No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Decentralized Access Control for Internet of Things Using Decentralized Identifiers and Multi-signature Smart Contracts
... Moreover, each DID must be able to be connected with one DID document (available in JSON or JSON-LD form) containing all the necessary information regarding the entity which it represents, as well as all the possible cryptographic methods that can be used for verification. DIDs play a crucial role in the broader movement toward self-sovereign identity, where individual entities have greater control and ownership of their digital identities, reducing reliance on centralized identity providers and enhancing security and privacy [35][36][37]. ...
... Finally, when necessary, the execution of certain smart contract functions can provide feedback to the user via events, informing them of the new status of the softhub Moreover, each DID must be able to be connected with one DID document (available in JSON or JSON-LD form) containing all the necessary information regarding the entity which it represents, as well as all the possible cryptographic methods that can be used for verification. DIDs play a crucial role in the broader movement toward self-sovereign identity, where individual entities have greater control and ownership of their digital identities, reducing reliance on centralized identity providers and enhancing security and privacy [35][36][37]. ...
The Internet of Things (IoT) continues to suffer from security issues, even after 20 years of technological evolution and continuing efforts. While the decentralization of the IoT seems to be a solution for improved resource management and scalability, most of the services remain centralized, exposing IoT systems to malicious attacks. As a result, this leads to functionality failures and endangers user and data integrity. Identity and Access Management (IAM) has the ability to provide defense against a great number of security threats. Additionally, blockchain is a technology which can natively support decentralization, as well as access and authorization management techniques, using the corresponding programmable logic and leveraging cryptographic mechanisms for privacy and security. Using standardized frameworks (e.g., Decentralized Identifiers and Verifiable Credentials), a blockchain-based access and authorization solution can present the basis for a uniform decentralized IAM framework for the IoT. To this end, this paper presents a proof-of-concept design and implementation of an IAM solution based on Solidity smart contracts, targeting two areas: firstly, supporting the fact that blockchain can seamlessly provide the basis for a decentralized IAM framework, while secondly (and most importantly) exploring the challenge of integrating within existing IoT systems, avoiding redesigning and redeveloping on behalf of IoT manufacturers.
... Thus, it performs algebraic and logical operations if all predefined criteria or rules are respected. Once the defined conditions are met, the algorithm is activated, automatically executed without human intervention and cryptographically signed by the different parties [22]. ...
... They use an attribute validation authority that does not allow the user to have total control over his data. A decentralized access control model applied in an Internet of Things (IoT) environment has been presented in [22]. This model based on decentralized identifiers allows executing smart contracts to regulate access to connected objects. ...
... B. Kim et al. 32 combined DIDs with the Attribute-Based Access Control (ABAC) model for fine-grained access control in vehicular networks. E. Tcydenova et al. 33 introduced DID-based access control for IoT devices. However, these works primarily focus on access authorization and do not explore secure transmission and storage aspects in depth. ...
The data collection processes of IoT devices face significant security challenges, including access authorization, secure transmission, and secure storage. These challenges are particularly critical in sectors such as smart healthcare, smart homes, and smart cities, where users often lack direct ownership or control over IoT devices. Various solutions have been proposed to address these issues, leveraging technologies such as Certificate Authorities (CAs) and blockchain. However, the CA model is inherently centralized, while blockchain-based solutions suffer from relatively low efficiency. To overcome these limitations, this article introduces a trust model for IoT data collection based on Decentralized Identifiers (DIDs) and proposes a novel IoT data security collection scheme, called TrID. TrID employs a distributed architecture to resolve the centralization problem and operates independently of blockchain, significantly enhancing both the security and efficiency of IoT data collection. The experiment shows that the authentication time cost of TrID in the mutual authentication protocol is only 10% of on-chain solutions, and the decryption of 10 MB of data with 1000 KB encrypted block size, requires less than 100 ms.
