Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNIT No: IV IDENTITY MANAGEMENT MODELS IN IoT

Published byMyron Dean Modified over 5 years ago

Similar presentations

Presentation on theme: "UNIT No: IV IDENTITY MANAGEMENT MODELS IN IoT"— Presentation transcript:

1 UNIT No: IV IDENTITY MANAGEMENT MODELS IN IoT
Pune Vidyarthi Griha’s College of Engineering, Nashik Department of Information Technology UNIT No: IV IDENTITY MANAGEMENT MODELS IN IoT Presented By Prof. S.N.Bhadane

2 Identity Management Identity management is a combination of processes and technologies to manage and secure access to information and resources. IdM is oriented towards identity of either devices or user but in IoT mapping between the device identity and context identity is required. The main purpose of identifier is to uniquely identify things, objects or devices.

3 Ways to construct identifiers
Using Random Data Hierarchical identifiers encoded identifiers (eg: timestamp) Cryptographic identifiers (eg:Hash) Hybrid identifiers

4 Identity Management Current IdM solutions are mainly concerned with identities that are used by end users, and services identify themselves in the networked world (eg: OpenID). These solutions provide user attributes & authentication as a service to relying parties. It is complex & dynamically developing area due to its importance in online communities. Main IdM solution focuses on definition of Idm lifecycle, definition of

5 Identity Management service integration with identity providers, establishment of SSO mechanism to define identity federation & exchange of authentication information & attributes wrt end users and services. Internet players and Telco industry have been developing their IdM solutions in different paths to address different needs. In internet focus is more on providing solution for the end users to access the service In Telco world focus is more on identifiers, authentication since deciding which entity is allowed to connect to network is very important. Convergence in Internet/telco are merging these paths. Eg:European projects like FIDELITY,SWIFT,SPICE.

6 Identifier format for things

7 Identifier format for things
Nomadic devices can join to public or private IoT. Need to assign ownership to these devices Should provide an easier way to identify whether the thing is RFID tag, sensor node, or PDA. This format for devices should have association with different attributes and these attributes are based on namespace in which these devices are used. ORI - Object or Resource Identifier

8 Identifier format for things
Object type - differentiate between types of object it is representing. This field is linked to CID field of identifier format. Global Namespace - used to indicate global ownership or interface and is useful in mobility of the device. Local Namespace - decide current status of the device UID - unique identifier for device or thing.

9 Identity Portrayal Identity portrayal is done through following phases- Substance Content Use

10 Identity Portrayal Substance : Identity is established i.e authenticated through identifier In this phase credentialism and associated process of credentialism is considered. Credentialization consists of authentication,identification and assignment. Authentication is done by identifiers for identity establishment. Identification is done based on the identity attributes. Content: Identification and communication This phase deals with how identity relates with communication. Use: Appropriate identity is used in various context of IoT. Explains how identity is expected to perform and how other objects perform towards a specific object.

11 Different Identity Management Models
Need to derive taxonomy of different identity models depending upon scope of an identity as well as the local and global context in which an identity is used and represented. IoT devices/objects can have knowledge of other IoT devices/objects which can be identified. The scope and lifetime of these things and identities vary from context to context.

12 Different Identity Management Models
Identity of an IoT object will be context aware and can be known locally, across the ubiquitous network or globally. Also IoT objects/devices can also be associated with multiple digital identities (virtual identities). There is a need that these devices should be uniquely and unambiguously identified in multi context IoT. Each object is uniquely identified by a set of attributes.

13 Different Identity Management Models
Local Identity Network Identity Federated Identity Global Identity

14 Local Identity In centralized architecture like smart home or client server paradigm, identity is local in nature. In centralized computing, a host system maintains and manages local database of identities. In IoT context smart home is an example of centralized computing where all devices in smart home are registered in a local database and if external device or entity wishes to join the system, it is first required to acquire an identity from server and entry is to be made in registry.

15 Local Identity The system also checks for duplication of identity being issued in order to maintain uniqueness. In centralized computing, addition,deletion of identities is simple and independent of other operations. As shown in figure, a central object registry is maintained for all the terminals or devices connected to it. As in case of smart home, all devices in one context are registered with one central database and can be shared across the system.

16 Local Identity

17 Advantages of Local Identity
Simplicity : As one central entity is responsible for issuing and registering identity, manageability become easy. Generally flat addressing or naming mechanism is adopted in local identity model and identity establishment process depends on the credentials provided by the objects Theses credentials are then compared with the similar detail stored in object registry/database. Local scope of identity and flat addressing makes it simple.

18 Advantages of Local Identity
Manageability As the central entity is responsible for assigning an identity, object registry can assign and store identities based on its capacity. But with increasing number of objects in scalable IoT networks, performance becomes bottleneck. Flat Addressing: As the scope of identity in local identity is local, flat addressing is useful for such systems but it results into name collisions.

19 Disadvantages of Local IdM
Decision and action are more time consuming Increased dependency and vulnerability Greater number of objects that rely on one central registry causes problem of single point of failure. More delay in response towards identity assignment and establishment as one central system is responsible for it. Secrecy is hard to maintain as identities are stored at one central location.

20

21

22

23

24

25 Federated Identity Management Model
Identity federation is known within the web security world and refers to management of a network/web objects identity across different domains. The main reason of enabling federation in network/web environment is that the work flow of system often requires an object for which identity is established in one domain to be established in other domain as well. Identity in the web based system refers to a users identity while in IoT, identity refers to a device or “thing”. Hence the interaction of identities in IoT is in the form of device to device communication.

