A Blockchain Based Secure IoT System Using Device Identity Management
Abstract
:1. Introduction
- We propose a novel framework for ensuring data and device security of an IoT system using blockchain and a fuzzy extractor.
- We propose and provide a detailed analysis of the lightweight time-based identification protocol (LiTBIP) for securing small IoT devices.
- We created a Raspberry Pi-based prototype of the proposed system and an Ethereum-based blockchain application. We provided a performance analysis of the LiTBIP protocol and blockchain application of the proposed framework.
2. Related Work
3. System Overview
- Users: A user is one who can access IoT sensors, data analysis and validation services.
- IoT Device: An IoT device is a resource-constrained device that cannot run heavy cryptographic algorithms such as digital signature schemes. It is not tamper-proof, and it is connected to a device hub for networking. We assume that the connection between an IoT device and a hub is secure.
- Hubs: A hub gathers information from a group of IoT devices and sends authenticated messages to a cloud. It is a lightweight device, but it can perform cryptographic algorithms like hash functions.
- Controller: A controller collects and checks the validity of data received from hubs. It stores the validated data in an external database and updates policies (e.g., timing information) shared with the hubs. A controller can write a transaction to the blockchain periodically.
- Cloud: A cloud can have multiple controllers and a database that stores authenticated data collected from the hubs.
- Database: A database is public storage for the sensing information where a user can access their business data.
- Blockchain: A blockchain is used for auditing purposes, as a user can check the data (stored on the database) integrity by checking the transactions on the blockchain.
- Device management module: The controller provides a timing policy to the connected hubs. The novelty of the proposed system is the timing policy which is used to identify the IoT devices. The timing policy provides the individualized data transmission schedule to all the connected hubs, which is used to identify the data sent by the valid/correct hub. The timing policy also consists of the margin of noise that every hub can add during the scheduling process.A controller can check the validity of the received data from the hubs. The controller uses the timing information from a group of data records coming from each hub. The controller uses the timing policy to identify the hub. Noise is a random value within a margin (decided by the controller) that is added to the scheduling interval by the hub. The controller uses an error correction technique to remove the noise correctly and identify the hub.
- Database management module: After identifying the source hub the SHA256 hash of the data is calculated, and the data is stored in the database. When the data is stored in the database, the index of the data is sent back to the controller.
- Blockchain management module: Controllers are blockchain nodes capable of generating transactions. The transaction includes SHA256 hash of the data, controller ID and the database identifier that includes database address and data index.
- Access control module: This module is responsible for token authentication to provide access to users.
4. Preliminaries
4.1. Secure Sketch
- : on input , where is a metric space, it outputs a sketch .
- : on input an element and a sketch , it outputs w if the distance between w and is not greater than a threshold t, i.e., .
4.2. Fuzzy Extractor
- : on input data w, this algorithm generates a pair of , such that
- : on input data and helper data P, it outputs R, if .
4.3. Norm Based Secure Sketch
- Setup: Let be a number line defined as in [24], where has exactly v intervals. For each interval , there are points, s.t. . I is an interval identifier that takes the value of the middle point of an interval. For example, is an identifier of an interval . The maximum acceptable Chebyshev distance threshold t is , where .
- : Let be encoded noisy data, where is a point of . This algorithm computes in three cases as follows.
- −
- Case 1: For all , move it by to the closest interval identifier , that is, .
- −
- Case 2: If is not in any interval (e.g., the points like ), it tosses a coin c. If , it moves to the closest left interval identifier, otherwise, it moves to the right.
- −
- Case 3: If is the largest or the smallest point of , it can be moved to either or , depending on the toss of a coin.
It outputs a sketch . - : on input an encoded (to ) data and a sketch , it runs the reconstruction procedure as follows.
- −
- For all and , it calculates .If , it computes .If , it computes .
- −
- For all , it finds the corresponding interval identifier . If , this algorithm aborts and returns ⊥. Otherwise, it computes . At the end, it outputs .
