Vasilios A. Siris,Dimitrios Dimopoulos,Nikos Fotiou,Spyros Voulgaris,George C. Polyzos

DOI: https://doi.org/10.48550/arXiv.1905.01671

2019-05-05

Networking and Internet Architecture

Abstract:We present models that utilize smart contracts and interledger mechanisms to provide decentralized authorization for constrained IoT devices. The models involve different tradeoffs in terms of cost, delay, complexity, and privacy, while exploiting key advantages of smart contracts and multiple blockchains that communicate with interledger mechanisms. These include immutably recording hashes of authorization information and policies in smart contracts, resilience through the execution of smart contract code on all blockchain nodes, and cryptographically linking transactions and IoT events recorded on different blockchains using hash and time-lock mechanisms. The proposed models are evaluated on the public Ethereum testnets Rinkeby and Ropsten, in terms of execution cost (gas), delay, and reduction of data that needs to be sent to the constrained IoT devices.

Nikos Fotiou,Iakovos Pittaras,Vasilios A. Siris,Spyros Voulgaris,George C. Polyzos

DOI: https://doi.org/10.48550/arXiv.2001.10461

2020-01-29

Abstract:OAuth 2.0 is the industry-standard protocol for authorization. It facilitates secure service provisioning, as well as secure interoperability among diverse stakeholders. All OAuth 2.0 protocol flows result in the creation of an access token, which is then used by a user to request access to a protected resource. Nevertheless, the definition of access tokens is transparent to the OAuth 2.0 protocol, which does not specify any particular token format, how tokens are generated, or how they are used. Instead, the OAuth 2.0 specification leaves all these as design choices for integrators. In this paper, we propose a new type of OAuth 2.0 token backed by a distributed ledger. Our construction is secure, and it supports proof-of-possession, auditing, and accountability. Furthermore, we provide added-value token management services, including revocation, delegation, and fair exchange by leveraging smart contracts. We realized a proof-of-concept implementation of our solution using Ethereum smart contracts and the ERC-721 token specification.

Cryptography and Security

Nikos Fotiou,Iakovos Pittaras,Vasilios A. Siris,George C. Polyzos

DOI: https://doi.org/10.48550/arXiv.1911.05539

2019-11-13

Abstract:In this work, we leverage advances in decentralized identifiers and permissioned blockchains to build a flexible user authentication and authorization mechanism that offers enhanced privacy, achieves fast revocation, and supports distributed "policy decision points" executed in mutually untrusted entities. The proposed solution can be applied in multi-tenant "IoT hubs" that interconnect diverse IoT silos and enable authorization of "guest" users, i.e., opportunistic users that have no trust relationship with the system, which has not encountered or known them before.

Cryptography and Security

Nikos Fotiou,Vasilios A. Siris,George C. Polyzos

DOI: https://doi.org/10.48550/arXiv.1901.07807

2019-01-23

Abstract:Despite technological advances, most smart objects in the Internet of Things (IoT) cannot be accessed using technologies designed and developed for interacting with powerful Internet servers. IoT use cases involve devices that not only have limited resources, but also they are not always connected to the Internet and are physically exposed to tampering. In this paper, we describe the design, development, and evaluation of a smart contract-based solution that allows end-users to securely interact with smart devices. Our approach enables access control, Thing authentication, and payments in a fully decentralized setting, taking at the same time into consideration the limitations and constraints imposed by both blockchain technologies and the IoT paradigm. Our prototype implementation is based on existing technologies, i.e., Ethereum smart contracts, which makes it realistic and fundamentally secure.

