Safeguarding COVID-19 Vaccines with SSI - Part 3

Identity Management: Cornerstone to Confidential Communication

frankk

Frank Kottler

Analyst @CHAINSTEP GmbH

All these approaches do not solve two challenges yet: the configuration effort required to setup device APIs and communication protocols, and the question of how to securely identify and authenticate the devices. The former mostly depends on the level of API or messaging protocol standardization, while the latter depends on the cryptography methods employed in the network. In our case, Dylan looks into pre-shared keys, a public-key infrastructure, and self-sovereign identity.

Legacy and Current Solutions

With pre-shared keys (PSK), devices come with a unique identifier, in the best case hard-coded on a secure module on the device. The controller shares a symmetric key with which both parties encrypt their communication. If the devices need to be identified by non-tamper-evident identifiers like a MAC address, attackers could spoof a device’s identity during provisioning. For this reason, integrity can only be ensured if the initial key sharing receives extra safeguarding. After provisioning, the device can prove its identity (authenticate itself) by the fact that it knows the unique symmetric key. However, a device cannot be authenticated if it comes from another ecosystem and has not been provisioned yet. Communication can be considered confidential if Dylan can trust the manufacturer that the device identifier is truly unique. However, the system does not scale easily as each new device must initially be provisioned for the network.

A widespread and more secure alternative is public-key (asymmetric) cryptography. Trusted authorities issue certificates to the devices, guaranteeing the device’s identity and integrity. The device can easily authenticate itself by proving it has the matching private key to its certificate. Confidential communication can be established based on the existing key pairs. In this way, devices from another ecosystem can also securely join a network. All of this requires a network to trust the certificate authorities – something that has already been exploited in the past. An alternative would be to act as your own authority, self-sign device certificates and include trusted business partners in your list of trusted certificate authorities. This, however, would require VirGo to operate their own public-key infrastructure (PKI) including a certificate authority, registration authority, central directory incl. revocation registry, a certificate management system and a certificate policy, placing new burdens on scalability and manageability.

Future solutions

Instead of a PKI, the infrastructure for providing an identity to devices and users can also be decentralized. Recent developments in blockchain technology have brought self-sovereign identity (SSI) standards to life: each identity holder (humans, machines, devices, organizations, …) receives a wallet with an address. Let’s call the wallet address a decentralized identifier (DID). Together with a set of public keys and some technical nitty-gritty, the DID can be signed by the corresponding private key and published[1]. For immutability and the audit trail, it can even be anchored on a blockchain. Because of asymmetric cryptography, a DID makes it extremely easy to prove its ownership, simply by replying to an authentication challenge encrypted with the DID’s public key. So far, so good, but no advantage over PKIs yet. The beauty kicks in once we realize that with such a high-level standard, authorities can be trusted on a more granular level, and trust can be issued and revoked in a more lightweight fashion.

[1] For a more detailed explanation of SSI, see our colleague Hartmut’s Primer on SSI.

Expansion scenario #3:
Supply chain integration

After a rocky start, the vaccination campaign has become a huge success. Supply has soared, and now the government wants to extend supply to community vaccination sites and general practitioners. For this, they need to partner with last-mile warehouses under a different ownership. Sometimes, VirGo needs to deliver directly from their main hub to the vaccination site. Is VirGo equipped for a secure hand-off to any government-appointed storage facility? Can permissioned tracking be expanded so that all new players can easily be onboarded to the tracking system?

Exhibit 6. IoT challenges in supply chain integration.

To tackle the challenge in Exhibit 7, a vaccination site would give access to VirGo’s truck based on its DID only if it presents a proof of content underwritten by VirGo. The site can then query VirGo directly if the proof of content is still valid. This will even work for driverless trucks. However, if the government had meanwhile discovered security issues at the vaccination site, it could simply overrule access authorization for the truck to safeguard the delivery. Compared to a PKI, nobody needs to maintain a revocation registry. Once the truck has delivered the vaccines, access authorization can just be canceled. VirGo, on the other hand, can give permissioned location tracking access to any device that presents government authorization, no matter who actually owns the device. They can also outsource hardware security audits to a trusted partner and do not need to rely on a device’s factory-preset certificate. Instead, its security status can be underwritten by one or multiple partners of their choosing.

