Authentication and Identity Management help to protect resources and justify trust in “bona fide” operation by service client and service provider. Besides, identity management can support hardware assisted integrity protection. In the Internet of Things (IoT), the high number of lightweight devices requires scalable and lightweight solutions to trust management. The paper proposes a framework for authentication and integrity protection well suited for an IoT environment.
The expression “Internet of Things” (IoT) refers to an arrangement of the world where ”everything” is uniquely identifiable and addressable through some kind of communication device, and where things can be located, employed, maintained and inspected for different purposes.
“Things” are, or represent, valuable resources, either as material value, or in the form of the service they offer. Resources need to be managed throughout their lifecycle, and access to resources need to be controlled and audited. The identity of resources and their clients (where applicable) should be managed, protected and maintained by an identity management system, and there must be mechanisms in place for authentication of identities, access control to the resources and protection of usage data for the sake of privacy protection.
In the area of Identity Management (IdM), the concept of identity assurance is considered as an important tool for resource control. An IdM offers services for authentication, which means some kind of mechanism to identify the entity (e.g. a person) which operates on a resource. Authentication of a Thing does not necessarily mean assurance of identity, but rather assurance of its genuineness or integrity. Authentication is a prerequisite for auditing, accounting and access control, as well as personal application profiles and other services not related to security or accountability.
The principles of IdM are well understood, but IdM systems are complex and mostly found in relatively homogeneous environments where pervasive standards for information representation and network protocols can be enforced. The Internet of Things have inherent properties which represent challenges to the deployment of an IdM:
• The sheer scale of the system, potentially billions of things with short life cycle and high “birth rate”.
• The heterogeneity of units, ranging from RFID chips with a minimum of processing power, communication capabilities and internal memory, to large scale computers with plenty of resources. No common standard for representation or transportation can be enforced on this range of equipment and several different standards are likely to co-exist.
• A high number of management domains. IoT devices will be managed and operated by a large community of enterprises and service providers. They are likely to employ vastly different naming policies, security frameworks, protocol requirements and access controls. In order to bridge these differences, traditional gateway nodes may need to be replaced by semantic processors.
In the rest of this position paper, some problems and research objectives related to IdM in the Internet of Things will be discussed. A set of proposed mechanisms for control of genuineness will be presented. Essential properties of the mechanisms will be their simplicity, prudence and adaptability.
II. NECESSARY SYSTEM PROPERTIES
The Internet of Things is expected to reach a scale which has never been observed before, and with a wider range of equipment with greatly different resources and capabilities. Besides, the future applications of IoT will surely come as surprises and will challenge our present view on how the IoT devices could collaborate to make business.
Therefore, the deployment of technology for IoT purposes should follow well known principles from large scale computing:
A. Service Orientation
”Things” may look like passive objects, but may well be regarded as service providers. The simplest possible service is to reveal one’s identity, which even a simple RFID device is able to do. It is therefore useful to put the Internet of Things into a Service Oriented perspective, in which all transactions have an initiator and a responder.
The loose coupling between client and service, and the clear separation of interface from implementation increase the chances for future interoperability between things.
B. Identity Management
Cryptography is easy, but key management is hard. Most security mechanisms relies on some crypto algorithms, and they all employ keying material which must be deployed securely in the parties. Key management involves key generation, deployment, updating and removal, and to associate the keys with identities in a way that can be validated by everyone. Identity management also offers attribute management, in the form of properties securely bound to an identity in a validatable way.