Concepts of Identity within the Internet of Things

Version: 0.04

Archives of this paper: http://kantarainitiative.org/confluence/display/IDoT/Concepts+of+Identity+within+the+Internet+of+Things

Change history:

• • draft 0.01    Ingo.Friese@telekom.de
  • draft 0.02    Jeff Stollman
  • draft 0.03    Scott Shorter
  • draft 0.04    Ingo.Friese@telekom.de

Abstract

The purpose of this paper is to describe identity concepts in the Internet of Things. Identity mechanisms in the Internet of Things are different from those in the classic web.
Furthermore this paper proposes a terminology for Identity management in the Internet of Things. This should help to facilitate discussions and work in this area without the need to define basic terms again.

Introduction

The “Internet of Things” (IoT) is beginning to evolve and early solutions are now being implemented. We can find implementations in areas like logistics, farming, industry, home automation and many others. But its restrictions become obvious as we try to connect solutions of different vendors, communities or standard groups. From a business point of view the IoT enables a plethora of new opportunities, use cases and scenarios. From a technical point of view the IoT consists of uncountable devices, sensors or actuators or simply objects connected to services in the Internet. Today, devices and sensors speak a lot of different protocols, but most of them are not HTTP. That is why application development in the IoT is hard to be implemented. There is a lack of decent application integration layers. The next logical step is to use common Web technologies for the IoT. Identity management is one of the most important common technologies. Apart from adapting communication protocols an overarching identity framework is crucial for a growing IoT. Today we have many separated solutions and niche standards. As a consequence, there is no overall framework for how to recognize and manage identities across different solutions. That is why we decided to found a discussion group called “IDentities of Things” within Kantara Initiative. 

What is special about identitites in the Internet of Things?

Lifecycle

In user identity management (Classic IdM) we have rather long living lifecycles of an identity. In day to day service like e-mail, online shopping etc. a user account exists for months, years or even a lifetime. We as users of any kind of service might ask ourselves “When was the last time when we actively deactivated or deleted an account?”. In the Internet of Things objects have very different lifetimes. This might range from years or decades down to days or minutes.

Example: A parcel might be shipped from one country to another. The parcel gets an RFID tag associated with an identifier. It moves from logistic center to another, crosses borders, it is tracked, controlled and routed. As soon as it arrives the identity of the parcel disappears.

Ownership and identity relationships

Things or objects in the IoT often have a relationship to real persons. These could be owner(s), manufacturer(s), user(s), administrator(s) or many other functions. A product might be owned by a manufacturer first and subsequently by a user who bought the product. The owner, user or administrator of an object might change over time. Ownership and identity relationships in the IoT have an impact on other identity related processes like e.g. authentication, authorization. The owner of a thing might be challenged for authentication or be asked for authorization policies.

Protection Mechanisms

In the classic identity management certain protection methods have been established over the years to protect an identity from abuse. We have authentication methods to proof identities, secure channels to transmit identity attributes and passwords and other data are stored encrypted.
Security concepts like integrity, availability, authenticity,  non-repudiation are built in classic identity protocols like SAML and OpenID. In the Internet of Things the situation is different. Here many communication protocols are not based on internet protocol. Many sensors or actuators have just restricted resources in terms of energy, bandwidth, connectivity. Protocols like enOcean[www.enocean.com] or KNX[www.knx.org]  use only few bytes to send commands or receive values. There is no room for encryption, challenge response procedure or other security mechanisms.

Authentication

The classic authentication mechanisms (ex.: login /password) may not directly work in the IoT. Objects have to provide some sort of lightweight token or certificate for an authentication where no user (providing a password) is involved. For stronger authentication means of individuals we usually combine two or multiple factors. These factors are based on following proofs:

• “Something that you have"
• “Something that you know”
• “Something that you are” (e.g. biometry)

In the IoT the last two proofs are not applicable to objects anymore.

Object Identifiers in the IoT

Object Identifiers are names assigned to things.  The things that are named can include logical or physical objects, and names can be given either to types of things or to the things themselves.  We can call the first a class identifier, since it refers to a class (or type, or category) of things; the latter an instance identifier. These terms come from computer programming, there may be other terms from ontology or elsewhere that are more suitable.  In the case of an automobile, the VIN is the instance identifier, while the make and model would be class identifiers.

On Object Identifiers vs ITU-T OIDs

Note that ITU-T defines a number of specifications pertaining to Object Identifiers (OIDs), but other implementations that are not ITU-T OIDs also can be considered Object Identifiers.  In this document we will use “OID” to refer to ITU-T OIDs, and “Object Identifier” to refer to the concept more broadly.

