which depend on the provision of timely
information (based on analysis of IoT sourced data) either:
o Directly – customer specifically needs the information. Help them make decisions (e.g. GE)
o Indirectly – customer specifically needs a service, which is dependent on the information.
Either augmenting the utility of an existing product/service
Or enabling an additional complementary service
“Of all the corporate resources (people, finances, assets, information), information is probably the least well
managed”. (Moody and Walsh, 2002)
Value in IoT derives from provision of information ... (and the way it is then used) ... (Bucherer & Uckelmann
2011)
Providing the right information ...
o ... in the right granularity ... (level of detail)
o ... and the right condition ... (in the right context)
o ... at the right time ... not useful to receive information too late (e.g. GE)
o ... anywhere in the network ... (from the right place)
o ... at an appropriate price.
Information components from 4 example value proposition scenarios taken from (Bucherer & Uckelman
2011):
1. IoT enabled platform based car rental (e.g. Car2Go) - Time & distance
2. Detection of counterfeit goods in supply chain – e.g. Blockchain based identifiers in pharmaceuticals
3. Product marketing in retail environment – Product info scanned in store or product marketing pushed
to consumers in store
4. Optimized transport logistics – Tagged transport containers containing perishable goods enable
optimized tracking & transport logistics
Special Case: Considering the value created for customer by an IoT value proposition
Reference: Kim, W.C. and Mauborgne, R., 2000. Knowing a winning business idea when you see one. 44 Harvard
business review, 78(5), pp.129-138.
Technological Utility
IMPACT OF IOT ON BM ELEMENT: VALUE CREATION
o Value proposition design and innovation – new How to use data and information to
features to meet unmet needs make these activities:
o Service delivery more rationalised, cheaper, faster,
o Manufacturing processes more reliable, better quality
o Logistics both inbound and outbound
o Customer, supplier and partnership management
Step 1
o A small platform available – got the infrastructure in place.
Not in IoT business yet. Used a 3rd party – provided infrastructure.
o A cross functional task force
o Multiple customer interviews. How do you know whether the customer is willing to.
o MVP ready in 1 month
Step 2
o A formal organization
o A digital portfolio
If customers had problems with their vessel, they didn’t want to have any one on board due to Covid-19
o Due to their infrastructure, they had the opportunity to provide this for their customers > get data from
vessel from the PLC through the FGW (Field Gateway).
o Field gateway
To fluid separation
Using Field Gateway. Gateway able to get data from somewhere.
Totally data driven
Take iot side in order to create value proposition > warranty for their customers.
o Data about their spare components will fail – remaining life time about their customers products. Can
tell whether parts are damaged.
o 1 day down time
Service agreement
o Subscription based model – yearly subscription of it. If they want to leave, they just leave the
hardware there. They can enter again if they sign a new service agreement.
3 drivers
o Uptime
o Cost – troubleshoot from remote,
o yield
2 solutions:
2 concerns:
Biggest burden for the customers:
Data ownership: even though they don’t know what to do with the data, if they have it they see it as an asset
they own. Data is their assets, which they don’t want to share
Cyber Security: When opening a communication channel you become vulnerable for hacking attacks.
o Mærsk was hacked.
o Decanter:
Lessons learned
An interesting future
+
Product
Mechanical
Silo
Transactional
Business as usual
-
Value
Digital
Partnerships and ecosystems
Relational
New company setup
3. IOT AS A DIGITAL BUSINESS ECOSYSTEM
Pauli, Tobias; Marx, Emanuel; and Matzner, Martin, "Leveraging Industrial IoT Platform Ecosystems:
Insights from the Complementors' Perspective" (2020). In Proceedings of the 28th European Conference on
Information Systems (ECIS), An Online AIS Conference, June 15-17, 2020. Download Pauli, Tobias; Marx,
Emanuel; and Matzner, Martin, "Leveraging Industrial IoT Platform Ecosystems: Insights from the
Complementors' Perspective" (2020). In Proceedings of the 28th European Conference on Information
Systems (ECIS), An Online AIS Conference, June 15-17, 2020.
Recommended Reading:
Porter, M.E. and Heppelmann, J.E., 2014. How smart, connected products are transforming competition.
Harvard business review, 92(11), pp.64-88. Download Porter, M.E. and Heppelmann, J.E., 2014. How smart,
connected products are transforming competition. Harvard business review, 92(11), pp.64-88.
Porter, M.E. and Heppelmann, J.E., 2015. How smart, connected products are transforming companies.
Harvard business review, 93(10), pp.96-114.
Introduction In this session we will examine the importance of business ecosystems which are frequently required to be
established in order that effective IoT solutions can be implemented and run in practice.
