Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Machine identity - DIDs and verifiable credentials for a secure, trustworthy and interoperable IoT - Mrinal Wadhwa

227 views

Published on

https://ssimeetup.org/machine-identity-dids-verifiable-credentials-trust-interoperability-iot-webinar-25-mrinal-wadhwa/
Mrinal Wadhwa, CTO of Ockam, will talk about how Decentralized Identifiers, Verifiable Credentials, and Decentralized Key Management enable highly secure and reliable systems of connected devices.

The promise of IoT has been a future where systems of connected machines would work together, using intelligent algorithms, to almost magically improve our lives; Systems in farms and factories that would intelligently sense and control physical processes to optimize yield and reduce waste, homes that would adapt for our comfort and safety, and resilient cities that would pollute less and smartly manage our limited resources. These are the autonomous systems that developers in the Internet of Things community are passionate about. We all want to build this magical future.

The status quo, however, is that most IoT solutions are incredibly difficult to secure and take too long to develop, provision, and integrate. This talk will show how several emerging open standards can be combined to create open developer tools that help you avoid the plumbing required to build trust between connected devices. It will also briefly touch on Ockam’s DID method for devices and their open source Go DID Parser.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Machine identity - DIDs and verifiable credentials for a secure, trustworthy and interoperable IoT - Mrinal Wadhwa

