Introduction
There were approximately 15 billion Internet of Things connected devices in 2022. Since 2015, this number of devices has roughly doubled every three years. As IoT devices are utilized in more and more digital processes it is important to understand some basic underlying limitations in how these devices function:
- Virtually all of these connected devices lack a trusted, verifiable identity
- The devices cannot verifiably prove the source of their produced data
- They cannot prove that any transformations on their data are done provably correctly
- And finally, the devices typically transfer more data than necessary because of points a) through c)
This means that the security vulnerabilities of digital business processes interacting with these devices are exponentially increasing together with the cost of their defense.
This challenge can be better understood through the concept of the Digital Business Trilemma (DBT) as introduced here and further discussed here, which highlights a crucial trade-off in digital service systems. The DBT states that only two of three characteristics – Decentralization, Security, and Performance – can be met at the same time for all participating digital service consumers and providers. This trilemma not only emphasizes the inherent limitations of these systems, but also serves as a bridge to the discussion of evolving security requirements.
With the growing concerns about cyber security, the US government is now requiring that all systems interacting with federal government systems implement a Zero Trust Architecture as defined by NIST. This type of mandate is being adopted by more and more nation-states as cyberwarfare becomes the preferred mode of state aggression across the world. Consequently, for an organization to conform to current security standards or adopt Zero Trust principles, every individual, device, or system involved in a digital process or network should assume that everyone they interact with, even if they are known and trusted, is lying either intentionally or unintentionally.
Considering the combined impact of IoT growth at the edge, global Zero Trust mandates, and DBT limitations – businesses, particularly those managing large amounts of IoT devices at the edge of networks, will face a multitude of challenges in the coming years. These challenges include security aspects such as authentication and identity management, data privacy and protection, regulatory compliance, and implementation of zero trust principles, just to name a few.
There are, however, options. One of these options is implementing a so-called Zero Trust Multi-Party Coordination under Zero Knowledge architecture that achieves the following:
- Authenticate and authorize every participant for every single digital business interaction at all times (typically called Zero Trust),
- Prove and verify the authenticity, integrity, and correctness of every digital service transaction, and its associated supply chain of prior digital transactions informing and triggering said digital service transaction,
- Minimize the exchange of sensitive data in a digital service transaction, ideally to zero.
Such a framework would allow us to address our IoT-related issues a) through d). At the same time implementing a Zero Trust framework for identity, data, and calculations also minimize the amount of data that needs to be exchanged.
This might sound like saying we can eat our cake and then still have it too. Let’s take a closer look.
Zero Trust, Privacy, and IoT
The threat surface of businesses is increasing exponentially not just because the number of IoT devices is growing at about 1 million an hour, but also because these devices are also tasked with increasingly more complex and high-value tasks such as payments or data attestations for audits. These developments alongside recommendations for Zero Trust frameworks and data privacy from the increasingly stringent regulatory landscape solidify the need for businesses to minimize their threat surfaces. The answer to this conundrum lies in building security and data compliance into the IoT devices themselves including how they connect with other devices and digital services.
Then the question is, how can this threat surface minimization be achieved? Keeping the DBT in mind, the most sensible approach is to give IoT devices the same level of agency as enterprises and people. This means applying the same security principles and methods to IoT devices as is done for enterprises and people. That may not sound like much, however, in an age where IoT devices can still be accessed with a username and password that is often factory set to “admin” and “password123”, even the addition of additional characters becomes a significant improvement.
Furthermore, treating IoT devices as having the same agency as humans and enterprises also means that they are used as “digital twins” for these entities; our mobile devices increasingly represent all aspects of us, as we load more apps onto them that enable or automate things we need in our daily lives, from writing emails, communicating with family and co-workers, to shopping, paying for things and proving who we are (i.e. Face ID). Consequently, IoT devices process more sensitive data and interact even more with other services operating on other devices. That means the principles of Zero Trust and mandatory data privacy must be applied to IoT devices as they are applied to enterprise systems and humans.
Therefore, IoT devices must share as little data as possible, keep whatever data they control and hold private and secure, and cannot ever trust other devices’ and services’ identity and processed data, even if they are previously known, and would normally be considered “trusted”. That means that the same security posture must be adopted by other devices and services as for our IoT devices.
The big question becomes, what is required for an IoT device to adopt a Zero-Trust-under-Zero-Knowledge security posture?
