2021 International Conference on Computer, Blockchain and Financial Development (CBFD)
Blockchain-based IoT security authentication system
2021 International Conference on Computer, Blockchain and Financial Development (CBFD) | 978-1-6654-1227-8/21/$31.00 ©2021 IEEE | DOI: 10.1109/CBFD52659.2021.00090
Zhang Gong-guo
School of Communication and Information Engineering,
Chongqing University of Posts & Telecommunications,
Research Center of New Telecommunication Technology
Applications,
Chongqing University of Posts &. Telecommunications,
Chongqing Information Technology Designing Co. Ltd.
Chongqing, China
Abstract—IoT devices have the characteristics of limited
performance and mobility, which makes it difficult for traditional
centralized security authentication methods to support security
authentication in the current IoT environment. In order to cope
with these challenges, this paper proposes a security
authentication system named iot-chain in the Internet of Things,
which provides attribute-based security authentication based on
the Hyperledger Fabric blockchain framework. The system
contains three kinds of chain codes, namely access code, device
code, and policy code. The access code is the main program that
implements the user safety authentication method. The device
code provides a query method for the URL of the resource data
generated by the storage device, and the policy code provides the
access control strategy for the administrator user. Combining
access control and blockchain technology, iot-chain provides
dynamic security authentication management in the Internet of
Things. Experimental results show that iot-chain can maintain
high throughput and effectively reach consensus in a distributed
system.
Keywords-component; blockchain; IOT; system; security;
authentication;
I. INTRODUCTION
IoT devices always interact with the environment to
generate different types of data resources. However, due to the
number and scale of distributed deployment of IoT devices [1],
The data privacy security of users and devices depends on the
prevention of the central server [2], the security authentication
of device resources faces huge challenges [3]. Blockchain is
another emerging data management technology that can ensure
the reliability of data stored in a distributed manner. With the
increasing maturity of blockchain technology and the
successive introduction of relevant national technology policies,
the application of blockchain industry continues to accelerate,
and gradually penetrates and spreads from digital currency to
non-financial fields [14]. In many blockchain platforms, in
order to meet the government's regulatory requirements and
achieve relevant security indicators, the alliance chain will
surely become the mainstream direction of future blockchain
technology research, development and application. At this
stage, the Hyperledger Fabric [13] developed by IBM is a
representative alliance chain platform technology. Hyperledger
is a blockchain project of the Linux Foundation, dedicated to
978-1-6654-1227-8/21/$31.00 ©2021 IEEE
DOI 10.1109/CBFD52659.2021.00090
Authorized licensed use limited to: Mepco Schlenk Engineering College. Downloaded on January 11,2023 at 06:00:49 UTC from IEEE Xplore. Restrictions apply.
WAN Zhou
School of Communication and Information Engineering,
Chongqing University of Posts & Telecommunications,
Research Center of New Telecommunication Technology
Applications,
Chongqing University of Posts &. Telecommunications,
Chongqing Information Technology Designing Co. Ltd.
Chongqing, China
codewan@163. com
the development of cross-industry commercial blockchain
platform technology [25]. Since its establishment, Hyperledger
Fabric has attracted leading companies in many industries,
including the financial industry [27], the Internet of Things [28],
manufacturing and transportation. Hyperledger Fabric is an
open source blockchain platform [9]. This article applies the
fabric blockchain to the process control of the Internet of
Things. The design and implementation of a security
authentication system is called IoT-chain. By using a
distributed architecture, IoT-chain can track records, provide
dynamic security certification management and solve security
certification issues in the Internet of Things [10]. The main
contributions of this article are:
1) A device resource sharing model is defined based on the
production of IoT device data. This model makes the data
resources generated by the device correspond to the URL.
2) Propose a blockchain-based IoT security authentication
system, and describe its detailed structure. The system adopts a
