Professional Documents
Culture Documents
Abstract—IoT devices have the characteristics of limited the development of cross-industry commercial blockchain
performance and mobility, which makes it difficult for traditional platform technology [25]. Since its establishment, Hyperledger
centralized security authentication methods to support security Fabric has attracted leading companies in many industries,
authentication in the current IoT environment. In order to cope including the financial industry [27], the Internet of Things [28],
with these challenges, this paper proposes a security manufacturing and transportation. Hyperledger Fabric is an
authentication system named iot-chain in the Internet of Things, open source blockchain platform [9]. This article applies the
which provides attribute-based security authentication based on fabric blockchain to the process control of the Internet of
the Hyperledger Fabric blockchain framework. The system
Things. The design and implementation of a security
contains three kinds of chain codes, namely access code, device
authentication system is called IoT-chain. By using a
code, and policy code. The access code is the main program that
implements the user safety authentication method. The device
distributed architecture, IoT-chain can track records, provide
code provides a query method for the URL of the resource data dynamic security certification management and solve security
generated by the storage device, and the policy code provides the certification issues in the Internet of Things [10]. The main
access control strategy for the administrator user. Combining contributions of this article are:
access control and blockchain technology, iot-chain provides 1) A device resource sharing model is defined based on the
dynamic security authentication management in the Internet of production of IoT device data. This model makes the data
Things. Experimental results show that iot-chain can maintain
resources generated by the device correspond to the URL.
high throughput and effectively reach consensus in a distributed
system. 2) Propose a blockchain-based IoT security authentication
system, and describe its detailed structure. The system adopts a
Keywords-component; blockchain; IOT; system; security; distributed architecture and supports the management of access
authentication; rights.
3) Experiments are designed to verify system performance.
I. INTRODUCTION
IoT devices always interact with the environment to
II. RESOURCE AND AUTHENTICATION MODEL
generate different types of data resources. However, due to the
number and scale of distributed deployment of IoT devices [1], A. Resource model
The data privacy security of users and devices depends on the
prevention of the central server [2], the security authentication The microphone can collect sound data, and the sensor can
of device resources faces huge challenges [3]. Blockchain is collect physical signal data. These collected unstructured data
another emerging data management technology that can ensure cannot be directly stored in relational databases. Generally
the reliability of data stored in a distributed manner. With the speaking, image and sound data are stream data, which can be
increasing maturity of blockchain technology and the pushed to the cloud server through the network to generate
successive introduction of relevant national technology policies, resource URL. Then the user can obtain the data according to
the application of blockchain industry continues to accelerate, the video transmission protocol. As a result, this article designs
and gradually penetrates and spreads from digital currency to a device and resource URL mapping model:
non-financial fields [14]. In many blockchain platforms, in device→resource→url, the user obtains the resource URL
order to meet the government's regulatory requirements and based on the data permission verification from the blockchain
achieve relevant security indicators, the alliance chain will system. The connection between the device and the customer is
surely become the mainstream direction of future blockchain shown in Fig.1. The workflow of the model is shown in figures
technology research, development and application. At this from ① to ⑤ in Fig.1.
stage, the Hyperledger Fabric [13] developed by IBM is a
representative alliance chain platform technology. Hyperledger
is a blockchain project of the Linux Foundation, dedicated to
Authorized licensed use limited to: Mepco Schlenk Engineering College. Downloaded on January 11,2023 at 06:00:49 UTC from IEEE Xplore. Restrictions apply.
image time represents the start time of the strategy. The end time
represents the expiration time of the policy. The determined IP
1 can prevent the system from being accessed by IP addresses
outside the network segment.
Audio
Devices internet III. SYSTEM AND CHAINCODE
5 2 url
A. System structure
url IoT-chain, a blockchain-based IoT security authentication
3 system, consists of four parts: customer, blockchain, smart
4 gateway and Devices as shown in Fig.2.
user Request Blockchain Customer: The system divides customers into two types:
administrators and ordinary users. The administrator is
responsible for managing the maintenance of the blockchain
Database system and smart gateway program.
Ordinary customers, the owners of the equipment, obtain
Figure 1. connections between users and devices. the resource URL by sending authorization requests to the
blockchain system.
