The innovation team at the Atlantic Institute, Brazil, had been working for some time on an idea which they wished to make a reality: the creation of decentralized authentication identities using blockchain technology to improve Internet security and privacy. The model was primarily aimed at managing the identities of Internet of Things (IoT) devices, as a way to ensure a more secure access control and prevent spoofing attacks.
Janus —the name given to this initiative— remained an aspiration until its promoters submitted the project to the annual call for proposals published by FRIDA, a LACNIC program that supports projects, initiatives, and solutions that seek to strengthen the Internet in the region.
According to Alex Monteiro, the institute’s R&D and Innovation coordinator, “FRIDA became the perfect way to transform this experiment into a larger project.”
The Atlantic Institute has the mission to provide technological solutions for social development, and FRIDA provides non-reimbursable funding, follow up, and technical support to projects that seek to build an open, stable, and secure global Internet. “We combined both interests and obtained the funds needed to move from the research phase to the project development phase and an analysis of the feasibility of the technology,” Monteiro added.
What is Janus and what does it mean to manage decentralized blockchain identities?
Janus seeks to implement access control and management solutions for the Internet of Things (IoT) using decentralized identities, which contribute to the implementation of Zero Trust security architectures. Decentralized identities are cryptographically signed digital identities issued by a blockchain. The term ‘decentralization’ refers to the nature of the blockchain, where a network of computers with consensus mechanisms and cryptographic technology allows issuing and validating an identity without a centralized intermediary (access and identity management systems, etc.). This makes it possible to have a self-sufficient identity, with which a user can issue their own identity guaranteed by a computational structure that validates its issuance and verification. This increases the confidentiality of the data, the information on the devices, and user privacy, as it is no longer necessary to expose any information in order to validate an identity, a credential or data.
Can you give us an example of how Janus would improve the lives of users?
Imagine that an IoT device administrator wants to implement identity and access control for their devices, even for the users who may utilize services related to an IoT solution. With the traditional approach, this administrator must rely on a third-party identity issuer, trust this issuer, and share with them information such as credentials, device make and model, IP address, and others. Much of this data ends up traveling over the network, so even if end-to-end encryption is used, there is always a risk of data leaks that might eventually be used to launch a spoofing attack. With Janus, the data is encapsulated in the blockchain structure, which means that only the decentralized identifier travels over the network. This allows validating access, authentications, and confirming data without the need to expose the information, thus increasing confidentiality and privacy.
How does Janus pave the way for new models of trust between organizations and individuals?
Janus allows anyone to manage the identities of their devices without having to depend on a third party, with the reliability and security offered by blockchain. Once this mechanism is in place, it establishes trust and people are free to manage their identities and use a legitimate identity for themselves and for anything else. This breaks identity management paradigms, as organizations and individuals no longer need to rely on a third party to generate trust. Organizations can create secure access control mechanisms without having to transfer this data from one place to another.
How does Janus guarantee that users are protected from DDoS attacks?
One way to combat DDoS attacks is by constantly validating network access and permissions. We are referring to Zero Trust, a concept that has gained traction in recent years and according to which we should never trust, always verify. But to verify one must first identify oneself, which in turn requires a reliable identity. Janus introduces the secure identity issuance approach, generating the base required by Zero Trust. Another thing worth noting is that we can perform these validations via blockchain, without exposing the data on the network, thus making it difficult for an attacker to steal the identities.
Janus is based on the blockchain network, cryptography, and the zero-knowledge protocol. Can you explain what this means and how it contributes to transparency and cost savings?
Blockchain technology uses cryptographic hashes, an algorithm executed by a group of computers that adhere to a consensus protocol and validate transactions and events on the network, using an immutable, decentralized storage mechanism. Cryptography has long been used to protect information and communications between peers in a computer system and is one of the most important elements in the blockchain. Zero-knowledge proof is a protocol that establishes a method to validate a statement without revealing anything beyond the veracity of the statement. It consolidates transparency, as all access management and control events and identities are stored in the blockchain, which is immutable by nature and therefore guarantees that the process will not breach the data. The cost savings have to do with the fact that it allows individuals and organizations to manage identities without the participation of any third parties, which reduces the cost of implementing IoT solutions.
*The goal of the FRIDA program is to support projects, initiatives, and solutions that will contribute to the consolidation of a global, open, stable, and secure Internet.
If you want to keep up with the latest news about the upcoming 2023 call for proposals, you can subscribe to the mailing list.
