Abstract
Security and privacy concerns are becoming an important barrier for large scale adoption and deployment of the Internet of Things. To address this issue, the identity management system defined herein provides a novel holistic and privacy-preserving solution aiming to cope with heterogeneous scenarios that requires both traditional online access control and authentication, along with claim-based approach for M2M (machine to machine) interactions required in IoT. It combines a cryptographic approach for claim-based authentication using the Idemix anonymous credential system, together with classic IdM mechanisms by relying on the FIWARE IdM (Keyrock). This symbiosis endows the IdM system with advanced features such as privacy-preserving, minimal disclosure, zero-knowledge proofs, unlikability, confidentiality, pseudonymity, strong authentication, user consent, and offline M2M transactions. The IdM system has been specially tailored for the Internet of Things bearing in mind the management of both users’ and smart objects’ identity. Moreover, the IdM system has been successfully implemented, deployed, and tested in the scope of SocIoTal European research project.
Highlights
Nowadays, a plethora of embedded and mobile devices can be accessed ubiquitously in different scenarios, such as transport systems, critical infrastructures, or smart cities
The proposed identity management (IdM) system follows a claims-based approach, which is built on top of the Identity Mixer (Idemix) technology [7] to provide additional means to deal with Internet of Things (IoT) scenarios where interacting entities can be smart objects, in addition to traditional computers
The main motivation to consider Keyrock is twofold: on the one hand, to support classic IdM operations and services, such as Single Sign-On (SSO) or Identity Federation, which are commonly used in Web or Cloud scenarios, where a claim-based approach is not required; on the other hand, Keyrock which is used as a repository of users and smart objects in which they are identified by using the System for Cross-domain Identity Management (SCIM) standard [8]
Summary
A plethora of embedded and mobile devices can be accessed ubiquitously in different scenarios, such as transport systems, critical infrastructures, or smart cities. The proposed IdM system follows a claims-based approach, which is built on top of the Identity Mixer (Idemix) technology [7] (from IBM) to provide additional means to deal with IoT scenarios where interacting entities can be smart objects, in addition to traditional computers. The main motivation to consider Keyrock is twofold: on the one hand, to support classic IdM operations and services, such as Single Sign-On (SSO) or Identity Federation, which are commonly used in Web or Cloud scenarios, where a claim-based approach is not required; on the other hand, Keyrock which is used as a repository of users and smart objects in which they are identified by using the System for Cross-domain Identity Management (SCIM) standard [8] By this way, they are enabled to get Idemix credentials that are associated with SCIM identity attributes.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
