October 21, 2020
From the Sovrin Foundation SSI & IoT Task Force
It’s no secret that computers have gotten faster, smaller and more connected. What isn’t often realized is they are also more pervasive. Commonly known as the Internet of Things (IoT), our automobiles, thermostats, medical devices, livestock tags and door locks now compute and connect across global networks.
With more than 27 billion connected devices actively deployed in IoT, the very environments in which we live and work are now online. By 2025, there will be more than 75 billion connected devices that will extend the internet into the physical world as both a communication and control system without precedent. Changes in this digital ecosystem—intentional or not—can, for the first time, produce physical consequences across thousands of systems separated by thousands of miles, paradoxically extending both our control and our risk. This power to sense, connect and cause change equally invites opportunity and threat.
The nexus of threat and opportunity in IoT centers on identity and authority is the following: Currently there is no universal means to distinguish a thing from all others or determine what that thing is allowed to do. This lack of identity and authority hampers the development of multi-party IoT services and ecosystems, preventing the emergence of valuable new use cases and makes it harder to provide effective solutions to the growing threat of cyber attacks. The concept of self-sovereign identity (SSI), something usually considered for human identity, offers a durable identity for things and deliberately communicates authority, providing an emerging method by which to capitalize on IoT business opportunities and mitigate cyber threats.
In this first whitepaper we use three personas—Jamie, Bob and Bessie the Cow—to provide a basic introduction to SSI and IoT, explore practical challenges in context, and describe how SSI in IoT can meet these challenges. We start by introducing basic IoT concepts including: Machine to Machine communication, Machine to Person communication, Digital Twin; and IoT Security, Architecture, and Network Design considerations.
Within the context of Jamie, Bob and Bessie, we then explain the challenges of securing constrained devices, identifying and authorizing devices, managing device updates, maintaining secure communications and ensuring data privacy and integrity. Next, we describe how SSI in IoT can help solve these challenges. Finally, we illustrate the business value of SSI in IoT.
We explain that SSI in IoT can significantly increase value and reduce risk for business. SSI in IoT can increase revenue by both driving new classes of business opportunities, in application domains such as telemedicine, and opening the way for new, networked business models. The unparalleled security, privacy and standardization that SSI in IoT confers can reduce operating and maintenance costs by simplifying device interactions and allowing for greater business process automation.
SSI-enabled devices can use many cryptographic methods to validate their identity, thereby extending the benefits of cryptographic protection through to a range of constrained devices, including low-power units with basic 8-bit microcontrollers. This mitigates a growing tide of critical network vulnerabilities and attack vectors exposed in the IoT. Finally, with security and privacy by design, SSI in IoT promotes low-cost compliance with new regulation, such as General Data Protection Regulation (GDPR) and California Consumer Protection Act (CCPA), including facilitating third party audit.
The investment required to implement SSI in IoT to address security issues is significantly less than the cost of doing nothing. Under current protocols, the growing multitude of connected devices will quickly become a liability for organizations of all sizes, prohibitively increasing basic operating costs and opening new cyber vulnerabilities that threaten not only business viability, but also physical safety. By applying SSI to IoT, organizations can begin to mitigate these growing cyber-physical risks and capitalize on 21st century opportunities.
To learn more about SSI & IoT visit https://sovrin.org/library-iot/. To read the “Self-Sovereign Identity & IoT” whitepaper, go to https://sovrin.org/wp-content/uploads/SSI-and-IoT-whitepaper.pdf.« Sovrin Foundation Advances Robust Identity for Connected Things ID Crypt Global Becomes Newest Steward of the Sovrin Network »