Learning Understand the meaning and importance of ecosystems in the context of IoT
Objectives Learn analytical approaches to help build and sustain an ecosystem
Learn about analytical tools developed specific to help us establish successful IoT ecosystems
Agenda • Recap of IoT Business Models
• Impact of IoT on Business Model Elements
• IoT Ecosystems
Guest presentation
• Bjørn Rasmussen & Magnus Thomsen, Andel Lumen
IOT ECOSYSTEMS
Archetype 4 Platform
Essence Acting as a keystone, mediating between actors generating IoT data, and actors
(complementors) developing value add services based on that data
Fee is charged for mediating the transaction of data one way or services the other
way
Extension from service centered. Collecting data from products in order to create
services
Bringing in more companies to use the data you generate from iot devices to provide
new services.
Power of certain actors in IoT ecosystem has direct effect on viability of others
ECOSYSTEM HEALTH
3 CRITICAL MEASURES
Source: From Iansiti & Levien 2004 - Ecology as Strategy ... *** Read & absorb this paper ***
For the business model to flourish – the health of functional groups is critical
Three measures:
1. Productivity - “ability to consistently transform technology and other raw materials of innovation into lower
costs and new products”
o Innovate new products and services. In order to do this,they need access to raw materials etc. Maintin
its productivity
2. Robustness - ability of ecosystem to survive unexpected disruptions – measure by survival rate over time
relative to other ecosystems
o To survive disruption – rise of new rival or technology. Google ecosystem around search > rise of
ChatGPT is a new technology that might disrupt google search, ensure google is robust enough to
survive the potential disruption.
3. Niche Creation - the ability to be able to support a diversity of niche players to help ecosystem absorb shocks
and to encourage innovation
o Healthy viable and grow > find successful niches to maintain their businesses,
Your health in the ecosystem depends on your role and the strategy you pursue.
Different roles
Vary on the complecity and level of turbulence and innovation the
organisaiton has to deal with
Negative influence > 2 different distincted by whether they are dominating horizontal or vertical
Value Dominators – exploit ecosystem through horizontal integration aiming to dominate a particular
function and draining ecosystem value pushing out other ecosystem members
o Will dominate the whole functional block in an ecosystem. IoT device; dominates the whole category.
o E.g. Philips in the context of apple: IoT enabled light bulbs, speakers – on the whole horizontal
Physical Dominators – exploit ecosystem through vertical integration thereby draining ecosystem value
pushing out other ecosystem members
o Not just dominant in devices, but also in apps for example as well as platforms
E.g. Apple itself. Both apps and physical devices.
Apple beigns to dominate, monopolize.
Power of certain actors in IoT ecosystem has direct effect on viability of others
Keystone Advantage:
Keystone organisation has a position of power in business network
Enabling it to create & share value in network
Thereby enhancing the health of the network
Keystone Strategies:
1. Value Creation .... increase system productivity by:
o simplifying the complex task of interconnecting network participants
o making the creation of new products by third parties more efficient – e.g SDKs
o Enabling ecosystem actors to do their job better. Be more productive.
o Apple: Helps facilitate creation of new proucts by third parties, making sdk available.
2. Value Sharing.... enable system robustness and niche creation by:
o sharing innovative technologies – e.g. APIs
o Ensure ecosystem remains robust. Helps to encourage niche creation.
o Apple: Share APIs and functionality to enable developer and 3rd party software apps to deliver their
services and products and thrive.
Ecosystem strategies
Niche Players
Leverage keystone organisations
Avoid dependence on a single keystone. If developing for apple, make sense to also produce for android.
Avoid dominators. If Philips entered same niche, we would quickly change niche to protect ourselves against
Philips competition.
Maintain focus, but be vigilant to respond rapidly to change. Adapt.
Commodity Player
Seek an ecosystem strategy to avoid being competed out of existence – become a niche player.
Do something different. Try to differentiate.
Position in an ecosystem has strategic implications for value creation & capture
What is (what are) the ecosystem(s) you operate in?
Who are the different ecosystems members (as functional groups)?
How do you in interact with them by generating or using IoT data to create, share & capture value?
And:
If you are a keystone - how do you maintain the health of the ecosystem?
If you are not a keystone - how & why might you try to become one?
If you are a niche player - what steps do you need to take to flourish?
If you are a commodity player - what steps do you need to take to avoid irrelevance?
Notitia Valuechain
Market insights....
Classical obstacles you meet
Snowball is not getting bigger
”PoC sickness” - no scaling
Where’s the business case?
No standards for sharing data
Fear of vendor locking
Ownership of data!
Immature suppliers
Lack of knowledge across value chain
Change management
Fear of hacking? (security)
Notitia USP
Tried to avoid these when building the product
A lot of data...
Each meter creates and transmits 1,971.000 datagrams a year
We collect only 8,760 of these datagrams – or more than 175,200,000 datagrams across our customers
It takes only 1 datagram to create the value needed to build your business
Use data
Create value!
