search icon
blog banner

Decentralized Identity Access Management for IoT Devices

IoT Security Security

November 11, 2022

Introduction

The proliferation of IoT devices has drastically changed how businesses function. As per Statista, by 2030, there will be more than 29 billion IoT-connected devices worldwide. Industry verticals like Electricity, Retail, Transportation, Manufacturing, and Government have more than 100 million connected IoT devices. Reports suggest security is one of the top barriers to the success of IoT, it becomes vital to deploy and manage such a complex network securely. It also means that in addition to millions of potential users, these industries will be required to put robust systems in place that it simplifies how these billions of IoT objects are identified and managed. Unfortunately, legacy Identity & Access Management (IAM) systems have often fallen short in meeting this growing phenomenon, with much emphasis on identifying and securing people rather than smart objects in IoT networks. In this article, we explore the current challenges and the solution by deploying a decentralized IAM for IoT devices.

Challenges with IoT Devices

In an increasingly connected world, managing the relationship between IoT devices, their users, and the relationship between them has observed significant challenges:

  • Interoperability: As there are no IAM standards for IoT devices, manufacturers must use proprietary ways for naming and identifying their devices, resulting in IoT application silos and hindering interoperability across connected devices from different manufacturers
  • Integration: An IoT system goes through a succession of stages over its lifetime, complicating the integration of IAM capabilities into the operational lifecycle of IoT devices
  • Security: The lack of a standardized operating and security architecture for diverse IoT devices and applications has raised severe concerns among device manufacturers and consumers

As a result, there is a need for introducing a new decentralized IAM for IoT framework like Decentralized Identity Access Management(DIAM) for User Controlled Identities that has the potential to adapt to the increasing number of connected devices in the coming years.

DIAM-IoT Framework Overview

DIAM-IoT, a.k.a Decentralized IAM framework for IoT, proposes the integration of decentralized identifiers (DIDs) and verifiable credentials (VCs) into the lifecycle of IoT devices. This facilitates the interoperability of smart devices under the control of their owners. Blockchain acts as a bridge between the disconnected IoT data silos and helps realise decentralized data authorization via Smart Contracts. DIAM-IoT enables device makers and customers to unleash the full potential of IoT applications eventually.

High Level System Architecture of Decentralized IAM for IoT

The above image shows a large-scale IoT ecosystem with billions of users, IoT devices, and manufacturers. Decentralized IAM for IoT attempts to overcome the challenges and enables a decentralized user-centric data exchange.
The framework leverages blockchain and smart contracts to manage device manufacturers and their DIDs throughout the lifecycle of IoT devices without materially altering the way system operates. It also democratizes data sharing as users can choose whether they want to share their device data with other parties. If data sharing is not an option, users can continue to use their IoT systems as usual. But if data sharing is enabled, the user receives VCs during the device binding process and registers device DIDs using a manufacturer-managed smart contract. A device binding process is an authentication process between the IoT device and the IoT management platform to link the device with the user(owner). The blockchain-based smart contracts that customers use to control data access also serve as service endpoints and guarantee the transparency of the data-sharing process.

Properties of DIAM-IoT Framework

A recent study (Fan, Chai, Xu, & Guo, 2020) highlights the potential values that the DIAM-IoT framework can unlock:

  • Interoperability: The framework uses DIDs and VCs to provide a universal representation of device identification on the blockchain. It eliminates IoT application silos and enables device owners to exchange data acquired by IoT devices with other entities.
  • Lifecycle Adoption and Integration: The simple integration of DID and VC management into the IoT device lifecycle lowers the barrier to adoption and integration for IoT device makers and solution providers.
  • User-Centric Access Control: The framework allows device owners to define user-specific rules embedded in VCs to grant data access. Thereby giving the device owners full control of their device data.
  • Transaction Transparency: The framework uses smart contracts to record interactions between data owners and requesters, ensuring the transaction process is fair and transparent.

Use Cases for DIAM-IoT Framework

As per Kaspersky, many customers hesitate to purchase IoT devices due to a lack of privacy and security. To gain customers’ trust in the smart home and IoT services marketplace, telcos are trying to supply these new services transparently. This is only achievable when users have control over their data.

A telecom ecosystem for IoT using Hyperledger

Hyperledger has created a trusted platform for the telecom ecosystem that can support IoT devices throughout their lifecycles and provide a flawless user experience.

As per the figure above, the bottom layer (Layer 3) shows any IoT device that connects to the network. The middle layer (Layer 2) provides a decentralized platform for IAM with all the benefits of a private blockchain. The top layer (Layer 1) offers plug-and-play components for niche markets or use cases, such as trusted identity networks, traceability engines, tokenization of physical assets like autonomous vehicles, the IBM Food Trust system, and any data market.

Here at HSC, we have taken the first step toward the DIAM-IoT framework with decentralized PKI-based Zero touch IoT provisioning accelerator(DPKI). DPKI is an innovative solution to provision new IoT devices and manage system security and transparency. It solves the problem of using third-party PKI certificates for devices. It is a platform-agnostic solution capable of integrating with different IoT platforms. There is no single point of failure as the solution is based on distributed ledger technology (DLT). It will continue to work even if any node goes down. Security concerns are mitigated using TLS-based security.

The DIAM – IoT framework can break the IoT application silos and unlock the potential of IoT technology. The architecture for the framework incorporates DIDs and VCs into the IoT device lifecycle, allowing them to create a universal digital identity on the blockchain and share their data with other entities within the ecosystem. At last, users have complete control over their IoT devices, smart contracts are used to guarantee transparency and fairness while sharing the data.

References:

Fan, X., Chai, Q., Xu, L., & Guo, D. (2020). DIAM-IoT: A Decentralized Identity and Access Management Framework for Internet of Things. BSCI ’20: Proceedings of the 2nd ACM International Symposium on Blockchain and Secure Critical Infrastructure, 186-191.

More Blogs

×

Enquire Now


We will treat any information you submit with us as confidential

arrow back top