Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content

Advertisement

Springer Nature Link
Log in

Bringing privacy, security and performance to the Internet of Things using IOTA and usage control

  • Published:
Annals of Telecommunications Aims and scope Submit manuscript

Abstract

The Internet of Things (IoT) is bringing new ways to collect and analyze data to develop applications answering or anticipating users’ needs. These data may be privacy-sensitive, requiring efficient privacy-preserving mechanisms. The IoT is a distributed system of unprecedented scale, creating challenges for performance and security. Classic blockchains could be a solution by providing decentralization and strong security guarantees. However, they are not efficient and scalable enough for large scale IoT systems, and available tools designed for preserving privacy in blockchains, e.g. coin mixing, have a limited effect due to high transaction costs and insufficient transaction rates. This article provides a framework based on several technologies to address the requirements of privacy, security and performance of the Internet of Things. The basis of the framework is the IOTA technology, a derivative of blockchains relying on a directed acyclic graph to create transactions instead of a linear chain. IOTA improves distributed ledger performance by increasing transaction throughput as more users join the network, making the network scalable. As IOTA is not designed for privacy protection, we complement it with privacy-preserving mechanisms: merge avoidance and decentralized mixing. Finally, privacy is reinforced by introducing usage control mechanisms for users to monitor the use and dissemination of their data. A Proof of Concept is proposed to demonstrate the feasibility of the proposed framework. Performance tests are conducted on this Proof of Concept, showing the framework can work on resource-constrained devices and within a reasonable time. The originality of this contribution is also to integrate an IOTA node within the usage control system, to support privacy as close as possible to the objects that need it.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Notes

  1. https://trinity.iota.org/nodes

  2. https://zenodo.org/record/6632102

  3. https://www.raspberrypi.com/products/raspberry-pi-4-model-b/specifications/

References

  1. Alshaikhli M, Elfouly T, Elharrouss O, Mohamed A, Ottakath N (2022) Evolution of internet of things from blockchain to iota: a survey. IEEE Access 10:844–866. https://doi.org/10.1109/ACCESS.2021.3138353

    Article  Google Scholar 

  2. Alwarafy A, Al-Thelaya KA, Abdallah M, Schneider J, Hamdi M (2021) A survey on security and privacy issues in edge-computing-assisted internet of things. IEEE Internet Things J 8(6):4004–4022. https://doi.org/10.1109/JIOT.2020.3015432

    Article  Google Scholar 

  3. Ayoub O, De Sousa A, Mendieta S, Musumeci F, Tornatore M (2021) Online virtual machine evacuation for disaster resilience in inter-data center networks. IEEE Trans Netw Service Manag 18(2):1990–2001. https://doi.org/10.1109/TNSM.2021.3056766

    Article  Google Scholar 

  4. Babil GS, Mehani O, Boreli R, Kaafar M (2013) On the effectiveness of dynamic taint analysis for protecting against private information leaks on android-based devices. In: 2013 Int. Conference on security and cryptography (SECRYPT). pp 1–8

  5. Bowe HS, Hornby T, Wilcox N (2016) Zcash protocol specification. https://github.com/zcash/zips/blob/main/protocol/protocol.pdf. Accessed 01 March 2023

  6. Cha S, Hsu T, Xiang Y, Yeh K (2019) Privacy enhancing technologies in the Internet of Things: perspectives and challenges. IEEE Internet Things J 6(2):2159–2187

    Article  Google Scholar 

  7. Christidis K, Devetsikiotis M (2016) Blockchains and smart contracts for the Internet of Things. IEEE Access 4:2292–2303

    Article  Google Scholar 

  8. Da Silva LF, Lima JVF (2021) An evaluation of Cassandra NoSQL Database on a low-power cluster. In: Int. symposium on computer architecture and high performance computing workshops (SBAC-PADW). pp 9–14. https://doi.org/10.1109/SBAC-PADW53941.2021.00012

  9. Deng M, Wuyts K, Scandariato R, Preneel B, Joosen W (2011) A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir Eng 16(1):3–32