Data is just numbers! The opportunity lies in the transformation of the information hidden in the dataset.
Displaying data is the simplest form – converting knowledge based on data into actions is where the real value
is!
Don’t tell me – Act!
4. IOT BUSINESS MODELS
Chapter 1. Osterwalder, A. and Pigneur, Y., 2010. Business model generation: a handbook for visionaries,
game changers, and challengers (Vol. 1). John Wiley & Sons.
Learning Help you to develop (IoT) Business Models ... for your projects
Objectives Understand the 4 risks to address with business model design
Learn how to design IoT based value proposition
Learn how to design IoT based business models
Agenda • Course Administration and Logistics
• Overall Project & Assignment Task (Commercial)
• Task - Value Proposition Part
• Task - Value Creation Part
• Task - Value Delivery Part
• Task - Value Capture Part
• Task - Further Advice
Guest presentation – Jakob Hall, GE
2) Value Creation
Making It Feasible
3)Value Delivery
4) Value Capture
Making it commercially viable
TOOL: BUSINESS MODEL CANVAS
VALUE PROPOSITION
Customer Profile
Jobs describe the tasks customers are trying to get done in
their work and in their lives
Pains describe anything that annoys your customer before,
during, and after trying to get a job done
Gains describe the outcomes and benefits your customers
wants to achieve by getting job done.
Value Map
Products & services lists the products and services your
value proposition builds on.
Pain relievers describe features of the product/service that
alleviate specific customer pains.
Gain creators are the outcomes and benefits of the
product/service that the customer expects to achieve their job
Objective: Achieve a good fit
Use as brainstorm tool. Iterate back and forth. Quick thinking,
until it fits on both sides.
This practical IoT value proposition task should be informed by the IoT value proposition concepts from
Session #2
Key Resources
Describe assets most essential for an organisation to have deliver its business model
Identify and prioritise those resources that are essential to deliver the business model and that set it apart
from the competition
o Only Focus on key resources.
Key Activities
Describe those most essential things an organisation must do to deliver its business model
Identify and prioritise those resources that are essential to deliver the business model and that set it apart
from the competition
Key Partnerships
Describe essential partners and network of suppliers needed to make a business model to work.
Motivations for creating partnerships:
Major categories of resources Key questions to answer
• Optimization / economies of • What resources and activities
scale are more effective to bring
• Reduction of risk and in?
uncertainty • Who are our most trusted,
• Acquisition of resources & economic and effective
activities partners and suppliers?
This practical IoT value creation task should be informed by IoT value creation and ecosystem concepts from
Sessions #2 & #3
Assume you are a start-up with limited resources ...
VALUE DELIVERY
Customer Relations
Represents relationship between organisation & customer
Focus is on the nature of interactions between organisations and customers, e.g. customer service,
maintenance, complaint handling etc
Channels
Mechanism by which sales are made to the end customer
Channels
This practical IoT value delivery task should be informed by IoT value delivery concepts from Session #2
Assume you are a start-up with limited resources ...
VALUE CAPTURE
Channels
Cost Structure
Describes all costs incurred to operate a business model
Business model cost structures:
o Cost driven verses value driven business models.
o Fixed and variable costs
o Economies of scope and economies of scale
Cost Structure
Revenue Streams
Describe the means by which income is generated and is oxygen for the survival of our company – different
ways to charge customers.
o Characteristics of customer segment – what will fit them.
Range of revenue models available:
o Advertising
o Asset Sale Licensing
o Brokerage fees Lending / Rental / Leasing
o Usage fee Subscription fees
One off transactional revenues vs recurring revenues - Subsidising & Lock In
o Fixed price mechanisms: list price; product/service features; customer segment variations; volume
discounts vs
o Dynamic price mechanisms: negotiated prices; yield management; real-time; auctions
This practical IoT value delivery task should be informed by IoT value delivery concepts from Session #2
Assume you are a start-up with limited resources ...
FURTHER ADVICE
1. Business model archetypes
2. Ideas for how your business model might generate competitive advantage
3. Tips for designing, presenting and writing up business models etc
How will it evolve: When go to market start as digical, but maybe move towards platform.
Reflect if, and how, your business (model) idea can generate competitive advantage through achieving one or more of
the following:
1. Customer lock in due to designed in switching costs
a. If physical product – cheaply. Valuable service
2. Recurring revenues through effective revenue models (not limited to subscription models)
a. Revenue model -movey beyond selling a product once. Maybe subscription
3. Enabling a game changing cost structure (e.g. by rationalising your processes)
4. Getting others to do your work (e.g. through outsourcing or enabling third parties to build
1. complementary products & services)
5. Rapid scalability through generating network effects
6. Protection from competition through owning VRIN assets and capabilities (e.g. learning effects from owning
bigger better datasets) – learning effects
When designing, presenting & writing up BMC (or a Value Proposition Canvas) keep it simple:
o Max three points per component
o Try and keep each point in the figure to a short headline (2 words excellent; 4 words okish; >6 words
not good)
The point is to present the tools without confusing
In a presentation your spoken words fill in the detail ...
