Identity Management in Internet of Things with Blockchain

223

• The Issuer: Issues VCs by checking with the verifiable data registry for valid

identifiers and schemas to use

• The Validator: Responsible for validating the identifiers and schemas used through

the verifiable data registry during the process of authorization or authentication

• The Verifiable Data Registry: The system which is able to create and validate

identifiers, schemas, cryptographic keys or check the revocation list for a given

identity. Trusted databases, decentralized databases and distributed ledgers are

some of the examples of verifiable data registries.

The validity of a VC comes from the fact that it must contain certain information

regarding the issuers and identifiers which is correlated with, as well as the crypto-

graphic signatures which prove that the corresponding entity is the one unique holder

of the identity.

3.3

SSI Implementations for IoT

IoT has proven to be one of the technologies that will shape the next-generation

internet along with other technologies such as artificial intelligence and machine

learning. However, the scalability of larger IoT ecosystems is constrained due to

the performance issues which centralized architectures introduce, especially when

it comes to preserving security and privacy. Blockchain can bring the decentraliza-

tion of IoT and relieve the performance load allowing the ecosystems to scale both

horizontally by multiplying the number of devices they can support and vertically

by enhancing the functionality of each device, respectively.

In [27], the authors describe a framework for globally decentralized identity and

access management for IoT (DIAM-IoT), which leverages the benefits which smart

contracts and cryptographic wallets offer on a blockchain network. This framework

focuses on the lack of device-specific functionalities which should be considered

regarding the implementation of IAM systems for IoT. Thus, in the context of DIAM-

IoT, it is supposed that IoT device manufacturers provided the blockchain network

with their own specified smart contract in order to offer the end users the ability to

register their own devices if they are willing to do so. DIAM-IoT utilizes both DIDs

and VCs for binding devices with their owners using cryptographic keys and signed

documents while through these the visibility over a device’s data is also controlled

with the permission of the owner.

The authors in [28], conducting a comparative analysis on different identity

models and their implementation methods, presented the benefits of utilizing the

SSI model in IoT contrasting existing solutions for identification such as X.509

certificates [29] or Pretty Good Privacy (PGP) [30]. Similarly, with the DIAM-IoT

framework, the implementation of SSI is possible through the use of DID which is a

combination of DID documents and VCs, which introduces true privacy and layered

authentication across the users and devices of an IoT ecosystem.