To begin adopting a Zero-Trust-under-Zero-Knowledge security posture, an IoT device must first provably authenticate its identity (e.g., the security camera, SC123). That same IoT device must also verifiably prove its membership within a specific group (e.g., one of the security cameras at the entrance of the Empire State Building). Proving this statement – membership within a specific group – must be done under zero knowledge and requires doing so without disclosing any information about the other group members. Additionally, this IoT device needs to confirm it is in its designated location (e.g., the Empire State Building entrance area) under zero knowledge without revealing its precise position.
By fulfilling these requirements, an IoT device can take the first step towards implementing a true Zero-Trust-under-Zero-Knowledge security framework. Why? This device now supports the trusted (and verifiably correct) continuous verification and authorization needed for all interactions in a zero trust framework using zero knowledge proofs. Not only can these claims be verified efficiently, but they are verified under zero knowledge, and maintain the security and regulatory compliance of the device.
Why is proving membership under Zero-Knowledge so important?
Proving identity at scale has been a challenge for a long time. Self-Sovereign Identity frameworks based on W3C Decentralized Identifier and W3C Verifiable Credential standards with implementations such as Citopia and the Integrated Trust Network, and other associated standards are starting to address this challenge. These self-sovereign identity standards have also been extensively referenced in standards focusing on Zero Trust under Zero-Knowledge, in particular, the Baseline Protocol standard and the Metro Ethernet Forum Standard 114, 118, and 128. There is currently no standardized approach for proving membership – a key aspect of a digital identity under zero knowledge – which is crucial for the safe delivery of often sensitive digital services. Fortunately, there are efforts underway based on pilot projects in the mobility and telecom space that are addressing this very question.
The primary reason behind the importance of proving membership of an entity to a group lies in how membership confers rights and responsibilities for that entity. It answers the question: “Am I authorized to do something or be somewhere based on my membership in this authorized group?” For example, a proof of membership for an IoT device can attest that it is authorized to do things such as access a service, or be allowed in a specific location. A good example is a military drone that is a member of a specific squad that is cleared to be on a specific military testing range. Revealing the membership or identity information of the military drone to claim access to certain privileges cannot be done without ensuring privacy. Any sensitive information revealed to the wrong person or entity could be dangerous, violate regulations, or both. Therefore, proving membership under zero knowledge in a specific group that has special privileges, in this example the military, is necessary to minimize both business and personal risks.
Another example, imagine being able to allow women to hide their addresses from club bouncers when they prove their privilege to enter a club. Instead, they could use a zero-knowledge age or club membership proof shown on a smartphone via a QR code. By the same token, a membership proof can attest that an EV battery was manufactured within a group of factories that do not use materials from sanctioned countries.
Why is it so important to prove location under zero knowledge?
One of the most valuable digital assets is the location of a person or device. A person’s location obtained using mobile devices is a core component needed for personalized digital services offered today such as personalized marketing information, car insurance adjustments based on driving behavior, driving directions, etc. Organizations are paying top-dollar to get access to location information.
Remember all those IoT devices? Location information can be manipulated, even when it is coming from a trusted source. Therefore, a secure and independently verifiable location is vital to definitively know where critical assets are. Proving the location of an entity must be done without compromising the actual location information, because such information is categorized as Personal Identifiable Information (PII) and heavily protected by law across most jurisdictions. Hence, effective geofencing, or attestation to the “general area” an entity resides within, without leaking specific location data can be used in many mission-critical and compliance-sensitive use cases. This approach to using location and trip insights is perfectly conducive to solutions that avoid legal penalties for real-time traffic planning, secure combat troop deployment verification over public networks, usage-based insurance, and road usage charge to high-value, stationary asset audits.
In this area, efforts have started based on pilot projects in the mobility and telecom space that address verifiable location services under zero knowledge.
What happens when you bring location and verifiable membership together?
The most important and immediate effect is that IoT devices can finally become equal rights agents to humans in any digital interaction because one now has the exact attributes necessary to verify device identity and authorization including location. And all of this can be done at scale through self-sovereign identity solutions, and under zero knowledge.
However, doing this only between an IoT device and one other entity is limiting since it does not allow the extension of the provenance of an IoT device and its identity across, for example, a physical supply chain. For this to happen, one would have to build a privacy-preserving supply chain that is also Zero Trust – a Zero Trust Zero Knowledge (ZTZK) Chain.
How the Baseline Protocol can help build a privacy-preserving Zero Trust Chain.