1) The device distributes various data to the network and
Blockchain: It is the main existence of the system. It has
generates a URL link. 2) The blockchain system saves the URL
three main functions. 1) Storage of device resource URL data.
data from the device. 3) The client obtains permission by 2) Customer authority management. 3) Verify when the client
requesting the blockchain system. 4) The blockchain system requests resources.
distributes the website to authorized customers. 5) The
customer obtains relevant data on the Internet according to the Smart gateway: IoT devices cannot be directly deployed as
website. peer nodes of the blockchain due to resource constraints. As a
bridge between the device and the blockchain system, it can
receive the URL from the device and include it in the block
B. Authentication model Chain to avoid the pressure on the blockchain system caused by
The Internet of Things architecture is divided into three direct access.
layers: perception layer, network layer, and application layer.
IoT devices: Whenever the device generates a new resource,
The security of the perception layer involves device and device,
a message URL containing the resource is sent to the smart
device and user identity authentication, which is the focus of
gateway.
security. In the first step of networking, identity authentication
is ensured by keys. If the key of one of the communicating
parties is stolen, the session data of the communicating parties
will be stolen by the attacker, causing losses to both
communicating parties.
According to the characteristics of data generated by IoT
devices, the device security authentication strategy model is User
defined as follows:
Device
P = {User, Device, Authority, Environment}, User = {userID,
role, group}, Device = {deviceID, MAC}, Authority = {allow,
not}, Environment = {createTime, endTime, allowedIP}.
P: stands for security authentication strategy. This group
contains four elements: AS, AO, AP and AE. block Smart Device
Admin
User: Represents user information, including three types of chain gateway
information: userID (uniquely identifying a user), role (user
role) and group (user group).
Figure 2. architecture of iot-chain.
Device: Indicates the name of the device, which is
composed of the device ID or the MAC address of the device.
B. Chaincode
Authority: refers to whether the client has the right to obtain
Smart contracts are the core of security certification
resources.
implementation. The smart contract in Fabric is the chaincode.
environment: refers to the environment required for There are three types of chain codes in the system: policy code,
attribute security authentication. The environment has three device code and access code.
attributes: creation time, end time and allowed IP. The creation
416
Authorized licensed use limited to: Mepco Schlenk Engineering College. Downloaded on January 11,2023 at 06:00:49 UTC from IEEE Xplore. Restrictions apply.
Strategy code: It provides a method to operate the In the fourth step, this step is the core step of the
security authentication strategy. The administrator system, the user requests the website information from
defines the security authentication policy for the user the blockchain system and performs interactive
and sends a request to add the security authentication security authentication with the blockchain system.
policy to the blockchain system. The strategy code The blockchain system uses the policy chain code
needs to check the validity of security authentication stored by the administrator before authentication. If the
policy. A legal security authentication policy needs to authentication is successful, the device chain code is
include four attributes: User, Device, authority, and called to return URL information to the user, an error
environment, and the type of each attribute also needs code will be returned if authentication fails.
to meet the requirements.
Device code: The device code is mainly responsible for
storing the resource URL of the storage device into the Admin User blockchain Smart gateway devices
417
Authorized licensed use limited to: Mepco Schlenk Engineering College. Downloaded on January 11,2023 at 06:00:49 UTC from IEEE Xplore. Restrictions apply.
It can be seen from the figure that the throughput of the 3) In the future, more physical devices can be used to test the
system increases with the increase of requests. When the reliability and throughput of the system.
throughput reaches a certain value, it tends to stabilize. With 4) Although smart contracts can implement business logic that
further increase in the number of customers, there is no obvious is open and difficult to modify, the participants of the alliance
trend in throughput. The above experiments can prove that chain should be able to customize the smart contract by
IOT-chain can maintain high throughput in a large-scale themselves. The subsequent research can focus on how to
request environment. realize the direction of allowing for self-customization while
deploying the smart contract to the alliance chain. Future
6 iot-chain
pow/difficulty=15 research can try to develop more smart contracts with the
5
pow/difficulty=25
participants to improve this system.
cost time / second
4
ACKNOWLEDGMENT
3
Thanks to my mentor Zhang for his continuous
2
encouragement. He provided me with ideas for the application
1
of blockchain and the Internet of Things, provided me with
various related materials and learning paths, and opened this
0
0 10 20 30 40 50 60 70 80 90 100 110 path for me. Thank my classmates for sharing the cutting-edge
number of concurrent request knowledge of blockchain with me, so that I can continue to
Figure 4. comparison of the consensus speed. learn new knowledge.
418
Authorized licensed use limited to: Mepco Schlenk Engineering College. Downloaded on January 11,2023 at 06:00:49 UTC from IEEE Xplore. Restrictions apply.