The proliferation of IoT devices has drastically changed how businesses function. As per Statista, by 2030, there will be more than 29 billion IoT-connected devices worldwide. Industry verticals like Electricity, Retail, Transportation, Manufacturing, and Government have more than 100 million connected IoT devices. Reports suggest security is one of the top barriers to the success of IoT, it becomes vital to deploy and manage such a complex network securely. It also means that in addition to millions of potential users, these industries will be required to put robust systems in place that it simplifies how these billions of IoT objects are identified and managed. Unfortunately, legacy Identity & Access Management (IAM) systems have often fallen short in meeting this growing phenomenon, with much emphasis on identifying and securing people rather than smart objects in IoT networks. In this article, we explore the current challenges and the solution by deploying a decentralized IAM for IoT devices.
In an increasingly connected world, managing the relationship between IoT devices, their users, and the relationship between them has observed significant challenges:
As a result, there is a need for introducing a new decentralized IAM for IoT framework like Decentralized Identity Access Management(DIAM) for User Controlled Identities that has the potential to adapt to the increasing number of connected devices in the coming years.
DIAM-IoT, a.k.a Decentralized IAM framework for IoT, proposes the integration of decentralized identifiers (DIDs) and verifiable credentials (VCs) into the lifecycle of IoT devices. This facilitates the interoperability of smart devices under the control of their owners. Blockchain acts as a bridge between the disconnected IoT data silos and helps realise decentralized data authorization via Smart Contracts. DIAM-IoT enables device makers and customers to unleash the full potential of IoT applications eventually.
The above image shows a large-scale IoT ecosystem with billions of users, IoT devices, and manufacturers. Decentralized IAM for IoT attempts to overcome the challenges and enables a decentralized user-centric data exchange.
The framework leverages blockchain and smart contracts to manage device manufacturers and their DIDs throughout the lifecycle of IoT devices without materially altering the way system operates. It also democratizes data sharing as users can choose whether they want to share their device data with other parties. If data sharing is not an option, users can continue to use their IoT systems as usual. But if data sharing is enabled, the user receives VCs during the device binding process and registers device DIDs using a manufacturer-managed smart contract. A device binding process is an authentication process between the IoT device and the IoT management platform to link the device with the user(owner). The blockchain-based smart contracts that customers use to control data access also serve as service endpoints and guarantee the transparency of the data-sharing process.
A recent study (Fan, Chai, Xu, & Guo, 2020) highlights the potential values that the DIAM-IoT framework can unlock:
As per Kaspersky, many customers hesitate to purchase IoT devices due to a lack of privacy and security. To gain customers’ trust in the smart home and IoT services marketplace, telcos are trying to supply these new services transparently. This is only achievable when users have control over their data.
Hyperledger has created a trusted platform for the telecom ecosystem that can support IoT devices throughout their lifecycles and provide a flawless user experience.
As per the figure above, the bottom layer (Layer 3) shows any IoT device that connects to the network. The middle layer (Layer 2) provides a decentralized platform for IAM with all the benefits of a private blockchain. The top layer (Layer 1) offers plug-and-play components for niche markets or use cases, such as trusted identity networks, traceability engines, tokenization of physical assets like autonomous vehicles, the IBM Food Trust system, and any data market.
Here at HSC, we have taken the first step toward the DIAM-IoT framework with decentralized PKI-based Zero touch IoT provisioning accelerator(DPKI). DPKI is an innovative solution to provision new IoT devices and manage system security and transparency. It solves the problem of using third-party PKI certificates for devices. It is a platform-agnostic solution capable of integrating with different IoT platforms. There is no single point of failure as the solution is based on distributed ledger technology (DLT). It will continue to work even if any node goes down. Security concerns are mitigated using TLS-based security.
The DIAM – IoT framework can break the IoT application silos and unlock the potential of IoT technology. The architecture for the framework incorporates DIDs and VCs into the IoT device lifecycle, allowing them to create a universal digital identity on the blockchain and share their data with other entities within the ecosystem. At last, users have complete control over their IoT devices, smart contracts are used to guarantee transparency and fairness while sharing the data.
Fan, X., Chai, Q., Xu, L., & Guo, D. (2020). DIAM-IoT: A Decentralized Identity and Access Management Framework for Internet of Things. BSCI ’20: Proceedings of the 2nd ACM International Symposium on Blockchain and Secure Critical Infrastructure, 186-191.