Lockstep

Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

IEEE IoT Paper: A Digital Identity Stack

This is the first peer reviewed paper to arise from my PhD studies, presented to the IEEE World Forum on the Internet of Things, Singapore, 2018.

Stephen Wilson WFIoT  Digital Identity Stack [4 3 FORMAT] (0 1 1)  IDENTITY STACK

Abstract

The Internet of Things increasingly involves collection, processing and transmission of a wide variety of data to services and other devices. Business and engineering considerations are both increasing the volumes and detail of IoT data flows. Reasonably obvious privacy risks result from IoT-connected devices when they emit identifiable information, for this can reveal the activities of device users. More subtle risks arise when bulk device data is available for analysis, and linkage to auxiliary data sets, because identification or re-identification of users can follow. At the same time, security engineers are now designing for the “Identity of Things”, exploiting embedded cryptography and SIM-like modules to help with the authentication and authorization of devices acting as independent agents in the IoT. To help protect privacy while allowing precise authentication, this paper sets out a new model for digital identity management, comprising a stack of identities, attributes, and attribute metadata. As with the familiar OSI network stack, the digital identity stack helps to decouple different layers of authentication technology, so that IoT data is shared on an explicit need-to-know basis, and extraneous disclosures are minimized.

Conference paper and annotated slide deck attached below.