Granted: All of these examples could also somehow be realized with a PKI. However, the SSI framework thinks in terms of identity and credential standards. Ultimately, it still relies on a trust cascade, but it becomes more adaptive and distributed. In this sense, it functions as a generalization of a PKI, basically a “system of systems”. Every permission can be atomically adjusted for each device; interoperability can be ensured by verifiable credentials: if VirGo admits only those devices to the network that can handle network-specific security requests (in the form of verifiable credentials), VirGo knows that the devices have been configured to work with this network. If trust level changes for certain applications, or security issues are detected in certain ecosystem, VirGo can simply invalidate the credentials pertaining to the issue, without much overhead. Thanks to its peer-to-peer nature and the ease of granular access management, SSI scores higher on confidentiality and scalability compared to a PKI.

From Dylan’s and our nerdy engineer’s point of view, this paradigm of identity-based security is also very exciting as it aligns neatly with the trend of increasingly systemic and holistic enterprise-grade cybersecurity management. After the ISO 27001 standard, the Cybersecurity Maturity Model Certification newly established by the US-American Department of Defense, is becoming an increasingly mandated quasi-standard of best practices in high-security IT environments.

The credentials and permissions given through SSI can also, but do not necessarily need to be stored on a blockchain. As discussed before, benefits can be found mainly in creating an indisputable audit trail for all ecosystem participants, if this is an important pillar of your IoT application. Dylan sums up the analysis (see Exhibit 7) and is excited to have discovered SSI – especially as it allows them to offer even new and better service to the customers! Yet they wonder: If SSI solves so many problems, why is still so rarely utilized?

Back to Reality: Where we are now

The alert reader has already noticed some inconsistencies: a high-tech government that wants to integrate with a company’s IoT system. A network administrator who is diligently reassessing their security architecture because of a single contract. Infant technologies like blockchain and SSI for network security. Have we at CHAINSTEP ultimately lost our minds?

Spoiler alert: We haven’t. Indeed, SSI is an exciting architecture for identity-based access management, but for Martin Maurer, Head of Blockchain & SSI at CHAINSTEP, “technological maturity is definitely the greatest barrier to such a security-relevant application.” Security challenges in IoT currently arise on a more fundamental level. Till Witt, Managing Director R&D, points out that, “IoT device security has been neglected for too long. This forces manufacturers and administrators to focus on enhancing resilience and contingency planning for the event of a security failure.”

We have pointed out that more centralistic access management systems can play out their strengths in a fully-controllable ecosystem. Still, we do see how SSI- and blockchain-based access management can provide enhanced security for capable devices. Additionally, we have seen that these security enhancements can provide for deep business model innovation. Being able to dynamically integrate devices from various ecosystems is an important building block for the Fourth Industrial Revolution/Industry 4.0. SSI provides a framework so versatile that it alleviates the creation of interoperable, secure and low-overhead communication standards in a business ecosystem. The three expansion cases we have presented in this Deep Dive are just touching the surface of service differentiation. If you are a value pioneer in an IoT environment, the question of how to enable ecosystem expansion is likely highly relevant to you. Depending on your internal and external setup, SSI might be one building block of the solution. No matter if you are hunting for an edge in a production environment or radically disrupting business value in a sandbox: we believe IoT network security and business model go hand in hand – and the right architecture and identity management system enhance both. Still, what is “right” depends on your individual case – and our team of experts is happy to support you in making this complex decision.

Want to learn more about IoT network security and its potential for value innovation in your business? Our experts are excited to explore your setup and opportunities together!

Sign up for industry trends.

You want to stay in touch with current blockchain industry trends outside cryptocurrency?

Sign up for the CHAINSTEP newsletter and receive valueble insights and news direclty into your inbox.