5. Proposed System
5.1. Security Goals
- An IoT device should be identifiable without sharing secret keys. If a device is legitimate, a controller can verify the device based on its behaviors. If the device is unknown, a controller is able to recognize new devices and assign temporary access to the system. Otherwise, the system discards messages from invalid devices.
- The proposed system should provide message authentication. It is important to guarantee that the received messages are from valid IoT devices.
- The proposed system allows users to verify data integrity. The system stores IoT sensor data and provides different services for data processing. It is critical for both the cloud and users to check whether the data remains valid.
5.2. Lightweight Time-Based Identification Protocol (LiTBIP)
- : The cloud server chooses a security parameter and a collision-resistant cryptographic hash (as a strong extractor) function . It generates a number line with the maximum acceptable Chebyshev distance t. Let be the public system parameters, the cloud server publishes .
- To register a device, a user (on behalf of of the device) interacts with the cloud. The user creates an identity and a time schedule , and generates a helper data P and a secret key . The user sends to the cloud for device registration. At the end of device registration, the cloud stores the and allows a controller to access it. This protocol is depicted in Figure 2.
- To identify a device, a hub plays an interactive protocol with a controller (on behalf of a cloud). They run the protocol in the steps as follows.
- 1.
- A hub firstly obtains the timing information when it receives the sensing data from a sensor and compiles a sequence of the time information to . Note that the time information is considered as noisy data that contains random differences. Then, the hub performs the secure sketch algorithm with input to generate a new sketch . The hub sends to the controller.
- 2.
- Upon receiving a request (i.e., ), a controller looks up the database and fetches a tuple , s.t. . The controller randomly selects bits c and sends to the hub.
- 3.
- Upon receiving , the hub reproduces the secret key by using the and algorithms. It generates a -bit randomness and computes a message authentication code of a message m, where m is the sensing data of the last n reports.
- 4.
- Upon receiving a response , the controller checks if , where is the received data from the last n reports. If the equation holds, the hub is identified and the sensing data is authenticated.
The identification protocol is depicted in Figure 3.
5.3. Blockchain
5.4. Access Control
6. Implementation Details
6.1. LiTBIP Implemetation Using Rasberry Pi
6.2. Blockchain Implementation
7. Performance Evaluation
7.1. LiTBIP Evaluation
7.2. Blockchain Performance Evaluation
8. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Acknowledgments
Conflicts of Interest
References
- Abosata, N.; Al-Rubaye, S.; Inalhan, G.; Emmanouilidis, C. Internet of Things for System Integrity: A Comprehensive Survey on Security, Attacks and Countermeasures for Industrial Applications. Sensors 2021, 21, 3654. [Google Scholar] [CrossRef] [PubMed]
- Bezawada, B.; Bachani, M.; Peterson, J.; Shirazi, H.; Ray, I.; Ray, I. IoTSense: Behavioral Fingerprinting of IoT Devices. arXiv 2018, arXiv:abs/1804.03852. [Google Scholar]
- Bai, L.; Yao, L.; Kanhere, S.S.; Wang, X.; Yang, Z. Automatic Device Classification from Network Traffic Streams of Internet of Things. In Proceedings of the 2018 IEEE 43rd Conference on Local Computer Networks (LCN), Chicago, IL, USA, 1–4 October 2018; pp. 1–9. [Google Scholar] [CrossRef] [Green Version]
