Holistic Privacy-Preserving Identity Management System for the Internet of Things

Hindawi Mobile Information Systems Volume 2017, Article ID 6384186, 20 pages https://doi.org/10.1155/2017/6384186 Research Article Holistic Privacy-Preserving Identity Management System for the Internet of Things Jorge Bernal Bernabe, Jose L. Hernandez-Ramos, and Antonio F. Skarmeta Gomez Departamento de Ingenieria de la Informacion y las Comunicaciones, University of Murcia, Murcia, Spain Correspondence should be addressed to Jorge Bernal Bernabe; Received 7 April 2017; Revised 26 June 2017; Accepted 5 July 2017; Published 8 August 2017 Academic Editor: Michele Ruta Copyright © 2017 Jorge Bernal Bernabe et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Security and privacy concerns are becoming an important barrier for large scale adoption and deployment of the Internet of Things. To address this issue, the identity management system defined herein provides a novel holistic and privacy-preserving solution aiming to cope with heterogeneous scenarios that requires both traditional online access control and authentication, along with claim-based approach for M2M (machine to machine) interactions required in IoT. It combines a cryptographic approach for claim-based authentication using the Idemix anonymous credential system, together with classic IdM mechanisms by relying on the FIWARE IdM (Keyrock). This symbiosis endows the IdM system with advanced features such as privacy-preserving, minimal disclosure, zero-knowledge proofs, unlikability, confidentiality, pseudonymity, strong authentication, user consent, and offline M2M transactions. The IdM system has been specially tailored for the Internet of Things bearing in mind the management of both users’ and smart objects’ identity. Moreover, the IdM system has been successfully implemented, deployed, and tested in the scope of SocIoTal European research project. 1. Introduction Nowadays, a plethora of embedded and mobile devices can be accessed ubiquitously in different scenarios, such as transport systems, critical infrastructures, or smart cities. In order to deal with these applications, the Internet of Things (IoT) [1] is based on the notion of global connectivity to generate, process, and exchange large amounts of sensitive and critical data, which makes them appealing for attackers. In IoT, billions of interconnected “things” distributed across remote areas serve as a baseline for providing innovative services, which can be accessed not only through the Cloud, but also in a Machine to Machine (M2M) fashion [2]. M2M is considered as a key aspect for a broad adoption of the IoT, since M2M enables a direct communication among such smart objects [3] in an autonomous way. In such a distributed and dynamic environment, devices and services are exposed to additional threats that can compromise their data and, ultimately, the personal and private identity of the involved end users. Consequently, there is a strong need for not only adapting identity management (IdM) mechanisms to deal with user’s identities, as it has been studied so far, but also allowing the management of smart objects’ identities. In this sense, smart objects should be autonomous and independent entities with their own attributes and identity management mechanisms, which will allow them to preserve its owner’s privacy during their operation. Traditional privacy-preserving identity management solutions allow end users to manage their personal data for accessing certain services, by providing user consent mechanisms. Indeed, minimizing the disclosure of Personally Identifiable Information (PII) [4] is a basic requirement to realize the Privacy by Design (PbD) notions [5]. However, in IoT, a huge amount of smart objects are enabled to interact with each other, so an explicit user consent for each interaction is not feasible, due to scalability reasons. Furthermore, such smart objects could lack user interface, and consequently, human interaction should be maintained at the minimum. Additionally, while technologies such as the Security Assertion Markup Language (SAML) or OpenID [6] allow a selective disclosure of PII, these approaches are based on the presence of a Trusted Third Party (TTP) that 2 needs to be queried during interaction between two entities or services, making the adoption of a real M2M approach difficult to be accomplished. In order to address the challenges arising from the extension of identity management to anything in our environment, this work proposes a holistic IdM system based on different emerging cryptographic technologies and approaches. In particular, the proposed IdM system follows a claims-based approach, which is built on top of the Identity Mixer (Idemix) technology [7] (from IBM) to provide additional means to deal with IoT scenarios where interacting entities can be smart objects, in addition to traditional computers. The proposed system endows users and smart objects with means to control and manage their private data, by defining partial identities, as a subset of identity attributes from their whole virtual identity. The use of partial identities aims to ensure a privacy-preserving solution with minimal disclosure of PII. Furthermore, unlike more traditional IdM approaches, the interaction between smart objects does not require an online TTP (typically an Identity Provider (IdP)), which is a valuable feature to foster the adoption of M2M approaches for the IoT. Moreover, the proposed solution relies on the Keyrock IdM system from the well-known FIWARE platform (https://www.fiware.org/). The main motivation to consider Keyrock is twofold: on the one hand, to support classic IdM operations and services, such as Single Sign-On (SSO) or Identity Federation, which are commonly used in Web or Cloud scenarios, where a claim-based approach is not required; on the other hand, Keyrock which is used as a repository of users and smart objects in which they are identified by using the System for Cross-domain Identity Management (SCIM) standard [8]. By this way, they are enabled to get Idemix credentials that are associated with SCIM identity attributes. Furthermore, in order to demonstrate the potential of the proposed IdM system, this has been used as a mechanism for obtaining cryptographic credentials in a privacy-preserving way. In particular, a smart object can make use of its Idemix credential to derive proofs, in order to disclose only a subset of its identity attributes. In this way, users or smart object are enabled to use these proofs, in order to obtain security credentials for accessing IoT services. On the one hand, this has been integrated with our Distributed Capability-Based Access Control (DCapBAC) approach [9], as a lightweight and distributed authorization model to be used in IoT environments. In this case, the identity attributes that are di (...truncated)