Skip to main content
SpringerLink
Log in

IoT Identity Management Systems: The State-of-the-Art, Challenges and a Novel Architecture

  • Conference paper
  • First Online:
Advanced Information Networking and Applications (AINA 2024)

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 200))

  • 108 Accesses

Abstract

The Internet of Things (IoT) is a technology paradigm that has transformed several domains including manufacturing, agriculture, healthcare, power grids, travel and retail. However, the growth of this interconnected world of IoT devices with their services is not without consequences, including identity-related security challenges. Security threats to identities can be vulnerabilities, misconfigurations, insecure credential storage, credential theft and social engineering. The range of different techniques that attackers use to get access to users, devices and other resources lead to serious consequences from the loss of an individual’s identity to the sensitive and financial data of institutions. Thus, implementing a robust and secure identity management system (IDMS) is critical in achieving an overall secure IoT environment. Approaches for strong identity management do exist, however, they carry some deficiencies making them inadequate to address the current identity-related security challenges of IoT. These challenges include failure to provide an all-in-one decentralized IDMS inclusive of profiling (registration of entity’s attributes) and identification, authentication, identity-related attack risk analysis, and trust establishment mechanisms. The purpose of this work is to investigate existing IDMS and their limitations and propose a novel architecture featuring decentralization, trust, cross-platform, and identity-related attack risk-aware mechanisms with the help of deep learning, trust, and distributed ledger technologies. The proposed IDMS architecture is also compared with existing solutions using qualitative features like availability, trust establishment, attack risk-aware capability, robustness, and cross-platform functionality.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

References

  1. IoT connected devices worldwide 2019–2030 | Statista. https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/. Accessed 06 Dec 2023

  2. Fateh, M., Sial, K.: Security issues in internet of things: a comprehensive review, 207–214 (2019)

    Google Scholar 

  3. Siboni, S., Sachidananda, V., Meidan, Y., Bohadana, M., Mathov, Y., Bhairav, S.: Security testbed for internet-of-things devices. IEEE Trans. Reliab. 1–22 (2018). https://doi.org/10.1109/TR.2018.2864536

  4. Dorri, A.: Towards an optimized blockchain for IoT. In: 2017 IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation, pp. 173–178 (2017)

    Google Scholar 

  5. Lake, D., Milito, R., Morrow, M., Vargheese, R.: Internet of things: architectural framework for ehealth security. J. ICT Stand. 1, 301–328 (2014). https://doi.org/10.13052/jicts2245-800x.133

  6. Khanam, S., Ahmedy, I.B., Idna Idris, M.Y., Jaward, M.H., Bin Md Sabri, A.Q.: A survey of security challenges, attacks taxonomy and advanced countermeasures in the internet of things. IEEE Access 8, 219709–219743 (2020). https://doi.org/10.1109/ACCESS.2020.3037359

  7. Asharf, J., Moustafa, N., Khurshid, H., Debie, E., Haider, W., Wahab, A.: A review of intrusion detection systems using machine and deep learning in internet of things: challenges, solutions and future directions. Electron 9 (2020). https://doi.org/10.3390/electronics9071177

  8. Gebresilassie, S.K., Rafferty, J., Morrow, P.J., Chen, L.L., Cui, Z., Abu-Tair, M.: Distributed, secure, self-sovereign identity for IoT devices, 1–6 (2020)

    Google Scholar 

  9. Chen, J., Liu, Y., Chai, Y.: An identity management framework for internet of things. In: 2015 IEEE 12th International Conference on E-Business Engineering, pp. 360–364 (2015). https://doi.org/10.1109/ICEBE.2015.67

  10. Bergmann, G.: User centric identity management. Dtsch. Drucker Stuttgart. 42, 16–17 (2006)

    Google Scholar 

  11. Gebresilassie, S.K., Rafferty, J., Morrow, P., Chen, L., Abu-Tair, M., Cui, Z.: Distributed, secure, self-sovereign identity for IoT devices (2020)

    Google Scholar 

  12. Doctoral, P., Bengal, W.: Internet of things: A to Z. I, 50–63 (2015)

    Google Scholar 

  13. Chibelushi, C., Eardley, A., Arabo, A.: Identity management in the internet of things: the role of MANETs for healthcare applications. Comput. Sci. Inf. Technol. 1, 73–81 (2013). https://doi.org/10.13189/csit.2013.010201

