A distributed identity‐based authentication scheme for internet of things devices using permissioned blockchain system

Abstract

AbstractThe Internet of Things (IoT) has become a significant technology on the internet with its widespread adoption in almost every place we could think of, like homes, hospitals, industries, companies, and so on. This adoption in virtually every device had made them smart, thereby reducing the human intervention to handle them. These devices become smart by gathering the sensed information and communicating with other devices or servers to take the appropriate decisions based on acquired data. However, these devices are deployed in batches with default usernames and passwords, making them vulnerable to attacks as seen in recent pasts like the Mirai botnet attack. Most of the attacks could have been avoided if these devices were equipped with a decent lightweight secure authentication scheme. One of the most common authentication procedures is using traditional public key infrastructure (PKI), which suffers from a single point of failure. Moreover, the complex procedures of PKI make them unfit for low‐powered IoT devices. Identity‐based cryptography (IBC), a lightweight cryptosystem, could be a good fit for these devices. But, even IBC suffers from a single point of failure and key escrow problem because of the private key generator (PKG). Blockchain has proved its mettle in eliminating a single point of failure with its robust distributed ledger technology. This article presents a novel authentication scheme for IoT devices based on identity‐based cryptography using a blockchain network. Blockchain is used as a distributed PKG, eliminating a single point of failure and key escrow problem of PKGs. Further, the proposed work is implemented in Hyperledger Fabric, which is an open‐source blockchain platform that efficiently performs the addition, updating, and deletions operation for effective authentication and communication of IoT devices.