...
Version: 0.06
Archives of this paper: http://kantarainitiative.org/confluence/display/IDoT/ConceptsQ&A+of+Identity+within&+the+Internet+of+Things
Change history:
- draft 0.01 Ingo.Friese
- draft 0.02 Jeff Stollman
- draft 0.03 Scott Shorter
- draft 0.04 Ingo.Friese
- draft 0.05 Jeff Stollman
- draft 0.06 Ingo Friese
...
- Ownership and identity relationships
Things or objects in the IoT often have a relationship to real persons. These could be owner(s), manufacturer(s), user(s), administrator(s) or many other functions. A product might be owned by a manufacturer first and subsequently by a user who bought the product. The owner, user or administrator of an object might change over time. Ownership and identity relationships in the IoT have an impact on other identity related processes like e.g. authentication, authorization. The owner of a thing might be challenged for authentication or be asked for authorization policies. - Object Identifier and Namespace
- Authentication and Authorization
- Governance of data and Privacy
...
- Object Identifier and Namespace
- Authentication and Authorization
- Governance of data and Privacy
see details in our paper published in the proceedings of the IEEE World Forum on Internet of Things (WF-IoT) 2014: Challenges from the Identities of Things
...
[1] Ulrich Greveler, Benjamin Justus, Dennis Loehr. Multimedia Content Identification Through Smart Meter Power Usage Profiles. Computer Security Lab Münster University of Applied Sciences D-48565 Steinfurt, Germany. Published on Electronic Privacy Information Center epic.org https://epic.org/privacy/smartgrid/smart_meter.pdf
...
How to design a privacy ensured IoT system?
The are various design startegies and architecture concepts to ensure privacy in communication and during resource access control. The Identity of Thing Discussion Group supports IEEE P2413 IoT Architecture Working Group in writing a Privacy- and Trust Architecture View Point. This first draft of P2413 is (propably) published End of 2017.(we will publish here the privacy strategies and architecture concepts "in brief" soon).
...
What are key concepts for Identity in Kantara Initiative that can be also used in the IoT ?
User Managed Access (UMA): UMA is a profil on top of OAuth....tbd
Identity Relationship Management
...
Steinfurt, Germany. Published on Electronic Privacy Information Center epic.org https://epic.org/privacy/smartgrid/smart_meter.pdf
Anchor 7 7
| 7 | |
| 7 |
How to design a privacy ensured IoT system?
The are various design startegies and architecture concepts to ensure privacy in communication and during resource access control. The Identity of Thing Discussion Group supports IEEE P2413 IoT Architecture Working Group in writing a Privacy- and Trust Architecture View Point. This first draft of P2413 is (propably) published End of 2017.(we will publish here the privacy strategies and architecture concepts "in brief" soon).
| Anchor | ||||
|---|---|---|---|---|
|
What are key concepts for Identity in Kantara Initiative that can be also used in the IoT ?
User Managed Access (UMA): UMA is a profil on top of OAuth....tbd
Identity Relationship Management (tbd)
Ownership and identity relationships
Things or objects in the IoT often have a relationship to real persons. These could be owner(s), manufacturer(s), user(s), administrator(s) or many other functions. A product might be owned by a manufacturer first and subsequently by a user who bought the product. The owner, user or administrator of an object might change over time. Ownership and identity relationships in the IoT have an impact on other identity related processes like e.g. authentication, authorization. The owner of a thing might be challenged for authentication or be asked for authorization policies.
User Consent Receipts
Is the hugh address pool of IPv6 a soltution for Identities in IoT?
...
A thing is not always just one thing. Can a thing be composed of other things?
Yes! A simple webcam designed to feed video over the internet is clearly an IoT device. Essentially is it a sensor without intelligence and does not respond to commands.
But if that webcam is part of a smartphone, does it remain a single device? As a component of a smartphone, it is accompanied by a variety of other sensors (e.g., camera, microphone, touch screen) as well as a processor (the phone's CPU), and several actuators (e.g., speaker, video monitor, radio transmitter). These various components may be accessed separately or in various groupings to provide disparate services. Similarly, I may be willing to give the babysitter access to turn the speaker off when my baby goes to sleep, but not to the camerat which I want to keep always on. This raises the question, "Does the phone constitute a single device?"
For purposes of address-ability, it likely has only a single IP address. But from the perspective of its functionality, each separate capability can be accessed and used separately. E.g., I could leave a smartphone at home and access it remotely as a webcam to watch a baby in a crib, as a microphone to listen to the sounds in my house, as a speaker to give a direction to the babysitter, etc.
Ownership and identity relationships
Things or objects in the IoT often have a relationship to real persons. These could be owner(s), manufacturer(s), user(s), administrator(s) or many other functions. A product might be owned by a manufacturer first and subsequently by a user who bought the product. The owner, user or administrator of an object might change over time. Ownership and identity relationships in the IoT have an impact on other identity related processes like e.g. authentication, authorization. The owner of a thing might be challenged for authentication or be asked for authorization policies.
Protection Mechanisms(e.g., camera, microphone, touch screen) as well as a processor (the phone's CPU), and several actuators (e.g., speaker, video monitor, radio transmitter). These various components may be accessed separately or in various groupings to provide disparate services. Similarly, I may be willing to give the babysitter access to turn the speaker off when my baby goes to sleep, but not to the camerat which I want to keep always on. This raises the question, "Does the phone constitute a single device?"
For purposes of address-ability, it likely has only a single IP address. But from the perspective of its functionality, each separate capability can be accessed and used separately. E.g., I could leave a smartphone at home and access it remotely as a webcam to watch a baby in a crib, as a microphone to listen to the sounds in my house, as a speaker to give a direction to the babysitter, etc.
Protection mechanisms are not new to the internet. Why there is a challenge in IoT?
In the classic identity management certain protection methods have been established over the years to protect an identity from abuse. We have authentication methods to proof identities, secure channels to transmit identity attributes and passwords and other data are stored encrypted.
Security concepts like integrity, availability, authenticity, non-repudiation are built in classic identity protocols like SAML and OpenID. In the Internet of Things the situation is different. Here many communication protocols are not based on internet protocol. Many sensors or actuators have just restricted resources in terms of energy, bandwidth, connectivity. Protocols like enOcean[www.enocean.com] or KNX[www.knx.org] use only few bytes to send commands or receive values. There is no room for encryption, challenge response procedure or other security mechanisms.
...
old content - to be revised
Authentication
The classic authentication mechanisms (ex.: login /password) may not directly work in the IoT. Objects have to provide some sort of lightweight token or certificate for an authentication where no user (providing a password) is involved. For stronger authentication means of individuals we usually combine two or multiple factors. These factors are based on following proofs:
...