  14. Hang, L., Kim, D.H.: Design and implementation of an integrated IoT blockchain platform for sensing data integrity. Sensors (Switzerland). 19, (2019). https://doi.org/10.3390/s19102228

  15. Alansari, Z.: Internet of things: infrastructure , architecture, security and privacy. 2018, 16–17 (2018)

    Google Scholar 

  16. Pratap Singh, S., Kumar, V., Kumar Singh, A., Singh, S.: A survey on internet of things (IoT): layer specific vs. domain specific architecture BT. In: Presented at the Second International Conference on Computer Networks and Communication Technologies (2020)

    Google Scholar 

  17. Ahmed, A.I.A., Ab Hamid, S.H., Gani, A., khan, S., Khan, M.K.: Trust and reputation for internet of things: fundamentals, taxonomy, and open research challenges. J. Netw. Comput. Appl. 145 (2019). https://doi.org/10.1016/j.jnca.2019.102409

  18. Wu, M., Lu, T.J., Ling, F.Y., Sun, J., Du, H.Y.: Research on the architecture of internet of things. In: ICACTE 2010 - 2010 3rd International Conference on Advanced Computer Theory and Engineering Proceedings, vol. 5, pp. 484–487 (2010). https://doi.org/10.1109/ICACTE.2010.5579493

  19. Aydos, M., Vural, Y., Tekerek, A.: Assessing risks and threats with layered approach to internet of things security. Meas. Control (UK) 52, 338–353 (2019). https://doi.org/10.1177/0020294019837991

    Article  Google Scholar 

  20. Athamena, B., Houhamdi, Z.: Identity management system model in the internet of things. TEM J. 9, 1338–1347 (2020). https://doi.org/10.18421/TEM94-04

  21. Alkhalifah, A., D’Ambra, J.: The role of identity management systems in enhancing protection of user privacy. In: Proceedings of 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic, CyberSec 2012, pp. 144–149 (2012). https://doi.org/10.1109/CyberSec.2012.6246091

  22. Jiang, J., Duan, H.: A federated identity management system with centralized trust and unified single sign-on (2011). https://doi.org/10.1109/ChinaCom.2011.6158260

  23. Characterization, a P., Schneider, F.B.: Federated identity management systems: IEEE Secur. Priv. 11, 36–48 (2013)

    Google Scholar 

  24. Neuman, C.B., Ts’o, T.: Kerberos: an authentication service for computer networks. IEEE Commun. Mag. 32, 33–38 (1994). https://doi.org/10.1109/35.312841

  25. Oppliger, R.: Microsoft .NET passport and identity management. Inf. Secur. Tech. Rep. 9, 26–34 (2004). https://doi.org/10.1016/S1363-4127(04)00013-5

  26. Shibboleth. https://www.shibboleth.net/. Accessed 07 Dec 2023

  27. Kantara Initiative: Trust through ID Assurance. https://kantarainitiative.org/. Accessed 07 Dec 2023

  28. Ahn, G.-J., Ko, M., Shehab, M.: Privacy-enhanced user-centric identity management. In: 2009 IEEE International Conference on Communication, pp. 1–5 (2009). https://doi.org/10.1109/ICC.2009.5199363

  29. Microsoft Entra Decentralized ID Whitepaper

    Google Scholar 

  30. IBM Digital Credentials. https://wiki.digitalcredentials.ibm.com/#/. Accessed 07 Dec 2023

  31. Haber, M.J., Rolls, D.: Identity Attack Vectors (2020). https://doi.org/10.1007/978-1-4842-5165-2

  32. Tabassum, A., Lebda, W.: Security framework for IoT devices against cyber - attacks

    Google Scholar 

  33. Farha, F., Ning, H., Liu, H., Yang, L.T., Chen, L.: Physical unclonable functions based secret keys scheme for securing big data infrastructure communication. Inf. Sci. (NY) 503, 307–318 (2019). https://doi.org/10.1016/j.ins.2019.06.066