Cryptography and Security

Nikos Fotiou,Iakovos Pittaras,Vasilios A. Siris,Spyros Voulgaris,George C. Polyzos

DOI: https://doi.org/10.48550/arXiv.1907.03904

2019-07-09

Abstract:Blockchains and smart contracts are an emerging, promising technology, that has received considerable attention. We use the blockchain technology, and in particular Ethereum, to implement a large-scale event-based Internet of Things (IoT) control system. We argue that the distributed nature of the "ledger," as well as, Ethereum's capability of parallel execution of replicated "smart contracts", provide the sought after automation, generality, flexibility, resilience, and high availability. We design a realistic blockchain-based IoT architecture, using existing technologies while by taking into consideration the characteristics and limitations of IoT devices and applications. Furthermore, we leverage blockchain's immutability and Ethereum's support for custom tokens to build a robust and efficient token-based access control mechanism. Our evaluation shows that our solution is viable and offers significant security and usability advantages.

Cryptography and Security

Ao Zhang,Xiaoying Bai

DOI: https://doi.org/10.1007/978-981-15-2777-7_22

2019-01-01

Abstract:With the development of digital society, the number of Internet platforms increases rapidly and a huge amount of personal information is stored online. It is convenient for users to log in to all platforms with a common account. Third-party authorization protocols like OAuth 2.0 allow the delegation of access control to dedicated service providers. However, OAuth protocol follows the centralized approach to manage authorization and authentication information, which relies on a centralized party and makes it a target under attack. In practice, it is vulnerable to attacks like replay attack, cross-site request forgery (CSRF) attack, and so on. Also, the centralized party cannot provide customized access control for other platforms. To solve these problems, the paper proposes a consortium blockchain architecture and designs protocols for account management and distributed consensus. The paper discusses the potentials of the proposed approach to effectively address certain vulnerabilities in current OAuth-like authorization and authentication services with tolerable performance.

Fei Tong,Xing Chen,Cheng Huang,Yujian Zhang,Xuemin Shen

DOI: https://doi.org/10.1109/JIOT.2022.3229676

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Multidomain Internet of Things (IoT) is faced with serious domain interoperability (DI) and compatibility issues since different intradomain authorization and authentication (A&A) mechanisms are deployed without the consideration of interdomain A&A. This article proposes a blockchain-assisted scheme to achieve flexible intra- and inter-domain A&A simultaneously and seamlessly. Specifically, we first design a contract-based mutual access control agreement on top of a consortium blockchain, where domain managers can manage their access permission without any trusted parties. Based on the agreement, a secure and privacy-preserving authentication protocol is further proposed by tailoring one-out-of-many proof techniques, which enables IoT devices to anonymously access authorized IoT domains. We additionally design a voting-based protocol by using a threshold-based cryptosystem. The protocol allows domain managers to transparently audit resource access with the assistance of the blockchain. Detailed security analysis demonstrates that the proposed scheme achieves the security properties, such as DI, privacy protection, and accountability. Finally, we develop two proof-of-concept prototypes in a physical testbed and virtual machine, respectively, based on an open-source blockchain platform to show our scheme's efficiency in terms of computation and communication overhead.

Peng Wang,Ning Xu,Haibin Zhang,Wen Sun,Abderrahim Benslimane

DOI: https://doi.org/10.1109/jiot.2021.3125091

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT), while providing comprehensive interconnection and ubiquitous services, poses security issues by enabling resources sharing among various devices from different untrusted authorities. Blockchain, as a distributed ledger, provides a traceable and verifiable platform to ensure the secure access control in IoT. The existing works based on blockchain may bring up intolerable computing overhead and delay to the lightweight IoT devices. In this article, we propose a dynamic and lightweight attribute-based access control framework for blockchain-empowered IoT, to achieve secure and fine-grained authorization. The proposed scheme allows access to resources by evaluating attributes, operations, and the environment relevant to a request. The access policy is executed through smart contract in blockchain for security and flexibility. To further adapt to IoT device constraints, we design a access control framework based on decentralized application (DApp), which can maintain tamper proof in a timely manner and be adapt to the delay-intolerant application. When delay-intolerant access is required, access can be allowed according to local replica of the blockchain, without a consensus of blockchain network. Considering the time-varying attributes of IoT devices, a trust management scheme is proposed based on the Markov chain to resist the security fluctuation caused by the vulnerability of IoT devices. In the experiments, we deploy our system prototype on Ethereum to evaluate the feasibility and effectiveness of the scheme. The results show the proposed scheme can achieve secure, high throughput, and flexible access control in IoT.

