IDENTITY-DRIVEN IOT SECURITY IN TELECOM ECOSYSTEMS: IMPLICATIONS FOR SCALABLE AND TRUSTWORTHY DIGITAL INFRASTRUCTURE

The rapid expansion of Internet of Things (IoT) deployments over telecommunications networks is reshaping digital infrastructure across smart cities, industrial automation, healthcare, and intelligent transportation. While 4G/5G evolution and the transition toward 6G enable massive machine-type communications, ultra-reliable low-latency services, and distributed cloud–edge integration, they also intensify security and trust risks. Conventional perimeter-based and network-centric security approaches are increasingly ineffective in telecom IoT ecosystems due to extreme scale, device heterogeneity, mobility, virtualization, multi-tenancy, and cross-domain service composition. This paper advances an identity-driven security perspective that anchors trust in explicit, verifiable identities for devices, services, and network functions rather than network location or implicit boundaries. Using a conceptual and analytical approach without reliance on empirical datasets, the study synthesizes prior work on IoT security, Zero Trust principles, cloud identity management, and telecom identity protections, and then develops an identity-centric security architecture for telecom IoT. The paper formalizes key threat assumptions emphasizing impersonation, unauthorized access, and cross-domain trust exploitation, and derives security and privacy requirements including mutual authentication, least-privilege authorization, continuous verification, accountability, and regulatory alignment. It further compares centralized and decentralized identity models, outlines trust establishment and federation workflows across operators and cloud/edge providers, and analyzes scalability constraints such as automated onboarding, credential lifecycle management, and the effects of network slicing and virtualization. Application-driven discussion across smart cities, Industry 4.0, healthcare, and transportation demonstrates the practical implications of identity-centric security for trustworthy operations. Finally, the paper identifies unresolved challenges—including interoperability, legacy device inclusion, constrained-device overhead, and governance—and highlights future research directions for 6G-era autonomous networks and standardized identity frameworks.