Enabling Trusted Digital Identities ? From Connected Citizens to Connected Objects

Trust is a critical component of any identity system. Several incidents in the past have demonstrated the existence of possible harm that can arise from misuse of people's personal information. Giving credible and provable reassurances to people is required to build trust and make people feel secure to use the electronic services offered by companies or governments on-line. However, when it comes to privacy, typical identity management systems like PKI fail to provide strong reassurances. For example, in these systems, the so-called "Identity Provider" is able to trace and link all communications and transactions of the users. Strong cryptographic protocols can be used to increase trust, by not letting such privacy violations be technically possible. Over the past years, a number of technologies have been developed to build Privacy Preserving Attribute-based Credentials (Privacy-ABCs) in a way that they can be trusted, like normal cryptographic certificates, while at the same time they protect the privacy of their holder [3]. Such Privacy-ABCs are issued just like ordinary cryptographic credentials (e.g., X.509 credentials) using a digital secret signature key. However, Privacy-ABCs allow their holder to transform them into a new token, in such a way that the privacy of the user is protected. Bringing more control on the user side, created an interesting discussion on the acceptance factors and the cost-benefit trade-offs involved in adopting such technologies, as perceived by users [1]. As technology is progressing rapidly and moving towards the pervasive world, not only citizens but also objects get increasingly connected. For example, today's vehicles are already connected and in the very near future they will also interact directly with each other and with the road infrastructure giving rise to a new domain called Cooperative Intelligent Transport Systems (C-ITS). C-ITS needs to be secured and a trust architecture needs to be in place in order to protect messages. This also includes the necessity of authentication and authorization of participating vehicles, ensuring that messages originate from genuine vehicles without making individual vehicles traceable throughout the system. So, a security and trust architecture featuring a public key infrastructure (PKI) has been specified. The practical C-ITS systems which are currently considered for deployment in Europe, the US and China take this approach to authentication by letting vehicles sign outgoing V2X messages with short-lived pseudonym certificates. Some degree of privacy is obtained by letting vehicles frequently change or rotate their certificates from a pool of pseudonyms. However, the architecture is complex and exhibits several shortcomings [2]. Similar to the experiences from the online world, we argue that the pressing need for establishing federated trust between services and devices in a dynamic network of vehicles, gateways, services and applications cannot be solely secured with common centralized solutions like PKIs. We identify the need to move towards scalable and decentralized solutions, eliminating the need for federated infrastructure trust. We discuss how this can be done by adopting emerging technologies, such as the intersection of distributed edge and fog computing with the new 5G-enabled smart connectivity networks, decentralized PKI architectures and trusted computing technologies in the automotive context.