- Kolcun, R.; Popescu, D.A.; Safronov, V.; Yadav, P.; Mandalari, A.M.; Mortier, R.; Haddadi, H. Revisiting IoT Device Identification. arXiv 2021, arXiv:abs/2107.07818. [Google Scholar]
- Yousefnezhad, N.; Malhi, A.; Främling, K. Automated IoT Device Identification Based on Full Packet Information Using Real-Time Network Traffic. Sensors 2021, 21, 2660. [Google Scholar] [CrossRef] [PubMed]
- Sabir, A.; Sheeraz, A.; Fasee, U.; Asif, N.; Atif, K.; Irfan, U.M.; Abdullah, A.; Wael, A.; Hashem, A. IoT with BlockChain: A Futuristic Approach in Agriculture and Food Supply Chain. Wirel. Commun. Mob. Comput. 2021, 2021, 5580179. [Google Scholar]
- Liu, Y.; Wang, J.; Li, J.; Niu, S.; Song, H. Machine Learning for the Detection and Identification of Internet of Things (IoT) Devices: A Survey. IEEE Internet Things J. 2020, 7, 298–320. [Google Scholar]
- Azarmehr, M.; Mehta, A.; Rashidzadeh, R. Wireless device identification using oscillator control voltage as RF fingerprint. In Proceedings of the 2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE), Windsor, ON, Canada, 30 April–3 May 2017; pp. 1–4. [Google Scholar] [CrossRef]
- Bihl, T.J.; Bauer, K.W.; Temple, M.A. Feature Selection for RF Fingerprinting with Multiple Discriminant Analysis and Using ZigBee Device Emissions. IEEE Trans. Inf. Forensics Secur. 2016, 11, 1862–1874. [Google Scholar] [CrossRef]
- Wang, C.; Lin, Y.; Zhang, Z. Research on Physical Layer Security of Cognitive Radio Network Based on RF-DNA. In Proceedings of the 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C), Prague, Czech Republic, 25–29 July 2017; pp. 252–255. [Google Scholar] [CrossRef]
- Marchal, S.; Miettinen, M.; Nguyen, T.D.; Sadeghi, A.R.; Asokan, N. AuDI: Toward Autonomous IoT Device-Type Identification Using Periodic Communication. IEEE J. Sel. Areas Commun. 2019, 37, 1402–1412. [Google Scholar] [CrossRef] [Green Version]
- Hamad, S.A.; Zhang, W.E.; Sheng, Q.Z.; Nepal, S. IoT Device Identification via Network-Flow Based Fingerprinting and Learning. In Proceedings of the 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), Rotorua, New Zealand, 5–8 August 2019; pp. 103–111. [Google Scholar] [CrossRef]
- Yin, F.; Yang, L.; Wang, Y.; Dai, J. IoT ETEI: End-to-End IoT Device Identification Method. In Proceedings of the 2021 IEEE Conference on Dependable and Secure Computing (DSC), Aizuwakamatsu, Japan, 30 January–2 February 2021; pp. 1–8. [Google Scholar] [CrossRef]
- Miettinen, M.; Marchal, S.; Hafeez, I.; Asokan, N.; Sadeghi, A.R.; Tarkoma, S. IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT. In Proceedings of the 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), Atlanta, GA, USA, 5–8 June 2017; pp. 2177–2184. [Google Scholar] [CrossRef]
- Gong, L.; Alghazzawi, D.M.; Cheng, L. BCoT sentry: A blockchain-based identity authentication framework for IoT devices. Information 2021, 12, 203. [Google Scholar] [CrossRef]
- Wang, D.; Wang, H.; Fu, Y. Blockchain-based IoT device identification and management in 5G smart grid. EURASIP J. Wirel. Commun. Netw. 2021, 2021, 125. [Google Scholar] [CrossRef]
- Dorri, A.; Roulin, C.; Pal, S.; Baalbaki, S.; Jurdak, R.; Kanhere, S. Device Identification in Blockchain-Based Internet of Things. IEEE Internet Things J. 2022. Early Access. [Google Scholar] [CrossRef]
