Michael Shea is the Managing Director of the Dingle Group and the Chair of Sovrin Foundation’s SSI in IoT Working Group. In this podcast we discussed the white paper he authored on Self Sovereign Identity and IoT. To explain the opportunities SSI can provide to IoT, Michael introduces us to three profiles: Jamie (machine to person), Bob (machine to machine) and Bessie the cow (digital twin).

 What is blockchain?Blockchain is a decentralised database, which is cryptographically secured and immutable. The decentralised part means that it operates in a wider ecosystem than traditional ones, that sits within corporate firewalls, which gives it greater resiliency and redundancy.

The cryptographic component along with the different proof of work, resolve the double spend problem and bring a level of assurance that transactions have not been modified.

 An introduction to Self-Sovereign Identify (SSI), Decentralised Identifiers (DID) and verifiable credentials.Self-sovereign identity is an identity model, where an entity is in control of its own identity and information related to it. SSI as a concept started to take shape in 2016 with Christopher Allen’s 10 principles of self-sovereign identity. In December 2020 the Sovrin Foundation released its 12 principles of self-sovereign identity, which fundamentally is about an entity’s ability to control the information about themselves.

Decentralised identifiers (DIDs) is a pointer to the identify information known as a DID document that helps to create the trust layers within SSI.

A verifiable credential is a cryptographic bundle that is created by an issuer of a credential such as the DVLA for a driver’s license. That credential includes attributes stating that the driver is legally entitled to drive a vehicle and it may contain other pieces of information such as your address and other details. A cryptographic bundle is signed using the public private key of the issuer in this case the DVLA which is then returned to the holder of the driver’s license. That holder can then use that credential to a verifier to indicate his/her authorisation to drive a vehicle.

 Internet of Things (IoT)Machine to PersonMachine to person is where a device is interacting with an individual. The machine can be attached or worn by a person and is measuring some aspect of the person's personal or physical environment and transmitting this data directly or indirectly to a connected device. For example, a person with diabetes would have a sensor that is attached to their body reading their glucose level and communicating the data to an app on a smartphone or a separate physical device.

 Machine to machineMachine to machine is the communication between an IoT device and a computer, smartphone or device. Using the above analogy, the machine is the device or the smartphone speaking up to a central repository for transmitting that information to an endocrinologist on behalf of the patient.

 Digital twinsA digital twin is a virtual digital representation of a physical object. That can be a person, an animal, or a thing. The most common use of digital twins is in an industrial setting. For example, a jet engine has hundreds of sensors embedded inside it, streaming data off to the aircraft engine manufacturers and creating a whole digital profile of itself.

 Risks associated with IoT

On the 21st of October 2016, multiple major DDoS attacks happened which took down numerous high-profile websites such as Netflix, Twitter, GitHub, Airbnb and others. This denial of service attack, known as the Mirai botnet attack, was a result of the Mirai malware installed on a large number of IoT devices. Such attacks illustrated the risks associated with poor security on IoT devices.

As the number of IoT devices continue to grow every year, Michael believes that IoT and security is going to continue being very much like oil and water.