Improving the Privacy of IoT with Decentralised Identifiers (DIDs)

When IoT devices operate not only with the owner of the device but also with third parties, identifying the device using a permanent identifier, e.g., a hardware identifier, can present privacy problems due to the identifier facilitating tracking and correlation attacks. A changeable identifier can be used to reduce the risk on privacy. This paper looks at using decentralised identifiers (DIDs), an upcoming standard of self-sovereign identifiers with multiple competing implementations, with IoT devices. The paper analyses the resource requirements of running DIDs on the IoT devices and finds that even quite small devices can successfully deploy DIDs and proposes that the most constrained devices could rely on a proxy approach. Finally, the privacy benefits and limitations of using DIDs are analysed, with the conclusion that DIDs significantly improve the users’ privacy when utilised properly.

[1]  Jim Groom,et al.  The Path to Self-Sovereign Identity , 2017 .

[2]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[3]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[4]  Pai H. Chou,et al.  A Smart Energy System with Distributed Access Control , 2014, 2014 IEEE International Conference on Internet of Things(iThings), and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom).

[5]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[6]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[7]  P. Nikander,et al.  Internet access through WLAN with XML encoded SPKI certificates , 2000 .

[8]  Berk Sunar,et al.  A Provably Secure True Random Number Generator with Built-In Tolerance to Active Attacks , 2007, IEEE Transactions on Computers.

[9]  Butler W. Lampson,et al.  Simple Public Key Certificate , 1998 .

[10]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[11]  L. Sweeney Simple Demographics Often Identify People Uniquely , 2000 .

[12]  Ahmad-Reza Sadeghi,et al.  Security analysis on consumer and industrial IoT devices , 2016, 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC).

[13]  Pankaj Rohatgi,et al.  Can Pseudonymity Really Guarantee Privacy? , 2000, USENIX Security Symposium.

[14]  Ingrid Verbauwhede,et al.  Ultra low-power implementation of ECC on the ARM Cortex-M0+ , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[15]  Tsuyoshi Murata,et al.  {m , 1934, ACML.

[16]  Vitalik Buterin A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM , 2015 .

[17]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[18]  Konstantinos Vandikas,et al.  Performance Evaluation of OpenID Connect for an IoT Information Marketplace , 2015, 2015 IEEE 81st Vehicular Technology Conference (VTC Spring).

[19]  Massimo Barbaro,et al.  A Face Is Exposed for AOL Searcher No , 2006 .

[20]  Peter Schwabe,et al.  NaCl on 8-Bit AVR Microcontrollers , 2013, AFRICACRYPT.

[21]  Peter Schwabe,et al.  High-speed Curve25519 on 8-bit, 16-bit, and 32-bit microcontrollers , 2015, Des. Codes Cryptogr..

[22]  Bill N. Schilit,et al.  Enabling the Internet of Things , 2015, Computer.

[23]  Paul Ohm Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization , 2009 .

[24]  Claudio Soriente,et al.  An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials , 2009, IACR Cryptol. ePrint Arch..

[25]  Reza Azarderakhsh,et al.  Efficient Algorithm and Architecture for Elliptic Curve Cryptography for Extremely Constrained Secure Applications , 2014, IEEE Transactions on Circuits and Systems I: Regular Papers.

[26]  Vedran Bilas,et al.  System-Level Power Consumption Analysis of the Wearable Asthmatic Wheeze Quantification , 2018, J. Sensors.

[27]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[28]  Ramjee Prasad,et al.  Capability-based access control delegation model on the federated IoT network , 2012, The 15th International Symposium on Wireless Personal Multimedia Communications.