Decentralized Identity and Trust Management Framework for Internet of Things

Abstract

Today, Internet of Things (IoT) devices mostly operate in enclosed, proprietary environments. To unfold the full potential of IoT applications, a unifying and permissionless environment is crucial. All IoT devices, even unknown to each other, would be able to trade services and assets across various domains. In order to realize those applications, uniquely resolvable identities are essential. However, quantifiable trust in identities and their authentication are not trivially provided in such an environment due to the absence of a trusted authority. This research presents a new identity and trust framework for IoT devices, based on Distributed Ledger Technology (DLT). IoT devices assign identities to themselves, which are managed publicly and decentralized on the DLT’s network as Self Sovereign Identities (SSI). In addition to the Identity Management System (IdMS), the framework provides a Web of Trust (WoT) approach to enable automatic trust rating of arbitrary identities. For the framework we used the IOTA Tangle to access and store data, achieving high scalability and low computational overhead. To demonstrate the feasibility of our framework, we provide a proof-of-concept implementation and evaluate the set objectives for real world applicability as well as the vulnerability against common threats in IdMSs and WoTs.