In a written report, your written words fill in the detail of the
diagram ...
El Khaddar, M.A. and Boulmalf, M., 2017. Smartphone: The Ultimate IoT and IoE Device. In Smartphones
from an Applied Research Perspective. IntechOpen Download El Khaddar, M.A. and Boulmalf, M., 2017.
Smartphone: The Ultimate IoT and IoE Device. In Smartphones from an Applied Research Perspective.
IntechOpen
The EU-IoT Framework for Internet of Things Skills: Closing the Talent Gap
Digital Twins – the real promise of (I)IoT
Digital twin = “The digital twin is the virtual representation of a physical object or system across its life-cycle. It uses
real-time data and other sources to enable learning, reasoning, and dynamically recalibrating for improved decision
making.”
ITU Y.2060
ITU Y.2060
“The IoT can be viewed as a global infrastructure for the
information society, enabling advanced services by
interconnecting (physical and virtual) things based on
existing and evolving interoperable information and
communication technologies (ICT)”
Things are objects of the physical world (physical things) or of the information world (virtual world) which
are capable of being identified and integrated into communication networks. Things have associated
information, which can be static and dynamic.
Virtual things exist in the information world and are capable of being stored, processed and accessed.
Examples of virtual things include multimedia content and application software.
Physical things exist in the physical world and are capable of being sensed, actuated and connected. Examples
of physical things include the surrounding environment, industrial robots, goods and electrical equipment.
Time constriction:
It can be anything; any physical thing
COMPONENTS
Devices & components
A device is a piece of equipment with the mandatory capabilities of communication and optional capabilities
of sensing, actuation, data capture, data storage and data processing. The devices collect various kinds of
information and provide it to the information and communication networks for further processing.
Some devices also execute operations based on information received from the information and communication
networks.
Scale
Components
Overview & architecture
Enormous scale: The number of devices that need to be
managed and that communicate with each other will be at least
an order of magnitude larger than the devices connected to the
current Internet. The ratio of communication triggered by
devices as compared to communication triggered by humans
will noticeably shift towards device- triggered communication.
Definition
(Tanenbaum Chapter 1)
ARCHITECTURE
TYPES OF NETWORKS
PAN: Personal Area Network
LAN: Local Area Network
MAN: Metropolitan Area Network
o CBS
WAN: Wide Area Network
o Global, represented by the internet, all other types of networks are kind of subnetworks to this type.
DEFINED BY DISTANCE
City area
Sixfox
DEFINED BY ADMINISTRATION
Central Administration
Local Administration
Challenge:
Sixfox data to something wifi understands – push data to
central point
Wireless networks
Edge data centers and distributed charging stations
Smartphone-centric IoT
Smartphone development
o https://flauntdigital.com/blog/evolution-mobile-phones/
o https://www.bankmycell.com/blog/iphone-evolution-timeline- chart#info
Whats inside the box?
IoT and IoE
Smart everything and controlling it..
Machine learning and Artificial Intelligence
4 – 5g and BLE/NFC/WiFi
Smartphone: The Ultimate IoT and IoE Device Mehdia Ajana El Khaddar and
Mohammed Boulmalf
RECAP
Sanjit Ganguli, Ted Friedman (2015): IoT Technology Disruptions: A Gartner Trend Insight Report
Download Sanjit Ganguli, Ted Friedman (2015): IoT Technology Disruptions: A Gartner Trend Insight
Report
GSMA (2014). Understanding the Internet of things. Download GSMA (2014). Understanding the Internet of
things.
MachNation-IoT-Architecture-v1.4.pd
Things you should have done ...
Got an Arduino.cc account ..... It’s free
Got a GitHub account .... It’s free
Got a Thinger.io account .... It’s free
Signed on to Sigfox Portal
Retrieved ID & PAC
Started looking at stuff like:
o Hackster.io
o CircuitBasics.com
o RandomNerdTutorials.com
Start
Edge IoT
An IoT Architecture
Sidebars:
i
IOT STACK
Connectivity – sixfox
Backend: sixfox, iot cloud
Platofrm: Arduino
COMMUNICATIONS CHANNELS
IoT is (loosely) based on the internet – uses internet
specific protocols (sort of!) to communicate with server systems (cloud) in different ways.
Remember the ISO model?
Which is really a 7 layer model:
What do the layers do?
Layer 1: Application Layer
o User inputs data and data is output to the user.
o User normally filters data
Layer 2: Presentation Layer
o Converts incoming and outgoing data from one format to another for presentation.
