Blockchain Based Decentralized Identity System for Internet of Things Devices

Abstract

The quantity of interconnected Internet of Things (IoT) devices has been increasing recently as a result of advancements in communication and hardware technologies. Predictions indicate that, by the end of 2025, there will be more than 30 billion globally interconnected IoT devices due to the broader deployment of 5G and subsequent technologies. This rapid expansion and the complex networks these devices operate within increase the challenges of developing an Identity and Access Management (IAM) system available to all interconnected devices within the network. Such an IAM system must be self-sufficient, universally unique, and compatible across various devices and networks. Blockchain technology, identified by its unique features, such as decentralization, immutability, and cryptographic capabilities, presents a viable solution for the challenges associated with designing an IoT IAM system. Blockchain is a distributed ledger technology that enables a secure, transparent, and immutable way of exchanging data and value without central authority. There are many different blockchain implementations; as of the writing of this thesis, it is estimated that there are over 1000 blockchain implementations worldwide. Many of these implementations offer a feature called chaincode or smart contract that allows the creation of applications that execute in a decentralized manner inside the blockchain network. In this thesis, we have intersected blockchain technology and IoT by proposing an IAM and trust evaluation framework solely based on blockchain technology by leveraging smart contracts within the blockchain network. Several critical functionalities of an IoT IAM system, such as authorization, authentication, auditing, and identity management, were examined. As a result, these functions were redesigned to operate in a decentralized manner within our proposed framework. Throughout the thesis work, existing IoT IAM solutions were identified and compared with the proposed framework in terms of functionality, performance, and cybersecurity-related aspects. In the last part of this study, the proposed framework was fully implemented on the Hyperledger Fabric platform, and it was tested for various predefined use-case scenarios. Besides the functionality, the framework was also tested for the performance aspects, and the results were examined within the study. Additionally, a feature not available in traditional IoT IAM, a trust evaluation mechanism based on the reputation mechanism and trust scores, was designed and implemented within the proposed framework. This mechanism allows devices to validate the trust of each other and make informed decisions on connections in a decentralized manner. In conclusion, our results point out that blockchain technology can be used in designing an IoT IAM system that can operate in a decentralized manner. Although the proposed framework has advantages over the traditional solutions, it may have issues related to scalability and performance, which are inherited from blockchain technology. However, it is essential to note that blockchain technology is still in its early stages and that many researchers worldwide are concentrating on its challenges. Therefore, as blockchain technology matures, its challenges will be resolved, thus opening the door for its broad use in real-world scenarios.