To establish a ZTZK Chain we need to combine self-sovereign identity with verifiable membership and location under zero knowledge, alongside secure and verifiable zero-knowledge processing of multi-party digital business transactions.
The Baseline Protocol is particularly effective in this regard as it enables; Zero Trust Multi-Party Coordination Under Zero-Knowledge.
The Baseline Protocol enables multi-party coordination by using zero knowledge proofs to prove correctness of business logic execution as outlined in legally binding contracts between commercial parties. For example, business rules around commercial documents, such as Orders or Invoices amongst participants, can be executed in code and proven to be correct to another party with a zk-proof. As highlighted in previous sections, verifiable claims of authenticity and authorization can be conferred to actors within digital business workflows and allow those workflows to be executed in a zero trust environment. Finally, the verifiable claims that can be leveraged using zk-proofs allow these interactions to occur under zero knowledge. A standards-compliant Baseline Protocol implementation offers the following benefits:
- Synchronizations of systems of record: The protocol enforces data state consistency through zero knowledge proofs, which are generated only if the submitted commercial documents comply with relevant business rules and data encoded into the zero knowledge prover systems’ program circuits.
- Real-time, comprehensive digital transaction audits: Any participant can conduct an audit at any time, based on on-chain recursive zero-knowledge proofs.
- Sophisticated protection against malicious actors: Every actor involved in Baselined digital process must cryptographically prove their complete self-sovereign identity for every transaction. Each transaction cannot be finalized until its corresponding zero knowledge proof is verified by securely authenticated and authorized participants.
- Confidentiality preservation: The intrinsic nature of zk-proofs ensure the maintenance of confidentiality through an entire digital transaction, and entire chains of them.
Real-World Examples of Baseline at the Edge
So where can we find real-world examples of ZTZK Chains? First pilots focus on the intersection of mobility, finance, and telecommunications. For example, the Citopia vinTRAK combines blockchain, self-sovereign identity, and zero-knowledge technology to enable zero-knowledge proof of vehicle location and a vehicle belonging to a dealer fleet via a new telecommunication service. This solution creates seamless and low-cost business automation of a currently manual and costly lender vehicle audit process across car dealerships. This audit automation results in a win-win situation for all involved – dealers, lenders, retail consumers, IoT device providers, and telecom service providers all benefit from a net reduction of errors and costs. Further information about an implementation that utilizes location and membership proofs can be found here.
Another area that stands to benefit from the emerging promise of ZTZK chains is the military. The use of membership and location proofs can enable secure military deployment. Through the use of geofencing and secure location under zero knowledge, government officials can securely verify the location of deployed troops anywhere in the world without needing to relay clear-text information over networks that can be intercepted by malicious actors or agents. Even further, proof of membership when combined with proof of location allows for the military to securely verify and authorize military action from troops or equipment that prove they have privileges to perform said sanctioned military action.
The legal industry can also expect to benefit from ZTZK chains. The emergence of AI has led to significant amounts of misinformation strewn across social media. Consider how generative AI images and videos could potentially be misused in court cases. Evidence that conflicts with accusations, such as deep fakes, can now be generated at the press of a button. Juries would not be immune to evidence that is fake or generated unjustly if it looks realistic enough. This vulnerability in the court system is a perfect opportunity for ZTZK chains to re-establish trust in photo and video evidence presented in court cases.
Take the example of a device, in this case a security camera, that needs to provide authentic video footage for a court case. By using zero knowledge proofs of location, membership, and digital signatures, the provided evidence could be verified as authentic. A zero knowledge proof of membership can prove the camera’s membership to a group of security cameras in a specific building, while the proof of location would attest to that camera’s particular location within a geofence. And with the use of a digital signature tied to the camera’s identity, all footage produced by this camera could be “watermarked” or be proven to originate from the camera in question. Thanks to these zero knowledge enabled proofs, a court would be able to ensure complete authenticity, without this proof, it would be impossible to prove, beyond a reasonable doubt, that a piece of digital video used as court evidence was not created by generative AI.
In summary, the ability to verifiably prove the location and membership of IoT devices provides an underlying foundation for processes to comply with Zero Trust principles and operate under Zero Knowledge. The use cases mentioned above only scratch the surface of areas that could benefit from these privacy-preserving verifiably correct attestations. To stay up to date on the latest news and research revolving around Zero Trust Multi-Party Coordination Under Zero Knowledge and Web3 technology follow here.