Layer 3: Session Layer
o Sets up and authenticates, coordinates, maintains, and terminate
o Session management. IoT session different from traditional internet sessions.
o Why different from ordinary internet sessions? Data that needs to be calibrated.
Layer 4: Transport Layer
o Provides communication session management support, packetization of data, delivery of the packets,
and error checking once the data arrives. Hash algorithm
o Tcp and udp. – overhead
o
Layer 5: Network Layer
o Handles the addressing and routing of the data.
o Ip protocol, ip address originates
Layer 6: Data Link Layer
o Provides a reliable link between two directly connected nodes. The data link layer is also responsible
for detecting and fixing packet errors that may form on the physical layer.
Layer 7: Physical Layer
o Conveys the bit stream through the network at the electrical, optical, or radio level.
DEVICE LAYER
Multiple capabilities:
The device capabilities include but are not limited to:
o Direct interaction with the communication network. Able to gather and upload directly without using
gateway.
o Indirect interaction with the communication network.
Do same thing with a gateway as a medium betwene
o Ad-hoc networking
Need a connection now but not in a few minutes – p2p.
Making a device sleep
o Sleeping and waking up is key – else using battery too quickly
Gateway capabilities:
o The gateway capabilities include but are not limited to:
o Multiple interfaces support
o Protocol conversion
NETWORK LAYER
This consists of the following two types of capabilities:
o Networking capabilities: provide relevant control functions of network connectivity, such as access
and transport resource control functions, mobility management or authentication, authorization and
accounting (AAA).
o Transport capabilities: focus on providing connectivity for the transport of IoT service and
application specific data information, as well as the transport of IoT- related control and management
information.
MANAGEMENT CAPABILITIES
In a similar way to traditional communication networks, IoT management capabilities cover the traditional
fault, configuration, accounting, performance and security (FCAPS) classes, i.e., fault management,
configuration management, accounting management, performance management and security management.
The IoT management capabilities can be categorized into generic management capabilities and specific
management capabilities.
Essential generic management capabilities in the IoT include:
o device management, such as remote device activation and de-activation, diagnostics, firmware and/or
software updating, device working status management; local network topology management;
o traffic and congestion management, such as the detection of network overflow conditions and the
implementation of resource reservation for time-critical and/or life-critical dataflows.
Specific management capabilities are closely coupled with application-specific requirements, e.g., smart grid
power transmission line monitoring requirements.
SECURITY CAPABILITIES
Generic security capabilities and specific security capabilities. Generic security capabilities are independent of
applications. They include:
o at the application layer: authorization, authentication, application data confidentiality and integrity
protection, privacy protection, security audit and anti-virus;
o at the network layer: authorization, authentication, use data and signalling data confidentiality, and
signalling integrity protection;
o at the device layer: authentication, authorization, device integrity validation, access control, data
confidentiality and integrity protection.
Specific security capabilities are closely coupled with application-specific requirements, e.g., mobile payment,
security requirements.
Each level needs to be authenticated. The importance depends on the type of system we are working with
Why might internet protocols not be the best solution for IoT?
Power constraints
o Makes some power each time processing bytes. Processing an IPv4 or 6 header is either 20 or 40
bytes
Payload size vs. overhead
Duty cycle
o How much time can I be on the air using the tech that we use. We use tech in ISM band.
Memory
Data delivery (ACK). Do I want a receipt for data.
Handshaking?
Security – IP spoofing etc
o If getting in the middle we can spoof the IP, imitating another IP
MQTT Brokers
Basically there are a number of Brokers available, Mosquitto, Mosca, emqttd being the best known.
These are server applications
which can be downloaded and installed on
local servers or hosted on AWS, Node red MS Azure or similar
Aternatively, use a test broker or a cloud based solution as shown in the table
Also RANs
The IoT technology stack is a range of technologies, standards and applications, which range from the simple
connection of objects to the Internet to simple/very complex applications that use these connected things, the
data they gather and communicate and the different steps needed to power these applications.
Platforms
Key Partners
So:
o VOLUME of devices is King
o Length of SERVICE delivery is key
o (Short contracts = higher (device) prices, Long contracts = lower OVERALL pricing)
ACTUATORS
An actuator is a device that alters the physical quantity as it can cause a mechanical component to move after
getting some input from the sensor. In other words, it receives control input (generally in the form of the
electrical signal) and generates a change in the physical system through producing force, heat, motion, etc.
Padraig Scully,Knud Lasse Lueth 2016. Guide to IoT solution Development Download Padraig Scully,Knud
Lasse Lueth 2016. Guide to IoT solution Development
Technology positioning
USE CASES
Sigfox Geolocation
Works on all Sigfox hardware –extra costs involved. Definitely a Best Effort service!
