Summary
Building the Internet of Things securely requires that we look to non-hierarchical models for managing trust. Sovrin provides a Web of Trust model for securing the Internet of Things that increases security and availability while giving device owners more control.
Doc Searls put me onto this report from Cable Labs: A Vision for Secure IoT. Not bad stuff as far as it goes. The executive summary states:
IoT therefore represents the next major axis of growth for the Internet. But, without a significant change in how the IoT industry approaches security, this explosion of devices increases the risk to consumers and the Internet. To reduce these risks, the IoT industry and the broader Internet ecosystem must work together to mitigate the risks of insecure devices and ensure future devices are more secure by developing and adopting robust security standards for IoT devices. Industry-led standards represent the most promising approach to broadly increase IoT security. Given the global and constantly evolving nature of threats, industry must utilize its expertise and reach to develop, adopt, and enforce fundamental IoT security measures.
The paper goes on to outline the "technical goals of an industry-led, standards-based approach as well as the governance goals of the development organization." It says:
To achieve the needed level of security, an IoT security standard must address: (i) device identity; (ii) authentication, authorization, and accountability (onboarding); (iii) confidentiality; (iv) integrity; (v) availability; (vi) lifecycle management; and (vii) future (upgradable) security.
You can see from that list that the first four of those are all identity topics. And, not surprisingly, the paper spends a good deal of time talking about identity. I'd love to see the authors and readers of the paper at Internet Identity Workshop in October to discuss these topics. You'll find a lot of identity experts anxious to engage in solving these problems. Consider this an open invitation.
In the section on device identity, the paper says:
To support strong security, the device identifier must be immutable, attestable, and unique. Today, IoT devices typically do not use identifiers that are both unique and immutable and the device identifiers are almost never attestable. Attestability enables the device identity to be cryptographically verified, dramatically reducing the risk that the device is being impersonated (or “spoofed”).
The answer, from the paper, is to use PKI and certificates to solve the problem. True enough, but the devil is in the details. The problem is that the current best practices for certificate management leads to an architecture for the Internet of Things that is unduly hierarchical. Certificate manage implies a hierarchy of certificate authorities where each authority verifies those lower in the hierarchy until you get to the root certificates that are embedded in the devices.
I think we can do better than hierarchical certificate management for the Internet of Things. Indeed, I think we have to. A hierarchical model puts large collections of devices at the mercy of the the validity of root certificates.
The alternative is a decentralized web of trust. Sovrin provides a way to use cryptography to establish trust without a hierarchical public key infrastructure. The result is a decentralized system that is more available because it has fewer central points of control that might become single points of failure. I wrote in Sovrin Web of Trust:
PKI is good for one thing on the Web: showing the public key used to secure HTTP transmissions is correct. In contrast, Sovrin’s decentralized web of trust model is good for anything people need. The goal of Sovrin is to provide the infrastructure upon which these overlapping webs of trust can be built for various applications. Lyft, Airbnb, and countless other sharing economy businesses are essentially specialized trust frameworks. Sovrin provides the means of creating similar trust frameworks without the need to build the trust infrastructure over and over.
Imagine each device with a Sovrin decentralized identifier (DID) that links to its public keys on the Sovrin ledger. The DID provides a unique identifier for the device. And since it links to the public keys, anything can figure out how to communicate with the device securely. Sovrin's revocation features ensure that the keys can be updated as needed. Sovrin Trustworthy Claims serve as globally verifiable attestations about the device and these can be made flexibly by any party. All on a globally available, decentralized identity infrastructure that anyone can use.
If we're going to avoid the CompuServe of Things and build a true Internet of Things, we need to base it on a decentralized identity infrastructure. Sovrin is provides that. Let's talk.
Photo Credit: hairy from Windell Oskay (CC BY 2.0)