    Article  Google Scholar 

  10. Denis N, Chabridon S, Laurent M (2021) Bringing privacy, security and performance to the internet of things through usage control and blockchains. In: Friedewald M, Krenn S, Schiering I, Schiffner S (eds.) Privacy and identity management. between data protection and security - 16th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Privacy and Identity 2021, Virtual Event, August 16-20, 2021, Revised Selected Papers. IFIP Advances in Information and Communication Technology, vol 644, pp 57–72. Springer. https://doi.org/10.1007/978-3-030-99100-5_6,

  11. Dorri A (2020) A scalable lightweight blockchain-based framework for IoT security and anonymity. Ph.D. Thesis, UNSW, http://handle.unsw.edu.au/1959.4/65030

  12. Drasutis E (2021) IOTA smart contracts. https://files.iota.org/papers/ISC_WP_Nov_10_2021.pdf

  13. Fedrecheski G, Rabaey JM, Costa LCP, Calcina Ccori PC, Pereira WT, Zuffo MK (2020) Self-sovereign identity for IoT environments: a perspective. In: 2020 Global Internet of Things Summit (GIoTS). pp 1–6. https://doi.org/10.1109/GIOTS49054.2020.9119664

  14. Godik S, Moses T (2003) eXtensible Access Control Markup Language (XACML). OASIS Standard

  15. Gramoli V (2020) From blockchain consensus back to byzantine consensus. Future Gener Comput Syst 107:760–769. https://doi.org/10.1016/j.future.2017.09.023

    Article  Google Scholar 

  16. Haque AB, Islam AKMN, Hyrynsalmi S, Naqvi B, Smolander K (2021) Gdpr compliant blockchains–a systematic literature review. IEEE Access 9:50593–50606. https://doi.org/10.1109/ACCESS.2021.3069877

    Article  Google Scholar 

  17. Harvan M, Pretschner A (2009) State-based usage control enforcement with data flow tracking using system call interposition. In: Int. conf. on network and system security. pp 373–380

  18. Henriksen-Bulmer J, Jeary S (2016) Re-identification attacks-a systematic literature review. Int J Info Manage 36(6, Part B):1184–1192

    Article  Google Scholar 

  19. Howard M, Lipner S (2006) The security development lifecycle, vol. 8. Microsoft Press Redmond (2006)

  20. Kelbert F, Pretschner A (2018) Data usage control for distributed systems. ACM Trans Priv Secur 21(3)

  21. Khan M et al (2020) BlockU: extended usage control in and for blockchain. Expert Syst 37:1

    Article  Google Scholar 

  22. Martin H, Christoph F (2016) The unreasonable effectiveness of address clustering. IEEE UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld

  23. Myers AC, Liskov B (1997) A decentralized model for information flow control. In: ACM Symp. on operating systems principles. pp 129–142

  24. Ogunniye G, Kökciyan N (2023) A survey on understanding and representing privacy requirements in the internet-of-things. J Artif Intell Res 76:163–192. https://doi.org/10.1613/jair.1.14000

    Article  Google Scholar 

  25. Palm E, Schelén O, Bodin U (2018) Selective blockchain transaction pruning and state derivability. In: 2018 Crypto valley conference on blockchain technology (CVCBT). pp 31–40. https://doi.org/10.1109/CVCBT.2018.00009

  26. Park J, Sandhu R (2004) The UCON ABC Usage Control Model. ACM Trans Inf Syst Secur 7(1):128–174

    Article  Google Scholar 

  27. Popov S (2017) The Tangle. https://iotatoken.com/IOTA_Whitepaper.pdf

  28. Popov S (2020) The Coordicide. https://files.iota.org/papers/Coordicide_WP.pdf

  29. Qin X, Huang Y, Yang Z, Li X (2020) A blockchain-based access control scheme with multiple attribute authorities for secure cloud data sharing. J Syst Archit 101854

  30. Raghav Andola N, Venkatesan S, Verma S (2020) PoEWAL: a lightweight consensus mechanism for blockchain in IoT. Pervasive Mob Comput 69:101291