26 Federated Identity Management Model
n example of federated ioT network is shown in fig.

27 Federated Identity Management Model
Three IoT domains are considered i.e private user, retail shop and goods producer network and two IoT federated networks are considered. There are different ways of accomplishing federated identity. In federated networks, devices undergo single registration process. If the registration is performed more than once, then redundancy of the profiles is to be avoided.

28 Different federation topologies
Local Profiling Distributed profiling Third party profiling

29 Local Profiling All devices are registered with the IdM infrastructure of the local networks. Profiles of these devices are entirely managed by local network and local identity management model is used for local profiling. Eg- Smart home scenario.

30 Distributed Profiling
In this scheme, devices complete the registration process with the home IdM infrastructure and when needed new profiles of the same devices can be created in new network. These profiles will be specific to new network due to need of new attributes. Hence the profiles become distributed across multiple networks and attribute synchronization need needs to be taken care.

31 Third party profiling In this scheme, the trusted third party within established federation is involved for creating and managing profiles. This reduces the load from member networks from the registration. Trust management is an important issue to be taken care in third party profiling. Advantage of this scheme is that it is scalable in nature and more and more IoT networks can be connected to trusted third party.

32 Global Web Identity With the emergence of WWW and popularity of online social networks, global identity is a need today. Web identity is uniquely identified throughout WWW and it is identifiable via URI(Universal resource identifier). Due to increasing number of users on WWW and online social network, it is important to keep unique identity of users as well as services. In context of IoT networks, web identity is ubiquitous in nature and web identity information should be capable of uniquely resolving various IoT networks

33 Identity Management in IoT
DEscribes how users interact with devices as well as devices interact with other devices. Users interact with their devices and consume services in Iot through verified identity. IoT users are able to discover and use devices that are public add things temporarily to their personal space, share their devices with others and devices that are public can be part of the personal space of multiple users at the same time. Secure interaction in and with Iot, secure data management and exchange, authentication, distributed access control and IdM of the devices are the main challenges.

34 User centric Identity Management
In user centric IdM models, full control is with the end user over his/her personal data. Eg: OpenID OpenId consists of 4 layers Identifiers Discovery Authentication Data Transport

35 User centric Identity Management
The process to be completed involves three different entities The end-users Relying party Identity provider OPenId allows relying party to redirect the client to the identity provider for authentication at identity provider site thus violating user control. The second problem with openID is that the URL that is used to identify the subject is recyclable. Since OpenID permiots URL based identification, it brings the issue of privacy.

36 Device centric identity management
Eg: Higgins is a software infrastructure that supports consistent user experience that works with digital identity protocols Eg: WS-Trust, OpenID. Main objective of Higgins project is to manage multiple contexts, interoperability, define common interface for an identity system. The HIggins framework does not provide support for quantitative measure identity strength and lacks the fulfillment of defining strength of identity.\ Issue with security

37 Hybrid Identity management
DEals with hybrid identities like user as well as device identities. In cloud computing, IdM is a hybrid cloud needed to deal with identities of both user and devices/services. Eg: Liberty Alliance project is a federated solution for guaranteeing interoperability, supporting privacy, promoting adoption for specifications and provides guidelines. It is a framework in which domains that belong to a federation may exchange identity information about their users and devices using federated identities

38 Thank You

Download ppt "UNIT No: IV IDENTITY MANAGEMENT MODELS IN IoT"

Similar presentations

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar(96608205043) C.Karthik(96608205022) H.Sheik mohideen(96608205046) S.Lakshmi rajan(96608205023)

Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar( ) C.Karthik( ) H.Sheik mohideen( ) S.Lakshmi rajan( )
8.

8.
Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.

Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.
Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.

LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
B2C Extended Packaging Bar Code Standard

B2C Extended Packaging Bar Code Standard
Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.

Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.
Distributed systems – Part 2  Bluetooth 4 Anila Mjeda.

Distributed systems – Part 2  Bluetooth 4 Anila Mjeda.
Linked-data and the Internet of Things Payam Barnaghi Centre for Communication Systems Research University of Surrey March 2012.

Linked-data and the Internet of Things Payam Barnaghi Centre for Communication Systems Research University of Surrey March 2012.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
9 Systems Analysis and Design in a Changing World, Fourth Edition.

9 Systems Analysis and Design in a Changing World, Fourth Edition.
Internet of Things. IoT Novel paradigm – Rapidly gaining ground in the wireless scenario Basic idea – Pervasive presence around us a variety of things.

Internet of Things. IoT Novel paradigm – Rapidly gaining ground in the wireless scenario Basic idea – Pervasive presence around us a variety of things.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
DOCUMENT #:GSC15-PLEN-27 FOR:Presentation SOURCE:ETSI AGENDA ITEM:PLEN 6.4 CONTACT(S): Amardeo Sarma, ISG INS Chair Identity & Access Management activities.

DOCUMENT #:GSC15-PLEN-27 FOR:Presentation SOURCE:ETSI AGENDA ITEM:PLEN 6.4 CONTACT(S): Amardeo Sarma, ISG INS Chair Identity & Access Management activities.
Virtual Local Area Networks In Security By Mark Reed.

Virtual Local Area Networks In Security By Mark Reed.
The FederID project The First Identity Management and Federation Free Software.

The FederID project The First Identity Management and Federation Free Software.

Similar presentations

Ads by Google