    Article  MathSciNet  Google Scholar 

  34. Tsimenidis, S., Lagkas, T., Rantos, K.: Deep Learning in IoT Intrusion Detection. Springer, New York (2022). https://doi.org/10.1007/s10922-021-09621-9

  35. Chen, Z., et al.: Machine learning-enabled iot security: open issues and challenges under advanced persistent threats. ACM Comput. Surv. 55, 1–35 (2022). https://doi.org/10.1145/3530812

    Article  Google Scholar 

  36. Bernabe, J.B., Hernandez-Ramos, J.L., Gomez, A.F.S.: Holistic privacy-preserving identity management system for the internet of things. Mob. Inf. Syst. 2017 (2017). https://doi.org/10.1155/2017/6384186

  37. Trnka, M., Cerny, T.: Identity management of devices in internet of things environment. In: 2016 6th International Conference on IT Convergence and Security, ICITCS 2016 (2016). https://doi.org/10.1109/ICITCS.2016.7740343

  38. Chen, J., Liu, Y., Chai, Y.: An identity management framework for internet of things. An identity management framework. Internet Things, 360–364 (2015). https://doi.org/10.1109/ICEBE.2015.67

  39. Luecking, M., Fries, C., Lamberti, R., Stork, W.: Decentralized identity and trust management framework for internet of things. IEEE International Conference on Blockchain Cryptocurrency, ICBC 2020 (2020). https://doi.org/10.1109/ICBC48266.2020.9169411

  40. Bouras, M.A., Lu, Q., Dhelim, S., Ning, H.: A lightweight blockchain-based iot identity management approach. Future Internet 13, 1–14 (2021). https://doi.org/10.3390/fi13020024

    Article  Google Scholar 

  41. Gilani, K., Ghaffari, F., Bertin, E., Crespi, N.: Self-sovereign identity management framework using smart contracts. Presented at the June 9 (2022). https://doi.org/10.1109/noms54207.2022.9789831

  42. Gebresilassie, S.K., Rafferty, J., Chen, L., Cui, Z., Abu-Tair, M.: Transfer and CNN-based de-authentication (disassociation) DoS attack detection in IoT Wi-Fi networks. Electron. 12 (2023). https://doi.org/10.3390/electronics12173731

  43. Yan, Z., Zhang, P., Vasilakos, A.V.: A survey on trust management for internet of things. J. Netw. Comput. Appl. 42, 120–134 (2014). https://doi.org/10.1016/j.jnca.2014.01.014

    Article  Google Scholar 

  44. Truong, N.B., Lee, H., Askwith, B., Lee, G.M.: Toward a trust evaluation mechanism in the social internet of things. Sensors (Switzerland) 17, 1–24 (2017). https://doi.org/10.3390/s17061346

    Article  Google Scholar 

Download references

Acknowledgments

This research has been supported by the BT Ireland Innovation Centre (BTIIC) project, funded by BT, and Invest Northern Ireland.

Author information

Authors and Affiliations

  1. School of Computing, British Telecom Ireland Innovation Centre, Ulster University, Belfast, BT15 1ED, UK

    Samson Kahsay Gebresilassie, Joseph Rafferty, Liming Chen & Mamun Abu-Tair

  2. British Telecom, Adastral Park, Ipswich, IP5 3RE, UK

    Zhan Cui

Authors
  1. Samson Kahsay Gebresilassie
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joseph Rafferty
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Liming Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhan Cui
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mamun Abu-Tair
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Samson Kahsay Gebresilassie .

Editor information

Editors and Affiliations

  1. Department of Information and Communication Engineering, Fukuoka Institute of Technology, Fukuoka, Japan

    Leonard Barolli

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gebresilassie, S.K., Rafferty, J., Chen, L., Cui, Z., Abu-Tair, M. (2024). IoT Identity Management Systems: The State-of-the-Art, Challenges and a Novel Architecture. In: Barolli, L. (eds) Advanced Information Networking and Applications. AINA 2024. Lecture Notes on Data Engineering and Communications Technologies, vol 200. Springer, Cham. https://doi.org/10.1007/978-3-031-57853-3_11

Download citation

Publish with us

Policies and ethics

Search

Navigation