distributed architecture and supports the management of access
rights.
3) Experiments are designed to verify system performance.
II. RESOURCE AND AUTHENTICATION MODEL
A. Resource model
The microphone can collect sound data, and the sensor can
collect physical signal data. These collected unstructured data
cannot be directly stored in relational databases. Generally
speaking, image and sound data are stream data, which can be
pushed to the cloud server through the network to generate
resource URL. Then the user can obtain the data according to
the video transmission protocol. As a result, this article designs
a device and resource URL mapping model:
device→resource→url, the user obtains the resource URL
based on the data permission verification from the blockchain
system. The connection between the device and the customer is
shown in Fig.1. The workflow of the model is shown in figures
from ① to ⑤ in Fig.1.
415
 image time represents the start time of the strategy. The end time
represents the expiration time of the policy. The determined IP
1 can prevent the system from being accessed by IP addresses
outside the network segment.
Audio
Devices internet III. SYSTEM AND CHAINCODE
5 2 url
A. System structure
url IoT-chain, a blockchain-based IoT security authentication
3 system, consists of four parts: customer, blockchain, smart
4 gateway and Devices as shown in Fig.2.
user Request Blockchain Customer: The system divides customers into two types:
administrators and ordinary users. The administrator is
responsible for managing the maintenance of the blockchain
Database system and smart gateway program.
Ordinary customers, the owners of the equipment, obtain
Figure 1. connections between users and devices. the resource URL by sending authorization requests to the
blockchain system.
1) The device distributes various data to the network and
Blockchain: It is the main existence of the system. It has
generates a URL link. 2) The blockchain system saves the URL
three main functions. 1) Storage of device resource URL data.
data from the device. 3) The client obtains permission by 2) Customer authority management. 3) Verify when the client
requesting the blockchain system. 4) The blockchain system requests resources.
distributes the website to authorized customers. 5) The
customer obtains relevant data on the Internet according to the Smart gateway: IoT devices cannot be directly deployed as
website. peer nodes of the blockchain due to resource constraints. As a
bridge between the device and the blockchain system, it can
receive the URL from the device and include it in the block
B. Authentication model Chain to avoid the pressure on the blockchain system caused by
The Internet of Things architecture is divided into three direct access.
layers: perception layer, network layer, and application layer.
IoT devices: Whenever the device generates a new resource,
The security of the perception layer involves device and device,
a message URL containing the resource is sent to the smart
device and user identity authentication, which is the focus of
gateway.
security. In the first step of networking, identity authentication
is ensured by keys. If the key of one of the communicating
parties is stolen, the session data of the communicating parties
will be stolen by the attacker, causing losses to both
communicating parties.
According to the characteristics of data generated by IoT
devices, the device security authentication strategy model is User
defined as follows：
Device
P = {User, Device, Authority, Environment}, User = {userID,
role, group}, Device = {deviceID, MAC}, Authority = {allow,
not}, Environment = {createTime, endTime, allowedIP}.
P: stands for security authentication strategy. This group
contains four elements: AS, AO, AP and AE. block Smart Device
Admin
User: Represents user information, including three types of chain gateway
information: userID (uniquely identifying a user), role (user
role) and group (user group).
Figure 2. architecture of iot-chain.
Device: Indicates the name of the device, which is
composed of the device ID or the MAC address of the device.
B. Chaincode
Authority: refers to whether the client has the right to obtain
Smart contracts are the core of security certification
resources.
implementation. The smart contract in Fabric is the chaincode.
environment: refers to the environment required for There are three types of chain codes in the system: policy code,
attribute security authentication. The environment has three device code and access code.
attributes: creation time, end time and allowed IP. The creation

