Digital Identities- Even if the blockchain hype has peaked, the technology offers enormous potential for. The Federal Cabinet adopted, blockchain strategy in September 2019. The digital association Bytom reacted to this at the end of November in which: “Digital identities based on the blockchain can enable new business models, especially for the Internet of Things. With the announced blockchain lighthouse projects in public administration, they can give the technology the necessary boost on the demand side”.
IT experts have long been emphasizing the vast potential of blockchains to change industry and business. Buzzwords include securing IoT (Internet of Things) nodes, edge devices with authentication, improved confidentiality, the interruption of existing Public Key Infrastructure (PKI), and reducing DDoS attacks. And cryptocurrencies like Bitcoin are also based on blockchain technology. However, a distinction must be made between which digital identities a blockchain should determine in an application scenario. Are they natural persons, devices, or logical units?
Digital Identities: Blockchain And The Self-Sovereign Identity
For natural persons, the answer is clear: Their digital identities can and should be implemented with blockchain. Here, it makes sense to use a decentralized database mirrored in the network on many computers. The database combines your entries in blocks, appends them to previous blocks, and saves them. The new database entries are signed using an essential public process.
A consensus mechanism used by all computers ensures the authenticity of the database entries. Distributed ledger technology (DLT) is often used synonymously, although it does not necessarily produce blockchains. Nonetheless, the “distributed ledger” is based on a decentralized database that allows network participants to share read and write access. Anyone can add new records. After the update, the latest version is available to everyone. DLT is a particular form of the blockchain, whereby its consensus mechanism for validating the entries depends on whether the access is subject to registration or not.
Digital Identities: Implementation With Critical Public Infrastructure
Ideally, everyone should manage digital identities themselves, which is what the concept of Self-Sovereign Identity (SSI) stands for. The user owns his data and decides on external access. However, for the implementation of SSI, existing concepts such as a Public Key Infrastructure (PKI), which is now standard in a network, should not be thrown overboard. A PKI creates and manages trustworthy digital identities for people, services, and things. It ensures strong authentication, data encryption, and digital signatures. A Certificate Authority (CA) guarantees the trustworthiness of the digital certificates, which are validated with the certificate holder’s public key.
Public Key Infrastructure Versus Blockchain
A PKI can be further developed in a decentralized manner for SSI. A blockchain replaces the critical server, which otherwise stores and provides the keys. The blockchain would act as a highly available revocation list for users who control their private keys and issue their certificates themselves. External access whose certificate has expired or has been revoked cannot take place in this way. In addition, blockchains could be used to restore private keys or secure transactions concerning clear traceability and immutability.
If we now consider the identity of logical units or physical devices in the IoT or IIoT environment, nothing speaks against a PKI. The identity ownership can be assigned to her, as one can always identify the authority that issues the certificates. When manufacturers take a device out of operation, its identity must also expire – which can be implemented in a PKI.
As a counter-argument to the PKI approach, scaling is often cited, and reference is made to forecasts that predict 75 billion IoT devices for 2025. Growth of that magnitude is sure to come. However, this massive number of devices does not have to be managed by a single PKI – anyone who gives the impression of being in the discussion is scaremongering. The installed systems are already operating millions of certificates without reaching the limits of scalability.
Digital Identities: Introduction Of Security Standards
In general, it is advisable to develop a concept before setting up an IoT environment. This has to answer open questions for the use of blockchain: Which security standards are introduced with blockchain? How can you protect the cryptographic keys that enable access to blockchain applications? Without answers, you run the risk of making hasty decisions on an ad-hoc basis, the consequences of which cannot be foreseen.
The fact is, a PKI authenticates trustworthy identities and enables secure TLS-encrypted transactions. Beyond the IoT environment, combinations of PKI with blockchains are worth considering, for example, to create an efficient distributed ledger using a Merkle hash tree. This could be used for certificate transparency in an SSI scenario. So, using blockchain makes sense – this is not the case in the IIoT environment.