Chapter 5. Names and Identity in the IoT

The scale of the IoT vision outstrips current authentication technology—so we will need to think of something new.

In the standard vision of the IoT, massive numbers of things are talking to other things. For this talking to be meaningful, the listeners need to know who the talkers are. Was it really my car’s ECU that just told my car’s brakes to engage? Was it really my washing machine that just asked Google for details of my calendar, or that just told my utility company that the machine is using a less power-hungry washing algorithm?

Thanks to the permeable nature of networked communication, impersonation is always a concern. However, thanks to the IoT’s wide physical distribution and intimate connection to reality, impersonation in the IoT may have serious consequences—maybe it was the digital radio receiver, fooled by remote hackers, that was pretending to be my car’s ECU. Making things even more complicated is that a “globally unique name,” even if such a thing existed, may not suffice for the listener; when someone claiming to be a police officer knocks on your door, you don’t care about the officer’s Social Security number and DNA fingerprint.

This chapter explores the challenges of naming and attributes in IoT-scale populations—and the corresponding challenges of effective techniques (cryptographic and otherwise) to provide this data.