Establishment of a trusted environment for IoT service provisioning based on X3DH-Based brokering and Federated Blockchain

Abstract

The adoption of non-certified Internet of Things (IoT) devices can expose the system to cyber attacks that can disrupt IoT-based applications or generate fake data. At the same time, complex cryptographic approaches cannot be adopted due to the limited computational and power resources of IoT devices. In the literature, the certification of IoT devices is performed through a Certification Authority (CA) that generates and stores certificates for all the IoT nodes. Usually, CA is hosted in remote sites (e.g., in the Cloud or the IoT service administrator's private network) and this exposes the IoT ecosystem to attacks. This paper overcomes these challenges by proposing a new Broker based certification process which decouples at the Edge the communication between IoT devices and the CA. Acting as an “intermediary”, the Mobile Edge Computing (MEC) node shields the communication between untrusted IoT devices and the CA, taking the responsibility for the node certification. The establishment of a trusted ecosystem is further reinforced to guarantee integrity and non-repudiation of the data by using a Federated Blockchain, which is a distributed storage of non-falsifiable data in digital ledgers. Confidentiality and robustness against network issues or temporary disconnections is also achieved using the Extended Triple Diffie-Hellman (X3DH) protocol, which set up secure communication over the Internet among the involved. In the paper, we present the design of the whole proposed solution together with the exploited technologies and details on our implementation. We also present evaluation results to show the efficiency and performance of our solution.