DAG blockchain-based lightweight authentication and authorization scheme for IoT devices

Abstract

As the extension and expansion of the Internet, the Internet of things (IoT) connects things with the network through information sensing equipment to achieve intelligent identification, positioning, monitoring, management and other functions. With the increasing number of IoT users and devices, the demands for secure communication and data confidentiality are getting higher and higher, and the identity authentication and access control of IoT devices has become a huge challenge. In the IoT environment, the traditional device identity and access management methods based on public key infrastructure (PKI) and blockchain bring the problems of single point failure and scalability. The emergence of decentralized storage system and distributed ledger technology directed acyclic graph (DAG) provide new ideas to solve these problems. In the paper, we use distributed ledger technology IOTA with low energy demand to design a lightweight and scalable mechanism to manage the identity of IoT devices and access control of large-scale IoT data, so as to ensure source reliability and sharing security of IoT data. In the new scheme, IOTA technology is used to realize the functions of registration, update, revocation and retrieval of the identity of IoT devices, which solves the defects caused by centralized management. Inter planetary file system (IPFS) is used to store a large amount of data generated by devices in the IoT, which not only reduces the burden on devices and systems of IoT, but also solves the single point of failure, delay and other problems caused by traditional cloud storage. At the same time, the fog node is used to provide localized computing for a group of IoT devices to solve the problem of limited computing resources of IoT devices. In addition, in order to prevent data abuse caused by unauthorized devices accessing network resources, a trusted access control mechanism is designed to achieve fine-grained access control, access policy update and other functions, so as to better maintain the IoT environment and network security. Finally, the performance of the proposed scheme is evaluated through simulation experiments, and the security and functions of the scheme are analyzed, which proves that the scheme meets the security demands of the IoT environment.