Authentication, Authorization, and Selective Disclosure for IoT data sharing using Verifiable Credentials and Zero-Knowledge Proofs

N. Fotiou, Iakovos Pittaras, Spiros Chadoulos, V. Siris, G.C. Polyzos, Nikolaos Ipiotis, Stratos Keranidis
{"title":"Authentication, Authorization, and Selective Disclosure for IoT data sharing using Verifiable Credentials and Zero-Knowledge Proofs","authors":"N. Fotiou, Iakovos Pittaras, Spiros Chadoulos, V. Siris, G.C. Polyzos, Nikolaos Ipiotis, Stratos Keranidis","doi":"10.48550/arXiv.2209.00586","DOIUrl":null,"url":null,"abstract":"As IoT becomes omnipresent vast amounts of data are generated, which can be used for building innovative applications. However,interoperability issues and security concerns, prevent harvesting the full potentials of these data. In this paper we consider the use case of data generated by smart buildings. Buildings are becoming ever\"smarter\"by integrating IoT devices that improve comfort through sensing and automation. However, these devices and their data are usually siloed in specific applications or manufacturers, even though they can be valuable for various interested stakeholders who provide different types of\"over the top\"services, e.g., energy management. Most data sharing techniques follow an\"all or nothing\"approach, creating significant security and privacy threats, when even partially revealed, privacy-preserving, data subsets can fuel innovative applications. With these in mind we develop a platform that enables controlled, privacy-preserving sharing of data items. Our system innovates in two directions: Firstly, it provides a framework for allowing discovery and selective disclosure of IoT data without violating their integrity. Secondly, it provides a user-friendly, intuitive mechanisms allowing efficient, fine-grained access control over the shared data. Our solution leverages recent advances in the areas of Self-Sovereign Identities, Verifiable Credentials, and Zero-Knowledge Proofs, and it integrates them in a platform that combines the industry-standard authorization framework OAuth 2.0 and the Web of Things specifications.","PeriodicalId":390980,"journal":{"name":"International Workshop Emerging Technologies for Authorization and Authentication","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Workshop Emerging Technologies for Authorization and Authentication","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.48550/arXiv.2209.00586","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

As IoT becomes omnipresent vast amounts of data are generated, which can be used for building innovative applications. However,interoperability issues and security concerns, prevent harvesting the full potentials of these data. In this paper we consider the use case of data generated by smart buildings. Buildings are becoming ever"smarter"by integrating IoT devices that improve comfort through sensing and automation. However, these devices and their data are usually siloed in specific applications or manufacturers, even though they can be valuable for various interested stakeholders who provide different types of"over the top"services, e.g., energy management. Most data sharing techniques follow an"all or nothing"approach, creating significant security and privacy threats, when even partially revealed, privacy-preserving, data subsets can fuel innovative applications. With these in mind we develop a platform that enables controlled, privacy-preserving sharing of data items. Our system innovates in two directions: Firstly, it provides a framework for allowing discovery and selective disclosure of IoT data without violating their integrity. Secondly, it provides a user-friendly, intuitive mechanisms allowing efficient, fine-grained access control over the shared data. Our solution leverages recent advances in the areas of Self-Sovereign Identities, Verifiable Credentials, and Zero-Knowledge Proofs, and it integrates them in a platform that combines the industry-standard authorization framework OAuth 2.0 and the Web of Things specifications.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
使用可验证凭证和零知识证明的物联网数据共享的身份验证,授权和选择性披露
随着物联网变得无处不在,产生了大量数据,这些数据可用于构建创新应用程序。然而,互操作性问题和安全性问题阻碍了这些数据的充分利用。在本文中,我们考虑了智能建筑产生的数据的用例。通过集成物联网设备,通过传感和自动化提高舒适度,建筑物正变得越来越“智能”。然而,这些设备及其数据通常被隔离在特定的应用程序或制造商中,尽管它们对于提供不同类型的“顶级”服务(例如,能源管理)的各种感兴趣的利益相关者可能很有价值。大多数数据共享技术都遵循“要么全有,要么全无”的方法,这造成了严重的安全和隐私威胁,即使是部分披露、保护隐私的数据子集也可以推动创新应用程序。考虑到这些,我们开发了一个平台,可以实现受控的、保护隐私的数据项共享。我们的系统在两个方向上进行了创新:首先,它提供了一个框架,允许在不违反其完整性的情况下发现和选择性披露物联网数据。其次,它提供了一种用户友好、直观的机制,允许对共享数据进行高效、细粒度的访问控制。我们的解决方案利用了自主身份、可验证凭证和零知识证明领域的最新进展,并将它们集成在一个平台中,该平台结合了行业标准授权框架OAuth 2.0和物联网规范。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Linking Contexts from Distinct Data Sources in Zero Trust Federation Authentication, Authorization, and Selective Disclosure for IoT data sharing using Verifiable Credentials and Zero-Knowledge Proofs An Interface between Legacy and Modern Mobile Devices for Digital Identity Handling Meta Attribute Information in Usage Control Policies (Short Paper) Protecting FIDO Extensions Against Man-in-the-Middle Attacks
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1