The Internet of Things & Identity in the Future Internet

Edoardo CaliaIstituto Superiore Mario Boella

Torino, Italy

The phrase 'Internet of Things' has been coined by members of the RFID development community at the end of 1990's to refer to the possibility of discovering information about a tagged object by browsing an Internet address or database entry that corresponds to a particular RFID

Internet of Things

CORDIS website, http://cordis.europa.eu/fp7/ict/enet/

Internet of Things

Today, the Internet of Things refers to the general idea of things, including everyday objects, which are readable, recognisable, locatable, addressable and/or controllable via the Internet. Communications in the Internet of Things can be 'thing-to-person' or 'thing-to-thing' communications

CORDIS website, http://cordis.europa.eu/fp7/ict/enet/

IoT and the Future Internet Architecture

The term Internet of Things makes us think about something limited to the edge of the network, where objects tend to become “smart” and able to generate and receive information

This phenomenon has strong implications on the whole architecture of the Internet, including the whole organization of the “core” of the Internet and the communication paradigms

Future Internet

• At the edge of the network, the most noticeable evolution is represented by the Internet of Things

• From the data exchange (network) point of view, objects are “non traditional users”: they implement communication patterns different from those around which the traditional Internet has been designed

• At the core, the trend represented by cloud computing, which is not related to the IoT, offers a good answer to the new requirements

Future Internet Edge

Smart objects and embedded systems: Small and numerous,

long-lasting battery life,able to communicate

able to understand the context(wireless),

Future Internet: Edge

Technological requirements:• Electronics miniaturization• Low power design• Low power communication technologies

(short range, low bit rate)• Advanced battery systems and energy

scavenging• Need for a gateway device to connect the

objects crowd to the Internet

Future Internet: Network

The original communication paradigm of the Internet could be satisfied by an asymmetric communication pattern:

a small request was issuedamount of data

to receive a large

The original communication paradigm of the Internet could be satisfied by an asymmetric communication pattern:

Future Internet: Network

Object communications (may) have different patterns:• Symmetric bandwidth requirements (data is

also generated at the edge)• Data sessions are more regular in time

(humans tend to be online in “sessions”)• Sometimes less bandwidth is required, even

if this depends on the applications• Real time or semi-real time requirements

Future Internet: the Core

The increasing amount of data made available by the pervasive distribution of intelligence in the ambient(s) requires a safe and reliable data managementThe trend towards cloud computing represents a good answer to this requirement:

• Data centers are managed by dedicated companies• Little infrastructure is required at the user’s premises

(users can concentrate on using the data instead of storing and managing, and almost no system management skills are required )

A more connected architecture

Today: data centers, the network and user devices are quite separate portions of the Internet, and can evolve almost independentlyTomorrow: with more embedded intelligence at the edge and more sophisticated architectures at the core (such as virtualization), a closer interaction is required between the core and the network, as well as between the user devices and the other components

The Future Internet (FI)

Most data in the cloud, lighter and portable user devices, a lot of smart objects around us, so easy to use that they become “invisible”, implementing the “disappearing computing” foreseen by Mark Weiser in the early ‘90s:The most profound technologies are those that disappear. They weave themselves into the fabric of everyday life until they are indistinguishable from itMark Weiser, “The Computer for the Twenty-First Century” (Scientific American, 1991, pp. 66–75

Managing Identity in the FI

In a world where everything is online, identity management becomes of paramount importanceSome of the issues related to identity management are not new nor they are typical of the cloud, but their relevance increases in the new model

Managing identity in the FI

Some examples:• Privacy, security, anonimity, authentication,

accountability, reputation. How do they relate to digital identity?

• Mapping identity to different contexts (commerce, government-related issues, virtual communities etc)

Aspen Institute Report, “Identity in the Age of Cloud Computing”, 2009

Identity in the Internet

Security and Identity management where mainly neglected in the very beginning. When the Internet became available to the public in the early ‘90s, we were all free to impersonate whoever we wantedBetween 2002 and 2005, blogging became a widespread instrument, and with it a new mindset appeared: people wanted to stand behind their wordsFinally, social networks appeared, where it is more and more difficult to hide your own identity. Identity in this case is “guaranteed” (?) by the people you know, who recognize and “certify” who you are

Aspen Institute Report, “Identity in the Age of Cloud Computing”, 2009

Towards an Open Identity Network

What will Identity look like in the cloud?Experts are working towards the definition of a “user-centric open identity network”The idea is an identity system which is scalable, user-centric and customizableEach of us will have several identities, among which to choose depending on the context (medical, gaming, government, commercial)The overall identity is partitioned in several pieces of information, which can be managed by the user

Aspen Institute Report, “Identity in the Age of Cloud Computing”, 2009

Open Identity Network

If I want to rent a car, a user only needs to provide proof of age, information about her car insurance and her driving record, but not necessarily reveal her nameIf necessary, the authorities have access to the whole set of data referring to the userSomething similar is already happening in social networks, where we can select which portion of the personal identity to show

Aspen Institute Report, “Identity in the Age of Cloud Computing”, 2009

Identity as a Service

If managing one’s combination of elementary pieces of ID information is too complicated for the general user, somebody could act as an Identity provider Ad hoc profiles suitable for different purposes and situations could be created as a service, starting from the certified elements

Aspen Institute Report, “Identity in the Age of Cloud Computing”, 2009

Identity as a Service?

“There are ways in which you can have an identity provider manage people’s data without knowing who they are—now that’s a trust proposition”

John Clippinger, senior fellow

Berkman Center for Internet and Society, Harvard School

Future Internet and Identity

Identity as the end point of communicationUser, service, thing, device, software moduleIdentity as convergence layerPrivacy can be dealt with vertically, thus reducing the danger of conflicting policies and mechanismsIdentity as an enabler for Intent-based communicationSupport acces, (non-) reachability, ubiquity

SWIFT, “Secure Widespread Identities for Federated Telecommunications”

ICT Trust and Security FP7-ICT-2007-1 ICT-1-1.4

DAIDALOS

Designing Advanced network Interfaces for the Delivery and Administration of Location independent, Optimised personal ServicesIP within FP6; 36 partners; closed in Dec. 2008Leader: Deutsche TelecomAmong the 5 “Key Guiding Concepts” of the project is the VID (Virtual Identity), which separates the user from a device, thereby enables flexibility as well as privacy and personalization

SWIFT

SWIFT (Secure Widespread Identities for Federated Telecommunications) is a European Union funded project of the 7th Framework Programme. The project leverages identity technology as a key to integrate service and transport infrastructures for the benefit of users and the providers. It focuses on extending identity functions and federation to the network while addressing usability and privacy concerns

(from www.ist-swift.org)

Virtual Identity Concept

• One person has many faces to the digital world in different usage contexts or to separate roles or for privacy or billing reasons

• These faces are people’s avatars or Virtual Identities (VIDs)

• VIDs must be unlinkable even if some attributes are shared among them

(FP7 SWIFT project)

The Identity provider

• Building a VID requires the availability of several Identity Providers, each one managing a set of credentials and attributes

• VIDs are composed from elementary portions of credentials and attributes potentially coming from different providers

IDentity aggregator

Service Provider

Identity n

Identity 2

Identity 1CA

CA

CA

CA

(FP7 SWIFT project)