Decentralized Identity With Applications to Security and Privacy for the Internet of Things

Abstract

Decentralized Identity (dID) has brought to the forefront the advantages and importance of total user control over identity. Previous solutions delegate identity management to the responsibility of third-party applications or services, which may raise multiple privacy and security concerns regarding users' personal data. In this paper, we highlight the significance of dID and in particular Self-Sovereign Identity (SSI) for a rapidly evolving ecosystem with a plethora of interconnected devices with different characteristics, such as the Internet of Things (IoT). Specifically, we analyze the benefits of incorporating SSI principles and technologies in IoT environments, while also discussing the challenges that may be introduced when combining the complexity of SSI concepts with the diverse and large-scale IoT environment. In addition, we present a thorough overview of existing systems that integrate SSI components into IoT environments, in order to address the challenges of authentication, authorization, and access control even for constrained IoT devices. Finally, we provide a comprehensive analysis regarding the contributions of Decentralized Identifiers and Verifiable Credentials, the two main pillars of SSI, for enhanced privacy and security for the Internet at large and for the IoT in particular.