416

Authorized licensed use limited to: Mepco Schlenk Engineering College. Downloaded on January 11,2023 at 06:00:49 UTC from IEEE Xplore. Restrictions apply.
  Strategy code: It provides a method to operate the
security authentication strategy. The administrator
defines the security authentication policy for the user
and sends a request to add the security authentication
policy to the blockchain system. The strategy code
needs to check the validity of security authentication
policy. A legal security authentication policy needs to
include four attributes: User, Device, authority, and
environment, and the type of each attribute also needs
to meet the requirements.
 Device code: The device code is mainly responsible for
storing the resource URL of the storage device into the
 In the fourth step, this step is the core step of the
system, the user requests the website information from
the blockchain system and performs interactive
security authentication with the blockchain system.
The blockchain system uses the policy chain code
stored by the administrator before authentication. If the
authentication is successful, the device chain code is
called to return URL information to the user, an error
code will be returned if authentication fails.
Admin User blockchain Smart gateway devices

State Database of the blockchain system. 1.1setup

1.2install chaincode
 Access code: Verify that the user request complies with 2.1 init and add policy
1.3init chaincode
the attribute-based access control policy. Like the
2.2 save policy to SDB
policy code, after the request data is signed by the
3.1 send resource url
user's private key, the access code verifies the user's 3.2send msg to fabric
signature through the public key to check the user's 3.3run chaincode
identity. 3.4 save url to SDB
4.1 request url
4.2do security authentication
C. System workflow 4.3 response url or fail to response

As shown in Fig.3, the workflow of the entire system

mainly includes four steps. These steps allow the
Figure 3. Workflow of IoT-chain.
system to convert the resource information of IoT
devices into information that users can obtain on the
blockchain, and provide user authentication. This IV. EXPERIMENTAL RESULTS AND CONCLUSION
section describes how the processes in each step are
performed. This section introduces the display of experimental results.
The hardware and software required for the experiment are
 First step, blockchain network initialization and chain shown in Table 1.
code installation, this is the basic processes of the
system. These operations require the administrator to
TABLE I. HARDWARE AND SOFTWARE ENVIRONMENT
work in the Intranet. The administrator initializes and
establishes the fabric network, which includes hardware
information such as order node, and the administrator CPU i7 8750h 2.2Ghz
completes the creation of the channel even if it Memory 16G,16G
completes the basic network creation. Afterwards, the
administrator uses the SDK to install the three chain Hard Disk 256G,1T
codes on the blockchain, and finally initializes the software
chain codes.
OS Ubuntu18.04
 The second step is to formulate a security fabric v1.4.3
authentication strategy and save it to the blockchain
system. This process requires the user and the
administrator to jointly decide and customize the
access strategy, and the system administrator uploads it A. Experimental results
to the blockchain. The administrator can then connect The experiment is mainly about system initialization, chain
to the blockchain to add, modify, and delete policies by code installation, and smart contracts for secure access to
running the chain code. The value of this strategy is Internet of Things resources. Finally, in order to test the
stored in the state database, and the operation record performance of the IOT-chain system, we designed to simulate
will be written into the ledger for subsequent review. concurrent access to the system by multiple threads. In the
 In the third step, the IOT device reports the resource experiment, we calculated the time it takes to process
URL to the smart gateway, smart gateway uses its own concurrent requests with different numbers of access codes,
program to analyze resource information and then policy codes, and device codes. we test the efficiency of
uploads it to the blockchain system, the blockchain system by comparing the cost time of iot-chain and PoW
system parses the URL by calling the chain code, and consensus speed under different concurrent request . The
then stores the parsed URL data in the state database. numbers of concurrent request in the experiment are set from
10 to 100. The statistical results are shown in Fig.4.

