In this work, a secure architecture to send data from an Internet of Things (IoT) device to a blockchain-based supply chain is presented. As is well known, blockchains can process critical information with high security, but the authenticity and accuracy of the stored and processed information depend primarily on the reliability of the information sources. When this information requires acquisition from uncontrolled environments, as is the normal situation in the real world, it may be, intentionally or unintentionally, erroneous. The entities that provide this external information, called Oracles, are critical to guarantee the quality and veracity of the information generated by them, thus affecting the subsequent blockchain-based applications. In the case of IoT devices, there are no effective single solutions in the literature for achieving a secure implementation of an Oracle that is capable of sending data generated by a sensor to a blockchain. In order to fill this gap, in this paper, we present a holistic solution that enables blockchains to verify a set of security requirements in order to accept information from an IoT Oracle. The proposed solution uses Hardware Security Modules (HSMs) to address the security requirements of integrity and device trustworthiness, as well as a novel Public Key Infrastructure (PKI) based on a blockchain for authenticity, traceability, and data freshness. The solution is then implemented on Ethereum and evaluated regarding the fulfillment of the security requirements and time response. The final design has some flexibility limitations that will be approached in future work.
Read full abstract