computer science, information systems,telecommunications,engineering, electrical & electronic

Nasser Alsalami,Bingsheng Zhang

DOI: https://doi.org/10.1109/dsc47296.2019.8937637

2019-01-01

Abstract:The advancement of blockchain technology and the Internet of Things (IoT) has presented us with unlimited possibilities to integrate the physical and the virtual worlds. In this work, we demonstrate how to override any existing public blockchain, that has enough redundancy in its transactions, to covertly broadcast arbitrary information. Besides, we implement and demonstrate our technique on a real-world cryptocurrency and show how it can be utilized in two specific applications: recording IoT data, and circumventing censorship.

Avishaek Deep,Adolfo Perrusquía,Lamees Aljaburi,Saba Al-Rubaye,Weisi Guo

DOI: https://doi.org/10.1109/access.2024.3349955

IF: 3.9

2024-01-01

IEEE Access

Abstract:Internet of Things (IoT) is currently playing a major role in how intelligent devices are interconnected and deployed to automate services in transport and smart living sectors. However, IoT is facing challenges in terms of data protection and authentication due to the heterogeneous nature of IoT devices that do not exhibit a central authority. It is crucial to provide secure and trustworthy solutions for the increasing demands of decentralized IoT environments. To this end, this research proposes a novel integration of blockchain-technologies in IoT services to enhance security, data integrity, users privacy, system scalability and interoperability of devices. This is done by leveraging smart contracts to enforce authentication, access control and data exchange mechanisms for IoT devices. The proposed approach is verified by the construction and deployment of a smart contract over the Polygon blockchain network in a simulated real-world IoT scenario. The obtained results show that the proposed approach ensures fast and secure authentication in IoT networks by decreasing the risk of unauthorized access and data tampering.

computer science, information systems,telecommunications,engineering, electrical & electronic

Roberto Di Pietro,Xavier Salleras,Matteo Signorini,Erez Waisbard

DOI: https://doi.org/10.1145/3205977.3205993

2018-06-07

Abstract:One of the biggest challenges for the Internet of Things (IoT) is to bridge the currently fragmented trust domains. The traditional PKI model relies on a common root of trust and does not fit well with the heterogeneous IoT ecosystem where constrained devices belong to independent administrative domains. In this work we describe a distributed trust model for the IoT that leverages the existing trust domains and bridges them to create end-to-end trust between IoT devices without relying on any common root of trust. Furthermore we define a new cryptographic primitive, denoted as obligation chain designed as a credit-based Blockchain with a built-in reputation mechanism. Its innovative design enables a wide range of use cases and business models that are simply not possible with current Blockchain-based solutions while not experiencing traditional blockchain delays. We provide a security analysis for both the obligation chain and the overall architecture and provide experimental tests that show its viability and quality.

Chandan Trivedi,Udai Pratap Rao,Keyur Parmar,Pronaya Bhattacharya,Sudeep Tanwar,Ravi Sharma