417

Authorized licensed use limited to: Mepco Schlenk Engineering College. Downloaded on January 11,2023 at 06:00:49 UTC from IEEE Xplore. Restrictions apply.
 It can be seen from the figure that the throughput of the
system increases with the increase of requests. When the
throughput reaches a certain value, it tends to stabilize. With
further increase in the number of customers, there is no obvious
trend in throughput. The above experiments can prove that
IOT-chain can maintain high throughput in a large-scale
request environment.
6 iot-chain
pow/difficulty=15
5
pow/difficulty=25
cost time / second
4
3
2
1
0
0 10 20 30 40 50 60 70 80
number of concurrent request
Figure 4. comparison of the consensus speed.
B. conclusion and further work
This article uses the advantages of blockchain technology, such
as decentralization, tamper-proof and traceability, to solve the
problem that traditional security authentication methods based
on centralized design are difficult to meet the security
authentication requirements in the Internet of Things.
Furthermore, we Design and implement a security
authentication system based on Hyperledger Fabric. This
system uses a distributed architecture to provide security
certification management. The final experiment showed
convincing results. Future work can be improved in the
following areas:
1) The existing blockchain technology has the problem of
low consensus efficiency, which will directly affect the
response speed of authentication. At present, the number of
nodes in the Hyperledger Fabric cluster environment studied by
scholars is limited, which makes the transaction time shorter.
However, if it needs to be put into use on a large scale, the
existing consensus mechanism can no longer meet the
requirements. Therefore, the consensus algorithm needs to be
improved to further Improve certification efficiency.
2) The experiment in this article is on two personal computers.
In the future, we consider using clusters or deploying edge
computing services, and further verify the distributed
performance of the system.
Authorized licensed use limited to: Mepco Schlenk Engineering College. Downloaded on January 11,2023 at 06:00:49 UTC from IEEE Xplore. Restrictions apply.
3) In the future, more physical devices can be used to test the
reliability and throughput of the system.
4) Although smart contracts can implement business logic that
is open and difficult to modify, the participants of the alliance
chain should be able to customize the smart contract by
themselves. The subsequent research can focus on how to
realize the direction of allowing for self-customization while
deploying the smart contract to the alliance chain. Future
research can try to develop more smart contracts with the
participants to improve this system.
ACKNOWLEDGMENT
Thanks to my mentor Zhang for his continuous
encouragement. He provided me with ideas for the application
of blockchain and the Internet of Things, provided me with
various related materials and learning paths, and opened this
90 100 110 path for me. Thank my classmates for sharing the cutting-edge
knowledge of blockchain with me, so that I can continue to
learn new knowledge.
REFERENCES
[1] Kashif Naseer Qureshi, Shahid Saeed Rana, Awais Ahmed, Gwanggil
Jeon. A Novel and Secure Attacks Detection Framework for Smart
Cities Industrial Internet of Things. Sustainable Cities and Society, vol. 2,
pp. 3-5, 2020.
[2] Tang ChengJun, Cai Guobao, Xu Hui, Zhao Ruwen,Ye Jun. Blockchain
IoT device and wireless access point two-way authentication scheme.
Cyberspace security, vol. 10, pp. 8-14, 2019.
[3] Niu S, Zhu, Chi H. Privacy and authentication protocol far mobile RFID
systems. Wireless Personal Communications. Vol. 77, pp. 713-1731,
2014.
[4] Xiong xiong, Zhang jinyi. Overview of the application research of
blockchain technology in many fields. Journal of Tianjin University
(Social Science Edition) , vol. 1, pp. 323-369, 2018.
[5] Yu B, Wright J, Nepal S. Establishing Trust in the Internet of Things
Ecosystem Using Blockchain. IEEE Cloud Computing, vol. 4, pp. 12-23,
2018.
[6] Samaniego M, Deters R. Blockchain as a Service for IoT, International
Conference on Internet of Things. vol. 2, pp. 433-436, 2017.
[7] Singh S, Singh N. Blockchain: Future of financial and cyber security.
Contemporary Computing and Informatics. vol. 2, pp. 463-467, 2016.
[8] Christidis K, Devetsikiotis M. Blockchains and smart contracts for the
Internet of things. IEEE Access. Vol. 4, pp. 2292-2303, 2011.
[9] Shao Qifeng, Jin Cheqing, Zhang Shao. Blockchain technology:
architecture and progress. Chinese Journal of Computers, vol. 41, pp.
969-988, 2018.
[10] Qin Wang, Xinqi Zhu, Yiyang Ni, Li Gu, Hongbo Zhu. Blockchain for
the IoT and industrial IoT, A review. Internet of Things. vol. 10, pp. 11-
13, 2020.
418