Delivers coarse position – accuracy in kms. Best in antenna-dense areas (urban)
Defined by Cell size and number of receiving BS’s
Combined with wifi can give accuracy down to sub 100m. (best case, less accurate in rural areas)
Low power usage (increasing w. Wifi)
Other sensors – tilt, temp/hum, movement etc.
Varying battery life (use case dependent) but usually 1 to 2 years
Varying SW platforms
Typical products: any Sigfox device
Global
hegemony with
Sigfox
technology!
One ring
(subscription) to
rule them all!
For devices that
have the Sigfox
Geolocation
service activated,
and for a single
message
reception, the
system provides
estimated
location
coordinates
along with a
radius. The
radius
corresponds to
the estimated
accuracy of the
location
information.
The location
computation is
based on the data
from the Sigfox
infrastructure,
coming from
several replicas
of the same
messages sent by
a device and
received by
different base
stations.
Those different
replicas, in
addition to the
message itself,
have further
information
coming from the
network, such as:
The identifier of
the base station
that received the
message.
The RSSI
(Received Signal
Strength
Indicator)
indicating the
quality of the
signal received
Wifi
Devices (such as Loka, Antalis and others) built as multifunction boards
Onboard WiFi scanner (as opposed to a WiFi module) – looks at 1, 2 or 3 strongest SSID/Mac adresses from
available AP’s LoKauses2or3,Antalis1or2
Scanner references one or more AP databases (Here, Google and Combain – 92,7% coverage in Dk.)
Often combined with XG and BLE (always combined with GPS in iPhones and similar)
Claimed accuracy 10m Indoor, 30m outdoor urban/suburban, less in rural areas (dependent on number of WiFi
APs and Sigfos BS.
General Features
o Dimensions: L: 65mm, W: 20mm, H: 5mm
o Operating temperature: -10oC to +65oC
SIGFOX - ETSI:
o Output power: 14dBm
o RxSensitivity: -124 dBm
o Uplink Frequencies : 868.1 MHz & 869.5 MHz
External Interfaces
o 2 Analog IO lines
o 8 Digital IO lines
o UART / Serial Port (AT commands available)
Approvals and certifications
o SIGFOX ready
o FCC and CE mark (on going)
o WEEE, RoHS compliant
Sensors etc.
o WiFi 802.11b/g/n transceiver
o Accelerometer and Temperature sensors
o Input VCC: From 1.8V to 3.3 V
o Power consumption: Sleep: 3uA Running: 1mA
o Transmitting: 60 mA (~6 sec)
o SPI / I2C / 1-Wire Support
o 3.3V input / output
o Power controlReset
Accuracy with WiFi - ( Sigfox test material)
Main uses
o Find things (quickly)
o Identify and find unused or underutilized assets
o Understand where asset go
o Optimize how/when/where assets are used
o Localize and protect assets
o Find stolen assets
Sensohive...
Maturix
Market size...
Before Maturix and after...
POC
Quick and dirty solution which should prove concept (can it be done?), identify problem issues, get first data and
imagine extensions. Use out of the box components, work-arounds and hacks. Time constraint 2-4 weeks.
Speed is of the essence:
o Design, cost, size are not the issue her. Use existing (cheap) elements, non-optimal hacks.
Network:
o Network will always be a major constraint on th Business Model. Better to choose right at the
beginning but plan for change.
Platform:
o Basically, use free platforms even Excel is good enough at this stage!
Field Test
Deploy X devices in the field under realistic conditions, capture data and as much relevant environmental data as
possible. Correlate to Business Model & Plan
What happened?:
o Failure, loss of device, breakdowns etc. all contribute to understanding. Ideally, a diversity of contexts
is needed.
Scale:
o From small data to extrapolated big data-
o Find best frequency, autonomy and precision. Open to un-expected use and additional new uses.
Choice:
o Examine suitability for purpose and evaluate choices made. Alternatives?
POT/POV
(Re)Design a device with optimal technologies based on results of field tests and which meet expected autonomies,
costs etc. Identify (sets of) main insights and Value Creation. Decision Time!
Verify tech assumptions?:
o Failure, loss of device, breakdowns etc. all contribute to understanding. Ideally, a diversity of contexts
is needed.
Verify external partner choices:
o From small data to extrapolated big data-
o Find best frequency, autonomy and precision. Open to un-expected use and additional new uses.
Confirm Value Creation:
o Examine suitability for purpose and evaluate choices made. Alternatives? Refine BP.
Industrialisation
Create end-product, mass production, testing, certification, packaging etc. Apps/platform, marketing and support
infrastructure.
Manufacture:
o Design end product to built at scale. BOMs, electronics, mechanical, assembly, test-automation,
certification etc. Mostly engineering handled by specialist companies
Service Provider:
o Build subscription model– cooperate with Network Operator or alternative.
