IDPMS - Secure Identity Provider for IoT Devices

Overview

IDPMS (Identity Provider Microservice) is a robust identity solution designed for the secure authentication of Internet of Things (IoT) devices. It leverages modern cryptographic techniques, including Zero-Knowledge Proofs (ZKP) to establish trust without disclosure and the Secure Remote Password (SRP) protocol to protect against credential theft and replay attacks.

As IoT ecosystems grow, ensuring trust between billions of connected devices is crucial. IDPMS bridges this gap by providing a lightweight, secure, and scalable identity provider tailored for IoT infrastructures.

Registration Flow

The registration process begins when an IoT device connects to its designated service provider. The service provider interacts with IDPMS to securely generate cryptographic parameters for the device.

Registration Payload (Device → Service Provider)

{
  "username": "betaSolver",
  "password": "05609@$"
}

Registration Response (IDPMS → Service Provider)

{
  "prime": "...",
  "generator": "...",
  "username": "betaSolver",
  "x": "...",
  "b": "...",
  "k": "..."
}

Once the service provider receives this response, it securely transmits the parameters to the IoT device and immediately deletes the user's password, minimizing the risk of compromise.

Authentication Flow

For subsequent requests, the IoT device uses derived values to authenticate. These values are shared with the service provider, which then validates them with IDPMS.

Service Request Payload (Device → Service Provider)

{
  "username": "betaSolver",
  "A": "68539476709196...",
  "client_key": "88324921924734..."
}

Key Security Features

Zero-Knowledge Proof (ZKP): Authenticate without revealing sensitive secrets.
Secure Remote Password (SRP): Strong password-based authentication resistant to attacks.
Key Deletion on Tampering: Device erases keys if tampering is detected.
Computational Security: Cryptographic key guessing is infeasible with current technology.

Key Rotation

IDPMS enforces a key rotation mechanism to reduce risks of key compromise. Device-issued cryptographic keys expire after a set period. Expired devices must re-register to receive fresh, secure keys — limiting the window of vulnerability.

Meet the Developer

Someindra Singh

I am a Full-Stack Software Developer with over 7 years of experience building scalable applications, databases, and AI-driven systems. Passionate about performance, elegant architecture, and developer experience, I created IDPMS-SRP to harden IoT device authentication with Zero-Knowledge proof. This microservice is both scalable and fault tolerant and can be used verify identity for IoT devices

🔗 GitHub 🔗 LinkedIn