DOI: https://doi.org/10.1002/spy2.308

2023-03-12

Security and Privacy

Abstract:Recently, Internet‐of‐Things (IoT) based applications have shifted from centralized infrastructures to decentralized ecosystems, owing to user data's security and privacy limitations. The shift has opened new doors for intruders to launch distributed attacks in diverse IoT scenarios that jeopardize the application environments. Moreover, as heterogeneous and autonomous networks communicate, the attacks intensify, which justifies the requirement of trust as a key policy. Recently, blockchain‐based IoT solutions have been proposed that address trust limitations by maintaining data consistency, immutability, and chronology in IoT environments. However, IoT ecosystems are resource‐constrained and have low bandwidth and finite computing power of sensor nodes. Thus, the inclusion of blockchain requires an effective policy design regarding consensus and smart contract environments in heterogeneous IoT applications. Recent studies have presented blockchain as a potential solution in IoT, but an effective view of consensus and smart contract design to meet the end application requirements is an open problem. Motivated by the same, the survey presents the integration of suitable low‐powered consensus protocols and smart contract design to assess and validate the blockchain‐IoT ecosystems. We present blockchain‐IoT's emerging communication and security aspects with performance issues of consensus protocols, interoperability, and implementation platforms. A case study of a smart contract‐based blockchain‐driven ecosystem is presented with a comparative analysis of mining cost and latency, which shows its suitability in real‐world setups. We also highlight attacks on blockchain IoT, open issues, potential findings, and future directions. The survey intends to drive novel solutions for future consensus and safe, smart contract designs to support applicative IoT ecosystems.

English Else

Chenglong Fu,Qiang Zeng,Xiaojiang Du

DOI: https://doi.org/10.48550/arXiv.1912.00264

2019-12-01

Abstract:The booming Internet of Things (IoT) market has drawn tremendous interest from cyber attackers. The centralized cloud-based IoT service architecture has serious limitations in terms of security, availability, and scalability, and is subject to single points of failure (SPOF). Recently, accommodating IoT services on blockchains has become a trend for better security, privacy, and reliability. However, blockchain's shortcomings of high cost, low throughput, and long latency make it unsuitable for IoT applications. In this paper, we take a retrospection of existing blockchain-based IoT solutions and propose a framework for efficient blockchain and IoT integration. Following the framework, we design a novel blockchain-assisted decentralized IoT remote accessing system, RS-IoT, which has the advantage of defending IoT devices against zero-day attacks without relying on any trusted third-party. By introducing incentives and penalties enforced by smart contracts, our work enables "an economic approach" to thwarting the majority of attackers who aim to achieve monetary gains. Our work presents an example of how blockchain can be used to ensure the fairness of service trading in a decentralized environment and punish misbehaviors objectively. We show the security of RS-IoT via detailed security analyses. Finally, we demonstrate its scalability, efficiency, and usability through a proof-of-concept implementation on the Ethereum testnet blockchain.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Networking and Internet Architecture

Syed Yawar Abbas Zaidi,Munam Ali Shah,Hasan Ali Khattak,Carsten Maple,Hafiz Tayyab Rauf,Ahmed M. El-Sherbeeny,Mohammed A. El-Meligy

DOI: https://doi.org/10.3390/su131910556

IF: 3.9

2021-09-23

Sustainability

Abstract:With opportunities brought by the Internet of Things (IoT), it is quite a challenge to maintain concurrency and privacy when a huge number of resource-constrained distributed devices are involved. Blockchain have become popular for its benefits, including decentralization, persistence, immutability, auditability, and consensus. Great attention has been received by the IoT based on the construction of distributed file systems worldwide. A new generation of IoT-based distributed file systems has been proposed with the integration of Blockchain technology, such as the Swarm and Interplanetary File System. By using IoT, new technical challenges, such as Credibility, Harmonization, large-volume data, heterogeneity, and constrained resources are arising. To ensure data security in IoT, centralized access control technologies do not provide credibility. In this work, we propose an attribute-based access control model for the IoT. The access control lists are not required for each device by the system. It enhances access management in terms of effectiveness. Moreover, we use blockchain technology for recording the attribute, avoiding data tempering, and eliminating a single point of failure at edge computing devices. IoT devices control the user’s environment as well as his or her private data collection; therefore, the exposure of the user’s personal data to non-trusted private and public servers may result in privacy leakage. To automate the system, smart contracts are used for data accessing, whereas Proof of Authority is used for enhancing the system’s performance and optimizing gas consumption. Through smart contracts, ciphertext can be stored on a blockchain by the data owner. Data can only be decrypted in a valid access period, whereas in blockchains, the trace function is achieved by the storage of invocation and the creation of smart contracts. Scalability issues can also be resolved by using the multichain blockchain. Eventually, it is concluded from the simulation results that the proposed system is efficient for IoT.