Types of Identifiers

• Instances versus Class – does the identifier refer to a thing or to a type of thing?
• Unique versus non-unique – is every identifier issued to only one object?
• Synonyms versus no synonyms – are objects permitted multiple synonymous identifiers?
• Governance options – How are names registered and managed?  Does one authority control the entire namespace, or is there hierarchical management?
• Human-usable versus machine-usable
• Global versus local namespace

Types of Objects

The concept of object identification applies to numerous types of objects. Names can identify specific instances of objects or they can refer to classes of object – consider a network device, it is important to identify the specific network interface associated with that device, and it is also important to identify the type of device.

• Physical versus Logical
• What else?

Physical Objects

Object Identifiers are applied to any number of things found in the physical world: computing devices, mobile devices, servers, network infrastructure, meters, sensors, cameras, actuators, locks, medical implants, vehicles (and vehicle components) and more.  Each of those things can be referenced by an identifier, and additional identifying information can be conveyed regarding relationships to other objects.  For example a server may have a unique hostname, but also be assigned a number of IP addresses corresponding to its physical network interfaces.  The full identification of the system would include the name of the server, the IP address of each network interface and the association between the server and the network interfaces. 

ITU-T OIDs can be used to refer to physical objects, prominently in the Management Information Base (MIBs) used by the Simple Network Management Protocol (SNMP).

Logical Objects

In addition to physical things, the area of identification of logical objects deserves consideration.  Logical objects include software, services, data and databases, documents and other digital objects, and more.  Identification of software is an area of considerable interest to a number of organizations, and approaches include Software ID Tags and the Common Platform Enumeration.  ITU-T OIDs can be used to refer to a number of logical objects, including (TBD pull from OID flyer).  Web services can be identified by the URL used to access them.  The Digital Object Identifier (DOI) standard is standardized as ISO 26324:2012, and provides a way of directly referencing digital objects as opposed to using a URL to identify how to access the document, which may not remain valid over time.

 Governance of object data

Objects in the "Internet of Things" produce data. These data might lead to personally identifiable information (PII). A car for example is able to track GPS positions and to provide a complete movement profile of a certain person.
Transparency
Although these data are mainly used for maintenance or additional services in automotive user information and consent should be mandatory.
Data minimization / data collection (in advance
Complex machines e.g. combine harvesters have hundreds of sensors that are able to produce tons of data. Data should not be collected if they are not used for a specific use-case.
TBD….
Issues

1. Data Ownership/Control
   1. Who owns/controls data
      1. In a combine harvester or vehicle (truck, automobile, motorcycle), is the data owned by
         1. the manufacturer
         2. dealer
         3. service provider (e.g., maintenance/repair shop)
         4. harvester/vehicle owner
         5. each harvester/vehicle user
            1. employees
            2. clients
            3. prospective buyers
            4. family members
            5. friends
         6. other passengers (e.g., others whose GPS locations also become known)
            1. what happens when you pick up a stranger (hitch-hiker) or give a ride to the airport to an unknown colleague met at a conference
         7. a third-party who provides the sensor to support a service, such as
            1. disseminating aggregated data as a subscription service
            2. collecting driver behavioral data to determine insurance rates?
      2. from a data transaction that requires the interaction of multiple devices owned/controlled by multiple parties?
      3. when a device is sold?
2. Consent
   1. Whose consent will be required for interactions that involve numerous sensors, controllers, and reporting devices
      1. For example,
         1. If an auto manufacturer owns data collected by a vehicle, will it require consent from the vehicle owner and service provider?
         2. Will each user be required to provide consent for data generated while they are driving?
      2. the same concerns apply to determining
3. Data Ownership/Control/Consent Contracts
   1. NOTE: While the above issues can be managed by contract law, should there be an default data ownership/control model ?
      1. The rationale for such a model is that current contracts (e.g., privacy policies, web site terms of use) are one-sided that the negotiation asymmetry may be considered unfair.
4. Identity discovery
   1. What attributes would an identity registry need to maintain to be of use to people or devices seeking sensor or controller devices to integrate into a solution
      1. For example,
         1. weather sensors
         2. traffic sensors
         3. location tracking sensors
         4. security sensors
         5. weather alerts
         6. traffic alerts
         7. location tracking alerts
         8. security alerts
   2. Will owners/users have the ability to prevent their devices from being discovered?
      1. Will they have some selectivity about who can discover their devices?
      2. Will they have some control over who can interrogate their devices?
5. Identity impersonation
   1. How will devices preclude impersonation of the other devices with which they exchange data?
   2. Will each device that might generate, process, or report on private, sensitive, or confidential data be required to provide its own IAM capabilities to prevent fraudulent use?
   3. Will devices be required to develop usernames and passwords to interact with other devices? (How does my calendar system access a GPS system for my child's school bus, to minimize her waiting in the cold on a snowy day when traffic is behind schedule?)
      1. If so, who sets the username/password or other criteria?
      2. How will this information be stored securely?
      3. How will it be modified/updated?

References