  1. 1. MACHINE IDENTITY Decentralized Identifiers & Verifiable Credentials for Trust & Interoperability in the Internet of Things Mrinal Wadhwa CTO @ Ockam @mrinal This presentation is released under a Creative Commons license. (CC BY-SA 4.0). SSIMeetup.org
  2. 2. 1. Empower global SSI communities 2. Open to everyone interested in SSI 3. All content is shared with CC BY SA SSIMeetup.org Alex Preukschat @SSIMeetup @AlexPreukschat Coordinating Node SSIMeetup.org https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup objectives
  3. 3. I’m passionate about building systems where connected machines come together with intelligent algorithms to improve our lives. AUTONOMOUS SYSTEMS This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  4. 4. PLUMBING But I spend most of my days doing what is best described as - digital plumbing. This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  5. 5. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. To illustrate, let’s think about how we may build this extremely simple autonomous system. This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  6. 6. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. How do we identify a person? How do we authenticate them? This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  7. 7. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. How do we know they entered? With a device? How do we identify the device? How do we authenticate the device? Can we trust it? This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  8. 8. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. How do we identify a room? Which people are authorized to change this room’s temperature? This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  9. 9. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. How do we change temperature? With a device? How do we identify the device? How do we authenticate the device? Can we trust it? This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  10. 10. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. What is room temperature? Is it called temp, temperature or T? Is it set in °C, °F or some other unit? This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  11. 11. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. How do we know their preferred temperature? Is it called temp, temperature or T? Is it set in °C, °F or some other unit? This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  12. 12. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. How do we identify a person? How do we authenticate them? How do we know they entered? With a device? How do we identify the device? How do we authenticate the device? Can we trust it? How do we identify a room? Which people are authorized to change this room’s temperature? How do we change temperature? With a device? How do we identify the device? How do we authenticate the device? Can we trust it? How do we know their preferred temperature? Is it called temp, temperature or T? Is it set in °C, °F or some other unit? What is room temperature? Is it called temp, temperature or T? Is it set in °C, °F or some other unit? This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  13. 13. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. This seems hard, surely someone else has already built it. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  14. 14. Found one with a quick google search, but it only works with Nest and IFFTT, our hardware is different :(. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  15. 15. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. 1000s of People Identity Systems Google, Facebook, Apple, Active Directory, Custom Apps etc. 1000s of phones, motion sensors, RFID reader etc. 100s of IoT platforms, proprietary systems etc. 100s of building management systems and custom apps etc. 1000s of HVAC systems, Thermostats etc. 1000s of custom apps. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  16. 16. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. Also, this problem statement isn’t general enough, we like to write reusable code. This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  17. 17. IF A SHIPMENT ENTERS A CONTAINER CHANGE CONTAINER TEMPERATURE TO IDEAL TEMPERATURE OF SHIPMENT. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  18. 18. IF AN ENTITY THAT HAS PREFERENCES, IS DETECTED AS HAVING ENTERED AN AREA THAT CAN APPLY PREFERENCES APPLY ALL ENTITY PREFERENCES THAT THE AREA CAN APPLY THAT THIS ENTITY IS AUTHORIZED TO APPLY TO THIS AREA. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  19. 19. PLUMBING Most IoT developers spend most of their time dealing with this complicated plumbing, the magic is rare. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  20. 20. SCALABILITY SECURITY PRIVACY TRUST RELIABILITY All this plumbing complexity manifests as weaknesses in other key architectural requirements. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  21. 21. BUILDING BLOCKS Decentralized Identifiers (DIDs) Knowledge Graphs Semantic, Linked Data Linked Data Signatures Linked Data Proofs Cryptography DID Documents Verifiable Claims/Credentials Authorization/Object CapabilitiesAuthentication Shared Schemas & Ontologies Blockchains This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  22. 22. SCHEME DECENTRALIZED IDENTIFIERS did:ockam:2QyqWz4xWB5o4Pr9G9fcZjXTE2ej5 METHOD METHOD SPECIFIC UNIQUE STRING This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  23. 23. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  24. 24. If you have a DID string, you can resolve it to its DID Document via its Method. We did not have this property of global uniqueness/resolvability across systems with older ID schemes. This breaks silos. GLOBALLY RESOLVABLE ACCESS CONTROL ALGORITHM did:ockam:2QyqWz4xWB5o4Pr9G9fcZjXTE2ej5 did:sov:2wJPyULfLLnYTEFYzByfUR Device Identity People Identity did:v1:nym:4jWHwNdrG9-6jd9.. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  25. 25. DID DOCUMENTS DID Documents are Linked Data documents that describe the DID, they contain the public keys of the DID, authentication methods, services etc… This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  26. 26. CRYPTOGRAPHICALLY PROVABLE If a device possess the corresponding private key, a device can cryptographically prove its identity. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  27. 27. DECENTRALIZED KEY MANAGEMENT DEVICE BACKEND Backend public Device secret Backend secret Device public Sensed Data, Acknowledgements etc. Control Instructions, Firmware & Configuration updates etc. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  28. 28. SERVICE DISCOVERY This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  29. 29. SEMANTIC & LINKED DATA The progress made by the open web community around Linked Data can be applied to IoT. This brings semantic meaning and relationships to IoT data … This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  30. 30. Instead of describing temperature as a key of my choosing “temperature”, “temp” or “T” … This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  31. 31. Let’s describe it with well defined semantics. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  32. 32. Now, two developers who have never met or coordinated can independently build a temperature sensor and a controller that can work with each other. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  33. 33. Now this data is about an entity (room) described by the above DID. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  34. 34. VERIFIABLE CLAIMS VALUESUBJECT PROPERTY SIGNED BY ISSUER This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  35. 35. TEMPERATURE VERIFIABLE CLAIMS 70ROOM SIGNED BY ISSUER This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  36. 36. VERIFIABLE CLAIMS This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  37. 37. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  38. 38. WEB OF TRUST CLAIM:BOM PLM System CLAIM:Audit Security Auditor REGISTERED CLAIM:Firmware-V1 Software Update Service did:ockam:2QyqWz4xWB5o4Pr9G9fcZjXTE2ej5 CLAIM:Firmware-V2 Software Update Service CLAIM:Deployed On boarding Service Key Rotated Device This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  39. 39. ○ Was the device made by a reputable manufacturer? ○ Does the device have hardware based cryptography and secure key storage? ○ Does the device have unique identity and cryptographic keys? ○ Has the device been audited by a security auditing firm? ○ Is there a signed audit proof? ○ Are there any known vulnerabilities for the device hardware/software? ○ Does the device produce signed data and signed firmware acknowledgements? ○ Does the device have the latest firmware? ○ Who installed the device? Who provisioned the device? etc. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  40. 40. TRUST ARCHITECTURE This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  41. 41. AUTHENTICATION This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  42. 42. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  43. 43. AUTHORIZATION This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  44. 44. https://github.com/ockam-network/ockam Decentralized Identifiers (DIDs) Knowledge Graphs Semantic, Linked Data Linked Data Signatures Linked Data Proofs Cryptography DID Documents Verifiable Claims/Credentials Authorization/Object CapabilitiesAuthentication Shared Schemas & Ontologies Blockchains Ockam is an open-source collection of tools that makes it simple to build connected solutions with these building blocks. This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  45. 45. Decentralized Identifiers (DIDs) Knowledge Graphs Semantic, Linked Data Linked Data Signatures Linked Data Proofs Cryptography DID Documents Verifiable Claims/Credentials Authorization/Object CapabilitiesAuthentication Shared Schemas & Ontologies Blockchains Hardware Key Storage & Cryptography Blockchains Light ClientsBattery Efficient Messaging & Transports Zero Knowledge Proofs Private InteractionsSecure Zero Touch Onboarding Bidirectional Signed/Encrypted DataSigned Firmware & Config Updates Service & Data format discovery https://github.com/ockam-network/ockam We’re also building open tools for several other related capabilities for IoT systems This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  46. 46. https://github.com/ockam-network/did We open sourced a Golang parser for DIDs, give it a try. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  47. 47. MACHINE IDENTITY Decentralized Identifiers & Verifiable Credentials for Trust & Interoperability in the Internet of Things Mrinal Wadhwa CTO @ Ockam @mrinal This presentation is released under a Creative Commons license. (CC BY-SA 4.0). SSIMeetup.org @ockam_io https://ockam.io
  48. 48. ● Robot by Vectors Market from the Noun Project ● pipes by Aleksandr Vector from the Noun Project ● valve by Ben Davis from the Noun Project Attributions for images used in this deck:

×