environmental sciences,environmental studies,green & sustainable science & technology

Gholam Reza Zargar,Hamid Barati,Ali Barati

DOI: https://doi.org/10.1007/s10586-024-04565-6

2024-06-26

Cluster Computing

Abstract:The Internet of Things (IoT) is a network where physical objects with unique addresses can connect and communicate with each other through the Internet and telecommunications networks. However, the current methods of user authentication in this environment have limitations due to the need for a lightweight authentication process and limited resources. Therefore, this paper proposes a mutual authentication protocol for IoT that uses blockchain technology. The proposed protocol has a lightweight and secure architecture by using of Elliptic-Curve Cryptography and incorporates the AVISPA tool and BAN logic for formal/informal security analysis. Compared to previous protocols, this proposed protocol is more efficient in terms of communication and computation costs and is more resistant to various attacks.

computer science, information systems, theory & methods

Guntur Dharma Putra,Volkan Dedeoglu,Salil S. Kanhere,Raja Jurdak

DOI: https://doi.org/10.48550/arXiv.1912.10247

2020-03-09

Abstract:Heterogeneous and dynamic IoT environments require a lightweight, scalable, and trustworthy access control system for protection from unauthorized access and for automated detection of compromised nodes. Recent proposals in IoT access control systems have incorporated blockchain to overcome inherent issues in conventional access control schemes. However, the dynamic interaction of IoT networks remains uncaptured. Here, we develop a blockchain based Trust and Reputation System (TRS) for IoT access control, which progressively evaluates and calculates the trust and reputation score of each participating node to achieve a self-adaptive and trustworthy access control system. Trust and reputation are explicitly incorporated in the attribute-based access control policy, so that different nodes can be assigned to different access right levels, resulting in dynamic access control policies. We implement our proposed architecture in a private Ethereum blockchain comprised of a Docker container network. We benchmark our solution using various performance metrics to highlight its applicability for IoT contexts.

Cryptography and Security,Networking and Internet Architecture

Chao Qiu,Haipeng Yao,F. Richard Yu,Chunxiao Jiang,Song Guo

DOI: https://doi.org/10.1109/TSC.2019.2948870

IF: 11.019

2020-01-01

IEEE Transactions on Services Computing

Abstract:Recently, the emergence of blockchain has stirred great interests in the field of Internet of Things (IoT). However, numerous non-trivial problems in the current blockchain system prevent it from being used as a generic platform for large-scale services and applications in IoT. One notable drawback is the scalability problem. Lots of projects and researches have been done to solve this problem. Nevertheless, they do not consider different users' conditions, only using a single consensus protocol as the best fit one, as well as the IoT system is heavily constrained by computing and networking resources. In this article, we study a permissioned blockchain-based IoT architecture. In order to improve the scalability of the blockchain system and meet the needs of different users, we propose a service-oriented permissioned blockchain, where different consensus protocols are launched according to users' quality of service (QoS) requirements. Specially, we quantify a few popular consensus protocols. Additionally, we select block producers, which need a great number of computation resources, as well as dynamically allocate network bandwidth to the blockchain system. We formulate consensus protocols selection, block producers selection, and network bandwidth allocation as a joint optimization problem. We then use a dueling deep reinforcement learning approach to solve the problem. Simulation results demonstrate the effectiveness of our proposed scheme.