    Article  Google Scholar 

  31. Rizos A, Bastos D, Saracino A, Martinelli F (2019) Distributed UCON in CoAP and MQTT protocols. In: ESORICS Int. Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT. LNCS, vol 11980, pp 35–52. Springer

  32. Rožman N, Corn M, Škulj G, Diaci J, Podržaj P (2022) Scalability solutions in blockchain-supported manufacturing: a survey. Strojniški vestnik - J Mech Eng 68:585–609. https://doi.org/10.5545/sv-jme.2022.355

    Article  Google Scholar 

  33. van Saberhagen N (2013) Cryptonote Monero Whitepaper. https://github.com/monero-project/research-lab/blob/master/whitepaper/whitepaper.pdf

  34. Salimitari M, Joneidi M, Chatterjee M (2019) AI-enabled blockchain: an outlier-aware consensus protocol for blockchain-based IoT networks. In: 2019 IEEE global communications conference (GLOBECOM). pp 1–6

  35. Salimitari M, Chatterjee M, Fallah YP (2020) A survey on consensus methods in blockchain for resource-constrained IoT networks. Internet Things 11:100212

    Article  Google Scholar 

  36. Sarfraz U, Alam M, Zeadally S, Khan A (2019) Privacy aware IOTA ledger: decentralized mixing and unlinkable IOTA transactions. Comput Netw 148:361–372

    Article  Google Scholar 

  37. Shadab N, Houshmand F, Lesani M (2020) Cross-chain transactions. In: 2020 IEEE int. conference on blockchain and cryptocurrency (ICBC). pp 1–9

  38. Shi N, Tang B, Sandhu R, Li Q (2021) DUCE: distributed usage control enforcement for private data sharing in internet of things. In: Data and applications security and privacy XXXV (DBSec). Springer

  39. Silvano WF, Marcelino R (2020) IOTA Tangle: a cryptocurrency to communicate Internet-of-Things data. Future Gener Comput Syst 112:307–319

  40. Simões JE, Ferreira E, Menasché DS, Campos CAV (2021) Blockchain privacy through merge avoidance and mixing services: a hardness and an impossibility result. SIGMETRICS Perform Evaluation Rev 48(4):8–11

    Article  Google Scholar 

  41. Tennant L (2017) Improving the anonymity of the IOTA cryptocurrency. https://laurencetennant.com/papers/anonymity-iota.pdf

  42. (2018) General data protection regulation. http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679

  43. Wuyts K, Joosen W (2015) LINDDUN privacy threat modeling: a tutorial. https://www.linddun.org/publications

Download references

Acknowledgements

This paper is supported by the Future & Ruptures program of Fondation Mines-Télécom, the Institut Mines-Télécom VP-IP Chair on Values and Policies of Personal Information (https://cvpip.wp.imt.fr) and the 3rd Programme d’ Investissements d’Avenir (ANR-18-EUR-0006-02) within the framework of Energy4Climate Interdisciplinary Center (E4C) (https://www.e4c.ip-paris.fr/). It is an extended version of the article called “Bringing privacy, security and performance to the Internet of Things through usage control and blockchains” published in IFIP’s Privacy and Identity Management [10].

Author information

Authors and Affiliations

  1. SAMOVAR, Télécom SudParis, Institut Polytechnique de Paris, 19 Pl. Marguerite Perey, 91120, Palaiseau, France

    Nathanael Denis, Sophie Chabridon & Maryline Laurent

Authors
  1. Nathanael Denis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sophie Chabridon
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Maryline Laurent
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nathanael Denis.

Ethics declarations

Conflict of interest

The authors have no conflicts of interest to declare.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Denis, N., Chabridon, S. & Laurent, M. Bringing privacy, security and performance to the Internet of Things using IOTA and usage control. Ann. Telecommun. 79, 585–601 (2024). https://doi.org/10.1007/s12243-023-01005-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12243-023-01005-1

Keywords

Search

Navigation