... The authors tackle the common issue of replay attacks, reuses of passwords, and password aging by introducing dynamic passwords. Decentralized Access Control for the Internet of Things using decentralized identifiers and multi-signature smart contracts is a solution to the problems associated with centralized authentication in [40]. A multi-level authentication scheme is introduced in [41] to improve the privacy and security of data in a decentralized cloud service. ...
IoT edge computing is a network design model that captures and processes data at the network edge. The results are forwarded to a cloud service or, if additional processing is needed, a middle tier. By processing data at the edge and middle tier, edge networks achieve better load-balancing and improve performance; however, traditional edge network deployments represent a rigid participation model. Edge networks require physical access to an IoT device and often lock the device to a single edge network. These constraints make it difficult to construct the ideal network, as they reject IoT devices deployed at the network edge but not owned by the network administrator. Our goal is to remove these limitations by creating a network protocol that supports broader participation of IoT devices, cryptographically secures network data, and improves network performance by increasing captured data at the network edge. The protocol is named Snap to symbolize the ease of self assembly. Our experimental research focuses on temperature stability and the cycle efficiency of an HVAC system by utilizing a Snap network to combine two existing edge networks and increase the number of temperature measurement points. The additional measurement points improved the efficiency of the HVAC cycle strategy by increasing the square footage of measured building space. The additional temperature capture points supported an adjustment to the HVAC cycle strategy which resulted in reducing the disparity between the requested temperature and the resulting temperatures. Snap networks support a broader range of IoT sensors leading to increased measurement density, sample rate frequency, and coverage of the network edge.
Blockchain smart contracts (SCs) have emerged as a transformative technology, enabling the automation and execution of contractual agreements without the need for intermediaries. However, as SCs evolve to become more complex in their decentralised decision-making abilities, there are notable difficulties in comprehending the underlying reasoning process and ensuring users’ understanding. The existing literature primarily focuses on the technical aspects of SC, overlooking the exploration of the decision-making process within these systems and the involvement of humans. In this paper, we propose a framework that integrates human-centered design principles by applying Situation Awareness (SA) and goal directed task analysis (GDTA) concepts to determine information requirements necessary to design eXplainable smart contracts (XSC). The framework provides a structured approach for requirements engineers to identify information that can keep users well-informed throughout the decision-making process. The framework considers factors such as the business logic model, data model, and roles and responsibilities model to define specific information requirements that shape SC behaviour and necessitate explanations. To guide the determination of information requirements, the framework categorises SC decision mechanisms into autonomy, governance, processing, and behaviour. The ExplanaSC framework promotes the generation of XSC explanations through three levels aligned with SA: XSC explanation for perception, XSC explanation for comprehension, and XSC explanation for projection. Overall, this framework contributes to the development of XSC systems and lays the foundation for more transparent, and trustworthy decentralized applications. The XSC explanations aims to facilitate user awareness of complex decision-making processes. The evaluation of the framework uses a case to exemplify the working of our framework, its added value and limitations, and consults experts in the field for feedback and refinements.
Scarce and niche in the literature just a few years ago, the blockchain topic is now the main subject in conference papers and books. However, the hype generated by the technology and its potential implications for real-world applications is flawed by many misconceptions about how it works and how it is implemented, creating faulty thinking or overly optimistic expectations. Too often, characteristics such as immutability, transparency, and censorship resistance, which mainly belong to the bitcoin blockchain, are sought in regular blockchains, whose potential is barely comparable. Furthermore, critical aspects such as oracles and their role in smart contracts receive few literature contributions, leaving results and theoretical implications highly questionable. This literature review of the latest papers in the field aims to give clarity to the blockchain oracle problem by discussing its effects in some of the most promising real-world applications. The analysis supports the view that the more trusted a system is, the less the oracle problem impacts.
Internet of Things (IoT) devices facilitate intelligent service delivery in a broad range of settings, such as smart offices, homes and cities. However, the existing IoT access control solutions are mainly based on conventional identity management schemes and use centralized architectures. There are known security and privacy limitations with such schemes and architectures, such as the single-point failure or surveillance (e.g., device tracking). Hence, in this paper, we present an architecture for capability-based IoT access control utilizing the blockchain and decentralized identifiers to manage the identity and access control for IoT devices. Then, we propose a protocol to provide a systematic view of system interactions, to improve security. We also implement a proof-of-concept prototype of the proposed approach and evaluate the prototype using a real-world use case. Our evaluation results show that the proposed solution is feasible, secure, and scalable.