Soumyashree S. Panda,Debasish Jena,Bhabendu Kumar Mohanta,Somula Ramasubbareddy,Mahmoud Daneshmand,Amir H. Gandomi

DOI: https://doi.org/10.1109/jiot.2021.3063806

IF: 10.6

2021-08-15

IEEE Internet of Things Journal

Abstract:The exponential growth in the number of connected devices as well as the data produced from these devices call for a secure and efficient access control mechanism that can ensure the privacy of both users and data. Most of the conventional key management mechanisms depend upon a trusted third party like a registration center or key generation center for the generation and management of keys. Trusting a third party has its own ramifications and results in a centralized architecture; therefore, this article addresses these issues by designing a Blockchain-based distributed IoT architecture that uses hash chains for secure key management. The proposed architecture exploits the key characteristics of the Blockchain technology, such as openness, immutability, traceability, and fault tolerance, to ensure data privacy in IoT scenarios and, thus, provides a secure environment for communication. This article also proposes a scheme for secure and efficient key generation and management for mutual authentication between communication entities. The proposed scheme uses a one-way hash chain technique to provide a set of public and private key pairs to the IoT devices that allow the key pairs to verify themselves at any time. Experimental analysis confirms the superior performance of the proposed scheme to the conventional mechanisms.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shuang Sun,Rong Du,Shudong Chen,Weiwei Li

DOI: https://doi.org/10.1109/access.2021.3059863

IF: 3.9

2021-01-01

IEEE Access

Abstract:Most IoT devices cannot afford to be a blockchain node due to the high computation and storage loads. Thus, the blockchain is usually deployed on one delegate node, e.g., the edge device or cloud, which may encounters three drawbacks: (1) The delegate node becomes the single failure point when the number of delegate notes are limited. (2) The delegate node replicating the blockchain data can lead to privacy information leak. (3) The delegate node is vulnerable to the Distributed Denial of Service (DDoS) attack. To tackle these drawbacks, we consider to minimize the redundant of blockchain to make the IoT devices as the specialized blockchain nodes. In this paper, we integrate a permissioned blockchain (HLF), an attribute-based access control (ABAC) and an identity-based signature (IBS) to build a security, lightweight, and cross-domain blockchain-based IoT access control system. Specifically, we divided the IoT system into different function domains, named IoT domains. Then, we establish a local blockchain ledger for each IoT domain to enable more IoT devices as blockchain nodes. The local blockchain ledger records the IoT domain entities' attributes, policy files' digests, and access decisions. Meanwhile, we use the channel technology of HLF to realize cross-domain access and use the IBS to filter the legal access requests for each IoT domain to prevent DDoS attacks. We also design a policy decision point (PDP) selection algorithm that select multiple IoT devices (blockchain nodes) to achieve the real-time distributed policy decisions (off-chain). Finally, we implement and evaluate the proposed system to demonstrate its practicality.

computer science, information systems,telecommunications,engineering, electrical & electronic

Aqsa Rashid,Asif Masood,Atta ur Rehman Khan

DOI: https://doi.org/10.1007/s11277-024-11266-1

IF: 2.017

2024-06-27

Wireless Personal Communications

Abstract:Centralized access control systems are unsuitable for IoT due to their resource-constrained, heterogeneous, and dynamic nature. Blockchain-assisted decentralized access control systems exist for IoT, but those approaches are tokenization-based. In some cases, IoT devices are not part of the blockchain network due to which they cannot interact with the access control system directly. Instead, they need a trusted admin, management hub, or a fog node for permissions verification and access to resources. This paper presents a smart contract and blockchain-assisted framework for the access control systems in the IoT enterprise environment, called ACS-IoT. In the proposed framework, resource-constrained IoT devices belong to the blockchain network. Therefore, these devices can directly access the permitted resources without any centrally administered authority and management hub's verification. We used smart contract and Ethereum blockchain for the new framework. Smart contract allows automated enforcement of access policies and serves as an autonomous agent running exactly as programmed. The proposed framework is validated through implementation of the proof of concept, and implemented prototype is deployed and tested on the Ethereum test network. The obtained results confirm that usage of blockchain and smart contract can be used as access management technology in the IoT enterprise environment.

telecommunications