Current IoT authentication models generally rely on verification through username and password. As more and more IoT devices are introduced — it is believed that anywhere between 50 to 200 billion IoT devices will be operating worldwide by 2020 — this authentication method will become extremely difficult to track and maintain.
Current identity verification processes heavily rely on the silo of information — one of the most popular examples is using social media credentials to sign on to various third-party services. Yet this form of credential verification is inherently flawed due to its single point of failure and issues associated with scalability. Blockchain technology paired with IoT can provide a more secure and efficient means of identity management.
Current Methods of Identity Management, and Why They Are No Good
As IoT is a developing technology, it currently utilizes the most common identity management systems available, usernames and passwords. Although effective for the moment, as more IoT devices are introduced, each requiring their own set of credentials, managing all of this information will become exceptionally troublesome.
IoT has been developed with convenience in mind but is held back by modern identity management processes. In an effort to simplify identity management, single-sign-on protocols have been developed. An example would be logging into a Facebook account once, then using Facebook account information to log in to other services with the click of a button rather than by manually entering your username and password.
Although this has streamlined identity authentication, its main flaw lies in the fact that all data is collected and stored in a single source, in this case, Facebook’s databases. This creates a single point of failure, meaning if the entity housing users’ personal data is hacked, all of the other services are hacked as well. Blockchain technology in IoT has the ability to make up for what IoT currently lacks.
Why Blockchain As A More Suitable Platform for Identity Management
Whether through the Apple Wallet or a virtual voice assistant such as Amazon Alexa, IoT devices are making payments much more efficient. Yet, according to payment solutions company Bambora, many of these devices “were not built to be PCI compliant,” PCI referring to Payment Card Industry Data Security Standards. Another issue IoT faces is the inability to properly confirm user authentication — if a device is stolen and charged, who is held accountable?
DECENTER is one of the important projects in the field. Currently in development, it it will provide secure processing and identity management with IoT devices. It utilizes blockchain to perform transactions quickly and securely, and smart contracts to perform automated payments.
There are several ways how blockchain’s implementation into IoT systems makes identity management systems even more efficient:
First, blockchain, working as a distributed decentralized ledger, provides the solution to the current problem by spreading encrypted data across all the nodes. This feature of blockchain, when applied to an IoT network, provides a more secure system due to the decentralized and secure nature of such encrypted data.
Second, smart contracts can efficiently automate transactions. In its basic form, smart contracts are developed to perform tasks once a condition is met. Used with IoT, smart contracts have the ability to streamline and automate transactions made through an IoT device. With smart contracts, it is also possible to mirror a single-sign-on protocol to access all IoT devices without the single point of failure, as shown in a study conducted by Passau University in Germany.
Blockchain Projects to Prepare for the Influx of Future IoT Devices
Self-sovereign identity is an idea currently being applied in the development of SmartWallet by German company Jolocom. Self-sovereign identity is a system that will put the responsibility for data in the hands of its users and let them control who has access to their information. This prevents the siloing of data, often conducted by Facebook, Google, and other large data-collecting enterprises. Ideally, users will be able to manage all of their personal data through a single secure app.
This is all done in accordance with what Jolocom calls the Universal Identity Protocol described as “an open-source protocol for people and smart agents to autonomously create and interact with digital self-sovereign identities.”
At the moment, using an IoT device as a method of payment usually requires users to link their devices to credit card systems. This method has a variety of security flaws, as it relies on third-party financial platforms which could potentially expose personal financial data. For instance, by implementing a bitcoin wallet and crypto chip into IoT processors, it is possible to produce a payment procedure which does not rely on a third party.
Bringing Balance to IoT with Blockchain
The value of IoT devices continues to drive their development, however, the current technology regarding identity management is a hindrance to IoT’s most valuable aspect, convenience. The more IoT devices introduced, the more inconvenient identity management becomes, and the dangers of a single point of failure (data silos) increase significantly.
Blockchain has the power to produce new systems of identity management more in line with the influx of future IoT devices. Self-Sovereign identity based on blockchain can provide a convenient and secure solution to the current problems of IoT identity management. This way, by placing data related to identity on blockchain, essentially all of IoT’s faults concerning security and scalability can be rectified.