The essence of blockchain smart contracts lies in the execution of business logic code in a decentralized architecture in which the execution outcomes are trusted and agreed upon by all the executing nodes. Despite the decentralized and trustless architectures of the blockchain systems, smart contracts on their own cannot access data from the external world. Instead, smart contracts interact with off-chain external data sources, called oracles, whose primary job is to collect and provide data feeds and input to smart contracts. However, there is always risk of oracles providing corrupt, malicious, or inaccurate data. In this paper, we analyze and present the notion of trust in the oracles used in blockchain ecosystems. We analyze and compare trust-enabling features of the leading blockchain oracle approaches, techniques, and platforms. Moreover, we discuss open research challenges that should be addressed to ensure secure and trustworthy blockchain oracles.
In digital era of Internet of Things (IoT), internet-connected devices are becoming smart and autonomous. In this distributed world IoT device operate not only with the owner of the device but also need to operate with third parties, which leads to have identification for each IoT device. In the coming years, deploying IoT solutions at large scale will have to address complex issues of managing digital identity, security and identity ownership. Most of the current IoT solutions rely upon centralized client-server mechanism for providing connectivity and access to devices and services. However, when billions of devices will begin connecting simultaneously, then existing centralized solution will not suffice. Now days, we rely on federated identities however in this user need to depend on third party as users are not owner of their own identity, this leads to have Self-Sovereign Identities (SSI). In the sequel, there is a need of decentralized method for managing identities in near future. In this chapter, various identification methods are analyzed. Further, Decentralized Identifiers and Verifiable Credentials are discussed, the discussion focus on whether DID and VC are applicable to the IoT as IoT includes resource constrained devices at base level. It also presents smart home use case utilizing DID and VCs in order to evaluate its applicability. In the same line threat analysis is presented to analyze applicability of the DID and VC for the IoT applications.
This paper studies three existing technical solutions for a self-sovereign identity on blockchains and analyzes the arising issues related to the General Data Protection Regulation (GDPR) of the European Union (EU). In particular, the paper provides an overview of the existing Sovrin self-sovereign identity on the Hyperledger Indy public permissioned blockchain as well as uPort and Jolocom on the Ethereum public permissionless blockchain. The paper then concludes with a discussion on the GDPR-compliance of the blockchain-based identity concepts.
In recent years, the rapid development of cryptocurrencies and their underlying blockchain technology has revived Szabo's original idea of smart contracts, i.e., computer protocols that are designed to automatically facilitate, verify, and enforce the negotiation and implementation of digital contracts without central authorities. Smart contracts can find a wide spectrum of potential application scenarios in the digital economy and intelligent industries, including financial services, management, healthcare, and Internet of Things, among others, and also have been integrated into the mainstream blockchain-based development platforms, such as Ethereum and Hyperledger. However, smart contracts are still far from mature, and major technical challenges such as security and privacy issues are still awaiting further research efforts. For instance, the most notorious case might be "The DAO Attack" in June 2016, which led to more than $50 million Ether transferred into an adversary's account. In this paper, we strive to present a systematic and comprehensive overview of blockchain-enabled smart contracts, aiming at stimulating further research toward this emerging research area. We first introduced the operating mechanism and mainstream platforms of blockchain-enabled smart contracts, and proposed a research framework for smart contracts based on a novel six-layer architecture. Second, both the technical and legal challenges, as well as the recent research progresses, are listed. Third, we presented several typical application scenarios. Toward the end, we discussed the future development trends of smart contracts. This paper is aimed at providing helpful guidance and reference for future research efforts.
A Review on Wide Variety and Heterogeneity of IoT Platforms
- R Kollolu