Recently, DSR Corporation’s CEO Anatoli Pechkov presented at the Hyperledger Forum on the topic of IoT Security & Self-Sovereign Identity (SSI). Anatoli focused on the challenges surrounding security in IoT, exciting developments in digital security and DSR experience in developing SSI solutions. Check out a summary of his presentation and watch our IoT security demo here: https://www.youtube.com/watch?v=82aAUVMuhHU
Challenges of IoT Security
Due to nature of IoT Devices, security requirements are more strict than other device types. IoT security requirements and protocols have are strictly regulated and enforced. These new measures include the EU’s General Data Protection Regulations and the California Consumer Privacy Act. Besides regulations, there are technical restrictions that must be adhered to, most IoT devices are resource-constrained so overhead data must be minimized. Methods of security must be focused on embedded software to accomplish this task.
Just as personal identity should be protected, so should your digital identity. A digital identity is a set of attributes related to an entity or device. For IoT to function, devices must be able to interact with each other in a trusted and verified manner, like how we use our physical IDs to interact with entities around us. However, there is no current standards of trust for digital identity.
Digital Identity Models
Current Digital Identity models have restrictions, primarily because they involve 3rd party verification which transfers device data to 3rd party. As standards evolve, so will security methods that must comply with them. During this evolution current models and infrastructure will become outdated. X.509 PKI is the classic and most widely used approach for digital identity in IoT solutions. Although it has been the chosen approach in the past, as requirements are updated, shortcomings have emerged. For instance, this model requires a significant amount of memory, so as solutions are scaled, prices rise dramatically. Also, non-essential data sent to the 3rd party during verification. A new model of security, Self-Sovereign Identity, addresses many of these problems.
SSI is lifetime portable identity that is fully controlled by that entity. SSI both authorizes and authenticates the identity of the device. SSI enables private, secure and verifiable digital relationships. SSI is built on a decentralized network or public blockchain and uses digital credentials which are verified using cryptography. Instead of 3rd party verification, trust is established on the public decentralized network because the credentials are immutable.
DSR SSI Services
DSR is currently involved in Self-Sovereign Identity through the Hyperledger Indy and Aries. DSR was a primary contributor to Hyperledger Indy, a ready-to-use Self-Sovereign Identity framework and platform, consisting of tools, libraries and components for providing independent digital identities rooted on a decentralized network. DSR is also a primary contributor to Hyperledger Aries, a set of interoperable specifications and RFCs, as well as multiple frameworks implementing these specifications.
About DSR Corporation
DSR Corporation (DSR) is a professional products and services software development firm headquartered in Denver, Colorado. DSR Corporation has been developing products in wireless technology since 2001, releasing cloud and Internet of Things (IoT) systems since 2006. DSR is the ultimate end-to-end IoT partner for many companies around the world and within different IoT verticals. DSR has delivered solutions in enabling wireless communications in products, embedded software for gateways and sensors, application integration layer, cloud backend, end-user apps (mobile and web), and general technology consulting with niche expertise. DSR is one of a handful of companies around the world that develops solutions covering the entire product spectrum - from the lowest level (hardware layer) to the top-level user apps. DSR is a big supporter of open standards and flexible development, making us technology and vendor agnostic because we understand that not all solutions fit all use cases and business models. We are able to do this because of our extensive experience in different areas and our commitment to quality, recognized by our work in the Japanese market.