Secure brokering of digital identities
Secure digital identities are critical to achieving trust in our increasingly connected world – both for sending and receiving information but also to manage the devices. As the number of mobile devices enters the billions, we can no longer manage devices the way we do today, with a lot of manual intervention required.
In this post, we examine digital identities and offer a glimpse into how an Ericsson Research solution dynamically controlled access to WiFi networks by combining traditional identity management for SIM cards with blockchain-based management of device identities.
The first step towards enabling the Internet of Things is the provision of secure digital identities for devices; the second is to facilitate connectivity. In our previous blog post, Secure IoT Identities, we discussed secure digital identities in the IoT and described how this is managed at the device level. Here, we look at how to organize the use of identities to facilitate connectivity.
Establishing trust relationships
Many of us will be familiar with the struggle to get access to WiFi networks or to switch mobile network operator just in case roaming plans are too expensive. While it is fair for a WiFi or operator to ask for some form of identification (meaning we need to register), it can be questioned if we really need a brand-new credential for each network, just as most people are not asked to obtain an additional or change their passport each time they are about to enter a foreign country.
Providing the credential is deemed secure enough, it should be possible to reuse it across many different service providers instead of creating and managing a new credential for each service provider. The only thing that each service provider must do is establish a trust relationship that links the customer to the credential that he or she wants to use and the service providers accepts.
The use of identities is governed by the relationship the service providers establish with the identities. So, how can we go beyond existing approaches?
We at Ericsson Research have developed a concept called ID Brokering, which takes a somewhat different approach on how digital identities can be organized and used. In our concept, we primarily focus on entities that are devices or services running a compute engine. However, the concept could also cover humans and their identities as well.
A fundamental question remains: what are digital identities?
What are digital identities?
Digital identities are identities that are suitable for interaction among or with machines in contrast to those primarily intended for interaction with humans, such as ID papers and cards. There is no strict border between the two but the distinction helps explain why certain types of identities are not currently in our interest.
Technically, the identity is a description of the link expressing the relation between an identifier (such as a name) and a credential (like a Facebook password) in a context (in this case, Facebook).
The nature of a digital identity: an issued link between an identifier and a credential that can be used to proof possession of the identity.
The ISO/IEC 24760-1 specification defines a (digital) identity as “attributes describing an entity”. The attributes here being information associated with the link. The relation this link expresses could also be expressed as illustrated above.
The creation of the link between a credential and an identifier is usually called the ‘issuance of the identity’ and occurs in a context of use. Beside the security of the credential technology, it is the issuance process that is fundamental to the security of the identity. For example, if an issuer does not thoroughly check the association between the credential and the user during the issuance of mobile bank ID, it would be impossible to trust the system.
To summarize, a digital identity consists of:
- an identifier,
- a credential,
- an identifiable issuer who issued an id-link that links the identifier to the credential and
- the id link that can be verified to originate from the issuer.
Below, we show how in a schematic way identity A refers to its credential to issue a singed ID-link to create identity ‘B’:
A schematic view of identity B being created by A using its identity to issue a link for B.
The credential must be secure as it forms the artefact that only the legitimate user should be able to utilize. For example, if the artefact is a device that holds an extractable key it has poor security and the identity will not be considered trustworthy.
In the past, we have seen a keen interest shown in technical solutions for credential technologies and less effort has gone to address how we can deal with the trust relations that underpin the identities more efficiently. Often, this aspect is unfortunately left to so-called ‘out-of-band’ procedures. A real-world example involves the sending of new credit cards and their associated PIN numbers in two packages. This is done in the hope that the separation creates a sufficiently secure procedure. For the digital world, we strive to automate the handling of trust relations from the start to avoid having to rely on such measures and being able to scale the number of identities that we need to handle.
In our approach, we express the trust in identities via a ledger that is trusted among its participants. The ledger applies very simple rules for its operation and does not discriminate participants.
Self-sovereignty in identity creation
The notion of having an identity that can be used for many services is present in federated identity solutions, such as Facebook and Google accounts and the Swedish BankID used to identify citizens when interacting with banks or governmental services. These solutions are useful to people but for the IoT we need something more. We need a solution that gives entities – individuals or organizations – the ability to establish digital identities not only for people but also for devices and services. We need efficient management of these identities and we want them to be created in a self-sovereign manner.
Self-sovereignty in this context means it is possible for each entity to setup identities at their own discretion, with custom rules, in contrast to systems like a Public Key Infrastructure (PKI), where the creation and management of identities are heavily restricted by the associated Certificate Authority (CA). The lack of self-sovereignty is one of the reasons why there are so many PKIs in operation: only the CAs get to decide the rules of the game. Below, you will see how two entities, “1” and “A”, establish two independent constellations of identities in a self-sovereign manner. Observe that 1 and A have themselves as issuer. This resembles the notion of self-signed keys in a PKI.
Entities 1 and A initiate the creation of their own (self-sovereign) constellations of identities.
Identities, blockchains and domains
The fundamental characteristics of blockchain include the ability to provide a trustworthy open ledger of transactions. This means that data related to transactions are recorded sequentially in an immutable way, which enables any user to verify the data correctness against the ledger. The ledger works under well-defined rules, and a large set of decentralized Worker nodes ensure that the rules of the ledgers are adhered to even if parts of the network would be inaccessible or malfunction.
As such the ledger is a perfect instrument for identity issuers to register digital identities, and for service providers to check if the identity is trustworthy. To achieve self-sovereignty, the blockchain ‘address space’ can be subdivided into stand-alone domains which correspond to the constellations of identities in the illustration above. Companies and individuals are free to create their own domains, and ad-hoc trust relations between domains and their members can be created and removed using standard transactions in the blockchain, see below:
Issuers register their issued ID-links into the ledger.
Ericsson Research demonstrated at Mobile World Congress 2017 how this concept can be used to control access rights to WiFi access points. We used a blockchain as the underlying technology modelled different security domains on top, added digital identities to the domains and assigned digital identities to devices using the procedures and lifecycle described in our previous post. The WiFi access points were modified to not look for a specific password; but instead to validate the digital identity of the device using the information available in the blockchain.
The result? WiFi connectivity granted to devices based on their own unified credentials, the ability to grant and revoke access to specific devices dynamically and a concept designed to work at a scale required for the Internet of Things.