Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Secure Ownership Management and Transfer of Consumer Internet of Things Devices with Self-sovereign Identity

Nazmus Sakib, Md Yeasin Ali, Nuran Mubashshira Momo, Marzia Islam Mumu, Masum Al Nahid, Fairuz Rahaman Chowdhury, Md Sadek Ferdous

TL;DR

This work tackles secure, user-centric ownership management and transfer for consumer IoT devices by proposing a holistic Self-Sovereign Identity (SSI) based framework that leverages DIDs, verifiable credentials, and blockchain as a verifiable data registry. It defines threat models and requirements, presents a detailed architecture and a Proof-of-Concept implemented with Hyperledger Aries/Indy, ACA-Py, and a mobile wallet, and demonstrates end-to-end protocol flows for buying new devices and transferring ownership. The approach is formally validated with ProVerif, confirming secrecy and authenticity properties, and a focused performance analysis on mobile hardware shows acceptable resource usage for practical deployment. Overall, the paper offers a passwordless, privacy-preserving alternative to traditional ownership transfer mechanisms, with potential to influence ownership management across diverse IoT ecosystems, while acknowledging ecosystem-wide adoption challenges.

Abstract

The popularity of the Internet of Things (IoT) has driven its usage in our homes and industries over the past 10-12 years. However, there have been some major issues related to identity management and ownership transfer involving IoT devices, particularly for consumer IoT devices, e. g. smart appliances such as smart TVs, smart refrigerators, and so on. There have been a few attempts to address this issue; however, user-centric and effective ownership and identity management of IoT devices have not been very successful so far. Recently, blockchain technology has been used to address these issues with limited success. This article presents a Self-sovereign Identity (SSI) based system that facilitates a secure and user-centric ownership management and transfer of consumer IoT devices. The system leverages a number of emerging technologies, such as blockchain and decentralized identifiers (DID), verifiable credentials (VC), under the umbrella of SSI. We present the architecture of the system based on a threat model and requirement analysis, discuss the implementation of a Proof-of-Concept based on the proposed system and illustrate a number of use-cases with their detailed protocol flows. Furthermore, we analyse its security using ProVerif, a state-of-the art protocol verification tool and examine its performance.

Secure Ownership Management and Transfer of Consumer Internet of Things Devices with Self-sovereign Identity

TL;DR

This work tackles secure, user-centric ownership management and transfer for consumer IoT devices by proposing a holistic Self-Sovereign Identity (SSI) based framework that leverages DIDs, verifiable credentials, and blockchain as a verifiable data registry. It defines threat models and requirements, presents a detailed architecture and a Proof-of-Concept implemented with Hyperledger Aries/Indy, ACA-Py, and a mobile wallet, and demonstrates end-to-end protocol flows for buying new devices and transferring ownership. The approach is formally validated with ProVerif, confirming secrecy and authenticity properties, and a focused performance analysis on mobile hardware shows acceptable resource usage for practical deployment. Overall, the paper offers a passwordless, privacy-preserving alternative to traditional ownership transfer mechanisms, with potential to influence ownership management across diverse IoT ecosystems, while acknowledging ecosystem-wide adoption challenges.

Abstract

The popularity of the Internet of Things (IoT) has driven its usage in our homes and industries over the past 10-12 years. However, there have been some major issues related to identity management and ownership transfer involving IoT devices, particularly for consumer IoT devices, e. g. smart appliances such as smart TVs, smart refrigerators, and so on. There have been a few attempts to address this issue; however, user-centric and effective ownership and identity management of IoT devices have not been very successful so far. Recently, blockchain technology has been used to address these issues with limited success. This article presents a Self-sovereign Identity (SSI) based system that facilitates a secure and user-centric ownership management and transfer of consumer IoT devices. The system leverages a number of emerging technologies, such as blockchain and decentralized identifiers (DID), verifiable credentials (VC), under the umbrella of SSI. We present the architecture of the system based on a threat model and requirement analysis, discuss the implementation of a Proof-of-Concept based on the proposed system and illustrate a number of use-cases with their detailed protocol flows. Furthermore, we analyse its security using ProVerif, a state-of-the art protocol verification tool and examine its performance.
Paper Structure (29 sections, 10 figures, 8 tables, 2 algorithms)

This paper contains 29 sections, 10 figures, 8 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Background
  3. Consumer Internet of Things (IoT) Devices
  4. Blockchain
  5. Self-sovereign Identity (SSI)
  6. Literature Review
  7. Proposed System
  8. System Proposal
  9. Threat modelling
  10. Requirement Analysis
  11. Architecture
  12. Implementation
  13. Protocol Flow & Use-cases
  14. Data Model and Algorithms
  15. Use-case & Protocol flow
  16. ...and 14 more sections

Figures (10)

  • Figure 1: SSI entities and their relations preukschat2021self.
  • Figure 2: Architecture of the proposed system
  • Figure 3: Receiving, Reviewing and Accepting VC issued by $MF$
  • Figure 4: Connection establishment, TID and PIN exchanging between $S_1$ and $B_2$(where $S_1=B_1$).
  • Figure 5: Exchanging product ownership claim data
  • ...and 5 more figures