Zero trust architecture for industrial IoT : applying zero trust security principles in industrial networks
Nformi, Kingsly Nofu (2025)
2025
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025121335905
https://urn.fi/URN:NBN:fi:amk-2025121335905
Tiivistelmä
This thesis applies Zero Trust Architecture (ZTA) to Industrial Internet of Things (IIoT) environment using an open-source, lightweight stack suitable for SMEs. A design-science methodology guided the implementation of a containerized prototype with keycloak for identity and access management, Open Policy Agent (OPA) as the policy decision point, and Envoy proxy as the enforcement point, orchestrated via Docker Compose and validated against two flask microservices.
A python client exercised end-to-end flows, confirming deny-by-default behavior and role-based access using OIDC JWTs, with auditability via Envoy/OPA/Service logs.
Despite challenges (compose startup dependencies, OPA config separation, JWT validation), the system proved stable and reproductible.
Future work includes Kubernetes deployment, real-time visualization/metrics, dynamic policy delivery (OPA Bundles/GitOps), SIEM integration, and IIoT digital-twin extensions.
A python client exercised end-to-end flows, confirming deny-by-default behavior and role-based access using OIDC JWTs, with auditability via Envoy/OPA/Service logs.
Despite challenges (compose startup dependencies, OPA config separation, JWT validation), the system proved stable and reproductible.
Future work includes Kubernetes deployment, real-time visualization/metrics, dynamic policy delivery (OPA Bundles/GitOps), SIEM integration, and IIoT digital-twin extensions.