Modeling Identity for the Internet of Things: Survey, Classification and Trends

Abstract

With the rapid growth of the Internet of Things (IoT) and smart objects, security becomes an important factor when deploying an IoT system. Factors e.g. the scale of such systems, the diverse range of devices and communication mediums employed, the dynamic and temporary nature of interactions, and the dynamic characteristics of services and applications in the IoT, mean that it is difficult to ensure that only the authenticated and authorized entities can access the appropriate resources. It is difficult to predict, in advance, which entities will interact and require access to services and to precisely identify the exact services to which they will seek access. This raises important questions concerning the nature of identity and identity management for the IoT. There exist many approaches to digital identity and digital identity management, however examination of these questions in the context of the IoT is still in its infancy. Fundamentally, the formal model of IoT identity covering all its aspects is still lacking. In this paper, we provide a survey on identity for the IoT. We outline the foundations for building a formal model of IoT identity based on attributes. We also use the model to demonstrate its feasibility using different use-case scenarios. Our study shows that it is feasible to incorporate such an identity model to achieve both fine-grained and flexible system design in large-scale IoT systems.