Abstract

A large number of IoT devices are connected via the Internet. However, most of these IoT devices are generally not perfect-by-design even have security weaknesses or vulnerabilities. Thus, it is essential to update these IoT devices securely, patching their vulnerabilities and protecting the safety of the involved users. Existing studies deliver secure and reliable updates based on blockchain network which serves as the transmission network. However, these approaches could compromise users privacy when updating the IoT devices.In this paper, we propose a new blockchain based privacy-preserving software update protocol, which delivers secure and reliable updates with an incentive mechanism while protects the privacy of involved users. A vendor delivers the updates and makes a commitment by using smart contract to provide financial incentive to the transmission nodes who deliver the updates to its IoT devices. A transmission node can get financial incentive by providing a proof-of-delivery. In order to obtain the proof-of-delivery, the transmission node uses double authentication preventing signature (DAPS) to carry out fair exchange. Specifically, the transmission node uses the DAPS to exchange an attribute-based signature (ABS) of one IoT device. Then, it uses the ABS as proof-of-delivery to receive financial incentives. Generally, to generate an ABS, the IoT device has to execute complex computations which is intolerable for resource limited devices. We propose a concrete outsourced attribute-based signature (OABS) scheme to overcome the weakness. Then, we prove the security of the proposed OABS and the protocol. Finally, we implement smart contract in Solidity to demonstrate the validity of the proposed protocol.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.