Platform/Apps:
o Provide insigt and/or build platform. Classical IT using Cloud services and similar.
Expertise – Team
IoT projects need a lot of expertise which currently is not found in most companies.
Since IoT is transformative, these profiles may be very far from a company’s comfort zone.
Hardware engineer Embedded/Firmware engineer
Backend developer Frontend developer
Marketing Digital solution sales
Mechanical Design Manufacturing
Database expert Apple developer
End-User support Field Maintenance
Purchasing IoT Networks engineer
Android developer Data Analyst
IoT Project manager PM and <Deployment
IoT projects need a lot of expertise which currently is not found in most companies.
Since IoT is transformative, these profiles may be very far from a company’s comfort zone.
In real life and especially for IoT - because things like size, price, volume, autonomy etc. are key elements,
there are many make-or-break dilemmas to be solved and choices to be made. This often means compromizing
on initial expectations, alternatively not starting an IoT project!
EXERCISE 3A/B: THINGER.IO AND SIGFOX, WIFI AND ARDUINO IOT CLOUD
By now we should have the Dev Kits up and running, communicating with Sigfox and WiFi and able to push data to a
simple endpoint (mail and/or monitor).
Wei Zhou, Yuqing Zhang, and Peng Liu, Member, IEEE , 2018. The Effect of IoT New Features on Security
and Privacy: New Threats, Existing Solutions, and Challenges Yet to Be Solved Download Wei Zhou,
Yuqing Zhang, and Peng Liu, Member, IEEE , 2018. The Effect of IoT New Features on Security and
Privacy: New Threats, Existing Solutions, and Challenges Yet to Be Solved
Arbia Riahi Sfar, Yacine Challal et al. 2013. A Systemic Approach to IoT Security Download Arbia Riahi
Sfar, Yacine Challal et al. 2013. A Systemic Approach to IoT Security
Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman,
J.A., Invernizzi, L., Kallitsis, M. and Kumar, D., 2017. Understanding the mirai botnet. In 26th {USENIX}
Security Symposium ({USENIX} Security 17) (pp. 1093-1110).
Interconnecting anything
Surface of attack is exploding
o The ways in which black hat hackers are able to attack devices is huge. Easy to get in.
Attacks are scalable and can damage others businesses
o Attack in network, needed huge amount of knowledge, today its more easy. Easy to gain information
enough to break into systems.
o
Vulnerabilities across the value chain
Proactive view of sec in IoT.
Security is an E2E requirement
Not just where you are attacked but goes across value chains
SECURITY IS A PROCESS
Steps
Step 1 Risk evaluation
Your E2E application
CHALLENGES IN IOT
Anti-replay mechanism
o Steal a message and replay in another context, potential security issues > block one device and imitate
another device and inject malware into a system
Message integrity
o We don’t want the message to be altered with
Payload encryption
o Doesn’t make sense unless you know the custom grammar bit
o Without impacting 12 bytes which is the max size
In-device security: hardware and software security technologies
What is IoT?
Devices: Devices within a network are instrumented so they can be addressed individually
o IoT picture
Platform: Devices are interconnected by way of a shared platform such as a cloud services
Intelligence: Devices may perform functions adaptively, on their own or with other devices and applications,
based on programming and inputs from the physical worls
4. Maintain the solution - Operations, monitoring, and upgrades: IoT solution operators
o Not monitorable our PoC
o Sigfox: some level of management in the system. Requiring them to update
Availability: Ensuring constant connectivity between Endpoints and their respective services
o IoT cloud.
o WifiOnly connected when it needs to be. Sometimes it is not connected. Not contstant
o Sigfox: sleeps most of the time, not constantly connected. Ensure to be connected that it CAN connect
Identity: Authenticating Endpoints, services, and the customer or end-user operating the Endpoint
o Possible with Wifi
o Not possible with Sigfox; ‘to who is the end user’ not possible.
o Different in sub wifi system: easy (wifi in our home)
Privacy: Reducing the potential for harm to individual end- users
Security: Ensuring that system integrity can be verified, tracked, and monitored
AVAILABILITY CHALLENGE
Availability challenge
How can Low Power Wide Area (LPWA) networks (e.g. NB-IoT and LTE-M) be deployed and operated with
a similar level of security to traditional cellular systems?
How can multiple mobile operators support the same level of network security as IoT Endpoints migrate across
network boundaries?
How can network trust be forwarded to capillary Endpoints that rely on Gateway Endpoints for
communication?
How can the power constraints of Lightweight Endpoints be addressed in secure communications
environments?
IDENTITY CHALLENGE
Can the user operating the Endpoint be strongly associated with the Endpoint’s identity?
How can services and peers verify the identity of the end-user by verifying the identity of the Endpoint?