- Mohanta, B.K.; Sahoo, A.; Patel, S.; Panda, S.S.; Jena, D.; Gountia, D. DecAuth: Decentralized Authentication Scheme for IoT Device Using Ethereum Blockchain. In Proceedings of the TENCON 2019—2019 IEEE Region 10 Conference (TENCON), Kochi, India, 17–20 October 2019; pp. 558–563. [Google Scholar] [CrossRef]
- Shukla, S.; Thakur, S.; Hussain, S.; Breslin, J.G.; Jameel, S.M. Identification and Authentication in Healthcare Internet-of-Things Using Integrated Fog Computing Based Blockchain Model. Internet Things 2021, 15, 100422. [Google Scholar] [CrossRef]
- Yang, H.; Bao, B.; Li, C.; Yao, Q.; Yu, A.; Zhang, J.; Ji, Y. Blockchain-Enabled Tripartite Anonymous Identification Trusted Service Provisioning in Industrial IoT. IEEE Internet Things J. 2022, 9, 2419–2431. [Google Scholar] [CrossRef]
- Maram, D.; Malvai, H.; Zhang, F.; Jean-Louis, N.; Frolov, A.; Kell, T.; Lobban, T.; Moy, C.; Juels, A.; Miller, A. Candid: Can-do decentralized identity with legacy compatibility, sybil-resistance, and accountability. In Proceedings of the 2021 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 24–27 May 2021; pp. 1348–1366. [Google Scholar]
- Li, M.; Chen, Y.; Lal, C.; Conti, M.; Alazab, M.; Hu, D. Eunomia: Anonymous and secure vehicular digital forensics based on blockchain. IEEE Trans. Dependable Secur. Comput. 2021. Early Access. [Google Scholar] [CrossRef]
- Dodis, Y.; Ostrovsky, R.; Reyzin, L.; Smith, A.D. Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. SIAM J. Comput. 2008, 38, 97–139. [Google Scholar] [CrossRef] [Green Version]
- Li, N.; Guo, F.; Mu, Y.; Susilo, W.; Nepal, S. Fuzzy Extractors for Biometric Identification. In IEEE Biometrics Compendium: Proceedings of the 37th IEEE International Conference on Distributed Computing Systems, ICDCS 2017, Atlanta, GA, USA, 5–8 June 2017; Lee, K., Liu, L., Eds.; IEEE Computer Society: Washington, DC, USA, 2017; pp. 667–677. [Google Scholar] [CrossRef] [Green Version]
- Sabrina, F.; Jang-Jaccard, J. Entitlement-Based Access Control for Smart Cities Using Blockchain. Sensors 2021, 21, 5264. [Google Scholar] [CrossRef] [PubMed]
- Tang, W.; Kiffer, L.; Fanti, G.; Juels, A. Strategic Latency Reduction in Blockchain Peer-to-Peer Networks. arXiv 2022, arXiv:2205.06837. [Google Scholar]
Notations | Description |
---|---|
: | time information, a vector a points on . |
: | a database stores device information, shared secret keys and helper data. |
: | vectors and are close under some measurement. |
: | a secret key shared between a hub and a cloud. |
: | a -bit value. |
: | a key generation algorithm of secret keys. |
: | a generation procedure of a fuzzy extractor. |
: | a reproduction procedure of a fuzzy extractor. |
: | a function returns distance between and . |
Parameter | Value |
---|---|
a | 100 |
k | 4 |
v | 500 |
n | 15 |
t | 100 |
128 | |
d | [100, 1,000,000] |
Random Extractor | SHA256 |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Sabrina, F.; Li, N.; Sohail, S. A Blockchain Based Secure IoT System Using Device Identity Management. Sensors 2022, 22, 7535. https://doi.org/10.3390/s22197535
Sabrina F, Li N, Sohail S. A Blockchain Based Secure IoT System Using Device Identity Management. Sensors. 2022; 22(19):7535. https://doi.org/10.3390/s22197535
Chicago/Turabian StyleSabrina, Fariza, Nan Li, and Shaleeza Sohail. 2022. "A Blockchain Based Secure IoT System Using Device Identity Management" Sensors 22, no. 19: 7535. https://doi.org/10.3390/s22197535
APA StyleSabrina, F., Li, N., & Sohail, S. (2022). A Blockchain Based Secure IoT System Using Device Identity Management. Sensors, 22(19), 7535. https://doi.org/10.3390/s22197535