Will Endpoint security technology be capable of securely authenticating peers and services?
Can rogue services and peers impersonate authorized services and peers?
How is the identity of a device secured from tampering or manipulation? How can the Endpoint and Network
ensure that an IoT Service is permitted to access the Endpoint?
PRIVACY CHALLENGE
Is the identity of an Endpoint exposed to unauthorized users?
Can unique Endpoint or IoT Service identifiers allow an end-user or Endpoint to be physically monitored or
tracked?
Is data emanating from an Endpoint or IoT Service indicative of or directly associated with physical end-user
attributes such as location, action, or a state, such as sleeping or awake?
Is confidentiality and integrity employed with sufficient security to ensure that patterns in the resultant cipher-
text cannot be observed?
How does the product or service store or handle user-specific Personally Identifiable Information (PII)?
Can the end-user control the storage or use of PII in the IoT Service or product?
Can the security keys and security algorithms used to secure the data be refreshed?
SECURITY CHALLENGE
Have reflections of this in the paper
Are security best practices incorporated into the product or service at the start of the project?
Is the security life-cycle incorporated into the Software or Product Development LifeCycle?
Is application security being applied to both services and applications running on the embedded system?
Is a Trusted Computing Base (TCB) implemented in both the Endpoint and the Service Ecosystem?
How does the TCB enforce self- verification of application images and services?
Can the Endpoint or IoT Service detect if there is an anomaly in its configuration or application?
How are Endpoints monitored for anomalies indicative of malicious behavior?
How is authentication and identity tied to the product or service security process?
What incident response plan is defined for detected anomalies indicative of a compromise?
How are services and resources segmented to ensure a compromise can be contained quickly and effectively?
How are services and resources restored after a compromise?
Can an attack be spotted?
Can a compromised system component be spotted?
How can customers report security concerns?
Can Endpoints be updated or patched to remove vulnerabilities?
Manufacturing standards
Update management
Physical hardening: making it difficult for hackers to get into (USB, SD card etc)
User knowledge and awareness
Locking out
PHYSICAL HARDENING...
MIRAI... DDOS IOT BOTNET 2016
The Mirai internet of things (IoT) botnet is infamous for targeting connected household consumer products.
It attaches itself to cameras, alarm systems and personal routers, and spreads quickly.
The damage can be quite substantial. People might not realize that their internet-enabled webcam was actually
responsible for attacking Netflix.
Mira 2016
Timeline
Timeline details - read if you are curious
Mirai Genesis: Discusses Mirai’s early days
and provides a brief technical overview of
how Mirai works and propagates. Krebs on
Security attack: Recounts how Mirai briefly
silenced Brian Krebs website.
OVH DDoS attack: Examines the Mirai
author’s attempt to take down one of the
world’s largest hosting providers.
The rise of copycats: Covers the Mirai code
release and how multiple hacking groups
end-up reusing the code. This section also
describes the techniques we used to track
down the many variants of Mirai that arose
after the release. Finally, this section
discusses the targets and the motive behind
each major variants.
Mirai's takedown of the Internet: Tells the
insider story behind Dyn attacks including
the fact that the major sites (e.g., Amazon)
taken down were just massive collateral
damage.
Mirai’s attempted takedown of an entire
country: Looks at the multiple attacks
carried out against Lonestar, Liberia’s
largest operator.
Deutsche Telekom goes dark: Discusses
how the addition of a router exploit to one of
the Mirai variant brought a major German
Internet provider to its knees.
Mirai original author outed?: Details
Brian Krebs’ in-depth investigation into
uncovering Mirai’s author.
Deutsche Telekom attacker arrested:
Recounts the arrest of the hacker who took
down Deutsche Telekom and what we
learned from his trial.
Genesis
Attack module
Dyn attack
LESSONS?
Eliminate default credentials: This will prevent hackers from constructing a credential master list that allows
them to compromise a myriad of devices as MIRAI did.
Make auto-patching mandatory: IoT devices are meant to be “set and forget,” which makes manual patching
unlikely. Having them auto- patch is the only reasonable option to ensure that no widespread vulnerability like
the Deutsche Telekom one can be exploited to take down a large chunk of the Internet.
Implement rate limiting: Enforcing login rate limiting to prevent brute- force attack is a good way to mitigate
the tendency of people to use weak passwords. Another alternative would be using a captcha or a proof or
work.
Many IoT devices with different hardware configuration and operating systems
No one size fits all
Limited processing capabilities - This makes it hard to run state of the art
encryption-based security solutions inside the devices
No firmware update (possible) – no patches
Different for platform/application layer – needs stringent security
Open ports must be protected
Encrypted passwords...
IP white lists
NoIP?
More?
Paper* thoughts on what security issues relevant for our Iot Device - reflections